1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Shameless recommit of changes in jesstruck/ansible:jenkins_plugins_sha1 (#677)

* Shameless recommit of changes in jesstruck/ansible:jenkins_plugins_sha1

* Add changelog fragment.

* Change variable name to remove reference to sha1

Also, update changelog fragment typos/style.

* Update changelog fragment typos/style.
This commit is contained in:
Michael Williams 2020-07-27 04:33:08 -05:00 committed by GitHub
parent d40dece6c5
commit 1beabef60e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 20 deletions

View file

@ -0,0 +1,5 @@
---
bugfixes:
- jenkins_plugin - replace MD5 checksum verification with SHA1 due to MD5
being disabled on systems with FIPS-only algorithms enabled
(https://github.com/ansible/ansible/issues/34304).

View file

@ -429,12 +429,12 @@ class JenkinsPlugin(object):
self.module.fail_json(
msg="Jenkins home directory doesn't exist.")
md5sum_old = None
checksum_old = None
if os.path.isfile(plugin_file):
# Make the checksum of the currently installed plugin
with open(plugin_file, 'rb') as md5_plugin_fh:
md5_plugin_content = md5_plugin_fh.read()
md5sum_old = hashlib.md5(md5_plugin_content).hexdigest()
with open(plugin_file, 'rb') as plugin_fh:
plugin_content = plugin_fh.read()
checksum_old = hashlib.sha1(plugin_content).hexdigest()
if self.params['version'] in [None, 'latest']:
# Take latest version
@ -454,13 +454,13 @@ class JenkinsPlugin(object):
if (
self.params['updates_expiration'] == 0 or
self.params['version'] not in [None, 'latest'] or
md5sum_old is None):
checksum_old is None):
# Download the plugin file directly
r = self._download_plugin(plugin_url)
# Write downloaded plugin into file if checksums don't match
if md5sum_old is None:
if checksum_old is None:
# No previously installed plugin
if not self.module.check_mode:
self._write_file(plugin_file, r)
@ -471,11 +471,11 @@ class JenkinsPlugin(object):
data = r.read()
# Make new checksum
md5sum_new = hashlib.md5(data).hexdigest()
checksum_new = hashlib.sha1(data).hexdigest()
# If the checksum is different from the currently installed
# plugin, store the new plugin
if md5sum_old != md5sum_new:
if checksum_old != checksum_new:
if not self.module.check_mode:
self._write_file(plugin_file, data)
@ -484,19 +484,8 @@ class JenkinsPlugin(object):
# Check for update from the updates JSON file
plugin_data = self._download_updates()
try:
with open(plugin_file, 'rb') as sha1_plugin_fh:
sha1_plugin_content = sha1_plugin_fh.read()
sha1_old = hashlib.sha1(sha1_plugin_content)
except Exception as e:
self.module.fail_json(
msg="Cannot calculate SHA1 of the old plugin.",
details=to_native(e))
sha1sum_old = base64.b64encode(sha1_old.digest())
# If the latest version changed, download it
if sha1sum_old != to_bytes(plugin_data['sha1']):
if checksum_old != to_bytes(plugin_data['sha1']):
if not self.module.check_mode:
r = self._download_plugin(plugin_url)
self._write_file(plugin_file, r)