summaryrefslogtreecommitdiffstats
path: root/debian/patches/checksum_at_runtime.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/checksum_at_runtime.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/debian/patches/checksum_at_runtime.patch b/debian/patches/checksum_at_runtime.patch
new file mode 100644
index 0000000..e10ba80
--- /dev/null
+++ b/debian/patches/checksum_at_runtime.patch
@@ -0,0 +1,70 @@
+From: Dmitry Shachnev <mitya57@debian.org>
+Date: Tue, 28 Mar 2023 14:23:03 +0300
+Subject: Caclulate integrity checksum on runtime rather than hardcoding it
+
+We are using packaged jQuery, checksum of which may change at any time.
+
+Forwarded: not-needed
+---
+ sphinxcontrib/jquery/__init__.py | 7 +++++++
+ tests/test_jquery_installed.py | 9 +--------
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/sphinxcontrib/jquery/__init__.py b/sphinxcontrib/jquery/__init__.py
+index e060cd7..9b369a8 100644
+--- a/sphinxcontrib/jquery/__init__.py
++++ b/sphinxcontrib/jquery/__init__.py
+@@ -1,5 +1,7 @@
+ from os import makedirs, path
+ import shutil
++import base64
++import hashlib
+
+ import sphinx
+
+@@ -29,6 +31,11 @@ def add_js_files(app, config):
+ # does not trigger the hash check but instead blocks the request
+ # when viewing documentation locally through the ``file://`` URIs.
+ if config.jquery_use_sri:
++ if filename == "jquery.js":
++ with open("/usr/share/javascript/jquery/jquery.min.js", "rb") as f:
++ checksum = hashlib.file_digest(f, hashlib.sha384)
++ encoded = base64.b64encode(checksum.digest()).decode("ascii")
++ integrity = f"sha384-{encoded}"
+ app.add_js_file(filename, priority=100, integrity=integrity)
+ else:
+ app.add_js_file(filename, priority=100)
+diff --git a/tests/test_jquery_installed.py b/tests/test_jquery_installed.py
+index 08c25ba..d0537d0 100644
+--- a/tests/test_jquery_installed.py
++++ b/tests/test_jquery_installed.py
+@@ -38,10 +38,6 @@ def test_jquery_installed_sphinx_ge_60_use_sri(blank_app):
+ out_dir = blank_app(confoverrides={"extensions": ["sphinxcontrib.jquery"], "jquery_use_sri": True})
+
+ text = out_dir.joinpath("index.html").read_text(encoding="utf-8")
+- checksum = '?v=5d32c60e' if sphinx.version_info[:2] >= (7, 1) else ''
+- assert ('<script '
+- 'integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" '
+- f'src="_static/jquery.js{checksum}"></script>') in text
+ checksum = '?v=2cd50e6c' if sphinx.version_info[:2] >= (7, 1) else ''
+ assert ('<script '
+ 'integrity="sha384-lSZeSIVKp9myfKbDQ3GkN/KHjUc+mzg17VKDN4Y2kUeBSJioB9QSM639vM9fuY//" '
+@@ -58,9 +54,6 @@ def test_jquery_installed_sphinx_ge_60(blank_app):
+ out_dir = blank_app(confoverrides={"extensions": ["sphinxcontrib.jquery"]})
+
+ text = out_dir.joinpath("index.html").read_text(encoding="utf-8")
+- checksum = '?v=5d32c60e' if sphinx.version_info[:2] >= (7, 1) else ''
+- assert ('<script '
+- f'src="_static/jquery.js{checksum}"></script>') in text
+ checksum = '?v=2cd50e6c' if sphinx.version_info[:2] >= (7, 1) else ''
+ assert ('<script '
+ f'src="_static/_sphinx_javascript_frameworks_compat.js{checksum}"></script>') in text
+@@ -90,7 +83,7 @@ def test_jquery_installed_sphinx_lt_60(blank_app):
+ assert static_dir.joinpath('_sphinx_javascript_frameworks_compat.js').is_file()
+
+
+-@pytest.mark.parametrize(('filename', 'integrity'), _FILES, ids=[*dict(_FILES)])
++@pytest.mark.parametrize(('filename', 'integrity'), _FILES[1:], ids=[*dict(_FILES[1:])])
+ def test_integrity(filename, integrity):
+ checksum = hashlib.sha384(Path(_ROOT_DIR, filename).read_bytes())
+ encoded = base64.b64encode(checksum.digest()).decode(encoding='ascii')
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-20 08:10:06 +0000