[python-debian/master] python_support: Avoid hashlib dependency.
John Wright
john at johnwright.org
Wed Jun 11 07:56:26 UTC 2014
Use the built-in _sha or _sha1 module (depending on Python version)
instead. That way we don't link in OpenSSL, which has an incompatible
license.
Closes: 747031
---
debian/changelog | 6 ++++++
lib/debian/debian_support.py | 22 ++++++++++++++++++++--
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ab459ef..075ae6f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -15,6 +15,12 @@ python-debian (0.1.22) UNRELEASED; urgency=low
* Use nose to run test suite.
* Add autopkgtest test suite.
+ [ John Wright ]
+ * python_support: Avoid hashlib dependency, using the built-in _sha or
+ _sha1 module (depending on Python version) instead. That way we
+ don't link in OpenSSL, which has an incompatible license.
+ (Closes: 747031)
+
-- John Wright <jsw at debian.org> Mon, 08 Oct 2012 00:41:32 -0700
python-debian (0.1.21+nmu3) unstable; urgency=medium
diff --git a/lib/debian/debian_support.py b/lib/debian/debian_support.py
index 8a72d63..1eacb34 100644
--- a/lib/debian/debian_support.py
+++ b/lib/debian/debian_support.py
@@ -22,7 +22,6 @@ from __future__ import absolute_import, print_function
import os
import re
-import hashlib
import types
from debian.deprecation import function_deprecated_by
@@ -34,6 +33,25 @@ try:
except ImportError:
_have_apt_pkg = False
+# Use the built-in _sha extension instead of hashlib to avoid a dependency on
+# OpenSSL, which is incompatible with the GPL.
+try:
+ # Python 2.x
+ import _sha
+ new_sha1 = _sha.new
+except ImportError:
+ # Python 3.x
+ try:
+ import _sha1
+ new_sha1 = _sha1.sha1
+ except ImportError:
+ def new_sha1():
+ raise NotImplementedError(
+ "Built-in sha1 implementation not found; cannot use hashlib"
+ " implementation because it depends on OpenSSL, which"
+ " may not be linked with this library due to license"
+ " incompatibilities")
+
class ParseError(Exception):
"""An exception which is used to signal a parse failure.
@@ -413,7 +431,7 @@ del listReleases
del list_releases
def read_lines_sha1(lines):
- m = hashlib.sha1()
+ m = new_sha1()
for l in lines:
if isinstance(l, bytes):
m.update(l)
--
1.9.1
More information about the pkg-python-debian-commits
mailing list