Skip to content

poetry publish fails on FIPS enabled systems because of hashlib.md5() #4986

@CrazyBonze

Description

@CrazyBonze
  • I am on the latest Poetry version.
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
  • OS version and name: Red Hat Enterprise Linux Server release 7.9 (Maipo)
  • Poetry version: 1.1.12
  • Link of a Gist with the contents of your pyproject.toml file:

Issue

If FIPS mode is enabled for a system there is a potential for a ValueError in upload.py when trying to publish a package to a repository when there is an md5 checksum. See the documentation for hashlib for more information. The important part being:

md5() is normally available as well, though it may be missing or blocked if you are using a rare “FIPS compliant” build of Python.

The error returned when running the command poetry publish -r <my-repo>

No suitable keyring backends were found
Using a plaintext file to store and retrieve credentials
Publishing <my-package> (0.1.5) to <my-repo>

  ValueError

  error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

  at ~/.poetry/lib/poetry/publishing/uploader.py:131 in post_data
      127│
      128│         if _has_blake2:
      129│             blake2_256_hash = hashlib.blake2b(digest_size=256 // 8)
      130│
    → 131│         md5_hash = hashlib.md5()
      132│         sha256_hash = hashlib.sha256()
      133│         with file.open("rb") as fp:
      134│             for content in iter(lambda: fp.read(io.DEFAULT_BUFFER_SIZE), b""):
      135│                 md5_hash.update(content)

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working as expectedstatus/external-issueIssue is caused by external project (platform, dep, etc)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions