The built-in certutil utility in CMD is not ideal for use in a Dockerfile, primarily because it prints out multiple lines and lacks a -c option for file verification. To avoid relying on third-party solutions from unknown authors, I've created my own sha256sum.exe utility.
The Makefile is designed for use with MSVC. Specifically, I've developed it using VS 2022 version v17.7.4.
- Open the x64 Native Tools Command Prompt for VS 2022.
- Navigate to the folder containing the Makefile.
- Run the
msbuildcommand.
Alternatively, you can open the Solution file in the Visual Studio IDE.
sha256sum [OPTION]... [FILE]...| Option | Description |
|---|---|
| -c, --check | read checksums from the FILE and check them, input must be UTF-8 encoded |
| -b, --binary | read in binary mode, this is default |
| -t, --text | read in text mode, fails because WinAPI's ReadFile/CreateFile only reads in binary mode |
| -q, --quiet | don't print OK, just FAILED if checks fail |
| -s, --status | don't print anything, just return status code |
| -w, --warn | shows SHA256SUMS errors |
| -v, --version | shows program's version |
Here's how to use the utility:
sha256sum.exe myText.txt
sha256sum.exe *.txt
sha256sum.exe hello.txt world.txt
sha256sum.exe *.txt > SHA256SUMS
sha256sum.exe -c SHA256SUMS| Code | Name | Description |
|---|---|---|
| 1 | MAIN_FAILED_TO_FIND_FILES | WinAPI's FindFirstFile was not able to find files wth given FILE arguments |
| 2 | PARSE_ARGS_MISSING_PARAMETER | too few arguments, at least 1 is required |
| 3 | PARSE_ARGS_MISSING_SHASUMS_FILE | -c argument found but missing following sum file, -c <FILE> |
| 4 | PARSE_ARGS_ALLOCATE_ERROR | memory allocation failed for file list, memory low? |
| 5 | CALC_HASH_FAILED_TO_OPEN_FILE | failed to open FILE, check permissions, if file exists |
| 6 | CALC_HASH_FAILED_TO_OPEN_ALG_HANDLE | failed to open algorithm handle[1] |
| 7 | CALC_HASH_FAILED_TO_ALLOCATE_HASH_BUFFER_SIZE | failed to calculate hash buffer size[1] |
| 8 | CALC_HASH_FAILED_TO_ALLOCATE_HASH_OBJECT | failed to allocate hash object[1] |
| 9 | CALC_HASH_FAILED_TO_CALC_HASH_LENGTH | failed to calculate hash length[1] |
| 10 | CALC_HASH_FAILED_TO_ALLOCATE_HASH_BUFFER | failed to allocate hash buffer[1] |
| 11 | CALC_HASH_FAILED_TO_CREATE_HASH | failed to create hash[1] |
| 12 | CALC_HASH_FAILED_TO_READ | failed to read from given FILE |
| 13 | CALC_HASH_FAILED_TO_HASH | failed to hash[1] |
| 14 | CALC_HASH_FAILED_TO_FINISH_HASH | failed to finish hash[1] |
| 15 | CALC_HASH_FAILED_TO_ALLOCATE_FILE_HASH | failed to allocate memory for file hash, check your memory |
| 16 | PARSE_LINE_INVALID_HASH_TOKEN | invalid hash token may happen if the line does not contain spaces |
| 17 | PARSE_LINE_INVALID_HASH_LENGTH | fails when the token is not 64 characters long |
| 18 | PARSE_LINE_INAVLID_FILE | fails if the file does not have a second string after the space(s) |
| 19 | CHECK_SUMS_FAILED_TO_OPEN_SUM_FILE | failed to open -c FILE |
| 20 | CHECK_SUMS_LINE_TOO_LONG | line in sum file is longer exceeds internal buffer (1024) |
| 21 | CHECK_SUMS_FAILED_TO_ALLOCATE_WIDE_BUFFER1 | line buffer allocation for UTF-16 failed |
| 22 | CHECK_SUMS_FAILED_TO_ALLOCATE_FILE_HASH1 | file hash object allocation failed |
| 23 | CHECK_SUMS_FAILED_TO_ALLOCATE_WIDE_BUFFER2 | line buffer allocation for UTF-16 failed[2] |
| 24 | CHECK_SUMS_FAILED_TO_ALLOCATE_FILE_HASH2 | file hash object allocation failed[2] |
| 25 | CHECK_SUMS_FAILED_TO_READ | failed to read from -c FILE |
| 26 | CHECK_SUM_CHECKSUM_FAILED | checksum verification failed |
| 27 | PRINT_HASH_FAILED_GET_FULL_PATH_NAME | failed to determine absolute path of file |
| 28 | PRINT_HASH_FAILED_STRING_LENGTH | failed to determine string length for printing hashes |
| 29 | PRINT_HASH_FAILED_STRING_CAT1 | failed to concatenate relative paths for printing hashes |
| 30 | PRINT_HASH_FAILED_STRING_CAT2 | failed to concatenate relative paths for printing hashes |
[1] This should never occur. sha256sum.exe uses Microsoft's Cryptography API: Next Generation (CNG) with fixed values. If this happens the system is probably missing the CNG.
[2] There is a duplication for parsing the file when the end of file is not reached yet and for the remaining characters that are still in the read buffer.
I made several decisions regarding the APIs used in the code:
- OpenSSL's EVP Functions: My initial attempt involved using these, but I encountered issues with static linking.
- Go Implementation: Resulted in a larger file size than desired.
- CNG and Windows API: The current implementation uses these native APIs to minimize dependencies and file size.