Use `sha256 as the default hash_type`. It has been the default since Salt v2016.9

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>

changelog/65287.fixed.md

@@ -0,0 +1 @@
+Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9

salt/config/__init__.py

@@ -49,6 +49,8 @@ log = logging.getLogger(__name__)
 
 _DFLT_REFSPECS = ["+refs/heads/*:refs/remotes/origin/*", "+refs/tags/*:refs/tags/*"]
 DEFAULT_INTERVAL = 60
+DEFAULT_HASH_TYPE = "sha256"
+
 
 if salt.utils.platform.is_windows():
     # Since an 'ipc_mode' of 'ipc' will never work on Windows due to lack of
@@ -1139,7 +1141,7 @@ DEFAULT_MINION_OPTS = immutabletypes.freeze(
         "gitfs_refspecs": _DFLT_REFSPECS,
         "gitfs_disable_saltenv_mapping": False,
         "unique_jid": False,
-        "hash_type": "sha256",
+        "hash_type": DEFAULT_HASH_TYPE,
         "optimization_order": [0, 1, 2],
         "disable_modules": [],
         "disable_returners": [],
@@ -1464,7 +1466,7 @@ DEFAULT_MASTER_OPTS = immutabletypes.freeze(
         "fileserver_ignoresymlinks": False,
         "fileserver_verify_config": True,
         "max_open_files": 100000,
-        "hash_type": "sha256",
+        "hash_type": DEFAULT_HASH_TYPE,
         "optimization_order": [0, 1, 2],
         "conf_file": os.path.join(salt.syspaths.CONFIG_DIR, "master"),
         "open_mode": False,

salt/fileclient.py

@@ -32,6 +32,7 @@ import salt.utils.templates
 import salt.utils.url
 import salt.utils.verify
 import salt.utils.versions
+from salt.config import DEFAULT_HASH_TYPE
 from salt.exceptions import CommandExecutionError, MinionError, SaltClientError
 from salt.ext.tornado.httputil import (
     HTTPHeaders,
@@ -1053,7 +1054,7 @@ class PillarClient(Client):
             # Local file path
             fnd_path = fnd
 
-        hash_type = self.opts.get("hash_type", "md5")
+        hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE)
         ret["hsum"] = salt.utils.hashutils.get_hash(fnd_path, form=hash_type)
         ret["hash_type"] = hash_type
         return ret
@@ -1084,7 +1085,7 @@ class PillarClient(Client):
             except Exception:  # pylint: disable=broad-except
                 fnd_stat = None
 
-        hash_type = self.opts.get("hash_type", "md5")
+        hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE)
         ret["hsum"] = salt.utils.hashutils.get_hash(fnd_path, form=hash_type)
         ret["hash_type"] = hash_type
         return ret, fnd_stat
@@ -1303,7 +1304,7 @@ class RemoteClient(Client):
                         hsum = salt.utils.hashutils.get_hash(
                             dest,
                             salt.utils.stringutils.to_str(
-                                data.get("hash_type", b"md5")
+                                data.get("hash_type", DEFAULT_HASH_TYPE)
                             ),
                         )
                         if hsum != data["hsum"]:
@@ -1417,7 +1418,7 @@ class RemoteClient(Client):
                 return {}, None
             else:
                 ret = {}
-                hash_type = self.opts.get("hash_type", "md5")
+                hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE)
                 ret["hsum"] = salt.utils.hashutils.get_hash(path, form=hash_type)
                 ret["hash_type"] = hash_type
                 return ret

salt/fileserver/hgfs.py

@@ -35,7 +35,6 @@ will set the desired branch method. Possible values are: ``branches``,
             - python bindings for mercurial (``python-hglib``)
 """
 
-
 import copy
 import errno
 import fnmatch
@@ -54,6 +53,7 @@ import salt.utils.hashutils
 import salt.utils.stringutils
 import salt.utils.url
 import salt.utils.versions
+from salt.config import DEFAULT_HASH_TYPE
 from salt.exceptions import FileserverConfigError
 from salt.utils.event import tagify
 
@@ -308,7 +308,7 @@ def init():
             # mountpoint not specified
             pass
 
-        hash_type = getattr(hashlib, __opts__.get("hash_type", "md5"))
+        hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE))
         repo_hash = hash_type(repo_url.encode("utf-8")).hexdigest()
         rp_ = os.path.join(bp_, repo_hash)
         if not os.path.isdir(rp_):

salt/fileserver/svnfs.py

@@ -49,6 +49,7 @@ import salt.utils.path
 import salt.utils.stringutils
 import salt.utils.url
 import salt.utils.versions
+from salt.config import DEFAULT_HASH_TYPE
 from salt.exceptions import FileserverConfigError
 from salt.utils.event import tagify
 
@@ -192,7 +193,7 @@ def init():
             # mountpoint not specified
             pass
 
-        hash_type = getattr(hashlib, __opts__.get("hash_type", "md5"))
+        hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE))
         repo_hash = hash_type(repo_url).hexdigest()
         rp_ = os.path.join(bp_, repo_hash)
         if not os.path.isdir(rp_):

salt/modules/guestfs.py

@@ -11,6 +11,7 @@ import tempfile
 import time
 
 import salt.utils.path
+from salt.config import DEFAULT_HASH_TYPE
 
 log = logging.getLogger(__name__)
 
@@ -51,7 +52,7 @@ def mount(location, access="rw", root=None):
     while True:
         if os.listdir(root):
             # Stuff is in there, don't use it
-            hash_type = getattr(hashlib, __opts__.get("hash_type", "md5"))
+            hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE))
             rand = hash_type(os.urandom(32)).hexdigest()
             root = os.path.join(
                 tempfile.gettempdir(),

salt/modules/test.py

@@ -18,6 +18,7 @@ import salt.utils.hashutils
 import salt.utils.platform
 import salt.utils.versions
 import salt.version
+from salt.config import DEFAULT_HASH_TYPE
 from salt.utils.decorators import depends
 
 __proxyenabled__ = ["*"]
@@ -528,7 +529,7 @@ def random_hash(size=9999999999, hash_type=None):
         salt '*' test.random_hash hash_type=sha512
     """
     if not hash_type:
-        hash_type = __opts__.get("hash_type", "md5")
+        hash_type = __opts__.get("hash_type", DEFAULT_HASH_TYPE)
     return salt.utils.hashutils.random_hash(size=size, hash_type=hash_type)
 
 

salt/modules/timezone.py

@@ -16,6 +16,7 @@ import salt.utils.itertools
 import salt.utils.path
 import salt.utils.platform
 import salt.utils.stringutils
+from salt.config import DEFAULT_HASH_TYPE
 from salt.exceptions import CommandExecutionError, SaltInvocationError
 
 log = logging.getLogger(__name__)
@@ -121,7 +122,7 @@ def _get_zone_etc_localtime():
                 tzfile,
             )
             # Regular file. Try to match the hash.
-            hash_type = __opts__.get("hash_type", "md5")
+            hash_type = __opts__.get("hash_type", DEFAULT_HASH_TYPE)
             tzfile_hash = salt.utils.hashutils.get_hash(tzfile, hash_type)
             # Not a link, just a copy of the tzdata file
             for root, dirs, files in salt.utils.path.os_walk(tzdir):

salt/netapi/rest_tornado/__init__.py

@@ -3,6 +3,7 @@ import logging
 import os
 
 import salt.auth
+from salt.config import DEFAULT_HASH_TYPE
 from salt.utils.versions import Version
 
 __virtualname__ = os.path.abspath(__file__).rsplit(os.sep)[-2] or "rest_tornado"
@@ -59,7 +60,9 @@ def get_application(opts):
         from . import saltnado_websockets
 
         token_pattern = r"([0-9A-Fa-f]{{{0}}})".format(
-            len(getattr(hashlib, opts.get("hash_type", "md5"))().hexdigest())
+            len(
+                getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE))().hexdigest()
+            )
         )
         all_events_pattern = r"/all_events/{}".format(token_pattern)
         formatted_events_pattern = r"/formatted_events/{}".format(token_pattern)

salt/pillar/hg_pillar.py

@@ -23,6 +23,7 @@ import os
 
 import salt.pillar
 import salt.utils.stringutils
+from salt.config import DEFAULT_HASH_TYPE
 
 try:
     import hglib
@@ -90,7 +91,7 @@ class Repo:
         """Initialize a hg repo (or open it if it already exists)"""
         self.repo_uri = repo_uri
         cachedir = os.path.join(__opts__["cachedir"], "hg_pillar")
-        hash_type = getattr(hashlib, __opts__.get("hash_type", "md5"))
+        hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE))
         repo_hash = hash_type(salt.utils.stringutils.to_bytes(repo_uri)).hexdigest()
         self.working_dir = os.path.join(cachedir, repo_hash)
         if not os.path.isdir(self.working_dir):

salt/tokens/localfs.py

@@ -11,6 +11,7 @@ import salt.payload
 import salt.utils.files
 import salt.utils.path
 import salt.utils.verify
+from salt.config import DEFAULT_HASH_TYPE
 
 log = logging.getLogger(__name__)
 
@@ -27,7 +28,7 @@ def mk_token(opts, tdata):
     :param tdata: Token data to be stored with 'token' attribute of this dict set to the token.
     :returns: tdata with token if successful. Empty dict if failed.
     """
-    hash_type = getattr(hashlib, opts.get("hash_type", "md5"))
+    hash_type = getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE))
     tok = str(hash_type(os.urandom(512)).hexdigest())
     t_path = os.path.join(opts["token_dir"], tok)
     temp_t_path = "{}.tmp".format(t_path)

salt/tokens/rediscluster.py

@@ -13,12 +13,12 @@ Default values for these configs are as follow:
 :depends:   - redis-py-cluster Python package
 """
 
-
 import hashlib
 import logging
 import os
 
 import salt.payload
+from salt.config import DEFAULT_HASH_TYPE
 
 try:
     import rediscluster
@@ -74,7 +74,7 @@ def mk_token(opts, tdata):
     redis_client = _redis_client(opts)
     if not redis_client:
         return {}
-    hash_type = getattr(hashlib, opts.get("hash_type", "md5"))
+    hash_type = getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE))
     tok = str(hash_type(os.urandom(512)).hexdigest())
     try:
         while redis_client.get(tok) is not None:

salt/utils/extmods.py

@@ -11,6 +11,7 @@ import salt.utils.files
 import salt.utils.hashutils
 import salt.utils.path
 import salt.utils.url
+from salt.config import DEFAULT_HASH_TYPE
 
 log = logging.getLogger(__name__)
 
@@ -123,7 +124,7 @@ def sync(
                         log.info("Copying '%s' to '%s'", fn_, dest)
                         if os.path.isfile(dest):
                             # The file is present, if the sum differs replace it
-                            hash_type = opts.get("hash_type", "md5")
+                            hash_type = opts.get("hash_type", DEFAULT_HASH_TYPE)
                             src_digest = salt.utils.hashutils.get_hash(fn_, hash_type)
                             dst_digest = salt.utils.hashutils.get_hash(dest, hash_type)
                             if src_digest != dst_digest:

salt/utils/gitfs.py

@@ -2,7 +2,6 @@
 Classes which provide the shared base for GitFS, git_pillar, and winrepo
 """
 
-
 import base64
 import contextlib
 import copy
@@ -37,6 +36,7 @@ import salt.utils.stringutils
 import salt.utils.url
 import salt.utils.user
 import salt.utils.versions
+from salt.config import DEFAULT_HASH_TYPE
 from salt.config import DEFAULT_MASTER_OPTS as _DEFAULT_MASTER_OPTS
 from salt.exceptions import FileserverConfigError, GitLockError, get_error_message
 from salt.utils.event import tagify
@@ -458,7 +458,7 @@ class GitProvider:
         if hasattr(self, "name"):
             self._cache_basehash = self.name
         else:
-            hash_type = getattr(hashlib, self.opts.get("hash_type", "md5"))
+            hash_type = getattr(hashlib, self.opts.get("hash_type", DEFAULT_HASH_TYPE))
             # We loaded this data from yaml configuration files, so, its safe
             # to use UTF-8
             self._cache_basehash = str(

tests/pytests/functional/netapi/rest_tornado/test_websockets_handler.py

@@ -6,6 +6,7 @@ import pytest
 import salt.netapi.rest_tornado as rest_tornado
 import salt.utils.json
 import salt.utils.yaml
+from salt.config import DEFAULT_HASH_TYPE
 from salt.ext.tornado.httpclient import HTTPError, HTTPRequest
 from salt.ext.tornado.websocket import websocket_connect
 
@@ -51,7 +52,9 @@ async def test_websocket_handler_bad_token(client_config, http_server):
     A bad token should returns a 401 during a websocket connect
     """
     token = "A" * len(
-        getattr(hashlib, client_config.get("hash_type", "md5"))().hexdigest()
+        getattr(
+            hashlib, client_config.get("hash_type", DEFAULT_HASH_TYPE)
+        )().hexdigest()
     )
 
     url = "ws://127.0.0.1:{}/all_events/{}".format(http_server.port, token)