[stable-2.7] Fix password lookup for FIPS

Fixes #47297
(cherry picked from commit 9906daa)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
This commit is contained in:
Toshio Kuratomi 2018-10-18 12:16:36 -07:00
parent 1293076d7b
commit 8a240ed54d
2 changed files with 6 additions and 1 deletions

View file

@ -0,0 +1,5 @@
---
bugfixes:
- 'Fix the password lookup when run from a FIPS enabled system. FIPS forbids
the use of md5 but we can use sha1 instead.
https://github.com/ansible/ansible/issues/47297'

View file

@ -265,7 +265,7 @@ def _get_lock(b_path):
"""Get the lock for writing password file.""" """Get the lock for writing password file."""
first_process = False first_process = False
b_pathdir = os.path.dirname(b_path) b_pathdir = os.path.dirname(b_path)
lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.md5(b_path).hexdigest()) lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.sha1(b_path).hexdigest())
lockfile = os.path.join(b_pathdir, lockfile_name) lockfile = os.path.join(b_pathdir, lockfile_name)
if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'): if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'):
try: try: