Shameless recommit of changes in jesstruck/ansible:jenkins_plugins_sha1 (#677)

* Shameless recommit of changes in jesstruck/ansible:jenkins_plugins_sha1

* Add changelog fragment.

* Change variable name to remove reference to sha1

Also, update changelog fragment typos/style.

* Update changelog fragment typos/style.

changelogs/fragments/677-jenkins_plugins_sha1.yaml

@@ -0,0 +1,5 @@
+---
+bugfixes:
+  - jenkins_plugin - replace MD5 checksum verification with SHA1 due to MD5
+    being disabled on systems with FIPS-only algorithms enabled
+    (https://github.com/ansible/ansible/issues/34304).

plugins/modules/web_infrastructure/jenkins_plugin.py

@@ -429,12 +429,12 @@ class JenkinsPlugin(object):
                 self.module.fail_json(
                     msg="Jenkins home directory doesn't exist.")
 
-            md5sum_old = None
+            checksum_old = None
             if os.path.isfile(plugin_file):
                 # Make the checksum of the currently installed plugin
-                with open(plugin_file, 'rb') as md5_plugin_fh:
+                with open(plugin_file, 'rb') as plugin_fh:
-                    md5_plugin_content = md5_plugin_fh.read()
+                    plugin_content = plugin_fh.read()
-                md5sum_old = hashlib.md5(md5_plugin_content).hexdigest()
+                checksum_old = hashlib.sha1(plugin_content).hexdigest()
 
             if self.params['version'] in [None, 'latest']:
                 # Take latest version
@@ -454,13 +454,13 @@ class JenkinsPlugin(object):
             if (
                     self.params['updates_expiration'] == 0 or
                     self.params['version'] not in [None, 'latest'] or
-                    md5sum_old is None):
+                    checksum_old is None):
 
                 # Download the plugin file directly
                 r = self._download_plugin(plugin_url)
 
                 # Write downloaded plugin into file if checksums don't match
-                if md5sum_old is None:
+                if checksum_old is None:
                     # No previously installed plugin
                     if not self.module.check_mode:
                         self._write_file(plugin_file, r)
@@ -471,11 +471,11 @@ class JenkinsPlugin(object):
                     data = r.read()
 
                     # Make new checksum
-                    md5sum_new = hashlib.md5(data).hexdigest()
+                    checksum_new = hashlib.sha1(data).hexdigest()
 
                     # If the checksum is different from the currently installed
                     # plugin, store the new plugin
-                    if md5sum_old != md5sum_new:
+                    if checksum_old != checksum_new:
                         if not self.module.check_mode:
                             self._write_file(plugin_file, data)
 
@@ -484,19 +484,8 @@ class JenkinsPlugin(object):
                 # Check for update from the updates JSON file
                 plugin_data = self._download_updates()
 
-                try:
-                    with open(plugin_file, 'rb') as sha1_plugin_fh:
-                        sha1_plugin_content = sha1_plugin_fh.read()
-                    sha1_old = hashlib.sha1(sha1_plugin_content)
-                except Exception as e:
-                    self.module.fail_json(
-                        msg="Cannot calculate SHA1 of the old plugin.",
-                        details=to_native(e))
-
-                sha1sum_old = base64.b64encode(sha1_old.digest())
-
                 # If the latest version changed, download it
-                if sha1sum_old != to_bytes(plugin_data['sha1']):
+                if checksum_old != to_bytes(plugin_data['sha1']):
                     if not self.module.check_mode:
                         r = self._download_plugin(plugin_url)
                         self._write_file(plugin_file, r)