[RFC] usage of mkhash, sha256sum and md5sum
Paul Spooren
mail at aparcar.org
Wed Jul 15 22:06:11 EDT 2020
Hi,
the OpenWrt system requires the calculation of both md5 and sha256 sums
at various places, this is partly done via a small C file in
./scripts/mkhash.c and partly by using a sha256sum binary. A ancient
wrapper ./scripts/md5sum is added for Mac OS X compatibility.
* Should we create our own crypto by using ./scripts/mkhash.c? I
remember from some previous discussions on IRC and GitHub that there are
generally concerns against it, also a motivation for[0]. I understand
that Felix just reinvent the code but used established sources, however
it is used for package signing (not image signing). I'm fairly sure less
eyes look through that code than e.g. the Debian implementation.
* Currently include/package-ipkg.mk uses a host installed `sha256sum`
binary which is not covered via include/prereq{,-build}.mk. Should it be
added to prereq or replaced by mkhash?
* Can ./scripts/md5sum be removed or is it still required for Mac OS X
builds.
* Any reason not to replace `mkhash <alg>` by using `<alg>sum | cut -d '
' -f 1`? Both sha256sum and md5sum seem to be available per default on
Debian, Alpine and OpenWrt.
Best,
Paul
[0]: https://github.com/openwrt/openwrt/pull/2911
More information about the openwrt-devel
mailing list