use sha256 checksum instead of md5 (#30018)

* use sha256 checksum instead of md5 * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite ldap login test to standard library * Preserve original ldap enabled setting after test * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite login auth test to standard library * Use assert.Empty when empty string expected * Chore: Rewrite brute force login protection test to standard library (#29986) * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * use sha256 checksum instead of md5 * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * grafana-cli: Remove MD5 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Hessman <emil@hessman.se> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>

use sha256 checksum instead of md5 (#30018)
* use sha256 checksum instead of md5 * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite ldap login test to standard library * Preserve original ldap enabled setting after test * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite login auth test to standard library * Use assert.Empty when empty string expected * Chore: Rewrite brute force login protection test to standard library (#29986) * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * use sha256 checksum instead of md5 * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Update pkg/cmd/grafana-cli/services/api_client.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * grafana-cli: Remove MD5 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Emil Hessman <emil@hessman.se> Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
db67e70b · ying-jeanne · GitHub · 1b535581 · db67e70b · db67e70b
Commit db67e70b authored Jan 04, 2021 by ying-jeanne Committed by GitHub Jan 04, 2021
Showing with 9 additions and 9 deletions

pkg/cmd/grafana-cli/commands/install_command.go
+1 -1

pkg/cmd/grafana-cli/commands/install_command_test.go
+2 -2

pkg/cmd/grafana-cli/models/model.go
+2 -2

pkg/cmd/grafana-cli/services/api_client.go
+4 -4

No files found.
--- a/pkg/cmd/grafana-cli/commands/install_command.go
+++ b/pkg/cmd/grafana-cli/commands/install_command.go
@@ -97,7 +97,7 @@ func InstallPlugin(pluginName, version string, c utils.CommandLine, client utils
 		// Plugins which are downloaded just as sourcecode zipball from github do not have checksum
 		if v.Arch != nil {
-			checksum = v.Arch[osAndArchString()].Md5
+			checksum = v.Arch[osAndArchString()].SHA256
 		}
 	}

--- a/pkg/cmd/grafana-cli/commands/install_command_test.go
+++ b/pkg/cmd/grafana-cli/commands/install_command_test.go
@@ -108,7 +108,7 @@ func TestInstallPluginCommand(t *testing.T) {
 						Version: "1.0.0",
 						Arch: map[string]models.ArchMeta{
 							fmt.Sprintf("%s-%s", runtime.GOOS, runtime.GOARCH): {
-								Md5: "test",
+								SHA256: "test",
 							},
 						},
 					},
@@ -252,7 +252,7 @@ func makePluginWithVersions(versions ...versionArg) *models.Plugin {
 			ver.Arch = map[string]models.ArchMeta{}
 			for _, arch := range version.Arch {
 				ver.Arch[arch] = models.ArchMeta{
-					Md5: fmt.Sprintf("md5_%s", arch),
+					SHA256: fmt.Sprintf("sha256_%s", arch),
 				}
 			}
 		}

--- a/pkg/cmd/grafana-cli/models/model.go
+++ b/pkg/cmd/grafana-cli/models/model.go
@@ -33,12 +33,12 @@ type Version struct {
 	Commit  string `json:"commit"`
 	URL     string `json:"url"`
 	Version string `json:"version"`
-	// os-arch to md5 checksum to check when downloading the file
+	// Arch contains architecture metadata.
 	Arch map[string]ArchMeta `json:"arch"`
 }
 type ArchMeta struct {
-	Md5 string `json:"md5"`
+	SHA256 string `json:"sha256"`
 }
 type PluginRepo struct {

--- a/pkg/cmd/grafana-cli/services/api_client.go
+++ b/pkg/cmd/grafana-cli/services/api_client.go
@@ -2,7 +2,7 @@ package services
 import (
 	"bufio"
-	"crypto/md5"
+	"crypto/sha256"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -101,15 +101,15 @@ func (client *GrafanaComClient) DownloadFile(pluginName string, tmpFile *os.File
 	}()
 	w := bufio.NewWriter(tmpFile)
-	h := md5.New()
+	h := sha256.New()
 	if _, err = io.Copy(w, io.TeeReader(bodyReader, h)); err != nil {
-		return errutil.Wrap("Failed to compute MD5 checksum", err)
+		return errutil.Wrap("failed to compute SHA256 checksum", err)
 	}
 	if err := w.Flush(); err != nil {
 		return fmt.Errorf("failed to write to %q: %w", tmpFile.Name(), err)
 	}
 	if len(checksum) > 0 && checksum != fmt.Sprintf("%x", h.Sum(nil)) {
-		return fmt.Errorf("expected MD5 checksum does not match the downloaded archive - please contact security@grafana.com")
+		return fmt.Errorf("expected SHA256 checksum does not match the downloaded archive - please contact security@grafana.com")
 	}
 	return nil
 }