From 5736edeeb00eac6c6fe8bbfa0686e1aa57e1869b Mon Sep 17 00:00:00 2001 From: markesha <> Date: Fri, 15 Nov 2024 14:16:40 +0100 Subject: [PATCH] Fix #1469 Use a different checksum calculation method to run in FIPS env Python 3.10 and later versions rely on OpenSSL 1.1.1 or newer, which includes FIPS-compliance checks. MD5 is not an approved algorithm in FIPS mode, so attempting to instantiate self.blob.download_to_file(self._file) will fail when the system is running in FIPS mode. The change configures the `download_to_file` function to use an alternative algorithm provided by gcloud storage SDK - 'crc32c' - for checksum calculation. Configurable checksumming is available in the google-storage lib since v1.31.0, but pinning to >=1.32 for the retry import. --- pyproject.toml | 2 +- storages/backends/gcloud.py | 2 +- tests/test_gcloud.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 38c82ba7..ba9cfa92 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -55,7 +55,7 @@ dropbox = [ "dropbox>=7.2.1", ] google = [ - "google-cloud-storage>=1.27", + "google-cloud-storage>=1.32", ] libcloud = [ "apache-libcloud", diff --git a/storages/backends/gcloud.py b/storages/backends/gcloud.py index 5ae74a1a..e9855752 100644 --- a/storages/backends/gcloud.py +++ b/storages/backends/gcloud.py @@ -62,7 +62,7 @@ def _get_file(self): ) if "r" in self._mode: self._is_dirty = False - self.blob.download_to_file(self._file) + self.blob.download_to_file(self._file, checksum="crc32c") self._file.seek(0) if self._storage.gzip and self.blob.content_encoding == "gzip": self._file = self._decompress_file(mode=self._mode, file=self._file) diff --git a/tests/test_gcloud.py b/tests/test_gcloud.py index cacb44d3..7ea9d22a 100644 --- a/tests/test_gcloud.py +++ b/tests/test_gcloud.py @@ -42,7 +42,7 @@ def test_open_read(self): self.filename, chunk_size=None ) - f.blob.download_to_file = lambda tmpfile: tmpfile.write(data) + f.blob.download_to_file = lambda tmpfile, **kwargs: tmpfile.write(data) self.assertEqual(f.read(), data) def test_open_read_num_bytes(self): @@ -55,7 +55,7 @@ def test_open_read_num_bytes(self): self.filename, chunk_size=None ) - f.blob.download_to_file = lambda tmpfile: tmpfile.write(data) + f.blob.download_to_file = lambda tmpfile, **kwargs: tmpfile.write(data) self.assertEqual(f.read(num_bytes), data[0:num_bytes]) def test_open_read_nonexistent(self):