MovableType is still using the old, deprecated Digest::SHA1 module in some versions. Using the newer Digest::SHA is recommended and MT will switch in future versions, but Digest::SHA1 is currently still required for commentor logins in some versions.
Like on this blog, MovableType comment authors may sign in using some different authentication methods like OpenID, a Google account, a Yahoo account or Facebook. Most of these "foreign logins" require the Digest::SHA1 module from CPAN.
Debian dropped the libperl-digest-sha1 module in wheezy and even on other OS or squeeze a MovableType user might be unable to install the package. The module requires the build-essential package (containing "make" and some other stuff for compiling C sourcecode) - but what to do if the package can't be installed or you don't want to install it just for Digest::SHA1?
Only very few functions of the module are used by MovableType and most servers have the newer replacement Digest::SHA installed, but how to make MT using that?
I created a new subdirectory called Digest within the extlib directory of the MovableType dir and placed a file called SHA1.pm there. It's very small but useful:
package Digest::SHA1;
use strict;
use warnings;
use Digest::SHA qw(sha1 sha1_hex sha1_base64);
use base 'Exporter';
our @EXPORT_OK = qw(sha1 sha1_hex sha1_base64);
1;
The simple module claims to be Digest::SHA1, then loads Digest::SHA importing the functions supported by both modules (including all functions used by MovableType). It claims itself to export those functions again and - that's it.
Looks like a quick-and-dirty workaround - and it is. Not very nice to override another modules namespace but perfectly ok for a file located in the extlib directory and thus only affecting MovableType. One more reason to use such a dirty workaround: MT will stop using the old module soon and the workaround will be no longer needed.
3 Kommentare. Schreib was dazu-
David Wheeler
23.08.2013 21:21
Antworten
-
Sebastian
25.08.2013 13:20
Antworten
-
larissaboyer
18.01.2017 5:38
Antworten
Since when is Digest::SHA1 deprecated? Its docs don't mention it. I presume that a SHA1 digest of a value would be exactly the same between the two modules, yes?
I can see that there might be an advantage in wanting to easily use digests other than SHA1, but for non-security-related digests, is there anything really wrong with Digest::SHA1?
Apologies for this, you're right. I trusted in what people told me without re-checking it myself. It isn't officially deprecated, but Digest::SHA offers more and stronger algorithms (SHA-256, 384 and 512).
Thank you for your interest to share this information. Debian dropped the libperl-digest-sha1 module in wheezy and even on other OS or squeeze a MovableType user might be unable to install the package.