gravatar has changed hash to sha256 #14410

New Issue

Open

opened 2025-11-02 11:12:15 -06:00 by GiteaMirror · 5 comments

GiteaMirror commented 2025-11-02 11:12:15 -06:00

Owner

Copy Link

Originally created by @ppc52776 on GitHub (Apr 25, 2025).

Description

gitea can't get avatar from gravatar, the log shows
2025/04/25 18:00:44 routers/web/base.go:80:func2() [W] Unable to find avatars 0f67de64ebe46c139b7d9f3c56732507

The gravatar has changed the avatar url's hash code to sha256: https://gravatar.com/avatar/{sha256}
but the libravatar still using md5 hash.

See the example at developer part:
https://gravatar.com/

Gitea Version

1.23.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

docker

Database

None

Originally created by @ppc52776 on GitHub (Apr 25, 2025). ### Description gitea can't get avatar from gravatar, the log shows `2025/04/25 18:00:44 routers/web/base.go:80:func2() [W] Unable to find avatars 0f67de64ebe46c139b7d9f3c56732507` The gravatar has changed the avatar url's hash code to sha256: `https://gravatar.com/avatar/{sha256}` but the `libravatar` still using `md5` hash. See the example at developer part: https://gravatar.com/ ### Gitea Version 1.23.7 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? docker ### Database None

GiteaMirror added the type/bugtype/upstream labels 2025-11-02 11:12:15 -06:00

GiteaMirror commented 2025-11-02 11:12:15 -06:00

Author

Owner

Copy Link

@wxiaoguang commented on GitHub (Apr 25, 2025):

but the libravatar still using md5 hash.

libravatar is introduced by https://github.com/gogs/gogs/pull/3320 and maintained by @strk, do you have ideas about how to correct it?

@wxiaoguang commented on GitHub (Apr 25, 2025): > but the `libravatar` still using `md5` hash. [libravatar](https://github.com/strk/go-libravatar) is introduced by https://github.com/gogs/gogs/pull/3320 and maintained by @strk, do you have ideas about how to correct it?

GiteaMirror commented 2025-11-02 11:12:15 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Apr 25, 2025):

Maybe it's time to incorporate that lib into gitea, it's only 300 lines of go code.

@silverwind commented on GitHub (Apr 25, 2025): Maybe it's time to incorporate that lib into gitea, it's only 300 lines of go code.

GiteaMirror commented 2025-11-02 11:12:16 -06:00

Author

Owner

Copy Link

@becm commented on GitHub (Apr 27, 2025):

This would also be a good chance to also fix/improve Gitea's already existing avatar endpoints.

It has (maybe by accident) already a Gravatar-MD5-compatible notation for the default email-based avatar.
The content-derived checksum for user-supplied avatars is however incompatible with that location:

• go-gitea/gitea#23041

Suggestion:

• drop content-derived obfuscation and store avatar files with plain (unique internal) User-ID
• add routing for respective SHA256 of emails
• add routing for respective MD5/SHA1 values (optional compatibility layer)

This way, client tools with configurable avatar sources can get (user-assigned) avatars for commit listings.

@becm commented on GitHub (Apr 27, 2025): This would also be a good chance to also fix/improve Gitea's _already existing_ avatar endpoints. It has (maybe by accident) already a Gravatar-MD5-compatible notation for the default email-based avatar. The content-derived checksum for user-supplied avatars is however incompatible with that location: - go-gitea/gitea#23041 Suggestion: - drop content-derived obfuscation and store avatar files with plain (unique internal) User-ID - add routing for respective SHA256 of emails - add routing for respective MD5/SHA1 values (optional compatibility layer) This way, client tools with configurable avatar sources can get (user-assigned) avatars for commit listings.

GiteaMirror commented 2025-11-02 11:12:16 -06:00

Author

Owner

Copy Link

@wxiaoguang commented on GitHub (Oct 11, 2025):

@go-gitea/maintainers and especially @strk

Since libravatar is unmaintained, and it's not clear whether any one is really using it, can we propose to remove "Federated Avatars" support in next release?

@wxiaoguang commented on GitHub (Oct 11, 2025): @go-gitea/maintainers and especially @strk Since `libravatar` is unmaintained, and it's not clear whether any one is really using it, can we propose to remove "Federated Avatars" support in next release?

GiteaMirror commented 2025-11-02 11:12:16 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Oct 11, 2025):

@go-gitea/maintainers and especially @strk

Since libravatar is unmaintained, and it's not clear whether any one is really using it, can we propose to remove "Federated Avatars" support in next release?

I agree we should replace or remove unmaintained library.

@lunny commented on GitHub (Oct 11, 2025): > [@go-gitea/maintainers](https://github.com/orgs/go-gitea/teams/maintainers) and especially [@strk](https://github.com/strk) > > Since `libravatar` is unmaintained, and it's not clear whether any one is really using it, can we propose to remove "Federated Avatars" support in next release? I agree we should replace or remove unmaintained library.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/bug type/upstream

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#14410