From 905b84d9c7f2b9624bf3f8bc7d4b65625d9176a9 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jul 08 2019 11:00:37 +0000 Subject: deprecate sha1/md5_constructor from koji.util These functions are now fully provided by hashlib. Commit removes their usage from koji's codebase and leaves deprecation message in lib. Final removal from lib is scheduled to 1.21. Fixes: https://pagure.io/koji/issue/1487 --- diff --git a/cli/koji_cli/commands.py b/cli/koji_cli/commands.py index 7a67f80..51776e3 100644 --- a/cli/koji_cli/commands.py +++ b/cli/koji_cli/commands.py @@ -2,9 +2,9 @@ from __future__ import absolute_import from __future__ import division import ast -import base64 from collections import defaultdict, OrderedDict import fnmatch +import hashlib import json import logging import os @@ -35,7 +35,7 @@ except ImportError: # pragma: no cover yumcomps = None import koji -from koji.util import md5_constructor, to_list, base64encode +from koji.util import to_list, base64encode from koji_cli.lib import _, activate_session, parse_arches, \ _unique_path, _running_in_bg, _progress_callback, watch_tasks, \ arg_filter, linked_upload, list_task_output_all_volumes, \ @@ -1478,7 +1478,7 @@ def handle_import_sig(goptions, session, args): previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey) assert len(previous) <= 1 if previous: - sighash = md5_constructor(sighdr).hexdigest() + sighash = hashlib.md5(sighdr).hexdigest() if previous[0]['sighash'] == sighash: print(_("Signature already imported: %s") % path) continue diff --git a/hub/kojihub.py b/hub/kojihub.py index f947116..fb57598 100644 --- a/hub/kojihub.py +++ b/hub/kojihub.py @@ -31,6 +31,7 @@ import errno import fcntl import fnmatch import functools +import hashlib import json import logging import os @@ -61,11 +62,9 @@ from koji.context import context from koji.util import base64encode from koji.util import decode_bytes from koji.util import dslice -from koji.util import md5_constructor from koji.util import move_and_symlink from koji.util import multi_fnmatch from koji.util import safer_move -from koji.util import sha1_constructor from koji.util import to_list from six.moves import range logger = logging.getLogger('koji.hub') @@ -5936,7 +5935,7 @@ class CG_Importer(object): # until we change the way we handle checksums, we have to limit this to md5 raise koji.GenericError("Unsupported checksum type: %(checksum_type)s" % fileinfo) with open(path, 'rb') as fp: - m = md5_constructor() + m = hashlib.md5() while True: contents = fp.read(8192) if not contents: @@ -6477,7 +6476,7 @@ def import_archive_internal(filepath, buildinfo, type, typeInfo, buildroot_id=No # trust values computed on hub (CG_Importer.prep_outputs) if not fileinfo or not fileinfo.get('hub.checked_md5'): with open(filepath, 'rb') as archivefp: - m = md5_constructor() + m = hashlib.md5() while True: contents = archivefp.read(8192) if not contents: @@ -6612,7 +6611,7 @@ def _generate_maven_metadata(mavendir): continue if not os.path.isfile('%s/%s' % (mavendir, mavenfile)): continue - for ext, sum_constr in (('.md5', md5_constructor), ('.sha1', sha1_constructor)): + for ext, sum_constr in (('.md5', hashlib.md5), ('.sha1', hashlib.sha1)): sumfile = mavenfile + ext if sumfile not in mavenfiles: sum = sum_constr() @@ -6661,7 +6660,7 @@ def add_rpm_sig(an_rpm, sighdr): #we use the sigkey='' to represent unsigned in the db (so that uniqueness works) else: sigkey = koji.get_sigpacket_key_id(sigkey) - sighash = md5_constructor(sighdr).hexdigest() + sighash = hashlib.md5(sighdr).hexdigest() rpm_id = rinfo['id'] # - db entry q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s""" @@ -13212,7 +13211,7 @@ def get_upload_path(reldir, name, create=False, volume=None): def get_verify_class(verify): if verify == 'md5': - return md5_constructor + return hashlib.md5 elif verify == 'adler32': return koji.util.adler32_constructor elif verify: diff --git a/koji/__init__.py b/koji/__init__.py index 6a9005b..d5687b2 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -43,6 +43,7 @@ except ImportError: # pragma: no cover import six.moves.configparser import errno from fnmatch import fnmatch +import hashlib import six.moves.http_client import imp import logging @@ -2808,7 +2809,7 @@ class ClientSession(object): fo = open(localfile, "rb") #specify bufsize? totalsize = os.path.getsize(localfile) ofs = 0 - md5sum = util.md5_constructor() + md5sum = hashlib.md5() debug = self.opts.get('debug', False) if callback: callback(0, totalsize, 0, 0, 0) @@ -2825,7 +2826,7 @@ class ClientSession(object): sz = ofs else: offset = ofs - digest = util.md5_constructor(contents).hexdigest() + digest = hashlib.md5(contents).hexdigest() sz = size del contents tries = 0 diff --git a/koji/daemon.py b/koji/daemon.py index 3f214aa..9061490 100644 --- a/koji/daemon.py +++ b/koji/daemon.py @@ -26,8 +26,9 @@ import koji import koji.tasks import koji.xmlrpcplus from koji.tasks import safe_rmtree -from koji.util import md5_constructor, adler32_constructor, parseStatus, \ +from koji.util import adler32_constructor, parseStatus, \ dslice, to_list, base64encode +import hashlib import os import signal import logging @@ -61,7 +62,7 @@ def incremental_upload(session, fname, fd, path, retries=5, logger=None): break data = base64encode(contents) - digest = md5_constructor(contents).hexdigest() + digest = hashlib.md5(contents).hexdigest() del contents tries = 0 diff --git a/koji/util.py b/koji/util.py index 4b2a3a7..8f79c55 100644 --- a/koji/util.py +++ b/koji/util.py @@ -44,15 +44,13 @@ import warnings from six.moves import zip # imported from kojiweb and kojihub -try: - from hashlib import md5 as md5_constructor -except ImportError: # pragma: no cover - from md5 import new as md5_constructor -try: - from hashlib import sha1 as sha1_constructor -except ImportError: # pragma: no cover - from sha import new as sha1_constructor +def md5_constructor(*args, **kwargs): + deprecated("md5_constructor is deprecated in favour of hashlib.md5 and will be removed in 1.21") + return hashlib.md5(*args, **kwargs) +def sha1_constructor(*args, **kwargs): + deprecated("sha1_constructor is deprecated in favour of hashlib.md5 and will be removed in 1.21") + return hashlib.sha1(*args, **kwargs) def deprecated(message): """Print deprecation warning""" diff --git a/tests/test_hub/test_get_verify_class.py b/tests/test_hub/test_get_verify_class.py index 721c992..e733db6 100644 --- a/tests/test_hub/test_get_verify_class.py +++ b/tests/test_hub/test_get_verify_class.py @@ -1,4 +1,5 @@ from __future__ import absolute_import +import hashlib try: import unittest2 as unittest except ImportError: @@ -6,7 +7,7 @@ except ImportError: import kojihub from koji import GenericError -from koji.util import md5_constructor, adler32_constructor +from koji.util import adler32_constructor class TestGetVerifyClass(unittest.TestCase): @@ -19,7 +20,7 @@ class TestGetVerifyClass(unittest.TestCase): kojihub.get_verify_class(None) is None def test_get_verify_class_is_md5(self): - kojihub.get_verify_class('md5') is md5_constructor + kojihub.get_verify_class('md5') is hashlib.md5 def test_get_verify_class_is_adler32(self): kojihub.get_verify_class('adler32') is adler32_constructor diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py index ea09504..ebee2ea 100644 --- a/www/kojiweb/index.py +++ b/www/kojiweb/index.py @@ -22,6 +22,7 @@ from __future__ import absolute_import from __future__ import division +import hashlib import os import os.path import re @@ -38,7 +39,6 @@ from koji.server import ServerRedirect from kojiweb.util import _initValues from kojiweb.util import _genHTML from kojiweb.util import _getValidTokens -from koji.util import sha1_constructor from six.moves import range import six @@ -58,7 +58,7 @@ def _setUserCookie(environ, user): digest_string = value + options['Secret'].value if six.PY3: digest_string = digest_string.encode('utf-8') - shasum = sha1_constructor(digest_string) + shasum = hashlib.sha1(digest_string) value = "%s:%s" % (shasum.hexdigest(), value) cookies = six.moves.http_cookies.SimpleCookie() cookies['user'] = value @@ -97,7 +97,7 @@ def _getUserCookie(environ): digest_string = value + options['Secret'].value if six.PY3: digest_string = digest_string.encode('utf-8') - shasum = sha1_constructor(digest_string) + shasum = hashlib.sha1(digest_string) if shasum.hexdigest() != sig: authlogger.warn('invalid user cookie: %s:%s', sig, value) return None diff --git a/www/lib/kojiweb/util.py b/www/lib/kojiweb/util.py index 7c7fdb0..d8fa83e 100644 --- a/www/lib/kojiweb/util.py +++ b/www/lib/kojiweb/util.py @@ -24,8 +24,8 @@ from __future__ import division import cgi import Cheetah.Template import datetime +import hashlib import koji -from koji.util import md5_constructor import os import six import ssl @@ -170,7 +170,7 @@ def _genToken(environ, tstamp=None): value = user + str(tstamp) + environ['koji.options']['Secret'].value if six.PY3: value = value.encode('utf-8') - return md5_constructor(value).hexdigest()[-8:] + return hashlib.md5(value).hexdigest()[-8:] def _getValidTokens(environ): tokens = []