For some reason, the Alpine version of sha256sum requires two spaces between the hash and file path. No other version of sha256sum has this requirement. See https://github.com/alpinelinux/docker-alpine/issues/246 for further details.
As far as I know all versions of sha256sum do generate the output with two spaces (or rather, one space and one character for mode indicator). Why do you feed it something else?
Particularly with a Dockerfile, people are not always literally feeding the output of sha256sum to itself. It's pretty common to hand-write the echo instead. And the double space is very easy to overlook. As I mentioned, this is particularly confusing because (1) no other implementation of sha256sum cares, and (2) this implementation never clearly states what the problem is. Consequently people come to the conclusion that it is broken.
Fixed in git
I'm currently using alpine:latest which is still running BusyBox 1.35 and it's affected by this specific bug, but I can't find the source code or patch for sha256sum in the BusyBox project. This was in fact very confusing. It's easy to introduce this bug in the system with `echo`, which will take two arguments and always use 1 space when joining them. # sha256sum myfile.xz 8f55c5a97591f1bebdeaff02cdd0d19b8161c1bcba4f2009a7e204c57c85981b myfile.xz # echo 8f55c5a97591f1bebdeaff02cdd0d19b8161c1bcba4f2009a7e204c57c85981b myfile.xz 8f55c5a97591f1bebdeaff02cdd0d19b8161c1bcba4f2009a7e204c57c85981b myfile.xz # echo 8f55c5a97591f1bebdeaff02cdd0d19b8161c1bcba4f2009a7e204c57c85981b myfile.xz | sha256sum -c sha256sum: WARNING: 1 of 1 computed checksums did NOT match # echo "8f55c5a97591f1bebdeaff02cdd0d19b8161c1bcba4f2009a7e204c57c85981b myfile.xz" | sha256sum -c myfile.xz: OK
commit 3ad3aa6441ebaf817137051de2b74cb6b4379e7f Author: Denys Vlasenko <vda.linux@googlemail.com> Date: Mon Jul 11 14:36:39 2022 +0200 shaNNNsum: accept one-space "HASH FILENAME" format for -c, closes 14866