Summary

Add a SHA256 hash checksum attribute to file attachments.

Review Request #14788 — Created Jan. 27, 2026 and submitted Feb. 2, 2026, 6:12 p.m.

Information

Owner

maubin

Repository

Review Board

Branch

release-7.1.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

This adds FileAttachment.sha256_checksum, a SHA256 file content hash

of a file. We expose this attribute via the API so that callers can use

it to checksum file attachments. We generate and set this hash in our

upload file form, and in another spot where we create a file attachment for

the original version of binary files in the diff viewer. Even if these

two points don't cover all file attachment creation cases, the hash gets

set on demand whenever the sha256_checksum attribute is accessed.
This also adds a utility function for creating SHA256 hashes, and a

type hint to FileDiff.get_repository() that was useful for this work.
An upcoming change will point FileDiff.patched_sha256 and

FileDiff.orig_sha256 to the corresponding

FileAttachment.sha256_checksum for binary file diffs.

Testing Done


Ran unit tests.
Used in an upcoming RBTools change where I access the sha256_checksum

  attribute via the API.

Commits

Summary	ID
Add a SHA256 hash checksum attribute to file attachments. This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.	ab6513c7bbcf2d1e13372cb766912526f8d7dcd1

Summary

Add a SHA256 hash checksum attribute to file attachments.

This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.

ab6513c7bbcf2d1e13372cb766912526f8d7dcd1

Issues

Description	From	Last Updated
Can we do the File import inside if TYPE_CHECKING?	david	Jan. 31, 2026, 9:40 p.m.
The argument name is file_content	david	Jan. 31, 2026, 9:41 p.m.
If we wanted to be defensive, we could do elif isinstance(file_content, file) (and ignore my comment about File in TYPE_CHECKING) …	david	Jan. 31, 2026, 9:46 p.m.
Just to ensure that this works across various backends, we should probably put this all inside a with file_content: block.	david	Jan. 31, 2026, 10:17 p.m.
Mind updating this to mention returning None?	david	Jan. 31, 2026, 10:04 p.m.
Missing a trailing comma.	david	Jan. 31, 2026, 10:04 p.m.
This can probably be a @cached_property, which would avoid the micromanagement around _sha256_checksum.	chipx86	Feb. 1, 2026, 5:17 p.m.
Missing parens around the str \| None.	chipx86	Feb. 1, 2026, 5:17 p.m.
no newline at end of file Column: 55 Error code: W292	reviewbot	Jan. 31, 2026, 10:45 p.m.

flake8 passed.

JSHint passed.

reviewboard/diffviewer/diffutils.py (Diff revision 1)
The issue has been dropped. Show all issues
```
Can we do the File import inside if TYPE_CHECKING?
```
reviewboard/diffviewer/diffutils.py (Diff revision 1)
The issue has been resolved. Show all issues
```
The argument name is file_content
```

reviewboard/diffviewer/diffutils.py (Diff revision 1)

The issue has been resolved. Show all issues

If we wanted to be defensive, we could do elif isinstance(file_content, file) (and ignore my comment about File in TYPE_CHECKING) and then have an else clause that uses typelets.runtime.raise_invalid_type

reviewboard/diffviewer/diffutils.py (Diff revision 1)

The issue has been dropped. Show all issues

Just to ensure that this works across various backends, we should probably put this all inside a with file_content: block.

maubin Jan. 31, 2026, 10:43 p.m.

I think I want to avoid closing the file, and let the caller have control over that instead. We don't currently do this anywhere in the code, but it'd be useful to be able to call get_sha256() from a place where we've already got the file object in a context manager. We do a similar thing with guess_mimetype().

reviewboard/reviews/views/diff_fragments.py (Diff revision 1)
The issue has been resolved. Show all issues
```
Mind updating this to mention returning None?
```
reviewboard/reviews/views/diff_fragments.py (Diff revision 1)
The issue has been resolved. Show all issues
```
Missing a trailing comma.
```

Commits:

	Summary	ID
	Add a SHA256 hash checksum attribute to file attachments. This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.	565e3081d48ffc5415436b846bc09959a7f58c02
	Add a SHA256 hash checksum attribute to file attachments. This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.	ad2f5f7033d15444987f7f946585c6192c5bc3c5

Diff:

Revision 2 (+584 -52)

Show changes

	reviewboard/attachments/forms.py
	reviewboard/attachments/models.py
	reviewboard/attachments/tests/test_file_attachment.py
	reviewboard/diffviewer/chunk_generator.py
	reviewboard/diffviewer/diffutils.py
	reviewboard/diffviewer/models/filediff.py
	reviewboard/reviews/views/diff_fragments.py
	reviewboard/testing/testcase.py
	2 more

Checks run (1 failed, 1 succeeded)

flake8 failed.

JSHint passed.

flake8

reviewboard/diffviewer/diffutils.py (Diff revision 2)
The issue has been resolved. Show all issues
```
no newline at end of file

Column: 55
Error code: W292
```

Ship it!

reviewboard/attachments/models.py (Diff revision 2)

The issue has been resolved. Show all issues

This can probably be a @cached_property, which would avoid the micromanagement around _sha256_checksum.

reviewboard/attachments/models.py (Diff revision 2)
The issue has been resolved. Show all issues
```
Missing parens around the str | None.
```

Commits:

	Summary	ID
	Add a SHA256 hash checksum attribute to file attachments. This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.	ad2f5f7033d15444987f7f946585c6192c5bc3c5
	Add a SHA256 hash checksum attribute to file attachments. This adds `FileAttachment.sha256_checksum`, a SHA256 file content hash of a file. We expose this attribute via the API so that callers can use it to checksum file attachments. We generate and set this hash in our upload file form, and in another spot where we create a file attachment for the original version of binary files in the diff viewer. Even if these two points don't cover all file attachment creation cases, the hash gets set on demand whenever the `sha256_checksum` attribute is accessed. This also adds a utility function for creating SHA256 hashes, and a type hint to `FileDiff.get_repository()` that was useful for this work.	ab6513c7bbcf2d1e13372cb766912526f8d7dcd1

Diff:

Revision 3 (+580 -52)

Show changes

	reviewboard/attachments/forms.py
	reviewboard/attachments/models.py
	reviewboard/attachments/tests/test_file_attachment.py
	reviewboard/diffviewer/chunk_generator.py
	reviewboard/diffviewer/diffutils.py
	reviewboard/diffviewer/models/filediff.py
	reviewboard/reviews/views/diff_fragments.py
	reviewboard/testing/testcase.py
	2 more

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-7.1.x (7277d57)