Offer stronger digest algorithm(s) than MD5 #721
Comments
|
I have already seen Digest::MD5 not installed by default e.g. on RHEL7. |
|
@ipcjk: thanks for the info! Do you also have some resources which explain why did they chose not to provide core perl modules by default? I mean I accept this as a fact, and looks like we need to be more careful about module availability on the remotes, but I'd like to understand their reasons too :) |
|
Maybe its the old redhat perl problem? The contents of the current perl package is viewable here http://rpm.pbone.net/index.php3/stat/6/idpl/29075650/dir/centos_7/com/perl-5.16.3-285.el7.x86_64.rpm I always put a dependency on the package perl-Digest-MD5 in my Rexfile or else things will break. Maybe we can put a warning and/or a workaround (md5sum [coreutils]-packages or openssl md5) in. |
|
@ipcjk: thanks for the useful info! I think we can try to detect availability first, and printing out a nice error message, or even try to install it (after enabling a feature flag). It might also worth to open an issue in Red Hat's tracker about it, but I doubt it's going to be fixed (at least soon-ish). Anyhow I'd like to avoid hijacking this issue and handle those todos on a different one. |
Digest::MD5is available as a core module on all supported perl versions, which makes it a convenient choice for checksumming e.g. to detect changes before/after file operations. However it would be very nice to offer other, stronger algorithms to do the same. SHA2 and SHA3 comes into mind particularly.At first glance this would also mean having some "smart default chooser" based on the perl version used and/or module availability in general, plus configuration options to enforce using a specific algorithm (and probably failing it not posssible, or at least falling back to other methods, but notifying the user about the fact).
credits: topic originally brought up by stephanj on IRC
The text was updated successfully, but these errors were encountered: