mirror of
https://gh.wpcy.net/https://github.com/WeblateOrg/weblate.git
synced 2026-05-05 00:31:45 +08:00
6e1eb04672
* feat: include reproducible serial in SBOM Without that some tools reject the format even though the serial is only recommended in the specification. * chore(js): update vendored libraries * doc: changelog entry * chore(deps): update lockfile * feat: include serial in python sbom * fix: avoid crash if serialNumber is not present * fix(ci): do not run attestations on pull requests * chore(deps): update lockfile --------- Co-authored-by: pre-commit-ci-lite[bot] <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com>
37 lines
821 B
Python
Executable file
37 lines
821 B
Python
Executable file
#!/usr/bin/env python
|
|
|
|
# Copyright © Michal Čihař <michal@weblate.org>
|
|
#
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
import json
|
|
import sys
|
|
import uuid
|
|
|
|
|
|
class NullNamespace:
|
|
bytes = b""
|
|
|
|
|
|
if len(sys.argv) != 2:
|
|
print("Usage: reproducible-sbom.py sbom.json")
|
|
sys.exit(1)
|
|
|
|
filename = sys.argv[1]
|
|
with open(filename) as handle:
|
|
data = json.load(handle)
|
|
|
|
# Remove varying fields
|
|
data["metadata"].pop("timestamp", None)
|
|
|
|
# Generate UUID based on the content (with serialNumber excluded)
|
|
checksum_data = data.copy()
|
|
checksum_data.pop("serialNumber", None)
|
|
reproducible_uuid = uuid.uuid5(NullNamespace, json.dumps(checksum_data))
|
|
|
|
# Update serial number
|
|
data["serialNumber"] = f"urn:uuid:{reproducible_uuid}"
|
|
|
|
with open(filename, "w") as handle:
|
|
json.dump(data, handle, indent=2)
|
|
handle.write("\n")
|
