From a443ed0be5d9a27f7ffdcc665a04cece0f9a740b Mon Sep 17 00:00:00 2001
From: Anthony Sottile <asottile@umich.edu>
Date: Tue, 30 Jul 2019 13:17:30 -0700
Subject: [PATCH] Remove dependence on md5

---
 docs/changelog/1384.feature.rst |  1 +
 docs/example/result.rst         |  3 +--
 src/tox/_pytestplugin.py        |  4 ++--
 src/tox/logs/env.py             |  1 -
 src/tox/venv.py                 | 26 +++++++++++++-------------
 tests/unit/test_result.py       |  6 +-----
 tests/unit/test_venv.py         |  4 ++--
 7 files changed, 20 insertions(+), 25 deletions(-)
 create mode 100644 docs/changelog/1384.feature.rst

diff --git a/docs/changelog/1384.feature.rst b/docs/changelog/1384.feature.rst
new file mode 100644
index 000000000..ab6146ef4
--- /dev/null
+++ b/docs/changelog/1384.feature.rst
@@ -0,0 +1 @@
+Remove dependence on ``md5`` hashing algorithm - by :user:`asottile`
diff --git a/docs/example/result.rst b/docs/example/result.rst
index 723363936..cdb3cfb2e 100644
--- a/docs/example/result.rst
+++ b/docs/example/result.rst
@@ -40,8 +40,7 @@ This will create a json-formatted result file using this schema:
       "platform": "linux2",
       "installpkg": {
         "basename": "tox-1.6.0.dev1.zip",
-        "sha256": "b6982dde5789a167c4c35af0d34ef72176d0575955f5331ad04aee9f23af4326",
-        "md5": "27ead99fd7fa39ee7614cede6bf175a6"
+        "sha256": "b6982dde5789a167c4c35af0d34ef72176d0575955f5331ad04aee9f23af4326"
       },
       "toxversion": "1.6.0.dev1",
       "reportversion": "1"
diff --git a/src/tox/_pytestplugin.py b/src/tox/_pytestplugin.py
index 1ff89155f..5d34258e3 100644
--- a/src/tox/_pytestplugin.py
+++ b/src/tox/_pytestplugin.py
@@ -503,7 +503,7 @@ class ProxyCurrentPython:
         def readconfig(cls, path):
             if path.dirname.endswith("{}py".format(os.sep)):
                 return CreationConfig(
-                    base_resolved_python_md5=getdigest(sys.executable),
+                    base_resolved_python_sha256=getdigest(sys.executable),
                     base_resolved_python_path=sys.executable,
                     tox_version=tox.__version__,
                     sitepackages=False,
@@ -513,7 +513,7 @@ def readconfig(cls, path):
                 )
             elif path.dirname.endswith("{}.package".format(os.sep)):
                 return CreationConfig(
-                    base_resolved_python_md5=getdigest(sys.executable),
+                    base_resolved_python_sha256=getdigest(sys.executable),
                     base_resolved_python_path=sys.executable,
                     tox_version=tox.__version__,
                     sitepackages=False,
diff --git a/src/tox/logs/env.py b/src/tox/logs/env.py
index f134440a7..d83753b71 100644
--- a/src/tox/logs/env.py
+++ b/src/tox/logs/env.py
@@ -36,7 +36,6 @@ def set_header(self, installpkg):
         :param py.path.local installpkg: Path ot the package.
         """
         self.dict["installpkg"] = {
-            "md5": installpkg.computehash("md5"),
             "sha256": installpkg.computehash("sha256"),
             "basename": installpkg.basename,
         }
diff --git a/src/tox/venv.py b/src/tox/venv.py
index 04fc14617..ef1deb772 100644
--- a/src/tox/venv.py
+++ b/src/tox/venv.py
@@ -23,7 +23,7 @@
 class CreationConfig:
     def __init__(
         self,
-        base_resolved_python_md5,
+        base_resolved_python_sha256,
         base_resolved_python_path,
         tox_version,
         sitepackages,
@@ -31,7 +31,7 @@ def __init__(
         deps,
         alwayscopy,
     ):
-        self.base_resolved_python_md5 = base_resolved_python_md5
+        self.base_resolved_python_sha256 = base_resolved_python_sha256
         self.base_resolved_python_path = base_resolved_python_path
         self.tox_version = tox_version
         self.sitepackages = sitepackages
@@ -41,7 +41,7 @@ def __init__(
 
     def writeconfig(self, path):
         lines = [
-            "{} {}".format(self.base_resolved_python_md5, self.base_resolved_python_path),
+            "{} {}".format(self.base_resolved_python_sha256, self.base_resolved_python_path),
             "{} {:d} {:d} {:d}".format(
                 self.tox_version, self.sitepackages, self.usedevelop, self.alwayscopy
             ),
@@ -64,11 +64,11 @@ def readconfig(cls, path):
             alwayscopy = bool(int(alwayscopy))
             deps = []
             for line in lines:
-                base_resolved_python_md5, depstring = line.split(None, 1)
-                deps.append((base_resolved_python_md5, depstring))
-            base_resolved_python_md5, base_resolved_python_path = base_resolved_python_info
+                base_resolved_python_sha256, depstring = line.split(None, 1)
+                deps.append((base_resolved_python_sha256, depstring))
+            base_resolved_python_sha256, base_resolved_python_path = base_resolved_python_info
             return CreationConfig(
-                base_resolved_python_md5,
+                base_resolved_python_sha256,
                 base_resolved_python_path,
                 tox_version,
                 sitepackages,
@@ -81,7 +81,7 @@ def readconfig(cls, path):
 
     def matches_with_reason(self, other, deps_matches_subset=False):
         for attr in (
-            "base_resolved_python_md5",
+            "base_resolved_python_sha256",
             "base_resolved_python_path",
             "tox_version",
             "sitepackages",
@@ -266,11 +266,11 @@ def _getliveconfig(self):
         alwayscopy = self.envconfig.alwayscopy
         deps = []
         for dep in self.get_resolved_dependencies():
-            dep_name_md5 = getdigest(dep.name)
-            deps.append((dep_name_md5, dep.name))
-        base_resolved_python_md5 = getdigest(base_resolved_python_path)
+            dep_name_sha256 = getdigest(dep.name)
+            deps.append((dep_name_sha256, dep.name))
+        base_resolved_python_sha256 = getdigest(base_resolved_python_path)
         return CreationConfig(
-            base_resolved_python_md5,
+            base_resolved_python_sha256,
             base_resolved_python_path,
             version,
             sitepackages,
@@ -629,7 +629,7 @@ def getdigest(path):
     path = py.path.local(path)
     if not path.check(file=1):
         return "0" * 32
-    return path.computehash()
+    return path.computehash("sha256")
 
 
 def prepend_shebang_interpreter(args):
diff --git a/tests/unit/test_result.py b/tests/unit/test_result.py
index 23e108606..04da6b6b4 100644
--- a/tests/unit/test_result.py
+++ b/tests/unit/test_result.py
@@ -38,11 +38,7 @@ def test_set_header(pkg):
     assert replog.dict["toxversion"] == tox.__version__
     assert replog.dict["platform"] == sys.platform
     assert replog.dict["host"] == socket.getfqdn()
-    expected = {
-        "basename": "hello-1.0.tar.gz",
-        "md5": pkg.computehash("md5"),
-        "sha256": pkg.computehash("sha256"),
-    }
+    expected = {"basename": "hello-1.0.tar.gz", "sha256": pkg.computehash("sha256")}
     env_log = replog.get_envlog("a")
     env_log.set_header(installpkg=pkg)
     assert env_log.dict["installpkg"] == expected
diff --git a/tests/unit/test_venv.py b/tests/unit/test_venv.py
index 0e302709a..a574326ad 100644
--- a/tests/unit/test_venv.py
+++ b/tests/unit/test_venv.py
@@ -548,9 +548,9 @@ def test_matchingdependencies_latest(self, newconfig, mocksession):
         mocksession.new_config(config)
         venv = mocksession.getvenv("python")
         cconfig = venv._getliveconfig()
-        md5, path = cconfig.deps[0]
+        sha256, path = cconfig.deps[0]
         assert path == xyz2
-        assert md5 == path.computehash()
+        assert sha256 == path.computehash("sha256")
 
     def test_python_recreation(self, tmpdir, newconfig, mocksession):
         pkg = tmpdir.ensure("package.tar.gz")