Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-24 Thread Bernhard Voelker 
On 2020-07-19 12:00, Jeffrey Walton wrote:
> Related, b2sum (also provided by coreutils), offers the option. But
> you have to specify --tag to get just the hash. And I don't believe
> coreutils supports the option.

Not quite: coreutils' b2sum supports --tag (like the other *sum utilities),
but still outputs - also - the file name:

  $ b2sum --help | grep tag
--tagcreate a BSD-style checksum

  $ b2sum --tag /proc/cpuinfo
  BLAKE2b (/proc/cpuinfo) = 
7a8f21bd21de088af5cf29ac21eea21f2b7c21e893b300cf001d6c8a18ddf9d93ef4b46fb1befc4[...]

  $ sha256sum --tag /proc/cpuinfo
  SHA256 (/proc/cpuinfo) = 
2f6134c08218d4ca1fe9c4d711762e8a0a8cd83631ceae26c698a7560367a04b

So --tag was introduced for compatibility with an existing implementation.

Have a nice day,
Berny

Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-19 Thread Jeffrey Walton 
On Fri, Jul 17, 2020 at 10:53 AM jens.archlinux jens
 wrote:
> ...
> propose to add a new option for sha256sum to output only the SHA-256 hash
> alone, without a trailing file name and without a trailing newline.

Related, b2sum (also provided by coreutils), offers the option. But
you have to specify --tag to get just the hash. And I don't believe
coreutils supports the option.

Jeff

Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-19 Thread Kaz Kylheku (Coreutils) 

On 2020-07-17 14:33, Pádraig Brady wrote:

On 17/07/2020 15:21, jens.archlinux jens wrote:

Hello,

propose to add a new option for sha256sum to output only the SHA-256 
hash

alone, without a trailing file name and without a trailing newline.

(This would make sense for one input file only).

It would make shell scripts that use sha256sum much simpler. Currently 
it
is necessary to split the output of sha256sum to obtain the hash, 
which

usually requires an additional command / Unix process.


This is one of those trade-offs.
I'd be 60:40 against adding such an option,
because it's so easy to implement with cut(1):


Can I muse about checksum utility design?

Someone once, who didn't understand Unix utility design principles,
had the dumb idea of polluting the output of a checksumming utility
with extraneous information. Somehow that became a meme for authors
of new checksumming utilities, though not so rigid a meme that they
would actually make those outputs compatible with their predecessors.

Maybe it was the same person who thought it's a good idea for "dd"
to output, by default, cruft like:

  0+0 records in
  0+0 records out
  0 bytes (0 B) copied, 0.726321 s, 0.0 kB/s

Did that person ever work at Microsoft on MS-DOS? It's suspiciously
reminiscent of:

  C:\Users\kaz>copy foo.txt bar.txt
  1 file(s) copied.

(Thank you; I would never be able to guess that one file was
copied from the fact that I specified one file, and the command's
termination status was successful).

I'm against adding the option for a this reason: the default
behavior of a checksum function should be to output nothing but
the checksum.

Note that the word "sum" is redundant in "sha256sum".

Thus there is an opportunity for a "sha256" utility which just outputs
nothing but the sum. That utility could bee sha256sum itself,
upon detecting that argv[0] ends in "sha256", though that is risque.

Also, that utility should perhaps calculate a continued sum when
given multiple arguments, and not individual sums. So that is to say:

   sha256 a b c
   sha256 <(cat a b c)

should be the same.

Now let's talk options. It should have two, -i and -f:

   sha256 -i  [ inputs ... ]

would calculate the hashes over the inputs, starting with the
specified state. The special  token of 0 (the ASCII
zero digit) would mean "the initial state". In the -i mode,
sha256 would output a string (in an unspecified, opaque format,
perhaps inspired by "stty -g") which encodes the newly updated
state. The string should have no quoting or escaping issues
for shell programming.

The output of sha256 -i would be suitable as an argument to
the -i option of a new command, to continue the hashing operation
over additional inputs. It would also be suitable as an argument
to -f, so that:

   sha256 -f  [ inputs ... ]

would process inputs (if any) just like sha256 -i , and then
do the hash finalization, and output not another state cookie, but
the final hash.

Thus, the output of

   sha256 a b c

could also be obtained using:

   st=$(sha256 -i 0)
   st=$(sha256 -i $st a)
   st=$(sha256 -i $st b)
   st=$(sha256 -i $st c)
   sha256 -f $st

or:

   st=$(sha256 -i 0 a b c)
   sha256 -f $st

or:

   st=$(sha256 -i 0)
   sha256 -f $st a b c

or, "point-free" application:

   sha256 -f $(sha256 -i 0 a b c)

etc.

I would add one more option: -s (literal string, not file name).

Whenever one or more -s options are present, their argument values
are pulled into the hash, in the order they appear, before any
files. Thus:

   $ sha256 -s coreutils
   3993c379c029014a9c4b2adf5d23397b3c7421467a0cb3575ff925bb6f6329b0

   $ sha256 -s core -s utils
   3993c379c029014a9c4b2adf5d23397b3c7421467a0cb3575ff925bb6f6329b0

   $ sha256 -f $(sha256 -i 0 -s core -s utils)
   3993c379c029014a9c4b2adf5d23397b3c7421467a0cb3575ff925bb6f6329b0


-i and -f are mutually exclusive, and must precede any -s options.

Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-18 Thread Erik Auerswald 
On Fri, Jul 17, 2020 at 11:35:02PM -0600, Bob Proulx wrote:
> Pádraig Brady wrote:
> > jens wrote:
> > > It would make shell scripts that use sha256sum much simpler. Currently it
> > > is necessary to split the output of sha256sum to obtain the hash, which
> > > usually requires an additional command / Unix process.
> > 
> >   sum=$(sha256sum file | cut -d ' ' -f 1)
> > 
> > Yes that's an extra process, but you can easily
> > enough avoid that on any POSIX shell using:
> > 
> >   sum=$(sha256sum file) && sum=${sum%% *}
> 
> I'll suggest always using stdin instead ("sha256sum < file") as that
> avoids any possible quoting of things to get in the way.  In the case
> where the filename contains special characters.

To illustrate this with an example:

$ touch foo\\bar
$ sha256sum foo\\bar
\e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  foo\\bar
$ sha256sum < foo\\bar
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  -
$ sha256sum foo\\bar | cut -d' ' -f1 | sed 's/^\\//'
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
$ sha256sum < foo\\bar | cut -d' ' -f1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

The Asterisk ('*') denoting "binary mode" is part of the second whitespace
separated field and can thus be ignored here.

HTH,
Erik
-- 
La perfection est atteinte non quand il ne reste rien ajouter, mais quand il
ne reste rien à enlever.
-- Antoine de Saint-Exupéry

Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-17 Thread Bob Proulx 
Pádraig Brady wrote:
> jens wrote:
> > It would make shell scripts that use sha256sum much simpler. Currently it
> > is necessary to split the output of sha256sum to obtain the hash, which
> > usually requires an additional command / Unix process.
> 
> This is one of those trade-offs.
> I'd be 60:40 against adding such an option,
> because it's so easy to implement with cut(1):

I feel that way too.  It's just so easy to do in the shell.

>   sum=$(sha256sum file | cut -d ' ' -f 1)
> 
> Yes that's an extra process, but you can easily
> enough avoid that on any POSIX shell using:
> 
>   sum=$(sha256sum file) && sum=${sum%% *}

I'll suggest always using stdin instead ("sha256sum < file") as that
avoids any possible quoting of things to get in the way.  In the case
where the filename contains special characters.

And then just to show yet a different way to keep from using external
processes.

set -- $(sha256sum < file) && sum=$1

But this does assume one is no longer using the positional arguments
at that point.

Bob

Re: Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-17 Thread Pádraig Brady 

On 17/07/2020 15:21, jens.archlinux jens wrote:

Hello,

propose to add a new option for sha256sum to output only the SHA-256 hash
alone, without a trailing file name and without a trailing newline.

(This would make sense for one input file only).

It would make shell scripts that use sha256sum much simpler. Currently it
is necessary to split the output of sha256sum to obtain the hash, which
usually requires an additional command / Unix process.


This is one of those trade-offs.
I'd be 60:40 against adding such an option,
because it's so easy to implement with cut(1):

  sum=$(sha256sum file | cut -d ' ' -f 1)

Yes that's an extra process, but you can easily
enough avoid that on any POSIX shell using:

  sum=$(sha256sum file) && sum=${sum%% *}

cheers,
Pádraig

Enhancement Request for sha256sum - output only the SHA-256 hash alone

2020-07-17 Thread jens.archlinux jens 
Hello,

propose to add a new option for sha256sum to output only the SHA-256 hash
alone, without a trailing file name and without a trailing newline.

(This would make sense for one input file only).

It would make shell scripts that use sha256sum much simpler. Currently it
is necessary to split the output of sha256sum to obtain the hash, which
usually requires an additional command / Unix process.

Thank you, Jens