diff mbox series

[bitbake-devel,kirkstone,langdale,master] utils/ply: Update md5 to better report errors with hashlib

Message ID 1665093202-28238-1-git-send-email-mark.hatle@kernel.crashing.org
State New
Headers show
Series [bitbake-devel,kirkstone,langdale,master] utils/ply: Update md5 to better report errors with hashlib | expand

Commit Message

Mark Hatle Oct. 6, 2022, 9:53 p.m. UTC 
In the case where hashlib is not available, the try would fail and fall
through resulting in a backtrace on the usage of the 'sig'.  The backtrace
itself was confusing and made it difficult to determine what went wrong.

Update the import to be in it's own try block with an appropriate
message to indicate what went wrong.

Note, the current version of ply all of this code has been restructured
so this is not applicable upstream.

Additionally, some versions of hashlib don't appear to implement the
second FIPS related argument.  Detect this and support both versions.

Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
---
This was found on an internal Ubuntu 18.04 container.  Unfortunately I
don't have access to the container itself but this resolves the issue.

 bitbake/lib/bb/utils.py | 7 ++++++-
 bitbake/lib/ply/yacc.py | 7 +++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

Comments

Ross Burton Oct. 7, 2022, 11:01 a.m. UTC | #1 
> On 6 Oct 2022, at 22:53, Mark Hatle via lists.openembedded.org <mark.hatle=kernel.crashing.org@lists.openembedded.org> wrote:
> 
> Additionally, some versions of hashlib don't appear to implement the
> second FIPS related argument.  Detect this and support both versions.

FWIW

Changed in version 3.9: All hashlib constructors take a keyword-only argument usedforsecurity with default value True. A false value allows the use of insecure and blocked hashing algorithms in restricted environments. False indicates that the hashing algorithm is not used in a security context, e.g. as a non-cryptographic one-way compression function.

Ross
diff mbox series

Patch

diff --git a/lib/bb/utils.py b/lib/bb/utils.py
index e6e21e20fe..64a004d0d8 100644
--- a/lib/bb/utils.py
+++ b/lib/bb/utils.py
@@ -547,7 +547,12 @@  def md5_file(filename):
     Return the hex string representation of the MD5 checksum of filename.
     """
     import hashlib
-    return _hasher(hashlib.new('MD5', usedforsecurity=False), filename)
+    try:
+        sig = hashlib.new('MD5', usedforsecurity=False)
+    except TypeError:
+        # Some configurations don't appear to support two arguments
+        sig = hashlib.new('MD5')
+    return _hasher(sig, filename)
 
 def sha256_file(filename):
     """
diff --git a/lib/ply/yacc.py b/lib/ply/yacc.py
index 767c4e4674..381b50cf0b 100644
--- a/lib/ply/yacc.py
+++ b/lib/ply/yacc.py
@@ -2798,7 +2798,14 @@  class ParserReflect(object):
     def signature(self):
         try:
             import hashlib
+        except ImportError:
+            raise RuntimeError("Unable to import hashlib")
+        try:
             sig = hashlib.new('MD5', usedforsecurity=False)
+        except TypeError:
+            # Some configurations don't appear to support two arguments
+            sig = hashlib.new('MD5')
+        try:
             if self.start:
                 sig.update(self.start.encode('latin-1'))
             if self.prec: