Revert "misc: replace sha256sum with shasum -a 256 (#1681)"

This reverts commit ec1d5e9fb5.

While the change enabled shasum calculation on mac, it broke it
on some Linux distros.

.github/actions/install_operator_sdk/action.yml

@@ -19,6 +19,6 @@ runs:
         curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt
         curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
         gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc
-        grep operator-sdk_${OS}_${ARCH} checksums.txt | shasum -a 256 -c -
+        grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c -
         chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
         rm checksums.txt checksums.txt.asc

.github/workflows/build-os-image.yml

@@ -117,10 +117,10 @@ jobs:
         working-directory: ${{ github.workspace }}/build
         run: |
           {
-            echo "bootstrapper-sha256=$(shasum -a 256 bootstrapper | head -c 64)"
-            echo "disk-mapper-sha256=$(shasum -a 256 disk-mapper | head -c 64)"
-            echo "upgrade-agent-sha256=$(shasum -a 256 upgrade-agent | head -c 64)"
-            echo "measurement-reader-sha256=$(shasum -a 256 measurement-reader | head -c 64)"
+            echo "bootstrapper-sha256=$(sha256sum bootstrapper | head -c 64)"
+            echo "disk-mapper-sha256=$(sha256sum disk-mapper | head -c 64)"
+            echo "upgrade-agent-sha256=$(sha256sum upgrade-agent | head -c 64)"
+            echo "measurement-reader-sha256=$(sha256sum measurement-reader | head -c 64)"
           } | tee -a "$GITHUB_OUTPUT"
 
   build-settings:
@@ -322,14 +322,14 @@ jobs:
         working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37
         run: |
           {
-            echo "image-raw-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw | head -c 64)"
-            echo "image-efi-${{ matrix.csp }}-sha256=$(shasum -a 256 image.efi | head -c 64)"
-            echo "image-initrd-${{ matrix.csp }}-sha256=$(shasum -a 256 image.esp.raw | head -c 64)"
-            echo "image-root-raw-${{ matrix.csp }}-sha256=$(shasum -a 256 image.root-x86-64.raw | head -c 64)"
-            echo "image-root-verity-${{ matrix.csp }}-sha256=$(shasum -a 256 image.root-x86-64-verity.raw | head -c 64)"
-            echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(shasum -a 256 image.vmlinuz | head -c 64)"
-            echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw.changelog | head -c 64)"
-            echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(shasum -a 256 image.raw.manifest | head -c 64)"
+            echo "image-raw-${{ matrix.csp }}-sha256=$(sha256sum image.raw | head -c 64)"
+            echo "image-efi-${{ matrix.csp }}-sha256=$(sha256sum image.efi | head -c 64)"
+            echo "image-initrd-${{ matrix.csp }}-sha256=$(sha256sum image.esp.raw | head -c 64)"
+            echo "image-root-raw-${{ matrix.csp }}-sha256=$(sha256sum image.root-x86-64.raw | head -c 64)"
+            echo "image-root-verity-${{ matrix.csp }}-sha256=$(sha256sum image.root-x86-64-verity.raw | head -c 64)"
+            echo "image-vmlinuz-${{ matrix.csp }}-sha256=$(sha256sum image.vmlinuz | head -c 64)"
+            echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.changelog | head -c 64)"
+            echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.manifest | head -c 64)"
           } | tee -a "$GITHUB_OUTPUT"
 
       - name: Upload raw OS image as artifact

.github/workflows/release-cli.yml

@@ -135,7 +135,7 @@ jobs:
       - name: Generate provenance subjects
         id: provenance-subjects
         run: |
-          HASHES=$(shasum -a 256 \
+          HASHES=$(sha256sum \
             constellation-darwin-amd64 \
             constellation-darwin-arm64 \
             constellation-linux-amd64 \

.github/workflows/test-tidy.yml

@@ -70,7 +70,7 @@ jobs:
           fi
           echo "Detected changes after tidy"
           echo "untidy=true" | tee -a "$GITHUB_OUTPUT"
-          diffsum=$(echo "$diff" | shasum -a 256 | cut -d' ' -f1)
+          diffsum=$(echo "$diff" | sha256sum | cut -d' ' -f1)
           echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT"
 
       - name: Run Bazel generate
@@ -82,7 +82,7 @@ jobs:
         shell: bash
         run: |
           diff=$(git diff)
-          diffsum=$(echo "$diff" | shasum -a 256| cut -d' ' -f1)
+          diffsum=$(echo "$diff" | sha256sum| cut -d' ' -f1)
           if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then
             echo "Everything is tidy."
             echo "ungenerated=false" | tee -a "$GITHUB_OUTPUT"

e2e/miniconstellation/test-remote.sh

@@ -11,7 +11,7 @@ debug_info() {
 
   echo "Getting debug info"
 
-  shasum -a 256 ./*.raw
+  sha256sum ./*.raw
 
   ls -lisah
 

hack/docgen-builder/build-and-upload.sh

@@ -39,7 +39,7 @@ for arch in "amd64" "arm64"; do
   for os in "linux" "darwin"; do
     echo "Building and uploading talos-docgen-${os}-${arch}"
     CGO_ENABLED="0" GOWORK="" GOOS="${os}" GOARCH="${arch}" go build -trimpath -ldflags="-buildid=" -o "talos-docgen-${os}-${arch}" .
-    sum=$(shasum -a 256 "talos-docgen-${os}-${arch}" | cut -d ' ' -f1) && echo "Binary sha256: ${sum}"
+    sum=$(sha256sum "talos-docgen-${os}-${arch}" | cut -d ' ' -f1) && echo "Binary sha256sum: ${sum}"
     file "talos-docgen-${os}-${arch}"
     aws s3 "${awsFlags[@]}" cp "./talos-docgen-${os}-${arch}" "${s3CASPath}/${sum}"
     echo

hack/pseudo-version/pseudo_version_tool_freshness.sh.in

@@ -31,7 +31,7 @@ platforms=(
 )
 
 for platform in "${platforms[@]}"; do
-  computed_hash=$(shasum -a 256 "${pseudo_version_tools[$platform]}" | cut -d' ' -f1)
+  computed_hash=$(sha256sum "${pseudo_version_tools[$platform]}" | cut -d' ' -f1)
   # compare hash to saved hash in ${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256
   saved_hash=$(cat "${BUILD_WORKSPACE_DIRECTORY}/tools/pseudo_version_${platform}.sha256")
   if [[ ${computed_hash} != "${saved_hash}" ]]; then

image/measured-boot/precalculate_pcr_12.sh

@@ -26,7 +26,7 @@ cmdline_measure() {
   # convert to utf-16le and add a null terminator
   iconv -f utf-8 -t utf-16le "${path}" -o "${tmp}"
   truncate -s +2 "${tmp}"
-  shasum -a 256 "${tmp}" | cut -d " " -f 1
+  sha256sum "${tmp}" | cut -d " " -f 1
   rm "${tmp}"
 }
 
@@ -62,11 +62,11 @@ cmdline_hash=$(cmdline_measure "${DIR}/cmdline")
 cleanup "${DIR}"
 
 expected_pcr_12=0000000000000000000000000000000000000000000000000000000000000000
-expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "shasum -a 256")
+expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum")
 if [[ ${CSP} == "azure" ]]; then
   # Azure displays the boot menu
   # triggering an extra measurement of the kernel command line.
-  expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "shasum -a 256")
+  expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum")
 fi
 
 echo "Kernel commandline:            ${cmdline}"

image/measured-boot/precalculate_pcr_9.sh

@@ -20,7 +20,7 @@ get_initrd_from_uki() {
 
 initrd_measure() {
   local path="$1"
-  shasum -a 256 "${path}" | cut -d " " -f 1
+  sha256sum "${path}" | cut -d " " -f 1
 }
 
 write_output() {

tools/update-pseudo-version-tool.sh

@@ -21,7 +21,7 @@ for platform in "${platforms[@]}"; do
   echo "Building for ${platform}..."
   target="//hack/pseudo-version:pseudo_version_${platform}"
   cp "$(bazel cquery --config nostamp --output=files "${target}")" "${dir}/pseudo_version_${platform}"
-  sha256="$(shasum -a 256 "${dir}/pseudo_version_${platform}" | cut -d ' ' -f 1)"
+  sha256="$(sha256sum "${dir}/pseudo_version_${platform}" | cut -d ' ' -f 1)"
   echo "${platform} ${sha256}" | tee -a "${dir}/checksums.txt"
   aws s3 cp "${dir}/pseudo_version_${platform}" "s3://${bucket}/constellation/cas/sha256/${sha256}"
   echo "${sha256}" > "${workspace_dir}/tools/pseudo_version_${platform}.sha256"