[python-debian/master] python_support: Avoid hashlib dependency.

John Wright john at johnwright.org
Wed Jun 11 07:56:26 UTC 2014 

Use the built-in _sha or _sha1 module (depending on Python version)
instead.  That way we don't link in OpenSSL, which has an incompatible
license.

Closes: 747031
---
 debian/changelog             |  6 ++++++
 lib/debian/debian_support.py | 22 ++++++++++++++++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ab459ef..075ae6f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,12 @@ python-debian (0.1.22) UNRELEASED; urgency=low
   * Use nose to run test suite.
   * Add autopkgtest test suite.
 
+  [ John Wright ]
+  * python_support: Avoid hashlib dependency, using the built-in _sha or
+    _sha1 module (depending on Python version) instead.  That way we
+    don't link in OpenSSL, which has an incompatible license.
+    (Closes: 747031)
+
  -- John Wright <jsw at debian.org>  Mon, 08 Oct 2012 00:41:32 -0700
 
 python-debian (0.1.21+nmu3) unstable; urgency=medium
diff --git a/lib/debian/debian_support.py b/lib/debian/debian_support.py
index 8a72d63..1eacb34 100644
--- a/lib/debian/debian_support.py
+++ b/lib/debian/debian_support.py
@@ -22,7 +22,6 @@ from __future__ import absolute_import, print_function
 
 import os
 import re
-import hashlib
 import types
 
 from debian.deprecation import function_deprecated_by
@@ -34,6 +33,25 @@ try:
 except ImportError:
     _have_apt_pkg = False
 
+# Use the built-in _sha extension instead of hashlib to avoid a dependency on
+# OpenSSL, which is incompatible with the GPL.
+try:
+    # Python 2.x
+    import _sha
+    new_sha1 = _sha.new
+except ImportError:
+    # Python 3.x
+    try:
+        import _sha1
+        new_sha1 = _sha1.sha1
+    except ImportError:
+        def new_sha1():
+            raise NotImplementedError(
+                    "Built-in sha1 implementation not found; cannot use hashlib"
+                    " implementation because it depends on OpenSSL, which"
+                    " may not be linked with this library due to license"
+                    " incompatibilities")
+
 class ParseError(Exception):
     """An exception which is used to signal a parse failure.
 
@@ -413,7 +431,7 @@ del listReleases
 del list_releases
 
 def read_lines_sha1(lines):
-    m = hashlib.sha1()
+    m = new_sha1()
     for l in lines:
         if isinstance(l, bytes):
             m.update(l)
-- 
1.9.1

More information about the pkg-python-debian-commits mailing list