Fix hashlib.md5 call for FIPS-enabled builds (#3228)

FIPS errors with the following message: ``` File "/usr/lib/python3.11/site-packages/pdm/cli/commands/run.py", line 167, in _get_script_env venv_name = hashlib.md5(os.path.realpath(script_file).encode("utf-8")).hexdigest() ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ _hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported ``` Since the hash isn't use for cryptographic use we indicate that md5 can be safely used
pdm-project · Oct 29, 2024 · 4401ff5 · 4401ff5
1 parent ceb387b
commit 4401ff5
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/pdm/cli/commands/run.py b/src/pdm/cli/commands/run.py
@@ -164,7 +164,11 @@ def _get_script_env(self, script_file: str) -> BaseEnvironment:
         tool_config = metadata.pop("tool", {})
         script_project = self.project.core.create_project()
         script_project.pyproject.set_data({"project": metadata, "tool": tool_config})
-        venv_name = hashlib.md5(os.path.realpath(script_file).encode("utf-8")).hexdigest()
+        md5_kwargs = {}
+        # for python >= 3.9, indicate that md5 is not used in a security context
+        if sys.version_info >= (3, 9):
+            md5_kwargs = {"usedforsecurity": False}
+        venv_name = hashlib.md5(os.path.realpath(script_file).encode("utf-8"), **md5_kwargs).hexdigest()
         venv_backend = BACKENDS[script_project.config["venv.backend"]](script_project, None)
         venv = venv_backend.get_location(None, venv_name)
         if venv.exists() and not self.recreate_env: