[PATCH 1/1] enable cgit to show gravatar for author, committer and tagger

John Keeping john at keeping.me.uk
Wed Nov 27 22:00:36 CET 2013 

On Wed, Nov 27, 2013 at 09:51:33PM +0100, Christian Hesse wrote:
> John Keeping <john at keeping.me.uk> on Wed, 2013/11/27 16:37:
> > On Wed, Nov 27, 2013 at 04:17:17PM +0100, Christian Hesse wrote:
> > > diff --git a/parsing.c b/parsing.c
> > > index 658621d..a8005f6 100644
> > > --- a/parsing.c
> > > +++ b/parsing.c
> > > @@ -8,6 +8,9 @@
> > >  
> > >  #include "cgit.h"
> > >  
> > > +/* we need md5 hashing algorithm to calculate Gravatar URL */
> > > +#include <openssl/md5.h>
> > 
> > We don't currently depend on OpenSSL, except via Git which can use
> > alternative SHA-1 implementations.
> > 
> > At the very least Debian will not distribute GPL'd packages
> > linked against OpenSSL [1].
> > 
> > [1]
> > http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html
> 
> Damn licensing stuff... Ok, but cgit is already linked against libcrypt which
> belongs to openssl.
> 
> Any ideas what to use instead? Shipping a complete MD5 implementation is a
> bad idea I think.

I think writing against OpenSSL is fine, everyone else tends to have a
compatibility layer for that API anyway.  But it would be nice to define
a MD5_HEADER variable in a similar way to git.git's SHA1_HEADER.

> > > +char * cgit_get_gravatar(const char * email) {
> > > +    	int n, length;
> > > +	MD5_CTX c;
> > > +	unsigned char digest[16];
> > > +	char hex[33];
> > > +	char * gravatar = malloc(67);
> > > +
> > > +	/* skip brackets! */
> > > +	email++;
> > > +	length = strlen(email) - 1;
> > > +
> > > +	MD5_Init(&c);
> > > +
> > > +	while (length > 0) {
> > > +		if (length > 512)
> > > +			MD5_Update(&c, email, 512);
> > > +		else
> > > +			MD5_Update(&c, email, length);
> > > +		length -= 512;
> > > +		email += 512;
> > > +	}
> > > +
> > > +	MD5_Final(digest, &c);
> > 
> > Would it be possible to extract everything from MD5_Init to MD5_Final to
> > a function that just computes the MD5 of a string?  That should make it
> > easier to add alternative implementations.
> 
> I updated the code to use MD5(...), but that is still openssl.
> 
> > > +	for (n = 0; n < 16; ++n)
> > > +		snprintf(&(hex[n*2]), 16*2, "%02x", (unsigned
> > > int)digest[n]); +
> > > +	sprintf(gravatar, "http://www.gravatar.com/avatar/%s?s=", hex);
> > > +
> > > +	return gravatar;
> > > +}

More information about the CGit mailing list