Digest::SHA1 Workaround

MovableType is still using the old, deprecated Digest::SHA1 module in some versions. Using the newer Digest::SHA is recommended and MT will switch in future versions, but Digest::SHA1 is currently still required for commentor logins in some versions.

Like on this blog, MovableType comment authors may sign in using some different authentication methods like OpenID, a Google account, a Yahoo account or Facebook. Most of these "foreign logins" require the Digest::SHA1 module from CPAN.

Debian dropped the libperl-digest-sha1 module in wheezy and even on other OS or squeeze a MovableType user might be unable to install the package. The module requires the build-essential package (containing "make" and some other stuff for compiling C sourcecode) - but what to do if the package can't be installed or you don't want to install it just for Digest::SHA1?

Only very few functions of the module are used by MovableType and most servers have the newer replacement Digest::SHA installed, but how to make MT using that?

I created a new subdirectory called Digest within the extlib directory of the MovableType dir and placed a file called SHA1.pm there. It's very small but useful:

package Digest::SHA1;

use strict;
use warnings;

use Digest::SHA qw(sha1 sha1_hex sha1_base64);
use base 'Exporter';
our @EXPORT_OK = qw(sha1 sha1_hex sha1_base64);

1;

The simple module claims to be Digest::SHA1, then loads Digest::SHA importing the functions supported by both modules (including all functions used by MovableType). It claims itself to export those functions again and - that's it.

Looks like a quick-and-dirty workaround - and it is. Not very nice to override another modules namespace but perfectly ok for a file located in the extlib directory and thus only affecting MovableType. One more reason to use such a dirty workaround: MT will stop using the old module soon and the workaround will be no longer needed.