Replace md5 with sha256 for file checksum comparissons

Signed-off-by: Pedro Algarvio <palgarvio@vmware.com>
2025-04-17 10:10:20 +00:00 · 2023-11-05 19:16:17 +00:00 · 2023-11-05 19:16:17 +00:00 · 47ace5bec9
commit 47ace5bec9
parent 265ec5becf
2 changed files with 13 additions and 15 deletions
--- a/salt/modules/container_resource.py
+++ b/salt/modules/container_resource.py
@ -69,15 +69,13 @@ def _nsenter(pid):
    return f"nsenter --target {pid} --mount --uts --ipc --net --pid"


-def _get_md5(name, path, run_func):
+def _get_sha256(name, path, run_func):
    """
-    Get the MD5 checksum of a file from a container
+    Get the sha256 checksum of a file from a container
    """
-    output = run_func(name, f"md5sum {shlex.quote(path)}", ignore_retcode=True)[
-        "stdout"
-    ]
+    ret = run_func(name, f"sha256sum {shlex.quote(path)}", ignore_retcode=True)
    try:
-        return output.split()[0]
+        return ret["stdout"].split()[0]
    except IndexError:
        # Destination file does not exist or could not be accessed
        return None
@ -368,8 +366,8 @@ def copy_to(
        )

    # Before we try to replace the file, compare checksums.
-    source_md5 = __salt__["file.get_sum"](local_file, "md5")
-    if source_md5 == _get_md5(name, dest, run_all):
+    source_sha256 = __salt__["file.get_sum"](local_file, "sha256")
+    if source_sha256 == _get_sha256(name, dest, run_all):
        log.debug("%s and %s:%s are the same file, skipping copy", source, name, dest)
        return True

@ -399,4 +397,4 @@ def copy_to(
            local_file, name, PATH, dest
        )
    __salt__["cmd.run"](copy_cmd, python_shell=True, output_loglevel="quiet")
-    return source_md5 == _get_md5(name, dest, run_all)
+    return source_sha256 == _get_sha256(name, dest, run_all)
--- a/salt/modules/dockermod.py
+++ b/salt/modules/dockermod.py
@ -525,11 +525,11 @@ def _clear_context():
            pass


-def _get_md5(name, path):
+def _get_sha256(name, path):
    """
-    Get the MD5 checksum of a file from a container
+    Get the sha256 checksum of a file from a container
    """
-    output = run_stdout(name, f"md5sum {shlex.quote(path)}", ignore_retcode=True)
+    output = run_stdout(name, f"sha256sum {shlex.quote(path)}", ignore_retcode=True)
    try:
        return output.split()[0]
    except IndexError:
@ -3628,8 +3628,8 @@ def copy_from(name, source, dest, overwrite=False, makedirs=False):
            raise SaltInvocationError(f"Source file {source} does not exist")

    # Before we try to replace the file, compare checksums.
-    source_md5 = _get_md5(name, source)
-    if source_md5 == __salt__["file.get_sum"](dest, "md5"):
+    source_sha256 = _get_sha256(name, source)
+    if source_sha256 == __salt__["file.get_sum"](dest, "sha256"):
        log.debug("%s:%s and %s are the same file, skipping copy", name, source, dest)
        return True

@ -3641,7 +3641,7 @@ def copy_from(name, source, dest, overwrite=False, makedirs=False):
        src_path = f"{name}:{source}"
    cmd = ["docker", "cp", src_path, dest_dir]
    __salt__["cmd.run"](cmd, python_shell=False)
-    return source_md5 == __salt__["file.get_sum"](dest, "md5")
+    return source_sha256 == __salt__["file.get_sum"](dest, "sha256")


 # Docker cp gets a file from the container, alias this to copy_from