[RFC] usage of mkhash, sha256sum and md5sum

Felix Fietkau nbd at nbd.name
Thu Jul 16 04:54:21 EDT 2020

On 2020-07-16 04:06, Paul Spooren wrote:
> Hi,
> the OpenWrt system requires the calculation of both md5 and sha256 sums 
> at various places, this is partly done via a small C file in 
> ./scripts/mkhash.c and partly by using a sha256sum binary. A ancient 
> wrapper ./scripts/md5sum is added for Mac OS X compatibility.
> * Should we create our own crypto by using ./scripts/mkhash.c? I 
> remember from some previous discussions on IRC and GitHub that there are 
> generally concerns against it, also a motivation for[0]. I understand 
> that Felix just reinvent the code but used established sources, however 
> it is used for package signing (not image signing). I'm fairly sure less 
> eyes look through that code than e.g. the Debian implementation.
This is not "creating our own crypto" at all. I used existing widely
used implementations of MD5/SHA256 (mostly FreeBSD code, if I remember

> * Currently include/package-ipkg.mk uses a host installed `sha256sum` 
> binary which is not covered via include/prereq{,-build}.mk. Should it be 
> added to prereq or replaced by mkhash?
> * Can ./scripts/md5sum be removed or is it still required for Mac OS X 
> builds.
I'm not sure if build/host code for some packages still relies on it.

> * Any reason not to replace `mkhash <alg>` by using `<alg>sum | cut -d ' 
> ' -f 1`? Both sha256sum and md5sum seem to be available per default on 
> Debian, Alpine and OpenWrt.
There are many calls to mkhash from the build system, some from
performance sensitive parts. Changing it that way will likely make the
build slower (especially in cases where it only checks stamps but
doesn't rebuild anything).

I'd like to keep mkhash as-is, since it's fast and shouldn't cause any

- Felix

More information about the openwrt-devel mailing list