Hi On 2016-08-18, Karl Palsson wrote: > Why not just add sha256 sum rather than going back to md5? [...]
Generating md5sums in addition to sha256sums files only affects build
time slightly, but doesn't increase the firmware size itself. Given
that apparently nothing currently requires a sha256sum binary at firmware
runtime, I'd personally consider it to be cheaper not bumping busybox'
size needlessly.
While it's obvious that MD5 can't be considered cryptographically
secure anymore, it does still work nicely for checking file integrity
in regards to potential transmission errors.
$ ./scripts/diffconfig.sh
CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Default=y
$ ls -gG no-sha256sum/busybox with-sha256sum/busybox
-rwxr-xr-x 1 300437 Aug 17 23:38 no-sha256sum/busybox
-rwxr-xr-x 1 304405 Aug 17 23:38 with-sha256sum/busybox
Giving it a quick/ rough compressed size estimate (-6, with a dictionary
size of 8 MB, would need 9 MB RAM for decompressing, which would be too
much for 32 MB RAM devices, so the actual compressed size delta of the
squashfs image is probably slightly larger):
$ xz -6 no-sha256sum/busybox
$ xz -6 with-sha256sum/busybox
$ ls -gG no-sha256sum/busybox.xz with-sha256sum/busybox.xz
-rwxr-xr-x 1 173188 Aug 17 23:38 no-sha256sum/busybox.xz
-rwxr-xr-x 1 174704 Aug 17 23:38 with-sha256sum/busybox.xz
The difference between "no-sha256sum/busybox" and
"with-sha256sum/busybox":
--- a/package/utils/busybox/Config-defaults.in
+++ b/package/utils/busybox/Config-defaults.in
@@ -705,7 +705,7 @@ config BUSYBOX_DEFAULT_SHA1SUM
default n
config BUSYBOX_DEFAULT_SHA256SUM
bool
- default n
+ default y
config BUSYBOX_DEFAULT_SHA512SUM
bool
default n
Regards
Stefan Lippers-Hollmann
pgpUpESyyEUmx.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
