gh-99108: Update and check HACL* version information (GH-117295)

* Update and check HACL* version information
python · Mar 27, 2024 · 669ef49 · 669ef49
1 parent 262fb91
commit 669ef49
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
diff --git a/Tools/build/generate_sbom.py b/Tools/build/generate_sbom.py
@@ -183,6 +183,20 @@ def check_sbom_packages(sbom_data: dict[str, typing.Any]) -> None:
             ),
         )
 
+        # HACL* specifies its expected rev in a refresh script.
+        if package["name"] == "hacl-star":
+            hacl_refresh_sh = (CPYTHON_ROOT_DIR / "Modules/_hacl/refresh.sh").read_text()
+            hacl_expected_rev_match = re.search(
+                r"expected_hacl_star_rev=([0-9a-f]{40})",
+                hacl_refresh_sh
+            )
+            hacl_expected_rev = hacl_expected_rev_match and hacl_expected_rev_match.group(1)
+
+            error_if(
+                hacl_expected_rev != version,
+                "HACL* SBOM version doesn't match value in 'Modules/_hacl/refresh.sh'"
+            )
+
         # License must be on the approved list for SPDX.
         license_concluded = package["licenseConcluded"]
         error_if(