Skip to content

gh-148200: Update Modules/_hacl/ for Cygwin#149802

Open
vstinner wants to merge 2 commits into
python:mainfrom
vstinner:update_hacl
Open

gh-148200: Update Modules/_hacl/ for Cygwin#149802
vstinner wants to merge 2 commits into
python:mainfrom
vstinner:update_hacl

Conversation

@vstinner
Copy link
Copy Markdown
Member

@vstinner vstinner commented May 13, 2026
edited by bedevere-app Bot
Loading

This pulls an updated version of HACL* that fixes Lib_Memzero0.c on Cygwin, via an upstream fix.

@bedevere-app bedevere-app Bot mentioned this pull request May 13, 2026
Open
@vstinner
Copy link
Copy Markdown
Member Author

vstinner commented May 13, 2026

I regenerated the SBOM with:

sed -i -e s/8ba599b2f6c9701b3dc961db895b0856a2210f76/504c2987452f87fe44bce9b9f12e19d6e051761f/g Misc/sbom.spdx.json 
make regen-sbom

@vstinner vstinner mentioned this pull request May 13, 2026
Open
@vstinner
Copy link
Copy Markdown
Member Author

vstinner commented May 13, 2026

cc @protz @picnixz

@vstinner
pythongh-148200: Update Modules/_hacl/ for Cygwin
ef34850 
This pulls an updated version of HACL* that fixes Lib_Memzero0.c on
Cygwin, via an upstream fix.
@vstinner
Copy link
Copy Markdown
Member Author

vstinner commented May 13, 2026

Hum. It seems like the checksums of the hacl-star package is outdated in Misc/sbom.spdx.json, but I don't know how to regenerate it. I expected python3.14 ./Tools/build/generate_sbom.py to update it, but I already ran this command.

@StanFromIreland
Copy link
Copy Markdown
Member

StanFromIreland commented May 13, 2026

Running with the CI envvar generates the correct checksum:

stan@stanlaptop:~/dev/cpython{update_hacl}$ CI=1 make regen-sbom
python3.15 ./Tools/build/generate_sbom.py
stan@stanlaptop:~/dev/cpython{update_hacl}$ git diff
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index f42487bebee..cea3abebd17 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -1024,7 +1024,7 @@
       "checksums": [
         {
           "algorithm": "SHA256",
-          "checksumValue": "61e48893f37cb2280d106cefacf6fb5afe84edf625fec39572d0ee94e1018f26"
+          "checksumValue": "d6db56a5d061dcc0890eabdbb5f58a9fa6c606d9f2fbbe9d626925b870ffadfb"
         }
       ],
       "downloadLocation": "https://github.com/hacl-star/hacl-star/archive/504c2987452f87fe44bce9b9f12e19d6e051761f.zip",

@StanFromIreland
Copy link
Copy Markdown
Member

StanFromIreland commented May 13, 2026
edited
Loading

Yeah it's intentional:

cpython/Tools/build/generate_sbom.py

Line 193 in ef34850

if "checksums" not in package or "CI" in os.environ:

@vstinner
Copy link
Copy Markdown
Member Author

vstinner commented May 13, 2026

Ah yes, CI=1 make regen-sbom regenerates properly the checksums. https://devguide.python.org/developer-workflow/sbom/#updating-a-dependency documentation should maybe document CI=1.

cc @sethmlarson

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gpshead gpshead Awaiting requested review from gpshead gpshead is a code owner

@picnixz picnixz Awaiting requested review from picnixz picnixz is a code owner

@sethmlarson sethmlarson Awaiting requested review from sethmlarson sethmlarson is a code owner

Assignees

No one assigned

Labels

awaiting core review skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vstinner @StanFromIreland