diff options
author | Ade Lee <alee@redhat.com> | 2020-10-01 18:26:08 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2020-11-11 13:40:46 -0500 |
commit | a34419aecdf3db58426fe8fb7e1849ebdff6a5f1 (patch) | |
tree | 3644f222f3ab63ed150956456734cb9159a49a1c /requirements.txt | |
parent | 488d3e2fe31e4fc7a461e9de8b20df481d78daa2 (diff) | |
download | glance_store-a34419aecdf3db58426fe8fb7e1849ebdff6a5f1.tar.gz |
Replace md5 with oslo version
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.
It looks like the uses of the md5 are primarily for checksums and
generation of etags.
With this patch, all the unit and functional tests appear to pass
on a FIPS enabled system.
Change-Id: I0603ba217d6dc19f5c9f73c60c7b365efd28d30b
Depends-On: https://review.opendev.org/#/c/760160
Diffstat (limited to 'requirements.txt')
-rw-r--r-- | requirements.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/requirements.txt b/requirements.txt index e537c3a..ff68486 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ oslo.config>=5.2.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 -oslo.utils>=3.33.0 # Apache-2.0 +oslo.utils>=4.7.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0 stevedore>=1.20.0 # Apache-2.0 eventlet!=0.18.3,!=0.20.1,>=0.18.2 # MIT |