sha256sum reports false mismatch if input not delimited by two spaces

[rittneje]

$ docker pull alpine:3.15
$ docker run --rm -it alpine:3.15
# touch empty
# echo 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty' | sha256sum -c
sha256sum: WARNING: 1 of 1 computed checksums did NOT match
# echo 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  empty' | sha256sum -c
empty: OK

For some reason, the Alpine version of sha256sum requires two spaces between the hash and file path. No other version of sha256sum has this requirement. For instance:

$ docker pull ubuntu:focal
$ docker run --rm -it ubuntu:focal
# touch empty
# echo 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty' | sha256sum -c
empty: OK
# echo 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  empty' | sha256sum -c
empty: OK

This was reported in https://github.com/gliderlabs/docker-alpine/issues/174 but was never fixed.

At minimum, sha256sum should output a proper error message. It does at least complain if you pass -w, but this flag should not be required, and the error message is too vague anyway.

# echo 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 empty' | sha256sum -wc
sha256sum: invalid format
sha256sum: WARNING: 1 of 1 computed checksums did NOT match

Even though Alpine may be technically correct in failing, it is definitely a poor experience for newcomers, especially because other versions of sha256sum are more forgiving. This only discourages people from using sha256sum (because it's "broken"), or from using Alpine entirely.

[ncopa]

This is a busybox bug/feature. I agree that it is annoying and would be nice to fix. Could you please report it here: https://bugs.busybox.net/

I can try give it a shot when I get some time for it. I guess it shouldn't be too hard to fix.