From eef78a0527ceb855e59f3795554764d886ab1667 Mon Sep 17 00:00:00 2001 From: Johannes Faigle Date: Tue, 1 Nov 2022 12:35:53 +0100 Subject: [PATCH] FEAT: Switch default hash-algo to sha256 Closes #452 --- README.rst | 2 +- pypiserver/config.py | 2 +- tests/test_main.py | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index 7c482e72..c6308cfe 100644 --- a/README.rst +++ b/README.rst @@ -149,7 +149,7 @@ not officially supported, and will not receive bugfixes or new features. --hash-algo ALGO Any `hashlib` available algo used as fragments on package links. - Set one of (0, no, off, false) to disabled it (default: md5). + Set one of (0, no, off, false) to disabled it (default: sha256). --welcome HTML_FILE Uses the ASCII contents of HTML_FILE as welcome message response. diff --git a/pypiserver/config.py b/pypiserver/config.py index c626fec3..5a9f8003 100644 --- a/pypiserver/config.py +++ b/pypiserver/config.py @@ -76,7 +76,7 @@ class DEFAULTS: AUTHENTICATE = ["update"] FALLBACK_URL = "https://pypi.org/simple/" - HASH_ALGO = "md5" + HASH_ALGO = "sha256" INTERFACE = "0.0.0.0" LOG_FRMT = "%(asctime)s|%(name)s|%(levelname)s|%(thread)d|%(message)s" LOG_ERR_FRMT = "%(body)s: %(exception)s \n%(traceback)s" diff --git a/tests/test_main.py b/tests/test_main.py index 96a6815a..c0bc3a64 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -131,12 +131,12 @@ def test_fallback_url_default(main): def test_hash_algo_default(main): main([]) - assert main.app._pypiserver_config.hash_algo == "md5" + assert main.app._pypiserver_config.hash_algo == "sha256" def test_hash_algo(main): - main(["--hash-algo=sha256"]) - assert main.app._pypiserver_config.hash_algo == "sha256" + main(["--hash-algo=md5"]) + assert main.app._pypiserver_config.hash_algo == "md5" def test_hash_algo_off(main):