Fix jschneier#1469 Use a different checksum calculation method to run…

… in FIPS env Python 3.10 and later versions rely on OpenSSL 1.1.1 or newer, which includes FIPS-compliance checks. MD5 is not an approved algorithm in FIPS mode, so attempting to instantiate self.blob.download_to_file(self._file) will fail when the system is running in FIPS mode. The change configures the `download_to_file` function to use an alternative algorithm provided by gcloud storage SDK - 'crc32c' - for checksum calculation in versions where it is available.
markesha · Nov 18, 2024 · a33a2c6 · a33a2c6
1 parent f029e50
commit a33a2c6
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/storages/backends/gcloud.py b/storages/backends/gcloud.py
@@ -1,5 +1,6 @@
 import gzip
 import io
+import inspect
 import mimetypes
 from datetime import timedelta
 from tempfile import SpooledTemporaryFile
@@ -62,7 +63,11 @@ def _get_file(self):
             )
             if "r" in self._mode:
                 self._is_dirty = False
-                self.blob.download_to_file(self._file)
+                # configurable checksumming did not exist in earlier versions of the google-cloud-storage lib
+                if "checksum" in inspect.signature(self.blob.download_to_file).parameters:
+                    self.blob.download_to_file(self._file, checksum="crc32c")
+                else:
+                    self.blob.download_to_file(self._file)
                 self._file.seek(0)
             if self._storage.gzip and self.blob.content_encoding == "gzip":
                 self._file = self._decompress_file(mode=self._mode, file=self._file)