Seitenanfang

Digest::SHA1 Workaround

MovableType is still using the old, deprecated Digest::SHA1 module in some versions. Using the newer Digest::SHA is recommended and MT will switch in future versions, but Digest::SHA1 is currently still required for commentor logins in some versions.

Like on this blog, MovableType comment authors may sign in using some different authentication methods like OpenID, a Google account, a Yahoo account or Facebook. Most of these "foreign logins" require the Digest::SHA1 module from CPAN.

Debian dropped the libperl-digest-sha1 module in wheezy and even on other OS or squeeze a MovableType user might be unable to install the package. The module requires the build-essential package (containing "make" and some other stuff for compiling C sourcecode) - but what to do if the package can't be installed or you don't want to install it just for Digest::SHA1?

Only very few functions of the module are used by MovableType and most servers have the newer replacement Digest::SHA installed, but how to make MT using that?

I created a new subdirectory called Digest within the extlib directory of the MovableType dir and placed a file called SHA1.pm there. It's very small but useful:

package Digest::SHA1;

use strict;
use warnings;

use Digest::SHA qw(sha1 sha1_hex sha1_base64);
use base 'Exporter';
our @EXPORT_OK = qw(sha1 sha1_hex sha1_base64);

1;

The simple module claims to be Digest::SHA1, then loads Digest::SHA importing the functions supported by both modules (including all functions used by MovableType). It claims itself to export those functions again and - that's it.

Looks like a quick-and-dirty workaround - and it is. Not very nice to override another modules namespace but perfectly ok for a file located in the extlib directory and thus only affecting MovableType. One more reason to use such a dirty workaround: MT will stop using the old module soon and the workaround will be no longer needed.

 

2 Kommentare. Schreib was dazu

  1. Since when is Digest::SHA1 deprecated? Its docs don't mention it. I presume that a SHA1 digest of a value would be exactly the same between the two modules, yes?

    I can see that there might be an advantage in wanting to easily use digests other than SHA1, but for non-security-related digests, is there anything really wrong with Digest::SHA1?

    • Sebastian

      Apologies for this, you're right. I trusted in what people told me without re-checking it myself. It isn't officially deprecated, but Digest::SHA offers more and stronger algorithms (SHA-256, 384 and 512).

Schreib was dazu

Die folgenden HTML-Tags sind erlaubt:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>