fix salt.grains.core.get_server_id

jettero · jettero · commit 9acc81fae54c · 2020-03-06T09:01:28.000-05:00
diff --git a/pkg/hook-salt.py b/pkg/hook-salt.py
@@ -88,3 +88,22 @@
 hiddenimports = HIDDEN_IMPORTS
 datas = DATAS
 binaries = BINARIES
+
+def _patch_salt_grains_core_server_id():
+    import subprocess
+    import salt.config # must import before salt.grains.core
+    import salt.grains.core
+    import sys
+
+    with open('pkg/salt.grains.core.patch', 'rb') as fh:
+        patch_data = fh.read()
+
+    process = subprocess.Popen(['patch',
+        '--forward', # ignore patches that appear reversed or already applied
+        '--batch',   # ask no questions
+        salt.grains.core.__file__],
+        stdin=subprocess.PIPE)
+    stdout, stderr = process.communicate(patch_data)
+    sys.stderr.write('patching complete\n')
+
+_patch_salt_grains_core_server_id()
diff --git a/pkg/salt.grains.core.patch b/pkg/salt.grains.core.patch
@@ -0,0 +1,37 @@
+--- core-with-stupid-forkbomb.py	2020-01-14 09:26:55.941413640 -0500
++++ core-without-stupid-forkbomb.py	2020-02-27 16:07:18.924955413 -0500
+@@ -2775,7 +2775,6 @@
+
+     return grains
+
+-
+ def get_server_id():
+     '''
+     Provides an integer based on the FQDN of a machine.
+@@ -2793,18 +2792,14 @@
+     if py_ver >= (3, 3):
+         # Python 3.3 enabled hash randomization, so we need to shell out to get
+         # a reliable hash.
+-        id_hash = __salt__['cmd.run'](
+-            [sys.executable, '-c', 'print(hash("{0}"))'.format(id_)],
+-            env={'PYTHONHASHSEED': '0'}
+-        )
+-        try:
+-            id_hash = int(id_hash)
+-        except (TypeError, ValueError):
+-            log.debug(
+-                'Failed to hash the ID to get the server_id grain. Result of '
+-                'hash command: %s', id_hash
+-            )
+-            id_hash = None
++        #
++        # but implementing a forkbomb would be not only annoying, it would also
++        # be wreckless and stupid.
++
++        import hashlib
++        md5 = hashlib.md5()
++        md5.update( f'{id_}'.encode() )
++        id_hash = int( md5.hexdigest(), 16 )
+     if id_hash is None:
+         # Python < 3.3 or error encountered above
+         id_hash = hash(id_)
