use sha256 checksum instead of md5 (#30018)

* use sha256 checksum instead of md5

* Chore: Rewrite ldap login test to standard library (#29998)

* Chore: Rewrite ldap login test to standard library

* Preserve original ldap enabled setting after test

* Chore: Rewrite models alert test to standard library (#30021)

* Chore: Rewrite models dashboard acl test to standard library (#30022)

* Chore: Rewrite models dashboards test to standard library (#30023)

* Chore: Rewrite login auth test to standard library (#29985)

* Chore: Rewrite login auth test to standard library

* Use assert.Empty when empty string expected

* Chore: Rewrite brute force login protection test to standard library (#29986)

* Update pkg/cmd/grafana-cli/services/api_client.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/cmd/grafana-cli/services/api_client.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* use sha256 checksum instead of md5

* Update pkg/cmd/grafana-cli/services/api_client.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* Update pkg/cmd/grafana-cli/services/api_client.go

Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

* grafana-cli: Remove MD5

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored-by: Emil Hessman <emil@hessman.se>
Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

pkg/cmd/grafana-cli/commands/install_command.go

@@ -97,7 +97,7 @@ func InstallPlugin(pluginName, version string, c utils.CommandLine, client utils
 
 		// Plugins which are downloaded just as sourcecode zipball from github do not have checksum
 		if v.Arch != nil {
-			checksum = v.Arch[osAndArchString()].Md5
+			checksum = v.Arch[osAndArchString()].SHA256
 		}
 	}
 

pkg/cmd/grafana-cli/commands/install_command_test.go

@@ -108,7 +108,7 @@ func TestInstallPluginCommand(t *testing.T) {
 						Version: "1.0.0",
 						Arch: map[string]models.ArchMeta{
 							fmt.Sprintf("%s-%s", runtime.GOOS, runtime.GOARCH): {
-								Md5: "test",
+								SHA256: "test",
 							},
 						},
 					},
@@ -252,7 +252,7 @@ func makePluginWithVersions(versions ...versionArg) *models.Plugin {
 			ver.Arch = map[string]models.ArchMeta{}
 			for _, arch := range version.Arch {
 				ver.Arch[arch] = models.ArchMeta{
-					Md5: fmt.Sprintf("md5_%s", arch),
+					SHA256: fmt.Sprintf("sha256_%s", arch),
 				}
 			}
 		}

pkg/cmd/grafana-cli/models/model.go

@@ -33,12 +33,12 @@ type Version struct {
 	Commit  string `json:"commit"`
 	URL     string `json:"url"`
 	Version string `json:"version"`
-	// os-arch to md5 checksum to check when downloading the file
+	// Arch contains architecture metadata.
 	Arch map[string]ArchMeta `json:"arch"`
 }
 
 type ArchMeta struct {
-	Md5 string `json:"md5"`
+	SHA256 string `json:"sha256"`
 }
 
 type PluginRepo struct {

pkg/cmd/grafana-cli/services/api_client.go

@@ -2,7 +2,7 @@ package services
 
 import (
 	"bufio"
-	"crypto/md5"
+	"crypto/sha256"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -101,15 +101,15 @@ func (client *GrafanaComClient) DownloadFile(pluginName string, tmpFile *os.File
 	}()
 
 	w := bufio.NewWriter(tmpFile)
-	h := md5.New()
+	h := sha256.New()
 	if _, err = io.Copy(w, io.TeeReader(bodyReader, h)); err != nil {
-		return errutil.Wrap("Failed to compute MD5 checksum", err)
+		return errutil.Wrap("failed to compute SHA256 checksum", err)
 	}
 	if err := w.Flush(); err != nil {
 		return fmt.Errorf("failed to write to %q: %w", tmpFile.Name(), err)
 	}
 	if len(checksum) > 0 && checksum != fmt.Sprintf("%x", h.Sum(nil)) {
-		return fmt.Errorf("expected MD5 checksum does not match the downloaded archive - please contact security@grafana.com")
+		return fmt.Errorf("expected SHA256 checksum does not match the downloaded archive - please contact security@grafana.com")
 	}
 	return nil
 }