[RFC] usage of mkhash, sha256sum and md5sum

Paul Spooren mail at aparcar.org
Wed Jul 15 22:06:11 EDT 2020


the OpenWrt system requires the calculation of both md5 and sha256 sums 
at various places, this is partly done via a small C file in 
./scripts/mkhash.c and partly by using a sha256sum binary. A ancient 
wrapper ./scripts/md5sum is added for Mac OS X compatibility.

* Should we create our own crypto by using ./scripts/mkhash.c? I 
remember from some previous discussions on IRC and GitHub that there are 
generally concerns against it, also a motivation for[0]. I understand 
that Felix just reinvent the code but used established sources, however 
it is used for package signing (not image signing). I'm fairly sure less 
eyes look through that code than e.g. the Debian implementation.

* Currently include/package-ipkg.mk uses a host installed `sha256sum` 
binary which is not covered via include/prereq{,-build}.mk. Should it be 
added to prereq or replaced by mkhash?

* Can ./scripts/md5sum be removed or is it still required for Mac OS X 

* Any reason not to replace `mkhash <alg>` by using `<alg>sum | cut -d ' 
' -f 1`? Both sha256sum and md5sum seem to be available per default on 
Debian, Alpine and OpenWrt.


[0]: https://github.com/openwrt/openwrt/pull/2911

More information about the openwrt-devel mailing list