buildsys February 2009

buildsys@lists.fedoraproject.org

24 participants
23 discussions

[Fwd: [PATCH] Use hashlib if available instead of md5]
by Jesse Keating 02 Feb '09

02 Feb '09

-------- Forwarded Message -------- From: Tom "spot" Callaway <tcallawa(a)redhat.com> To: Jesse Keating <jkeating(a)redhat.com> Subject: [PATCH] Use hashlib if available instead of md5 Date: Mon, 02 Feb 2009 17:18:32 -0500 This patch converts all calls of md5 function to use hashlib if present. The old md5 function is deprecated in Python 2.6, and this silences the warning messages (along with providing a slight performance improvement). Please apply to rawhide. :) ~spot plain text document attachment (koji-use-hashlib-if-available.patch) From 4c76e7ee1f56057d77b0e7e9f0422e7eabedbf10 Mon Sep 17 00:00:00 2001 From: Tom "spot" Callaway <tcallawa(a)redhat.com> Date: Mon, 2 Feb 2009 17:15:31 -0500 Subject: [PATCH] Convert all calls of md5 function to use hashlib if present (Python 2.6 change). --- builder/kojid | 8 ++++++-- cli/koji | 8 ++++++-- hub/kojihub.py | 25 ++++++++++++++++++++----- koji/__init__.py | 8 ++++++-- www/kojiweb/index.py | 9 +++++++-- 5 files changed, 45 insertions(+), 13 deletions(-) diff --git a/builder/kojid b/builder/kojid index b7900db..fe72fdc 100755 --- a/builder/kojid +++ b/builder/kojid @@ -33,7 +33,6 @@ import errno import glob import logging import logging.handlers -import md5 import os import pprint import pwd @@ -242,7 +241,12 @@ def incrementalUpload(fname, fd, path, retries=5, logger=None): break data = base64.encodestring(contents) - digest = md5.new(contents).hexdigest() + try: + import hashlib + digest = hashlib.md5(contents).hexdigest() + except ImportError: + import md5 + digest = md5.new(contents).hexdigest() del contents tries = 0 diff --git a/cli/koji b/cli/koji index 0ec732f..40974c7 100755 --- a/cli/koji +++ b/cli/koji @@ -31,7 +31,6 @@ import base64 import koji import koji.util import fnmatch -import md5 import os import re import pprint @@ -1173,7 +1172,12 @@ def handle_import_sig(options, session, args): previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey) assert len(previous) <= 1 if previous: - sighash = md5.new(sighdr).hexdigest() + try: + import hashlib + sighash = hashlib.md5(sighdr).hexdigest() + except ImportError: + import md5 + sighash = md5.new(sighdr).hexdigest() if previous[0]['sighash'] == sighash: print _("Signature already imported: %s") % path continue diff --git a/hub/kojihub.py b/hub/kojihub.py index 8a24bec..0965243 100644 --- a/hub/kojihub.py +++ b/hub/kojihub.py @@ -32,7 +32,6 @@ import logging import logging.handlers import fcntl import fnmatch -import md5 import os import pgdb import random @@ -3535,7 +3534,12 @@ def add_rpm_sig(an_rpm, sighdr): #we use the sigkey='' to represent unsigned in the db (so that uniqueness works) else: sigkey = koji.hex_string(sigkey[13:17]) - sighash = md5.new(sighdr).hexdigest() + try: + import hashlib + sighash = hashlib.md5(sighdr).hexdigest() + except ImportError: + import md5 + sighash = md5.new(sighdr).hexdigest() rpm_id = rinfo['id'] # - db entry q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s""" @@ -4771,8 +4775,14 @@ class RootExports(object): if size is not None: if size != len(contents): return False if md5sum is not None: - if md5sum != md5.new(contents).hexdigest(): - return False + try: + import hashlib + if md5sum != hashlib.md5(contents).hexdigest(): + return False + except ImportError: + import md5 + if md5sum != md5.new(contents).hexdigest(): + return False uploadpath = koji.pathinfo.work() #XXX - have an incoming dir and move after upload complete # SECURITY - ensure path remains under uploadpath @@ -4831,7 +4841,12 @@ class RootExports(object): fcntl.lockf(fd, fcntl.LOCK_UN) if md5sum is not None: #check final md5sum - sum = md5.new() + try: + import hashlib + sum = hashlib.md5() + except ImportError: + import md5 + sum = md5.new() fcntl.lockf(fd, fcntl.LOCK_SH|fcntl.LOCK_NB) try: # log_error("checking md5sum") diff --git a/koji/__init__.py b/koji/__init__.py index 6e04cb3..89e9783 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -31,7 +31,6 @@ import datetime from fnmatch import fnmatch import logging import logging.handlers -import md5 import os import os.path import pwd @@ -1467,7 +1466,12 @@ class ClientSession(object): fo = file(localfile, "r") #specify bufsize? totalsize = os.path.getsize(localfile) ofs = 0 - md5sum = md5.new() + try: + import hashlib + md5sum = hashlib.md5() + except ImportError: + import md5 + md5sum = md5.new() debug = self.opts.get('debug',False) if callback: callback(0, totalsize, 0, 0, 0) diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py index 1995a19..2eb236e 100644 --- a/www/kojiweb/index.py +++ b/www/kojiweb/index.py @@ -8,7 +8,6 @@ import Cheetah.Filters import Cheetah.Template import datetime import time -import md5 import koji import kojiweb.util @@ -62,7 +61,13 @@ def _genToken(req, tstamp=None): return '' if tstamp == None: tstamp = _truncTime() - return md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + try: + import hashlib + tokensum = hashlib.md5(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + except ImportError: + import md5 + tokensum = md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + return tokensum def _getValidTokens(req): tokens = [] -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating From 4c76e7ee1f56057d77b0e7e9f0422e7eabedbf10 Mon Sep 17 00:00:00 2001 From: Tom "spot" Callaway <tcallawa(a)redhat.com> Date: Mon, 2 Feb 2009 17:15:31 -0500 Subject: [PATCH] Convert all calls of md5 function to use hashlib if present (Python 2.6 change). --- builder/kojid | 8 ++++++-- cli/koji | 8 ++++++-- hub/kojihub.py | 25 ++++++++++++++++++++----- koji/__init__.py | 8 ++++++-- www/kojiweb/index.py | 9 +++++++-- 5 files changed, 45 insertions(+), 13 deletions(-) diff --git a/builder/kojid b/builder/kojid index b7900db..fe72fdc 100755 --- a/builder/kojid +++ b/builder/kojid @@ -33,7 +33,6 @@ import errno import glob import logging import logging.handlers -import md5 import os import pprint import pwd @@ -242,7 +241,12 @@ def incrementalUpload(fname, fd, path, retries=5, logger=None): break data = base64.encodestring(contents) - digest = md5.new(contents).hexdigest() + try: + import hashlib + digest = hashlib.md5(contents).hexdigest() + except ImportError: + import md5 + digest = md5.new(contents).hexdigest() del contents tries = 0 diff --git a/cli/koji b/cli/koji index 0ec732f..40974c7 100755 --- a/cli/koji +++ b/cli/koji @@ -31,7 +31,6 @@ import base64 import koji import koji.util import fnmatch -import md5 import os import re import pprint @@ -1173,7 +1172,12 @@ def handle_import_sig(options, session, args): previous = session.queryRPMSigs(rpm_id=rinfo['id'], sigkey=sigkey) assert len(previous) <= 1 if previous: - sighash = md5.new(sighdr).hexdigest() + try: + import hashlib + sighash = hashlib.md5(sighdr).hexdigest() + except ImportError: + import md5 + sighash = md5.new(sighdr).hexdigest() if previous[0]['sighash'] == sighash: print _("Signature already imported: %s") % path continue diff --git a/hub/kojihub.py b/hub/kojihub.py index 8a24bec..0965243 100644 --- a/hub/kojihub.py +++ b/hub/kojihub.py @@ -32,7 +32,6 @@ import logging import logging.handlers import fcntl import fnmatch -import md5 import os import pgdb import random @@ -3535,7 +3534,12 @@ def add_rpm_sig(an_rpm, sighdr): #we use the sigkey='' to represent unsigned in the db (so that uniqueness works) else: sigkey = koji.hex_string(sigkey[13:17]) - sighash = md5.new(sighdr).hexdigest() + try: + import hashlib + sighash = hashlib.md5(sighdr).hexdigest() + except ImportError: + import md5 + sighash = md5.new(sighdr).hexdigest() rpm_id = rinfo['id'] # - db entry q = """SELECT sighash FROM rpmsigs WHERE rpm_id=%(rpm_id)i AND sigkey=%(sigkey)s""" @@ -4771,8 +4775,14 @@ class RootExports(object): if size is not None: if size != len(contents): return False if md5sum is not None: - if md5sum != md5.new(contents).hexdigest(): - return False + try: + import hashlib + if md5sum != hashlib.md5(contents).hexdigest(): + return False + except ImportError: + import md5 + if md5sum != md5.new(contents).hexdigest(): + return False uploadpath = koji.pathinfo.work() #XXX - have an incoming dir and move after upload complete # SECURITY - ensure path remains under uploadpath @@ -4831,7 +4841,12 @@ class RootExports(object): fcntl.lockf(fd, fcntl.LOCK_UN) if md5sum is not None: #check final md5sum - sum = md5.new() + try: + import hashlib + sum = hashlib.md5() + except ImportError: + import md5 + sum = md5.new() fcntl.lockf(fd, fcntl.LOCK_SH|fcntl.LOCK_NB) try: # log_error("checking md5sum") diff --git a/koji/__init__.py b/koji/__init__.py index 6e04cb3..89e9783 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -31,7 +31,6 @@ import datetime from fnmatch import fnmatch import logging import logging.handlers -import md5 import os import os.path import pwd @@ -1467,7 +1466,12 @@ class ClientSession(object): fo = file(localfile, "r") #specify bufsize? totalsize = os.path.getsize(localfile) ofs = 0 - md5sum = md5.new() + try: + import hashlib + md5sum = hashlib.md5() + except ImportError: + import md5 + md5sum = md5.new() debug = self.opts.get('debug',False) if callback: callback(0, totalsize, 0, 0, 0) diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py index 1995a19..2eb236e 100644 --- a/www/kojiweb/index.py +++ b/www/kojiweb/index.py @@ -8,7 +8,6 @@ import Cheetah.Filters import Cheetah.Template import datetime import time -import md5 import koji import kojiweb.util @@ -62,7 +61,13 @@ def _genToken(req, tstamp=None): return '' if tstamp == None: tstamp = _truncTime() - return md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + try: + import hashlib + tokensum = hashlib.md5(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + except ImportError: + import md5 + tokensum = md5.new(user + str(tstamp) + req.get_options()['Secret']).hexdigest()[-8:] + return tokensum def _getValidTokens(req): tokens = [] -- 1.6.1.2

4 3

Re: change in --copyin?
by Michael E Brown 01 Feb '09

01 Feb '09

On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hrm, this is kind of scary, mock is trying to prevent this action? The > > weird thing is that an error is reported that the action was not > > allowed, yet the end result is that the file is indeed copied. So if > > we're trying to prevent it, we're not doing a good job. > > > > I tried it on my laptop and the copy didn't happen. Not sure what's > going on there. > > I went back and looked at the commit where I added the copyin/copyout > options and the uidManager.dropPrivsForever() has always been there. > I'm considering dropping it for --copyin (where we modify the chroot) > but not for --copyout (where we modify the actual filesystem). > > What do you guys think? Well, until we come up with a "real" security policy for mock, the above suggestion sounds reasonable. -- Michael

1 0

Re: change in --copyin?
by Jesse Keating 01 Feb '09

01 Feb '09

On Sun, 2009-02-01 at 10:17 -0600, Clark Williams wrote: > > Jesse is having an issue with --copyin; he's getting a permission > denied when trying to copy the system /etc/hosts to the > chroot /etc/hosts. This is due to the uidManager.dropPrivsForever() > near the top of the --copyin logic block. My question is, do we need to > drop privs there? Seems kinda crippling to --copyin if you can only > copy stuff to /tmp or the homedir in the chroot. > > Or is allowing modification of the chroot environment a security issue > we're not willing to live with? Can we check to see if mock has been > kicked off as root (or does the pam helper logic neuter that)? Hrm, this is kind of scary, mock is trying to prevent this action? The weird thing is that an error is reported that the action was not allowed, yet the end result is that the file is indeed copied. So if we're trying to prevent it, we're not doing a good job. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

buildsys February 2009