From 07c9e965389fdb5df25d2879bae55164c2ca0ec9 Mon Sep 17 00:00:00 2001 From: Hiroshi Miura Date: Fri, 3 Nov 2023 09:51:53 +0900 Subject: [PATCH] fix: hashlib constructor with usedforsecurity=False - Python 3.9 and later introduce a keyword argument ``usedforsecurity`` - Set to False because we use hash to check file integrity not for password hash. Signed-off-by: Hiroshi Miura --- aqt/helper.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/aqt/helper.py b/aqt/helper.py index 6782b80b..f2ffca28 100644 --- a/aqt/helper.py +++ b/aqt/helper.py @@ -94,12 +94,13 @@ def getUrl(url: str, timeout: Tuple[float, float], expected_hash: Optional[bytes raise ArchiveDownloadError(msg) result: str = r.text filename = url.split("/")[-1] + _kwargs = {"usedforsecurity": False} if sys.version_info >= (3, 9) else {} if Settings.hash_algorithm == "sha256": - actual_hash = hashlib.sha256(bytes(result, "utf-8")).digest() + actual_hash = hashlib.sha256(bytes(result, "utf-8"), **_kwargs).digest() elif Settings.hash_algorithm == "sha1": - actual_hash = hashlib.sha1(bytes(result, "utf-8")).digest() + actual_hash = hashlib.sha1(bytes(result, "utf-8"), **_kwargs).digest() elif Settings.hash_algorithm == "md5": - actual_hash = hashlib.md5(bytes(result, "utf-8")).digest() + actual_hash = hashlib.md5(bytes(result, "utf-8"), **_kwargs).digest() else: raise ArchiveChecksumError(f"Unknown hash algorithm: {Settings.hash_algorithm}.\nPlease check settings.ini") if expected_hash is not None and expected_hash != actual_hash: @@ -133,7 +134,10 @@ def downloadBinaryFile(url: str, out: Path, hash_algo: str, exp: bytes, timeout: except requests.exceptions.Timeout as e: raise ArchiveConnectionError(f"Connection timeout: {e.args}") from e else: - hash = hashlib.new(hash_algo) + if sys.version_info >= (3, 9): + hash = hashlib.new(hash_algo, usedforsecurity=False) + else: + hash = hashlib.new(hash_algo) try: with open(out, "wb") as fd: for chunk in r.iter_content(chunk_size=8196):