From 3f3154ed4103af93d12f177f0566cce6cf83c213 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Fri, 20 Oct 2023 06:24:47 +0100 Subject: [PATCH] Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 Signed-off-by: Pedro Algarvio --- changelog/65287.fixed.md | 1 + salt/config/__init__.py | 6 ++++-- salt/fileclient.py | 9 +++++---- salt/fileserver/hgfs.py | 4 ++-- salt/fileserver/svnfs.py | 3 ++- salt/modules/guestfs.py | 3 ++- salt/modules/test.py | 3 ++- salt/modules/timezone.py | 3 ++- salt/netapi/rest_tornado/__init__.py | 5 ++++- salt/pillar/hg_pillar.py | 3 ++- salt/tokens/localfs.py | 3 ++- salt/tokens/rediscluster.py | 4 ++-- salt/utils/extmods.py | 3 ++- salt/utils/gitfs.py | 4 ++-- .../netapi/rest_tornado/test_websockets_handler.py | 5 ++++- 15 files changed, 38 insertions(+), 21 deletions(-) create mode 100644 changelog/65287.fixed.md diff --git a/changelog/65287.fixed.md b/changelog/65287.fixed.md new file mode 100644 index 00000000000..e075d251820 --- /dev/null +++ b/changelog/65287.fixed.md @@ -0,0 +1 @@ +Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 diff --git a/salt/config/__init__.py b/salt/config/__init__.py index d3478340bb6..f946bc7f010 100644 --- a/salt/config/__init__.py +++ b/salt/config/__init__.py @@ -49,6 +49,8 @@ log = logging.getLogger(__name__) _DFLT_REFSPECS = ["+refs/heads/*:refs/remotes/origin/*", "+refs/tags/*:refs/tags/*"] DEFAULT_INTERVAL = 60 +DEFAULT_HASH_TYPE = "sha256" + if salt.utils.platform.is_windows(): # Since an 'ipc_mode' of 'ipc' will never work on Windows due to lack of @@ -1139,7 +1141,7 @@ DEFAULT_MINION_OPTS = immutabletypes.freeze( "gitfs_refspecs": _DFLT_REFSPECS, "gitfs_disable_saltenv_mapping": False, "unique_jid": False, - "hash_type": "sha256", + "hash_type": DEFAULT_HASH_TYPE, "optimization_order": [0, 1, 2], "disable_modules": [], "disable_returners": [], @@ -1464,7 +1466,7 @@ DEFAULT_MASTER_OPTS = immutabletypes.freeze( "fileserver_ignoresymlinks": False, "fileserver_verify_config": True, "max_open_files": 100000, - "hash_type": "sha256", + "hash_type": DEFAULT_HASH_TYPE, "optimization_order": [0, 1, 2], "conf_file": os.path.join(salt.syspaths.CONFIG_DIR, "master"), "open_mode": False, diff --git a/salt/fileclient.py b/salt/fileclient.py index 0114eae21ea..b7966b2029b 100644 --- a/salt/fileclient.py +++ b/salt/fileclient.py @@ -32,6 +32,7 @@ import salt.utils.templates import salt.utils.url import salt.utils.verify import salt.utils.versions +from salt.config import DEFAULT_HASH_TYPE from salt.exceptions import CommandExecutionError, MinionError, SaltClientError from salt.ext.tornado.httputil import ( HTTPHeaders, @@ -1053,7 +1054,7 @@ class PillarClient(Client): # Local file path fnd_path = fnd - hash_type = self.opts.get("hash_type", "md5") + hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE) ret["hsum"] = salt.utils.hashutils.get_hash(fnd_path, form=hash_type) ret["hash_type"] = hash_type return ret @@ -1084,7 +1085,7 @@ class PillarClient(Client): except Exception: # pylint: disable=broad-except fnd_stat = None - hash_type = self.opts.get("hash_type", "md5") + hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE) ret["hsum"] = salt.utils.hashutils.get_hash(fnd_path, form=hash_type) ret["hash_type"] = hash_type return ret, fnd_stat @@ -1303,7 +1304,7 @@ class RemoteClient(Client): hsum = salt.utils.hashutils.get_hash( dest, salt.utils.stringutils.to_str( - data.get("hash_type", b"md5") + data.get("hash_type", DEFAULT_HASH_TYPE) ), ) if hsum != data["hsum"]: @@ -1417,7 +1418,7 @@ class RemoteClient(Client): return {}, None else: ret = {} - hash_type = self.opts.get("hash_type", "md5") + hash_type = self.opts.get("hash_type", DEFAULT_HASH_TYPE) ret["hsum"] = salt.utils.hashutils.get_hash(path, form=hash_type) ret["hash_type"] = hash_type return ret diff --git a/salt/fileserver/hgfs.py b/salt/fileserver/hgfs.py index baafa46bd8c..a7f548ac6a9 100644 --- a/salt/fileserver/hgfs.py +++ b/salt/fileserver/hgfs.py @@ -35,7 +35,6 @@ will set the desired branch method. Possible values are: ``branches``, - python bindings for mercurial (``python-hglib``) """ - import copy import errno import fnmatch @@ -54,6 +53,7 @@ import salt.utils.hashutils import salt.utils.stringutils import salt.utils.url import salt.utils.versions +from salt.config import DEFAULT_HASH_TYPE from salt.exceptions import FileserverConfigError from salt.utils.event import tagify @@ -308,7 +308,7 @@ def init(): # mountpoint not specified pass - hash_type = getattr(hashlib, __opts__.get("hash_type", "md5")) + hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE)) repo_hash = hash_type(repo_url.encode("utf-8")).hexdigest() rp_ = os.path.join(bp_, repo_hash) if not os.path.isdir(rp_): diff --git a/salt/fileserver/svnfs.py b/salt/fileserver/svnfs.py index c45365fafb6..48843f22e67 100644 --- a/salt/fileserver/svnfs.py +++ b/salt/fileserver/svnfs.py @@ -49,6 +49,7 @@ import salt.utils.path import salt.utils.stringutils import salt.utils.url import salt.utils.versions +from salt.config import DEFAULT_HASH_TYPE from salt.exceptions import FileserverConfigError from salt.utils.event import tagify @@ -192,7 +193,7 @@ def init(): # mountpoint not specified pass - hash_type = getattr(hashlib, __opts__.get("hash_type", "md5")) + hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE)) repo_hash = hash_type(repo_url).hexdigest() rp_ = os.path.join(bp_, repo_hash) if not os.path.isdir(rp_): diff --git a/salt/modules/guestfs.py b/salt/modules/guestfs.py index 1d03ab693f2..2395bd2a1c3 100644 --- a/salt/modules/guestfs.py +++ b/salt/modules/guestfs.py @@ -11,6 +11,7 @@ import tempfile import time import salt.utils.path +from salt.config import DEFAULT_HASH_TYPE log = logging.getLogger(__name__) @@ -51,7 +52,7 @@ def mount(location, access="rw", root=None): while True: if os.listdir(root): # Stuff is in there, don't use it - hash_type = getattr(hashlib, __opts__.get("hash_type", "md5")) + hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE)) rand = hash_type(os.urandom(32)).hexdigest() root = os.path.join( tempfile.gettempdir(), diff --git a/salt/modules/test.py b/salt/modules/test.py index 62d96f52118..fe4c8ec9ae1 100644 --- a/salt/modules/test.py +++ b/salt/modules/test.py @@ -18,6 +18,7 @@ import salt.utils.hashutils import salt.utils.platform import salt.utils.versions import salt.version +from salt.config import DEFAULT_HASH_TYPE from salt.utils.decorators import depends __proxyenabled__ = ["*"] @@ -528,7 +529,7 @@ def random_hash(size=9999999999, hash_type=None): salt '*' test.random_hash hash_type=sha512 """ if not hash_type: - hash_type = __opts__.get("hash_type", "md5") + hash_type = __opts__.get("hash_type", DEFAULT_HASH_TYPE) return salt.utils.hashutils.random_hash(size=size, hash_type=hash_type) diff --git a/salt/modules/timezone.py b/salt/modules/timezone.py index 8c05d42cbb4..4904c8dcc6e 100644 --- a/salt/modules/timezone.py +++ b/salt/modules/timezone.py @@ -16,6 +16,7 @@ import salt.utils.itertools import salt.utils.path import salt.utils.platform import salt.utils.stringutils +from salt.config import DEFAULT_HASH_TYPE from salt.exceptions import CommandExecutionError, SaltInvocationError log = logging.getLogger(__name__) @@ -121,7 +122,7 @@ def _get_zone_etc_localtime(): tzfile, ) # Regular file. Try to match the hash. - hash_type = __opts__.get("hash_type", "md5") + hash_type = __opts__.get("hash_type", DEFAULT_HASH_TYPE) tzfile_hash = salt.utils.hashutils.get_hash(tzfile, hash_type) # Not a link, just a copy of the tzdata file for root, dirs, files in salt.utils.path.os_walk(tzdir): diff --git a/salt/netapi/rest_tornado/__init__.py b/salt/netapi/rest_tornado/__init__.py index 67336d0adaa..9ab2569c822 100644 --- a/salt/netapi/rest_tornado/__init__.py +++ b/salt/netapi/rest_tornado/__init__.py @@ -3,6 +3,7 @@ import logging import os import salt.auth +from salt.config import DEFAULT_HASH_TYPE from salt.utils.versions import Version __virtualname__ = os.path.abspath(__file__).rsplit(os.sep)[-2] or "rest_tornado" @@ -59,7 +60,9 @@ def get_application(opts): from . import saltnado_websockets token_pattern = r"([0-9A-Fa-f]{{{0}}})".format( - len(getattr(hashlib, opts.get("hash_type", "md5"))().hexdigest()) + len( + getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE))().hexdigest() + ) ) all_events_pattern = r"/all_events/{}".format(token_pattern) formatted_events_pattern = r"/formatted_events/{}".format(token_pattern) diff --git a/salt/pillar/hg_pillar.py b/salt/pillar/hg_pillar.py index 3a183a04568..b4ce24ac8a6 100644 --- a/salt/pillar/hg_pillar.py +++ b/salt/pillar/hg_pillar.py @@ -23,6 +23,7 @@ import os import salt.pillar import salt.utils.stringutils +from salt.config import DEFAULT_HASH_TYPE try: import hglib @@ -90,7 +91,7 @@ class Repo: """Initialize a hg repo (or open it if it already exists)""" self.repo_uri = repo_uri cachedir = os.path.join(__opts__["cachedir"], "hg_pillar") - hash_type = getattr(hashlib, __opts__.get("hash_type", "md5")) + hash_type = getattr(hashlib, __opts__.get("hash_type", DEFAULT_HASH_TYPE)) repo_hash = hash_type(salt.utils.stringutils.to_bytes(repo_uri)).hexdigest() self.working_dir = os.path.join(cachedir, repo_hash) if not os.path.isdir(self.working_dir): diff --git a/salt/tokens/localfs.py b/salt/tokens/localfs.py index 99a239d62f1..61c2d945ad3 100644 --- a/salt/tokens/localfs.py +++ b/salt/tokens/localfs.py @@ -11,6 +11,7 @@ import salt.payload import salt.utils.files import salt.utils.path import salt.utils.verify +from salt.config import DEFAULT_HASH_TYPE log = logging.getLogger(__name__) @@ -27,7 +28,7 @@ def mk_token(opts, tdata): :param tdata: Token data to be stored with 'token' attribute of this dict set to the token. :returns: tdata with token if successful. Empty dict if failed. """ - hash_type = getattr(hashlib, opts.get("hash_type", "md5")) + hash_type = getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE)) tok = str(hash_type(os.urandom(512)).hexdigest()) t_path = os.path.join(opts["token_dir"], tok) temp_t_path = "{}.tmp".format(t_path) diff --git a/salt/tokens/rediscluster.py b/salt/tokens/rediscluster.py index 241fe64b869..dc9bb44d3ea 100644 --- a/salt/tokens/rediscluster.py +++ b/salt/tokens/rediscluster.py @@ -13,12 +13,12 @@ Default values for these configs are as follow: :depends: - redis-py-cluster Python package """ - import hashlib import logging import os import salt.payload +from salt.config import DEFAULT_HASH_TYPE try: import rediscluster @@ -74,7 +74,7 @@ def mk_token(opts, tdata): redis_client = _redis_client(opts) if not redis_client: return {} - hash_type = getattr(hashlib, opts.get("hash_type", "md5")) + hash_type = getattr(hashlib, opts.get("hash_type", DEFAULT_HASH_TYPE)) tok = str(hash_type(os.urandom(512)).hexdigest()) try: while redis_client.get(tok) is not None: diff --git a/salt/utils/extmods.py b/salt/utils/extmods.py index 24204f40f8f..6a4d5c14440 100644 --- a/salt/utils/extmods.py +++ b/salt/utils/extmods.py @@ -11,6 +11,7 @@ import salt.utils.files import salt.utils.hashutils import salt.utils.path import salt.utils.url +from salt.config import DEFAULT_HASH_TYPE log = logging.getLogger(__name__) @@ -123,7 +124,7 @@ def sync( log.info("Copying '%s' to '%s'", fn_, dest) if os.path.isfile(dest): # The file is present, if the sum differs replace it - hash_type = opts.get("hash_type", "md5") + hash_type = opts.get("hash_type", DEFAULT_HASH_TYPE) src_digest = salt.utils.hashutils.get_hash(fn_, hash_type) dst_digest = salt.utils.hashutils.get_hash(dest, hash_type) if src_digest != dst_digest: diff --git a/salt/utils/gitfs.py b/salt/utils/gitfs.py index f15b8316e75..a197921f6ef 100644 --- a/salt/utils/gitfs.py +++ b/salt/utils/gitfs.py @@ -2,7 +2,6 @@ Classes which provide the shared base for GitFS, git_pillar, and winrepo """ - import base64 import contextlib import copy @@ -37,6 +36,7 @@ import salt.utils.stringutils import salt.utils.url import salt.utils.user import salt.utils.versions +from salt.config import DEFAULT_HASH_TYPE from salt.config import DEFAULT_MASTER_OPTS as _DEFAULT_MASTER_OPTS from salt.exceptions import FileserverConfigError, GitLockError, get_error_message from salt.utils.event import tagify @@ -458,7 +458,7 @@ class GitProvider: if hasattr(self, "name"): self._cache_basehash = self.name else: - hash_type = getattr(hashlib, self.opts.get("hash_type", "md5")) + hash_type = getattr(hashlib, self.opts.get("hash_type", DEFAULT_HASH_TYPE)) # We loaded this data from yaml configuration files, so, its safe # to use UTF-8 self._cache_basehash = str( diff --git a/tests/pytests/functional/netapi/rest_tornado/test_websockets_handler.py b/tests/pytests/functional/netapi/rest_tornado/test_websockets_handler.py index d039e75d29b..7469897a811 100644 --- a/tests/pytests/functional/netapi/rest_tornado/test_websockets_handler.py +++ b/tests/pytests/functional/netapi/rest_tornado/test_websockets_handler.py @@ -6,6 +6,7 @@ import pytest import salt.netapi.rest_tornado as rest_tornado import salt.utils.json import salt.utils.yaml +from salt.config import DEFAULT_HASH_TYPE from salt.ext.tornado.httpclient import HTTPError, HTTPRequest from salt.ext.tornado.websocket import websocket_connect @@ -51,7 +52,9 @@ async def test_websocket_handler_bad_token(client_config, http_server): A bad token should returns a 401 during a websocket connect """ token = "A" * len( - getattr(hashlib, client_config.get("hash_type", "md5"))().hexdigest() + getattr( + hashlib, client_config.get("hash_type", DEFAULT_HASH_TYPE) + )().hexdigest() ) url = "ws://127.0.0.1:{}/all_events/{}".format(http_server.port, token)