https://github.com/python/cpython/commit/8d42c57789b11f838da40cdc3f129b2115368dd9
commit: 8d42c57789b11f838da40cdc3f129b2115368dd9
branch: 3.12
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
committer: gpshead <greg@krypto.org>
date: 2024-03-27T22:16:19Z
summary:
[3.12] gh-99108: Update and check HACL* version information (GH-117295) (GH-117302)
gh-99108: Update and check HACL* version information (GH-117295)
(cherry picked from commit 669ef49c7d42f35da6f7ee280102353b9b37f83e)
Co-authored-by: Seth Michael Larson <seth@python.org>
files:
M Misc/sbom.spdx.json
M Tools/build/generate_sbom.py
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index fb9dd7c0bc11d7..5612c9cae3d23d 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -1584,14 +1584,14 @@
"checksums": [.
{
"algorithm": "SHA256",
- "checksumValue": "c23ac158b238c368389dc86bfc315263e5c0e57785da74144aea2cab9a3d51a2"
+ "checksumValue": "e31e4ca10da91c585793c0eaf1b98aee3cb43e3a58d3d8d478593e5a6bd82927"
}
],
- "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/521af282fdf6d60227335120f18ae9309a4b8e8c.zip",
+ "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0.zip",
"externalRefs": [.
{
"referenceCategory": "SECURITY",
- "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:521af282fdf6d60227335120f18ae9309a4b8e8c:*:*:*:*:*:*:*",
+ "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0:*:*:*:*:*:*:*",
"referenceType": "cpe23Type"
}
],
@@ -1599,7 +1599,7 @@
"name": "hacl-star",
"originator": "Organization: HACL* Developers",
"primaryPackagePurpose": "SOURCE",
- "versionInfo": "521af282fdf6d60227335120f18ae9309a4b8e8c"
+ "versionInfo": "bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0"
},
{
"SPDXID": "SPDXRef-PACKAGE-libb2",
diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py
index 6aa4946ee227e7..5c1851f09338a0 100644
--- a/Tools/build/generate_sbom.py
+++ b/Tools/build/generate_sbom.py
@@ -183,6 +183,20 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None:
),
)
+ # HACL* specifies its expected rev in a refresh script.
+ if package["name"] == "hacl-star":
+ hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text()
+ hacl_expected_rev_match = re.search(
+ r"expected_hacl_star_rev=([0-9a-f]{40})",
+ hacl_refresh_sh
+ )
+ hacl_expected_rev = hacl_expected_rev_match and hacl_expected_rev_match.group(1)
+
+ error_if(
+ hacl_expected_rev != version,
+ "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'"
+ )
+
# License must be on the approved list for SPDX.
license_concluded = package["licenseConcluded"]
error_if(
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-leave@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: list-python-checkins@lists.gossamer-threads.com
commit: 8d42c57789b11f838da40cdc3f129b2115368dd9
branch: 3.12
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
committer: gpshead <greg@krypto.org>
date: 2024-03-27T22:16:19Z
summary:
[3.12] gh-99108: Update and check HACL* version information (GH-117295) (GH-117302)
gh-99108: Update and check HACL* version information (GH-117295)
(cherry picked from commit 669ef49c7d42f35da6f7ee280102353b9b37f83e)
Co-authored-by: Seth Michael Larson <seth@python.org>
files:
M Misc/sbom.spdx.json
M Tools/build/generate_sbom.py
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index fb9dd7c0bc11d7..5612c9cae3d23d 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -1584,14 +1584,14 @@
"checksums": [.
{
"algorithm": "SHA256",
- "checksumValue": "c23ac158b238c368389dc86bfc315263e5c0e57785da74144aea2cab9a3d51a2"
+ "checksumValue": "e31e4ca10da91c585793c0eaf1b98aee3cb43e3a58d3d8d478593e5a6bd82927"
}
],
- "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/521af282fdf6d60227335120f18ae9309a4b8e8c.zip",
+ "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0.zip",
"externalRefs": [.
{
"referenceCategory": "SECURITY",
- "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:521af282fdf6d60227335120f18ae9309a4b8e8c:*:*:*:*:*:*:*",
+ "referenceLocator": "cpe:2.3:a:hacl-star:hacl-star:bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0:*:*:*:*:*:*:*",
"referenceType": "cpe23Type"
}
],
@@ -1599,7 +1599,7 @@
"name": "hacl-star",
"originator": "Organization: HACL* Developers",
"primaryPackagePurpose": "SOURCE",
- "versionInfo": "521af282fdf6d60227335120f18ae9309a4b8e8c"
+ "versionInfo": "bb3d0dc8d9d15a5cd51094d5b69e70aa09005ff0"
},
{
"SPDXID": "SPDXRef-PACKAGE-libb2",
diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py
index 6aa4946ee227e7..5c1851f09338a0 100644
--- a/Tools/build/generate_sbom.py
+++ b/Tools/build/generate_sbom.py
@@ -183,6 +183,20 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None:
),
)
+ # HACL* specifies its expected rev in a refresh script.
+ if package["name"] == "hacl-star":
+ hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text()
+ hacl_expected_rev_match = re.search(
+ r"expected_hacl_star_rev=([0-9a-f]{40})",
+ hacl_refresh_sh
+ )
+ hacl_expected_rev = hacl_expected_rev_match and hacl_expected_rev_match.group(1)
+
+ error_if(
+ hacl_expected_rev != version,
+ "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'"
+ )
+
# License must be on the approved list for SPDX.
license_concluded = package["licenseConcluded"]
error_if(
_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-leave@python.org
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: list-python-checkins@lists.gossamer-threads.com