Use FIPS-compatible SHA256 for comparing files
On systems in FIPS mode MD5 is not available, just use SHA256.
NOTE: I'm not sure if this changes makes ironic fully operational
in FIPS mode, merely fixing an immediate issue.
Story: 2007306
Task: 38792
Change-Id: I9a9e0286c88ed5a1a05e405d251b46a4708dd556
This commit is contained in:
Dmitry Tantsur
Julia Kreger
parent
cc38f03cf5
commit
8982ef574f
@ -228,12 +228,12 @@ def _get_hash_object(hash_algo_name):
|
|||||||
return getattr(hashlib, hash_algo_name)()
|
return getattr(hashlib, hash_algo_name)()
|
||||||
|
|
||||||
|
|
||||||
def file_has_content(path, content, hash_algo='md5'):
|
def file_has_content(path, content, hash_algo='sha256'):
|
||||||
"""Checks that content of the file is the same as provided reference.
|
"""Checks that content of the file is the same as provided reference.
|
||||||
|
|
||||||
:param path: path to file
|
:param path: path to file
|
||||||
:param content: reference content to check against
|
:param content: reference content to check against
|
||||||
:param hash_algo: hashing algo from hashlib to use, default is 'md5'
|
:param hash_algo: hashing algo from hashlib to use, default is 'sha256'
|
||||||
:returns: True if the hash of reference content is the same as
|
:returns: True if the hash of reference content is the same as
|
||||||
the hash of file's content, False otherwise
|
the hash of file's content, False otherwise
|
||||||
"""
|
"""
|
||||||
|
|||||||
4
releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml
Normal file
4
releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Use SHA256 for comparing file contents instead of MD5. This improves FIPS
|
||||||
|
compatibility.
|
||||||
Loading…
Reference in New Issue
Block a user