From 1dc541ef4dafed2cd7af68d23856dd99dd7b5644 Mon Sep 17 00:00:00 2001 From: Jacob Cassagnol <87133045+jcassagnol-public@users.noreply.github.com> Date: Thu, 4 Nov 2021 19:52:56 -0400 Subject: Changed the fall-forward to an explicit version check instead. The original check was causing issues where 3.8 in Windows was throwing an unexpected error. This should hopefully fix 3.8 in Windows while maintaining the same support in Linux. --- SCons/Util.py | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/SCons/Util.py b/SCons/Util.py index 1f19fba..8b79a3e 100644 --- a/SCons/Util.py +++ b/SCons/Util.py @@ -1692,22 +1692,17 @@ def _attempt_init_of_python_3_9_hash_object(hash_function_object): if hash_function_object is None: return None - # it's surprisingly difficult to get the version of python used without an external library: # https://stackoverflow.com/a/11887885 details how to check versions with the "packaging" library. - # instead of an explicit version check this does a check for the supported feature directly. - try: - _valid_arguments=inspect.getfullargspec(hash_function_object).kwonlyargs - # if this keyword exists, the hashlib is from python >= 3.9, and the hash is always supported. - if "usedforsecurity" in _valid_arguments: - return hash_function_object(usedforsecurity=False) - except TypeError: - # unfortunately inspec.getfullargspec throws a TypeError in previous versions of python - # as the algorithms were native functions rather than python functions. As such we swallow - # the original error here to distinguish from lack of initialization support of the algorithm, - # which is a ValueError. - # The following line may throw the ValueError if FIPS support is turned on, so this function - # should be wrapped inside a try-catch to properly deal with the error thrown. - return hash_function_object() + # however, for our purposes checking the version is greater than or equal to 3.9 is good enough, as + # the API is guaranteed to have support for the 'usedforsecurity' flag in 3.9. See + # https://docs.python.org/3/library/hashlib.html#:~:text=usedforsecurity for the version support notes. + if (sys.version_info.major > 3) or (sys.version_info.major == 3 and sys.version_info.minor >= 9): + return hash_function_object(usedforsecurity=False) + + # note that this can throw a ValueError in FIPS-enabled versions of Linux prior to 3.9 + # the OpenSSL hashlib will throw on first init here, but that is assumed to be responsibility of + # the caller to diagnose the ValueError & potentially display the error to screen. + return hash_function_object() def _set_allowed_viable_default_hashes(hashlib_used): """Checks if SCons has ability to call the default algorithms normally supported. -- cgit v0.12