From e6c94dba0b8cbb03d1659274e58c8842745165fe Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 27 Mar 2024 11:42:05 -0500 Subject: [PATCH 1/2] Update and check HACL* version information --- Misc/sbom.spdx.json | 8 ++++---- Tools/build/generate_sbom.py | 13 +++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json index 922c927b37d249..07db46b09ae5f5 100644 --- a/Misc/sbom.spdx.json +++ b/Misc/sbom.spdx.json @@ -1584,14 +1584,14 @@ "checksums": [ { "algorithm": "SHA256", - "checksumValue": "c23ac158b238c368389dc86bfc315263e5c0e57785da74144aea2cab9a3d51a2" + "checksumValue": "e31e4ca10da91c585793c0eaf1b98aee3cb43e3a58d3d8d478593e5a6bd82927" } ], - "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/521af282fdf6d60227335120f18ae9309a4b8e8c.zip", + "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0.zip", "externalRefs": [ { "referenceCategory": "SECURITY", - "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:521af282fdf6d60227335120f18ae9309a4b8e8c:*:*:*:*:*:*:*", + "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0:*:*:*:*:*:*:*", "referenceType": "cpe23Type" } ], @@ -1599,7 +1599,7 @@ "name": "hacl-star", "originator": "Organization: HACL* Developers", "primaryPackagePurpose": "SOURCE", - "versionInfo": "521af282fdf6d60227335120f18ae9309a4b8e8c" + "versionInfo": "bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0" }, { "SPDXID": "SPDXRef-PACKAGE-libb2", diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py index 6aa4946ee227e7..01e0c0741edf1e 100644 --- a/Tools/build/generate_sbom.py +++ b/Tools/build/generate_sbom.py @@ -183,6 +183,19 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None: ), ) + # HACL* specifies its expected rev in a refresh script. + if package["name"] == "hacl-star": + hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text() + hacl_expected_rev = re.search( + r"expected_hacl_star_rev=([0-9a-f]{40})", + hacl_refresh_sh + ).group(1) + + error_if( + hacl_expected_rev != version, + "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'" + ) + # License must be on the approved list for SPDX. license_concluded = package["licenseConcluded"] error_if( From acd00fae8c7ec1f1d53d22e1ac8a85faf1d1f8c7 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 27 Mar 2024 14:42:03 -0500 Subject: [PATCH 2/2] Fix type error on hacl_expected_rev --- Tools/build/generate_sbom.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py index 01e0c0741edf1e..5c1851f09338a0 100644 --- a/Tools/build/generate_sbom.py +++ b/Tools/build/generate_sbom.py @@ -186,10 +186,11 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None: # HACL* specifies its expected rev in a refresh script. if package["name"] == "hacl-star": hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text() - hacl_expected_rev = re.search( + hacl_expected_rev_match = re.search( r"expected_hacl_star_rev=([0-9a-f]{40})", hacl_refresh_sh - ).group(1) + ) + hacl_expected_rev = hacl_expected_rev_match and hacl_expected_rev_match.group(1) error_if( hacl_expected_rev != version, pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy