diff options
| author | Seth Michael Larson <seth@python.org> | 2024-11-13 18:31:20 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-13 18:31:20 (GMT) |
| commit | 3c9996909402fadc98e6ca2a64e75a71a7427352 (patch) | |
| tree | d34ac1f674b642eebc75a066cc67b3368401ed9d /Tools | |
| parent | 8c9c6d3c1234e730c0beb2a6123e68fe98e57ede (diff) | |
| download | cpython-3c9996909402fadc98e6ca2a64e75a71a7427352.zip cpython-3c9996909402fadc98e6ca2a64e75a71a7427352.tar.gz cpython-3c9996909402fadc98e6ca2a64e75a71a7427352.tar.bz2 | |
gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)
Update libexpat to 2.6.4, make future updates easier.
Diffstat (limited to 'Tools')
| -rw-r--r-- | Tools/build/generate_sbom.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py index 020f874..5c4a725 100644 --- a/Tools/build/generate_sbom.py +++ b/Tools/build/generate_sbom.py @@ -59,6 +59,8 @@ PACKAGE_TO_FILES = { include=["Modules/expat/**"], exclude=[ "Modules/expat/expat_config.h", + "Modules/expat/pyexpatns.h", + "Modules/_hacl/refresh.sh", ] ), "macholib": PackageFiles( @@ -218,6 +220,32 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None: "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'" ) + # libexpat specifies its expected rev in a refresh script. + if package["name"] == "libexpat": + libexpat_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/expat/refresh.sh").read_text() + libexpat_expected_version_match = re.search( + r"expected_libexpat_version=\"([0-9]+\.[0-9]+\.[0-9]+)\"", + libexpat_refresh_sh + ) + libexpat_expected_sha256_match = re.search( + r"expected_libexpat_sha256=\"[a-f0-9]{40}\"", + libexpat_refresh_sh + ) + libexpat_expected_version = libexpat_expected_version_match and libexpat_expected_version_match.group(1) + libexpat_expected_sha256 = libexpat_expected_sha256_match and libexpat_expected_sha256_match.group(1) + + error_if( + libexpat_expected_version != version, + "libexpat SBOM version doesn't match value in 'Modules/expat/refresh.sh'" + ) + error_if( + package["checksums"] != [{ + "algorithm": "SHA256", + "checksumValue": libexpat_expected_sha256 + }], + "libexpat SBOM checksum doesn't match value in 'Modules/expat/refresh.sh'" + ) + # License must be on the approved list for SPDX. license_concluded = package["licenseConcluded"] error_if( |