summaryrefslogtreecommitdiffstats
path: root/Tools
diff options
context:
space:
mode:
Diffstat (limited to 'Tools')
-rw-r--r--Tools/build/generate_sbom.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py
index 6aa4946..5c1851f 100644
--- a/Tools/build/generate_sbom.py
+++ b/Tools/build/generate_sbom.py
@@ -183,6 +183,20 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None:
),
)
+ # HACL* specifies its expected rev in a refresh script.
+ if package["name"] == "hacl-star":
+ hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text()
+ hacl_expected_rev_match = re.search(
+ r"expected_hacl_star_rev=([0-9a-f]{40})",
+ hacl_refresh_sh
+ )
+ hacl_expected_rev = hacl_expected_rev_match and hacl_expected_rev_match.group(1)
+
+ error_if(
+ hacl_expected_rev != version,
+ "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'"
+ )
+
# License must be on the approved list for SPDX.
license_concluded = package["licenseConcluded"]
error_if(
generated by cgit v0.12 at 2024-11-24 16:49:09 (GMT)