@@ -638,6 +638,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
def new_file(self, _id, name, path, *, purposes=[], hashfile=True):
if hashfile:
sha256_hash = bb.utils.sha256_file(path)
+ sha512_hash = bb.utils.sha512_file(path)
for f in self.by_sha256_hash.get(sha256_hash, []):
if not isinstance(f, oe.spdx30.software_File):
@@ -684,6 +685,12 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
hashValue=sha256_hash,
)
)
+ spdx_file.verifiedUsing.append(
+ oe.spdx30.Hash(
+ algorithm=oe.spdx30.HashAlgorithm.sha512,
+ hashValue=sha512_hash,
+ )
+ )
return self.add(spdx_file)
@@ -1478,6 +1478,10 @@ def create_image_spdx(d):
oe.spdx30.Hash(
algorithm=oe.spdx30.HashAlgorithm.sha256,
hashValue=bb.utils.sha256_file(image_path),
+ ),
+ oe.spdx30.Hash(
+ algorithm=oe.spdx30.HashAlgorithm.sha512,
+ hashValue=bb.utils.sha512_file(image_path),
)
],
)
Adds support for adding SHA-512 hashes (where possible). This is to improve compliance with SBoM standards, in particular BSI TR-03181 [1]. SHA 256 hashes are still included for each file, and still used to index files in the database. Also, while SHA 512 is supported as a hash for downloads, most recipes are still using SHA 256 and would need to be upgraded for full compliance with BSI TR-03183 [1]: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03183/TR-03183_node.html Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> --- meta/lib/oe/sbom30.py | 7 +++++++ meta/lib/oe/spdx30_tasks.py | 4 ++++ 2 files changed, 11 insertions(+)