From 42fad01b2ebd2b4580358e034d5da337da8fd278 Mon Sep 17 00:00:00 2001 From: Finn Krein-Schuch Date: Mon, 17 Feb 2025 17:54:36 +0100 Subject: [PATCH] Use usedforsecurity for hashlib.sha256 only in python version >=3.9 (#904) The usedforsecurity keyword argument of the hashlib functions was introduced in python 3.9. To achieve compatibility with versions below that, we only use it once it is available. The usedforsecurity argument forces use of secure hash functions in specially compiled versions of python. In this case it would force to upgrade sha256 to a different hash function should sha256 be deemeed insecure in the future. The podman hash we are comparing against is (currently) always sha256. As sha256 is still considered secure, removing this option for older python versions should be acceptable. Signed-off-by: johnsonlien --- plugins/modules/podman_image.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/plugins/modules/podman_image.py b/plugins/modules/podman_image.py index 96391d8..f81abbe 100644 --- a/plugins/modules/podman_image.py +++ b/plugins/modules/podman_image.py @@ -432,6 +432,7 @@ import shlex # noqa: E402 import tempfile # noqa: E402 import time # noqa: E402 import hashlib # noqa: E402 +import sys # noqa: E402 from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule @@ -555,10 +556,17 @@ class PodmanImageManager(object): """ if not containerfile_contents: return None - return hashlib.sha256( - containerfile_contents.encode(), - usedforsecurity=False - ).hexdigest() + + # usedforsecurity keyword arg was introduced in python 3.9 + if sys.version_info < (3, 9): + return hashlib.sha256( + containerfile_contents.encode(), + ).hexdigest() + else: + return hashlib.sha256( + containerfile_contents.encode(), + usedforsecurity=False + ).hexdigest() def _get_args_containerfile_hash(self): """