Sha256sum of older snapshots

Is there a way to get the sha256sum of a previous firmware snapshot (downloads.openwrt.org/snapshots). It seems that the current snapshot was built on Sep 16, but I downloaded an image on Sep 8, which I would like to verify post-installation. Is that possible?

1 Like

No, it's not

4 Likes

Although this doesn’t answer your question, it’s worth noting that in most cases, installing an old snapshot in not recommended unless you have found a specific regression or other issue that is present in the latest snapshots but not in an older one.

Also, keep in mind that snapshots that are not current will likely be unable to use user-installed packages as the repos expect the latest kernel version. This can happen in as little as 24 hours after a given snapshot build (YMMV since it depends on what exactly changes between snapshots).

So, between these two things, typically the best approach for the hash and potentially the packages would be compile from the source for that particular snapshot and keep a local repo so that you have access to all that info.

4 Likes

Thank you! So am I right in assuming that updating (flashing) the firmware to the newest snapshot with a verified sha256sum is the best way to proceed? Does building the sources locally produce the exact same sha256sum as the one provided on the download page?

no, even a file date (not content) change within the image, compared to the one online, will make check sum change.

2 Likes

Maybe it is worth asking: why do you want to install snapshot in general? And why are you interested in an old snapshot as compared to the current?

2 Likes

Because it seems that for some (new) devices there are only snapshots, at least thats what the firmware download links in the wiki are pointing to. So my question would be: if a device has an old snapshot installed, which was not verfivied, how can the security/integrity of the device be improved? Is it enough to install the current (and verified) snapshot? Or is there some residue [edit: on the device]? Sorry my knowledge of the architecture of the hardware and openwrt is not very good.

that's the way of doing it ...

you could also check if your device is in the recent RCs, of the upcoming 23.05 release.

https://downloads.openwrt.org/releases/23.05.0-rc3/targets/

1 Like

By default, sysupgrade tries to retain your device configuration - if you omit that (-n) at the cost of losing your configuration, everything related to OpenWrt will be replaced by the sysupgrade completely.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.