Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2215861/?format=api
{ "id": 2215861, "url": "http://patchwork.ozlabs.org/api/patches/2215861/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260325133343.1008245-6-martin@strongswan.org/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260325133343.1008245-6-martin@strongswan.org>", "list_archive_url": null, "date": "2026-03-25T13:33:43", "name": "[v3,5/5] utils/generate-cyclonedx: add hashes from .hash files to externalReferences", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "d08c71aecec5147326d4f59d5989acfc4e96383a", "submitter": { "id": 736, "url": "http://patchwork.ozlabs.org/api/people/736/?format=api", "name": "Martin Willi", "email": "martin@strongswan.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260325133343.1008245-6-martin@strongswan.org/mbox/", "series": [ { "id": 497444, "url": "http://patchwork.ozlabs.org/api/series/497444/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=497444", "date": "2026-03-25T13:33:39", "name": "Extend CycloneDX metadata", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/497444/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2215861/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2215861/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=e/D0qK38;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fgntd20t4z1xy3\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 26 Mar 2026 00:34:01 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id D88E5838C9;\n\tWed, 25 Mar 2026 13:33:59 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 36NxM4Ckxiur; Wed, 25 Mar 2026 13:33:59 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id ED71083918;\n\tWed, 25 Mar 2026 13:33:58 +0000 (UTC)", "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id 5CBE8353\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:53 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 4339741190\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:53 +0000 (UTC)", "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 5az6TfjU3hYn for <buildroot@buildroot.org>;\n Wed, 25 Mar 2026 13:33:52 +0000 (UTC)", "from mail.codelabs.ch (mail.codelabs.ch [109.202.192.35])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 4858C41116\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:52 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by mail.codelabs.ch (Postfix) with ESMTP id 20AF35A0006;\n Wed, 25 Mar 2026 14:33:50 +0100 (CET)", "from mail.codelabs.ch ([127.0.0.1])\n by localhost (fenrir.codelabs.ch [127.0.0.1]) (amavis, port 10024) with ESMTP\n id M5goy3inHdB9; Wed, 25 Mar 2026 14:33:48 +0100 (CET)", "from zbook.home (unknown [185.12.128.224])\n by mail.codelabs.ch (Postfix) with ESMTPSA id 6A4CB5A0007;\n Wed, 25 Mar 2026 14:33:46 +0100 (CET)" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp1.osuosl.org ED71083918", "OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4858C41116" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1774445639;\n\tbh=SrqnNPou9uTlv4eoNaOSAZfp5h68ICKGYAsCY6pznxg=;\n\th=From:To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From;\n\tb=e/D0qK38gTT8xKwumW6n860Zm7aHAZWJqo9+WSfebO6sp0Qiq48hNq4PE0qAqdG+T\n\t YFPZcDWGcJdu4iE1O11aRA14zDiSyjU1PmkuMqLHDXBDOCy9ReXMIQNM4hin99w9aQ\n\t bLDCwGLiK5ZQmkkaVJcDAa1YZLRQWRbz5VNOQMDcUlbip/gFlsYTsP5f1uKsInLsfo\n\t PeWnPf9t1j+XsUCYQFwwTq1zCq3knZw3xWNlHfCT9CLm0mup6Cs/FQutrRkP7nnRuQ\n\t UT/gODZ8jtHEZ8WXBr/jw5ST5DL+2hvvFDgVGPtXd4aoua//w3XknEQrXhntnqxQOY\n\t LID1us3k4f6FQ==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=109.202.192.35;\n helo=mail.codelabs.ch; envelope-from=martin@strongswan.org;\n receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp4.osuosl.org 4858C41116", "From": "Martin Willi <martin@strongswan.org>", "To": "buildroot@buildroot.org", "Cc": "Thomas Perale <thomas.perale@mind.be>", "Date": "Wed, 25 Mar 2026 14:33:43 +0100", "Message-ID": "<20260325133343.1008245-6-martin@strongswan.org>", "In-Reply-To": "<20260325133343.1008245-1-martin@strongswan.org>", "References": "<20260325133343.1008245-1-martin@strongswan.org>", "MIME-Version": "1.0", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=strongswan.org; s=default; t=1774445626;\n bh=4gk/0Y302/VLMZgaQbtf3N8qXLZvle5hyqc52KHNag0=;\n h=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n b=IT8heUetYf7XhV5UIhGH12Xc+ISIEKNArS6BYLnq9U5awwb3bR+2/O0i08AxcyNs3\n pwR2azPYh4vLawhRNJDycW26uckUI0TNH3v9fHAVWp9sGz29Y4+EvETmUU+Z68/9eg\n 8exo4ZYvdbcmYc2cvK7TKx1wRymx6/RRrzh0s71doblV0bHB7XoR4d5EYctAOKjsYB\n w0Kv964zKNIQ1qdYEKQry1+YYzQpa+ljQJTuN788H/uC9jrv3v4UAltg+4BEwDMX8H\n co7UfNwGBfl/qvbPo1wApeLwBsDE5prV9/pp+MKYgtgKKAX2cEXhvw9SPzE/4DcwZU\n OckVLTKiWz85Q==", "X-Mailman-Original-Authentication-Results": [ "smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=strongswan.org", "smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=strongswan.org header.i=@strongswan.org\n header.a=rsa-sha256 header.s=default header.b=IT8heUet" ], "Subject": "[Buildroot] [PATCH v3 5/5] utils/generate-cyclonedx: add hashes\n from .hash files to externalReferences", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "BSI TR-03183-2 5.2.5 [1] lists the \"Hash value of the source code of the\ncomponent\" under \"Optional data fields for each component\", and as such\nCycloneDX \"MAY additionally include the [...] information, if it exists\".\n\nAs hash values are available in Buildroot, iterate over .hash file paths\nfrom show-info input and read hash values for the source distribution. Add\nall found hashes to externalReferences source-distribution entries.\n\n[1] https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2_v2_1_0.pdf?__blob=publicationFile&v=5\n\nSigned-off-by: Martin Willi <martin@strongswan.org>\n---\n .../tests/utils/test_generate_cyclonedx.py | 42 +++++++++++++++++++\n utils/generate-cyclonedx | 34 +++++++++++++++\n 2 files changed, 76 insertions(+)", "diff": "diff --git a/support/testing/tests/utils/test_generate_cyclonedx.py b/support/testing/tests/utils/test_generate_cyclonedx.py\nindex 9c2bd2bc9180..29f492803e10 100644\n--- a/support/testing/tests/utils/test_generate_cyclonedx.py\n+++ b/support/testing/tests/utils/test_generate_cyclonedx.py\n@@ -164,3 +164,45 @@ class TestGenerateCycloneDX(unittest.TestCase):\n }\n ],\n )\n+\n+ def test_external_references_hashes(self):\n+ with tempfile.TemporaryDirectory() as tmpdir:\n+ hash_file = Path(tmpdir) / \"foo.hash\"\n+ hash_file.write_text(\n+ \"# source archive checksums\\n\"\n+ \"sha256 1111111111111111111111111111111111111111111111111111111111111111 foo-1.2.tar.gz\\n\"\n+ \"sha1 2222222222222222222222222222222222222222 foo-1.2.tar.gz\\n\"\n+ \"sha256 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa LICENSE\\n\"\n+ )\n+\n+ info = self._make_show_info()\n+ info[\"package-foo\"][\"hashes\"] = [str(hash_file)]\n+ info[\"package-foo\"][\"downloads\"] = [\n+ {\n+ \"source\": \"foo-1.2.tar.gz\",\n+ \"uris\": [\"http|https+https://mirror.example.org/foo\"],\n+ },\n+ ]\n+\n+ result = self._run_script(show_info=info)\n+\n+ foo = self._find_component(result, \"package-foo\")\n+ self.assertEqual(\n+ foo[\"externalReferences\"],\n+ [\n+ {\n+ \"type\": \"source-distribution\",\n+ \"url\": \"https://mirror.example.org/foo/foo-1.2.tar.gz\",\n+ \"hashes\": [\n+ {\n+ \"alg\": \"SHA-256\",\n+ \"content\": \"1111111111111111111111111111111111111111111111111111111111111111\",\n+ },\n+ {\n+ \"alg\": \"SHA-1\",\n+ \"content\": \"2222222222222222222222222222222222222222\",\n+ },\n+ ],\n+ }\n+ ],\n+ )\ndiff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx\nindex 3946380ae3ef..4ef0548bae51 100755\n--- a/utils/generate-cyclonedx\n+++ b/utils/generate-cyclonedx\n@@ -278,6 +278,39 @@ def usable_download_uris(uris: list[str]) -> Iterator[str]:\n yield parts[1]\n \n \n+def cyclonedx_source_hashes(comp, source):\n+ \"\"\"Create CycloneDX hashes for a source distribution.\n+\n+ Args:\n+ comp (dict): The component information from the show-info output.\n+ source (str): The source distribution filename to look for in the hash file.\n+ Returns:\n+ dict: Hash information in CycloneDX format, or empty dict\n+ \"\"\"\n+ mapping = {\n+ \"sha1\": \"SHA-1\",\n+ \"sha256\": \"SHA-256\",\n+ \"sha512\": \"SHA-512\",\n+ \"md5\": \"MD5\",\n+ }\n+\n+ hashes = []\n+ for hash_file in comp.get(\"hashes\", []):\n+ with Path(hash_file).open() as f:\n+ for line in f:\n+ line = line.strip()\n+ if not line.startswith(\"#\") and line.endswith(f\" {source}\"):\n+ parts = line.split()\n+ if len(parts) >= 3 and parts[0] in mapping:\n+ hashes.append({\n+ \"alg\": mapping[parts[0]],\n+ \"content\": parts[1],\n+ })\n+ if hashes:\n+ return {\"hashes\": hashes}\n+ return {}\n+\n+\n def cyclonedx_external_refs(comp):\n \"\"\"Create CycloneDX external references for a component.\n \n@@ -294,6 +327,7 @@ def cyclonedx_external_refs(comp):\n {\n \"type\": \"source-distribution\",\n \"url\": f\"{uri}/{source}\",\n+ **cyclonedx_source_hashes(comp, source),\n }\n ]\n }\n", "prefixes": [ "v3", "5/5" ] }