[LEDE-DEV] SHA256 hashes for packages
alberto.bursi at outlook.it
Thu Jan 5 14:59:28 PST 2017
Older OpenWRT releases won't get the new package (or the updates) anyway
so breaking compatibility is not an issue.
Although using a misleading name is still an issue. In LEDE core repo
that var was renamed into PKG_HASH and contains a SHA256sum.
The LEDE buildsystem works with both variables
Some packages in OpenWRT feeds are being updated with PKG_HASH in
addition to the MD5 var.
I think the official way forward is to use PKG_HASH instead of placing a
SHA256sum in a var called MD5.
On 01/05/2017 11:28 PM, Heinrich Schuchardt wrote:
> Hello Hannu,
> why should a variable be called MD5 if it holds an SHA256 hash? That
> does not make any sense.
> Could you, please, point me to the thread on the openwrt or lede list
> that discussed this weird idea.
> Abusing the MD5 variable with SHA256 hashes will break compatibility
> with older openwrt releases.
> If you want an SHA256 hash, please, use an SHA256 variable.
> This was already pointed out in
> Anyway it is safer to use multiple hashes.
> Best regards
> Heinrich Schuchardt
> On 01/05/2017 11:05 PM, Hannu Nyman wrote:
>> Could you please update the PR a bit and replace the MD5 hash with a
>> SHA256 hash.
>> (Leave the variable name as it is now, but replace the hash itself with
>> the longer SHA256 hash.)
>> Same goes for other packages that you maintaining. MD5 is being phased
>> out, so please use SHA256 when issuing updates as PRs.
More information about the Lede-dev