[Fwd: [PATCH] Use hashlib if available instead of md5]
by Jesse Keating
-------- Forwarded Message --------
From: Tom "spot" Callaway <tcallawa(a)redhat.com>
To: Jesse Keating <jkeating(a)redhat.com>
Subject: [PATCH] Use hashlib if available instead of md5
Date: Mon, 02 Feb 2009 17:18:32 -0500
This patch converts all calls of md5 function to use hashlib if present.
The old md5 function is deprecated in Python 2.6, and this silences the
warning messages (along with providing a slight performance improvement).
Please apply to rawhide. :)
~spot
plain text document attachment (koji-use-hashlib-if-available.patch)
From 4c76e7ee1f56057d77b0e7e9f0422e7eabedbf10 Mon Sep 17 00:00:00 2001
From: Tom "spot" Callaway <tcallawa(a)redhat.com>
Date: Mon, 2 Feb 2009 17:15:31 -0500
Subject: [PATCH] Convert all calls of md5 function to use hashlib if present (Python 2.6 change).
---
builder/kojid | 8 ++++++--
cli/koji | 8 ++++++--
hub/kojihub.py | 25 ++++++++++++++++++++-----
koji/__init__.py | 8 ++++++--
www/kojiweb/index.py | 9 +++++++--
5 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/builder/kojid b/builder/kojid
index b7900db..fe72fdc 100755
--- a/builder/kojid
+++ b/builder/kojid
@@ -33,7 +33,6 @@ import errno
import glob
import logging
import logging.handlers
-import md5
import os
import pprint
import pwd
@@ -242,7 +241,12 @@ def incrementalUpload(fname, fd, path, retries=5, logger=None):
break
data = base64.encodestring(contents)
- digest = md5.new(contents).hexdigest()
+ try:
+ import hashlib
+ digest = hashlib.md5(contents).hexdigest()
+ except ImportError:
+ import md5
+ digest = md5.new(contents).hexdigest()
del contents
tries = 0
diff --git a/cli/koji b/cli/koji
index 0ec732f..40974c7 100755
--- a/cli/koji
+++ b/cli/koji
@@ -31,7 +31,6 @@ import base64
import koji
import koji.util
import fnmatch
-import md5
import os
import re
import pprint
@@ -1173,7 +1172,12 @@ def handle_import_sig(options, session, args):
previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey)
assert len(previous) <= 1
if previous:
- sighash = md5.new(sighdr).hexdigest()
+ try:
+ import hashlib
+ sighash = hashlib.md5(sighdr).hexdigest()
+ except ImportError:
+ import md5
+ sighash = md5.new(sighdr).hexdigest()
if previous[0]['sighash'] == sighash:
print _("Signature already imported: %s") % path
continue
diff --git a/hub/kojihub.py b/hub/kojihub.py
index 8a24bec..0965243 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -32,7 +32,6 @@ import logging
import logging.handlers
import fcntl
import fnmatch
-import md5
import os
import pgdb
import random
@@ -3535,7 +3534,12 @@ def add_rpm_sig(an_rpm, sighdr):
#we use the sigkey='' to represent unsigned in the db (so that uniqueness works)
else:
sigkey = koji.hex_string(sigkey[13:17])
- sighash = md5.new(sighdr).hexdigest()
+ try:
+ import hashlib
+ sighash = hashlib.md5(sighdr).hexdigest()
+ except ImportError:
+ import md5
+ sighash = md5.new(sighdr).hexdigest()
rpm_id = rinfo['id']
# - db entry
q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s"""
@@ -4771,8 +4775,14 @@ class RootExports(object):
if size is not None:
if size != len(contents): return False
if md5sum is not None:
- if md5sum != md5.new(contents).hexdigest():
- return False
+ try:
+ import hashlib
+ if md5sum != hashlib.md5(contents).hexdigest():
+ return False
+ except ImportError:
+ import md5
+ if md5sum != md5.new(contents).hexdigest():
+ return False
uploadpath = koji.pathinfo.work()
#XXX - have an incoming dir and move after upload complete
# SECURITY - ensure path remains under uploadpath
@@ -4831,7 +4841,12 @@ class RootExports(object):
fcntl.lockf(fd, fcntl.LOCK_UN)
if md5sum is not None:
#check final md5sum
- sum = md5.new()
+ try:
+ import hashlib
+ sum = hashlib.md5()
+ except ImportError:
+ import md5
+ sum = md5.new()
fcntl.lockf(fd, fcntl.LOCK_SH|fcntl.LOCK_NB)
try:
# log_error("checking md5sum")
diff --git a/koji/__init__.py b/koji/__init__.py
index 6e04cb3..89e9783 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -31,7 +31,6 @@ import datetime
from fnmatch import fnmatch
import logging
import logging.handlers
-import md5
import os
import os.path
import pwd
@@ -1467,7 +1466,12 @@ class ClientSession(object):
fo = file(localfile, "r") #specify bufsize?
totalsize = os.path.getsize(localfile)
ofs = 0
- md5sum = md5.new()
+ try:
+ import hashlib
+ md5sum = hashlib.md5()
+ except ImportError:
+ import md5
+ md5sum = md5.new()
debug = self.opts.get('debug',False)
if callback:
callback(0, totalsize, 0, 0, 0)
diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index 1995a19..2eb236e 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -8,7 +8,6 @@ import Cheetah.Filters
import Cheetah.Template
import datetime
import time
-import md5
import koji
import kojiweb.util
@@ -62,7 +61,13 @@ def _genToken(req, tstamp=None):
return ''
if tstamp == None:
tstamp = _truncTime()
- return md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ try:
+ import hashlib
+ tokensum = hashlib.md5(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ except ImportError:
+ import md5
+ tokensum = md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ return tokensum
def _getValidTokens(req):
tokens = []
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
From 4c76e7ee1f56057d77b0e7e9f0422e7eabedbf10 Mon Sep 17 00:00:00 2001
From: Tom "spot" Callaway <tcallawa(a)redhat.com>
Date: Mon, 2 Feb 2009 17:15:31 -0500
Subject: [PATCH] Convert all calls of md5 function to use hashlib if present (Python 2.6 change).
---
builder/kojid | 8 ++++++--
cli/koji | 8 ++++++--
hub/kojihub.py | 25 ++++++++++++++++++++-----
koji/__init__.py | 8 ++++++--
www/kojiweb/index.py | 9 +++++++--
5 files changed, 45 insertions(+), 13 deletions(-)
diff --git a/builder/kojid b/builder/kojid
index b7900db..fe72fdc 100755
--- a/builder/kojid
+++ b/builder/kojid
@@ -33,7 +33,6 @@ import errno
import glob
import logging
import logging.handlers
-import md5
import os
import pprint
import pwd
@@ -242,7 +241,12 @@ def incrementalUpload(fname, fd, path, retries=5, logger=None):
break
data = base64.encodestring(contents)
- digest = md5.new(contents).hexdigest()
+ try:
+ import hashlib
+ digest = hashlib.md5(contents).hexdigest()
+ except ImportError:
+ import md5
+ digest = md5.new(contents).hexdigest()
del contents
tries = 0
diff --git a/cli/koji b/cli/koji
index 0ec732f..40974c7 100755
--- a/cli/koji
+++ b/cli/koji
@@ -31,7 +31,6 @@ import base64
import koji
import koji.util
import fnmatch
-import md5
import os
import re
import pprint
@@ -1173,7 +1172,12 @@ def handle_import_sig(options, session, args):
previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey)
assert len(previous) <= 1
if previous:
- sighash = md5.new(sighdr).hexdigest()
+ try:
+ import hashlib
+ sighash = hashlib.md5(sighdr).hexdigest()
+ except ImportError:
+ import md5
+ sighash = md5.new(sighdr).hexdigest()
if previous[0]['sighash'] == sighash:
print _("Signature already imported: %s") % path
continue
diff --git a/hub/kojihub.py b/hub/kojihub.py
index 8a24bec..0965243 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -32,7 +32,6 @@ import logging
import logging.handlers
import fcntl
import fnmatch
-import md5
import os
import pgdb
import random
@@ -3535,7 +3534,12 @@ def add_rpm_sig(an_rpm, sighdr):
#we use the sigkey='' to represent unsigned in the db (so that uniqueness works)
else:
sigkey = koji.hex_string(sigkey[13:17])
- sighash = md5.new(sighdr).hexdigest()
+ try:
+ import hashlib
+ sighash = hashlib.md5(sighdr).hexdigest()
+ except ImportError:
+ import md5
+ sighash = md5.new(sighdr).hexdigest()
rpm_id = rinfo['id']
# - db entry
q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s"""
@@ -4771,8 +4775,14 @@ class RootExports(object):
if size is not None:
if size != len(contents): return False
if md5sum is not None:
- if md5sum != md5.new(contents).hexdigest():
- return False
+ try:
+ import hashlib
+ if md5sum != hashlib.md5(contents).hexdigest():
+ return False
+ except ImportError:
+ import md5
+ if md5sum != md5.new(contents).hexdigest():
+ return False
uploadpath = koji.pathinfo.work()
#XXX - have an incoming dir and move after upload complete
# SECURITY - ensure path remains under uploadpath
@@ -4831,7 +4841,12 @@ class RootExports(object):
fcntl.lockf(fd, fcntl.LOCK_UN)
if md5sum is not None:
#check final md5sum
- sum = md5.new()
+ try:
+ import hashlib
+ sum = hashlib.md5()
+ except ImportError:
+ import md5
+ sum = md5.new()
fcntl.lockf(fd, fcntl.LOCK_SH|fcntl.LOCK_NB)
try:
# log_error("checking md5sum")
diff --git a/koji/__init__.py b/koji/__init__.py
index 6e04cb3..89e9783 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -31,7 +31,6 @@ import datetime
from fnmatch import fnmatch
import logging
import logging.handlers
-import md5
import os
import os.path
import pwd
@@ -1467,7 +1466,12 @@ class ClientSession(object):
fo = file(localfile, "r") #specify bufsize?
totalsize = os.path.getsize(localfile)
ofs = 0
- md5sum = md5.new()
+ try:
+ import hashlib
+ md5sum = hashlib.md5()
+ except ImportError:
+ import md5
+ md5sum = md5.new()
debug = self.opts.get('debug',False)
if callback:
callback(0, totalsize, 0, 0, 0)
diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py
index 1995a19..2eb236e 100644
--- a/www/kojiweb/index.py
+++ b/www/kojiweb/index.py
@@ -8,7 +8,6 @@ import Cheetah.Filters
import Cheetah.Template
import datetime
import time
-import md5
import koji
import kojiweb.util
@@ -62,7 +61,13 @@ def _genToken(req, tstamp=None):
return ''
if tstamp == None:
tstamp = _truncTime()
- return md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ try:
+ import hashlib
+ tokensum = hashlib.md5(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ except ImportError:
+ import md5
+ tokensum = md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:]
+ return tokensum
def _getValidTokens(req):
tokens = []
--
1.6.1.2
15 years, 2 months
Re: change in --copyin?
by Michael E Brown
On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Hrm, this is kind of scary, mock is trying to prevent this action? The
> > weird thing is that an error is reported that the action was not
> > allowed, yet the end result is that the file is indeed copied. So if
> > we're trying to prevent it, we're not doing a good job.
> >
>
> I tried it on my laptop and the copy didn't happen. Not sure what's
> going on there.
>
> I went back and looked at the commit where I added the copyin/copyout
> options and the uidManager.dropPrivsForever() has always been there.
> I'm considering dropping it for --copyin (where we modify the chroot)
> but not for --copyout (where we modify the actual filesystem).
>
> What do you guys think?
Well, until we come up with a "real" security policy for mock, the above
suggestion sounds reasonable.
--
Michael
15 years, 2 months
Re: change in --copyin?
by Jesse Keating
On Sun, 2009-02-01 at 10:17 -0600, Clark Williams wrote:
>
> Jesse is having an issue with --copyin; he's getting a permission
> denied when trying to copy the system /etc/hosts to the
> chroot /etc/hosts. This is due to the uidManager.dropPrivsForever()
> near the top of the --copyin logic block. My question is, do we need to
> drop privs there? Seems kinda crippling to --copyin if you can only
> copy stuff to /tmp or the homedir in the chroot.
>
> Or is allowing modification of the chroot environment a security issue
> we're not willing to live with? Can we check to see if mock has been
> kicked off as root (or does the pam helper logic neuter that)?
Hrm, this is kind of scary, mock is trying to prevent this action? The
weird thing is that an error is reported that the action was not
allowed, yet the end result is that the file is indeed copied. So if
we're trying to prevent it, we're not doing a good job.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
15 years, 2 months