fix(playout): improve the way hashlib is called in libretime_playout/player #3135

HighTechHarmony · 2025-01-17T18:30:04Z

Description

Improves the way hashlib is called in libretime_playout/player so that is isn't broken on systems with python < 3.9

The way it is currently called in site-packages/libretime_playout/player/file.py, in the section where scheduled files are copied to the cache dir for playout, specifies the usedforsecurity=False flag as follows:
hasher = hashlib.md5(usedforsecurity=False)

hashlib.md5 did not support this flag until Python 3.9. Attempting to specify the flag directly as an argument to hashlib.md5(), in an older python environment (such as that in Ubuntu Focal 20.04), is unsafe, and can cause hashlib.md5() to balk/throw an exception, which results in file copy operations failing. This then precipitates into playout problems, as scheduled media is missing from the cache folder.

This PR instead calls using hashlib.new(), and passes the argument to that, as follows:
hasher = hashlib.new('md5', usedforsecurity=False)

This method of calling with the flag argument is safer, because the constructor will take it or leave it gracefully, regardless of whether the system has a version of hashlib that supports the usedforsecurity flag. AFAICT, it improves (fixes) function on older systems without negatively impacting others.

Testing Notes

What I did:
Before applying this patch, we were experiencing occasional but fairly regular periods of silence when the system was supposed to be playing a song or track. This behavior was consistent with errors such as the following being present in the playout log:

2025-01-15 14:01:28,331 | INFO     | libretime_playout.player.file:copy_file:47 - copying file 19834 to cache /var/lib/libretime/playout/scheduler/19834.mp3
2025-01-15 14:01:28,466 | ERROR    | libretime_playout.player.file:copy_file:77 - could not copy file 19834 to /var/lib/libretime/playout/scheduler/19834.mp3: 'usedforsecurity' is an invalid keyword argument for openssl_md5()
Traceback (most recent call last):
  File "/opt/libretime/lib/python3.8/site-packages/libretime_playout/player/file.py", line 70, in copy_file
    file_event.filesize = self.report_file_size_and_md5_to_api(
  File "/opt/libretime/lib/python3.8/site-packages/libretime_playout/player/file.py", line 89, in report_file_size_and_md5_to_api
    hasher = hashlib.md5(usedforsecurity=False)
TypeError: 'usedforsecurity' is an invalid keyword argument for openssl_md5()

For more information about the characterization and results of this problem, see issue #3134

Testing on running systems
After the patch was applied, these errors were no longer seen. I first tested this on a dev server, and then on a live server, with approximately 100 distinct tracks of playout occurring over about 24 hours. There were no file copy failures, and no related playout problems, which was a major and immediate improvement.

Testing installer, fresh installs
Ubuntu 20.04
I deployed a patch to the installer and installed it on a blank system running Ubuntu 20.04 and tested it to make sure the fix was applied and worked.

Debian 11
I deployed patch to the installer and installed it on a blank system running Debian Bullseye (which runs python = 3.9) , and tested it there to make sure it did not break anything or introduce a regression.

Links

Closes: #3134

codecov · 2025-01-17T19:05:26Z

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 47.70%. Comparing base (2b119ad) to head (095b702).
Report is 168 commits behind head on main.

Files with missing lines	Patch %	Lines
playout/libretime_playout/player/file.py	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #3135       +/-   ##
===========================================
- Coverage   70.36%   47.70%   -22.67%     
===========================================
  Files         149       22      -127     
  Lines        4033     1350     -2683     
===========================================
- Hits         2838      644     -2194     
+ Misses       1195      706      -489

Flag	Coverage Δ
analyzer	`?`
api	`?`
api-client	`?`
playout	`47.70% <0.00%> (+0.30%)`	⬆️
shared	`?`
worker	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🤖 I have created a release *beep* *boop* --- ## [4.3.0](4.2.0...4.3.0) (2025-03-12) ### Features * add flac support to Web player ([#3128](#3128)) ([203c927](203c927)) * add Norwegian Bokmål locale ([#3073](#3073)) ([e614fbc](e614fbc)) * **analyzer:** parse comment fields from mp3 files ([#3082](#3082)) ([02a779b](02a779b)) * **api:** added filters on genre & md5 for files api ([#3127](#3127)) ([b1bdd6d](b1bdd6d)) * **api:** enable writes to schedule table ([#3109](#3109)) ([2ac7e8a](2ac7e8a)) * **legacy:** implement subset sum solution to show scheduling ([#3019](#3019)) ([5b5c68c](5b5c68c)), closes [#3018](#3018) * **legacy:** order by filename when lptime is null ([#3069](#3069)) ([8c26505](8c26505)) * **legacy:** show filename and size on edit page and add filename datatable column ([#3083](#3083)) ([16deaf0](16deaf0)), closes [#3053](#3053) * **legacy:** trused header sso auth ([#3095](#3095)) ([2985d85](2985d85)) * **legacy:** update deprecated PHP code ([#2789](#2789)) ([3a8dcbc](3a8dcbc)) * **playout:** add Liquidsoap 2.0 support ([#2786](#2786)) ([f9c0bd5](f9c0bd5)) * use custom intro/outro playlists per show ([#2941](#2941)) ([299be3c](299be3c)) ### Bug Fixes * add missing file for nb_NO locale ([#3075](#3075)) ([a3865aa](a3865aa)) * **analyzer:** make ffmpeg filters less aggressive ([#3086](#3086)) ([32cad0f](32cad0f)), closes [#2629](#2629) * docker warnings "keywords casing do not match" ([#3048](#3048)) ([e095cb2](e095cb2)) * intro/outro playlist unset was impossible ([#3101](#3101)) ([7992a9b](7992a9b)) * **legacy:** additional specifics added to CSVexport.js for RFC 4180 ([#3131](#3131)) ([644d2b9](644d2b9)), closes [#2477](#2477) * **legacy:** fix filename criteria searching ([#3068](#3068)) ([c883d0f](c883d0f)) * **legacy:** migrations from airtime 2.5.1 ([#3123](#3123)) ([82d5af2](82d5af2)) * **legacy:** support Postgresql 12 syntax ([#3103](#3103)) ([0b221f4](0b221f4)), closes [#3102](#3102) * **playout:** improve the way hashlib is called in libretime_playout/player ([#3135](#3135)) ([5b4c720](5b4c720)), closes [#3134](#3134) * regenerate API schema ([38a0bf9](38a0bf9)) * regenerate API schema ([ce257a1](ce257a1)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).

fix(deps): improve the way hashlib is called in libretime_playout/player

095b702

paddatrapper changed the title ~~fix(deps): improve the way hashlib is called in libretime_playout/player~~ fix(playout): improve the way hashlib is called in libretime_playout/player Jan 17, 2025

paddatrapper approved these changes Jan 17, 2025

View reviewed changes

paddatrapper merged commit 5b4c720 into libretime:main Jan 17, 2025
18 checks passed

libretime-bot mentioned this pull request Jan 10, 2025

chore(main): release 4.3.0 #3049

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix(playout): improve the way hashlib is called in libretime_playout/player #3135

fix(playout): improve the way hashlib is called in libretime_playout/player #3135

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix(playout): improve the way hashlib is called in libretime_playout/player #3135

fix(playout): improve the way hashlib is called in libretime_playout/player #3135

Uh oh!

Conversation

Description

Testing Notes

Links

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!