Fix jschneier#1469 Use a different checksum calculation method to run…

… in FIPS env Python 3.10 and later versions rely on OpenSSL 1.1.1 or newer, which includes FIPS-compliance checks. MD5 is not an approved algorithm in FIPS mode, so attempting to instantiate self.blob.download_to_file(self._file) will fail when the system is running in FIPS mode. The change configures the `download_to_file` function to use an alternative algorithm provided by gcloud storage SDK - 'crc32c' - for checksum calculation. Configurable checksumming is available in the google-storage lib since v1.31.0.
markesha · Nov 18, 2024 · 6e033f6 · 6e033f6
1 parent f029e50
commit 6e033f6
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -55,7 +55,7 @@ dropbox = [
   "dropbox>=7.2.1",
 ]
 google = [
-  "google-cloud-storage>=1.27",
+  "google-cloud-storage>=1.31",
 ]
 libcloud = [
   "apache-libcloud",

diff --git a/storages/backends/gcloud.py b/storages/backends/gcloud.py
@@ -1,5 +1,6 @@
 import gzip
 import io
+import inspect
 import mimetypes
 from datetime import timedelta
 from tempfile import SpooledTemporaryFile

diff --git a/tests/test_gcloud.py b/tests/test_gcloud.py
@@ -55,7 +55,7 @@ def test_open_read_num_bytes(self):
                 self.filename, chunk_size=None
             )
 
-            f.blob.download_to_file = lambda tmpfile: tmpfile.write(data)
+            f.blob.download_to_file = lambda tmpfile, **kwargs: tmpfile.write(data)
             self.assertEqual(f.read(num_bytes), data[0:num_bytes])
 
     def test_open_read_nonexistent(self):