openstack/glance
Code Issues Proposed changes
5eca0f66db
glance/requirements.txt
Ade Lee 8027d90710 Replace md5 with oslo version 
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.

md5 is allowed when in a non-security context.  There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.

In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.

Some downstream python versions already support this parameter.  To
support these versions, a new encapsulation of md5() has been added to
oslo_utils.  See https://review.opendev.org/#/c/750031/

This patch is to replace the instances of hashlib.md5() with this new
encapsulation, adding an annotation indicating whether the usage is
a security context or not.

Reviewers need to pay particular attention as to whether the keyword
parameter (usedforsecurity) is set correctly.

It looks like the usage of md5() here is solely to determine a checksum
of an image.

With this patch and the dependent patch for glance_store, all the
unit and functional tests pass on a FIPS enabled system.

Depends-On: https://review.opendev.org/#/c/756157
Depends-On: https://review.opendev.org/#/c/760160
Change-Id: I3b6d78d9792d4655bf0f4989cf82aced3f27491b
2020-12-15 10:43:19 -05:00

64 lines
1.7 KiB
Plaintext
Raw Blame History

# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pbr!=2.1.0,>=2.0.0 # Apache-2.0
defusedxml>=0.6.0 # PSF
# < 0.8.0/0.8 does not work, see https://bugs.launchpad.net/bugs/1153983
SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
eventlet>=0.25.1 # MIT
PasteDeploy>=1.5.0 # MIT
Routes>=2.3.1 # MIT
WebOb>=1.8.1 # MIT
sqlalchemy-migrate>=0.11.0 # Apache-2.0
sqlparse>=0.2.2 # BSD
alembic>=0.9.6 # MIT
httplib2>=0.9.1 # MIT
oslo.config>=5.2.0 # Apache-2.0
oslo.concurrency>=3.26.0 # Apache-2.0
oslo.context>=2.22.0 # Apache-2.0
oslo.upgradecheck>=0.1.0 # Apache-2.0
oslo.utils>=4.7.0 # Apache-2.0
stevedore!=3.0.0,>=1.20.0 # Apache-2.0
futurist>=1.2.0 # Apache-2.0
taskflow>=4.0.0 # Apache-2.0
keystoneauth1>=3.4.0 # Apache-2.0
keystonemiddleware>=4.17.0 # Apache-2.0
WSME>=0.8.0 # MIT
PrettyTable<0.8,>=0.7.1 # BSD
# For paste.util.template used in keystone.common.template
Paste>=2.0.2 # MIT
jsonschema>=3.2.0 # MIT
pyOpenSSL>=17.1.0 # Apache-2.0
# Required by openstack.common libraries
six>=1.11.0 # MIT
oslo.db>=5.0.0 # Apache-2.0
oslo.i18n>=3.15.3 # Apache-2.0
oslo.log>=3.36.0 # Apache-2.0
oslo.messaging>=5.29.0,!=9.0.0 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0
oslo.policy>=2.4.1 # Apache-2.0
retrying!=1.3.0,>=1.2.3 # Apache-2.0
osprofiler>=1.4.0 # Apache-2.0
# Glance Store
glance-store>=2.3.0 # Apache-2.0
debtcollector>=1.2.0 # Apache-2.0
cryptography>=2.6.1 # BSD/Apache-2.0
cursive>=0.2.1 # Apache-2.0
# timeutils
iso8601>=0.1.11 # MIT
os-win>=4.0.1 # Apache-2.0
castellan>=0.17.0 # Apache-2.0
View Git Blame Copy Permalink