[pve-devel] [RFC access-control 1/2] drop libdigest-hmac-perl dependency

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Jun 30 14:43:58 CEST 2016


Its functionality is provided by perl core's Digest::SHA
module now.
---
Tested with local validation server (yubikey-val + yubikey-ksm packages)

 PVE/AccessControl.pm | 6 +++---
 control.in           | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 6023285..de2908e 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -9,7 +9,6 @@ use Net::SSLeay;
 use Net::IP;
 use MIME::Base64;
 use Digest::SHA;
-use Digest::HMAC_SHA1;
 use URI::Escape;
 use LWP::UserAgent;
 use PVE::Tools qw(run_command lock_file file_get_contents split_list safe_print);
@@ -1184,7 +1183,8 @@ sub yubico_compute_param_sig {
 	$paramstr .= "$key=$param->{$key}";
     }
 
-    my $sig = uri_escape(encode_base64(Digest::HMAC_SHA1::hmac_sha1($paramstr, decode_base64($api_key || '')), ''));
+    # hmac_sha1_base64 does not add '=' padding characters, so we use encode_base64
+    my $sig = uri_escape(encode_base64(Digest::SHA::hmac_sha1($paramstr, decode_base64($api_key || '')), ''));
 
     return ($paramstr, $sig);
 }
@@ -1202,7 +1202,7 @@ sub yubico_verify_otp {
     $url = 'http://api2.yubico.com/wsapi/2.0/verify' if !defined($url);
 
     my $params = {
-	nonce =>  Digest::HMAC_SHA1::hmac_sha1_hex(time(), rand()),
+	nonce =>  Digest::SHA::hmac_sha1_hex(time(), rand()),
 	id => $api_id,
 	otp => uri_escape($otp),
 	timestamp => 1,
diff --git a/control.in b/control.in
index 876d3dd..b74aaf1 100644
--- a/control.in
+++ b/control.in
@@ -3,7 +3,7 @@ Version: @@VERSION@@-@@PKGRELEASE@@
 Section: perl
 Priority: optional
 Architecture: @@ARCH@@
-Depends: libc6 (>= 2.3), perl (>= 5.6.0-16), libcrypt-openssl-rsa-perl, libcrypt-openssl-random-perl, libjson-xs-perl, libjson-perl, libterm-readline-gnu-perl,libnet-ldap-perl, libpve-common-perl, pve-cluster, libauthen-pam-perl, libnet-ssleay-perl, libdigest-hmac-perl, liburi-perl, libwww-perl, oathtool, libmime-base32-perl
+Depends: libc6 (>= 2.3), perl (>= 5.6.0-16), libcrypt-openssl-rsa-perl, libcrypt-openssl-random-perl, libjson-xs-perl, libjson-perl, libterm-readline-gnu-perl,libnet-ldap-perl, libpve-common-perl, pve-cluster, libauthen-pam-perl, libnet-ssleay-perl, liburi-perl, libwww-perl, oathtool, libmime-base32-perl
 Maintainer: Proxmox Support Team <support at proxmox.com>
 Description: Proxmox VE access control library
  This package contains the role based user management and access
-- 
2.1.4





More information about the pve-devel mailing list