From 3c8292e12081ef14e6e62505e4d1544f9cd3bf55 Mon Sep 17 00:00:00 2001 From: Kush Gupta Date: Mon, 9 Mar 2026 22:00:55 -0400 Subject: [PATCH] Use pulp_hashlib in receive_artifact() Replace raw hashlib with pulp_hashlib.new() so that digest creation goes through the allowed-algorithm gate and works on FIPS-enabled systems. closes #2256 Signed-off-by: Kush Gupta Made-with: Cursor --- CHANGES/2256.bugfix | 1 + pulp_container/app/registry_api.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 CHANGES/2256.bugfix diff --git a/CHANGES/2256.bugfix b/CHANGES/2256.bugfix new file mode 100644 index 000000000..8b42fdb45 --- /dev/null +++ b/CHANGES/2256.bugfix @@ -0,0 +1 @@ +Changed the use of raw `hashlib` to `pulp_hashlib` to prevent `UnsupportedDigestmodError` on FIPS-enabled systems. diff --git a/pulp_container/app/registry_api.py b/pulp_container/app/registry_api.py index 87fde03eb..c3fd23533 100644 --- a/pulp_container/app/registry_api.py +++ b/pulp_container/app/registry_api.py @@ -26,6 +26,7 @@ from django.conf import settings +from pulpcore.plugin import pulp_hashlib from pulpcore.plugin.models import Artifact, ContentArtifact, UploadChunk from pulpcore.plugin.files import PulpTemporaryUploadedFile from pulpcore.plugin.tasking import dispatch @@ -1452,7 +1453,7 @@ def receive_artifact(self, chunk): size = 0 hashers = {} for algorithm in Artifact.DIGEST_FIELDS: - hashers[algorithm] = getattr(hashlib, algorithm)() + hashers[algorithm] = pulp_hashlib.new(algorithm) while True: subchunk = chunk.read(2000000) if not subchunk: