feat(newlib): Add sbom manifest file

2023-10-11 13:25:59 +04:00 · 2023-10-11 13:25:59 +04:00 · b41b175a59
commit b41b175a59
--- a/components/newlib/sbom.yml
+++ b/components/newlib/sbom.yml
@ -0,0 +1,6 @@
+name: 'newlib'
+version: '4.3.0'
+cpe: cpe:2.3:a:newlib_project:newlib:{}:*:*:*:*:*:*:*
+supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
+originator: 'Organization: Red Hat Incorporated'
+description: An open-source C standard library implementation with additional features and patches from Espressif.
--- a/components/newlib/test_apps/newlib/pytest_newlib.py
+++ b/components/newlib/test_apps/newlib/pytest_newlib.py
@ -1,10 +1,36 @@
 # SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
 # SPDX-License-Identifier: CC0-1.0

+import subprocess
+from os import path
+
 import pytest
+import yaml
 from pytest_embedded import Dut


+def validate_sbom(dut: Dut) -> None:
+    dirname = path.dirname(path.abspath(__file__))
+    sbom_file = path.join(path.dirname(path.dirname(dirname)), 'sbom.yml')
+    gcc_input_file = path.join(dirname, 'test_sbom', 'newlib_version.c')
+    gcc = 'riscv32-esp-elf-gcc'
+    if dut.target in dut.XTENSA_TARGETS:
+        gcc = f'xtensa-{dut.target}-elf-gcc'
+    gcc_process = subprocess.run(f'{gcc} -E {gcc_input_file}',
+                                 shell=True,
+                                 stdout=subprocess.PIPE,
+                                 stderr=subprocess.PIPE,
+                                 text=True,
+                                 check=True)
+    output_lines = gcc_process.stdout.splitlines()
+    assert output_lines, 'Can not get newlib version'
+    toolchain_newlib_version = output_lines[-1].replace(' ', '.')
+    with open(sbom_file, 'r', encoding='utf-8') as yaml_file:
+        sbom_newlib_version = yaml.safe_load(yaml_file).get('version')
+        assert sbom_newlib_version, 'Can not get newlib version from sbom.yml'
+        assert toolchain_newlib_version == sbom_newlib_version, 'toolchain_newlib_version != sbom_newlib_version'
+
+
@pytest.mark.generic
@pytest.mark.parametrize(
    'config',
@ -19,4 +45,5 @@ from pytest_embedded import Dut
    indirect=True
 )
 def test_newlib(dut: Dut) -> None:
+    validate_sbom(dut)
    dut.run_all_single_board_cases()
--- a/components/newlib/test_apps/newlib/test_sbom/newlib_version.c
+++ b/components/newlib/test_apps/newlib/test_sbom/newlib_version.c
@ -0,0 +1,7 @@
+/*
+ * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Unlicense OR CC0-1.0
+ */
+#include <_newlib_version.h>
+__NEWLIB__ __NEWLIB_MINOR__ __NEWLIB_PATCHLEVEL__