[LEDE-DEV] SHA256 hashes for packages
Hannu Nyman
hannu.nyman at iki.fi
Fri Jan 6 00:41:03 PST 2017
On 6.1.2017 0:28, Heinrich Schuchardt wrote:
> Hello Hannu,
> why should a variable be called MD5 if it holds an SHA256 hash? That does
not make any sense.
>
> Could you, please, point me to the thread on the openwrt or lede list that
discussed this weird idea.
Not sure if that widely discussed in mailing lists in advance, but PKG_MD5SUM
has accepted also SHA256 hash since January 2016 (
https://dev.openwrt.org/changeset/48253/ ) and the first core package was
converted to use the mixed syntax immediately afterwards by
https://dev.openwrt.org/changeset/48254 in January 2016.
Quite many packages in the packages feed repo have already been similarly
converted to use sha256 although the field is named PKG_MD5SUM.
> why should a variable be called MD5 if it holds an SHA256 hash?
You are right, that is confusing. To avoid confusion LEDE has already
introduced PKG_HASH with lede-project/source at 7416d2e . Most core packages in
LEDE were switched to use sha256 and the new variable with
lede-project/source at 720b992
But as Openwrt has not yet introduced PKG_HASH, we can't use only PKG_HASH in
the packages feed repo that is common to both.
As Jow already suggested in his answer, one non-confusing alternative is to
use both PKG_MD5SUM with MD5 hash and PKG_HASH with SHA256 hash. Some
packages have been committed that way.
> Abusing the MD5 variable with SHA256 hashes will break compatibility with
older openwrt releases.
To my knowledge the master branch in packages in only target DD/master/trunk
in Openwrt and master in LEDE. Older release have their own branches like
for-15.05 etc.
Ps. I had already answered to you in Github, but I only now noticed that you
had written also this to the mailing lists at the same time.
More information about the Lede-dev
mailing list