salt/use-adler32-algorithm-to-compute-string-checksums.patch

133 lines
3.9 KiB
Diff

From db2573bebc90f6e1b445c34ddd707ad547c4325a Mon Sep 17 00:00:00 2001
From: Bo Maryniuk <bo@suse.de>
Date: Sat, 28 Jul 2018 22:59:04 +0200
Subject: [PATCH] Use Adler32 algorithm to compute string checksums
Generate the same numeric value across all Python versions and platforms
Re-add getting hash by Python shell-out method
Add an option to choose between default hashing, Adler32 or CRC32 algorithms
Set default config option for server_id hashing to False on minion
Choose CRC method, default to faster but less reliable "adler32", if crc is in use
Add warning for Sodium.
Move server_id deprecation warning to reduce log spamming (bsc#1135567) (bsc#1135732)
Remove deprecated warning that breaks miniion execution when "server_id_use_crc" opts are missing
---
salt/config/__init__.py | 4 ++++
salt/grains/core.py | 49 +++++++++++++++++++++++++++++++++++++----
2 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
index e63489cbce..e05cdfafda 100644
--- a/salt/config/__init__.py
+++ b/salt/config/__init__.py
@@ -953,6 +953,9 @@ VALID_OPTS = immutabletypes.freeze(
# Feature flag config
"features": dict,
"fips_mode": bool,
+ # Use Adler32 hashing algorithm for server_id (default False until Sodium, "adler32" after)
+ # Possible values are: False, adler32, crc32
+ "server_id_use_crc": (bool, str),
}
)
@@ -1256,6 +1259,7 @@ DEFAULT_MINION_OPTS = immutabletypes.freeze(
"disabled_requisites": [],
"reactor_niceness": None,
"fips_mode": False,
+ "server_id_use_crc": False,
}
)
diff --git a/salt/grains/core.py b/salt/grains/core.py
index fdf0a6f0d8..e007f40c92 100644
--- a/salt/grains/core.py
+++ b/salt/grains/core.py
@@ -21,6 +21,7 @@ import subprocess
import sys
import time
import uuid
+import zlib
from errno import EACCES, EPERM
import distro
@@ -40,6 +41,7 @@ import salt.utils.path
import salt.utils.pkg.rpm
import salt.utils.platform
import salt.utils.stringutils
+import salt.utils.versions
from salt.ext.six.moves import range
from salt.utils.network import _get_interfaces
@@ -2981,6 +2983,36 @@ def _hw_data(osdata):
return grains
+def _get_hash_by_shell():
+ """
+ Shell-out Python 3 for compute reliable hash
+ :return:
+ """
+ id_ = __opts__.get("id", "")
+ id_hash = None
+ py_ver = sys.version_info[:2]
+ if py_ver >= (3, 3):
+ # Python 3.3 enabled hash randomization, so we need to shell out to get
+ # a reliable hash.
+ id_hash = __salt__["cmd.run"](
+ [sys.executable, "-c", 'print(hash("{}"))'.format(id_)],
+ env={"PYTHONHASHSEED": "0"},
+ )
+ try:
+ id_hash = int(id_hash)
+ except (TypeError, ValueError):
+ log.debug(
+ "Failed to hash the ID to get the server_id grain. Result of hash command: %s",
+ id_hash,
+ )
+ id_hash = None
+ if id_hash is None:
+ # Python < 3.3 or error encountered above
+ id_hash = hash(id_)
+
+ return abs(id_hash % (2 ** 31))
+
+
def get_server_id():
"""
Provides an integer based on the FQDN of a machine.
@@ -2991,10 +3023,19 @@ def get_server_id():
# server_id
if salt.utils.platform.is_proxy():
- return {}
- id_ = __opts__.get("id", "")
- hash_ = int(hashlib.sha256(id_.encode()).hexdigest(), 16)
- return {"server_id": abs(hash_ % (2 ** 31))}
+ server_id = {}
+ else:
+ use_crc = __opts__.get("server_id_use_crc")
+ if bool(use_crc):
+ id_hash = (
+ getattr(zlib, use_crc, zlib.adler32)(__opts__.get("id", "").encode())
+ & 0xFFFFFFFF
+ )
+ else:
+ id_hash = _get_hash_by_shell()
+ server_id = {"server_id": id_hash}
+
+ return server_id
def get_master():
--
2.33.0