Skip to content

feat: add make sbom / install-sbom / uninstall-sbom targets#227

Open
MarkAtwood wants to merge 2 commits into
wolfSSL:masterfrom
MarkAtwood:feat/add-make-sbom
Open

feat: add make sbom / install-sbom / uninstall-sbom targets#227
MarkAtwood wants to merge 2 commits into
wolfSSL:masterfrom
MarkAtwood:feat/add-make-sbom

Conversation

@MarkAtwood

@MarkAtwood MarkAtwood commented Jun 23, 2026

Copy link
Copy Markdown

Summary

  • Adds make sbom, make install-sbom, and make uninstall-sbom targets to wolfEngine's autotools build for EU CRA compliance evidence (CycloneDX 1.6 + SPDX 2.3 output)
  • Adds AC_CHECK_PROG checks for python3 and pyspdxtools in configure.ac

Usage

make sbom WOLFSSL_DIR=/path/to/wolfssl
# produces: wolfengine-1.4.0.cdx.json  wolfengine-1.4.0.spdx.json  wolfengine-1.4.0.spdx
pyspdxtools --infile wolfengine-1.4.0.spdx.json   # must pass

make install-sbom   # installs to $(datadir)/doc/wolfengine/
make uninstall-sbom

WOLFSSL_DIR must point to a wolfssl checkout containing scripts/gen-sbom (branch feat/sbom-embedded, or master once wolfSSL/wolfssl#10343 merges).

Notes

  • wolfEngine has no generated options.h; feature flags come from the installed wolfssl. --options-h is read from $(WOLFSSL_INCLUDEDIR)/wolfssl/options.h (defaults to $(WOLFSSL_DIR)/include; override with make sbom WOLFSSL_INCLUDEDIR=... if wolfssl headers live elsewhere)
  • wolfEngine's libtool version-info 1:4:0 produces libwolfengine.so.1.0.4, not libwolfengine.so.1.4.0 — the staged .so is located with find rather than a hardcoded version suffix
  • uninstall-hook dependency ensures make uninstall removes SBOM files

@MarkAtwood
feat: add make sbom / install-sbom / uninstall-sbom targets
4d70b3e 
Adds CycloneDX + SPDX SBOM generation via wolfssl's gen-sbom script.
Usage: make sbom WOLFSSL_DIR=/path/to/wolfssl

wolfEngine has no generated options.h; uses installed wolfssl's
options.h (via WOLFSSL_INCLUDEDIR, defaults to WOLFSSL_DIR/include).
Library SONAME discovered dynamically from staged install since
libtool version-info 1:4:0 produces libwolfengine.so.1.0.4.
Copilot AI review requested due to automatic review settings June 23, 2026 22:34
@MarkAtwood MarkAtwood requested a review from sameehj June 23, 2026 22:36
Copilot AI reviewed Jun 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds SBOM generation + install/uninstall targets to the autotools build to produce CycloneDX 1.6 and SPDX 2.3 outputs (via wolfSSL’s scripts/gen-sbom), and wires tool detection into configure.ac.

Changes:

  • Adds make sbom, make install-sbom, and make uninstall-sbom targets (plus uninstall hook integration).
  • Introduces configure-time detection for SBOM-related tools (python3, pyspdxtools).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
Makefile.am Adds SBOM build/install/uninstall targets and staging logic for SBOM generation artifacts.
configure.ac Adds AC_CHECK_PROG checks for SBOM-related tools.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Makefile.am
Comment on lines +60 to +67
PRODUCT = wolfengine
VERSION = $(shell grep -m1 'AC_INIT' $(srcdir)/configure.ac | sed "s/.*\[//;s/\].*//")
GEN_SBOM = $(WOLFSSL_DIR)/scripts/gen-sbom

SBOM_OUT_DIR = $(builddir)
SBOM_CDX = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).cdx.json
SBOM_SPDX_J = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).spdx.json
SBOM_SPDX_TV = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).spdx
Comment thread Makefile.am
Comment on lines +71 to +85
sbom: all
@if test -z "$(WOLFSSL_DIR)"; then \
echo "ERROR: WOLFSSL_DIR not set. Usage: make sbom WOLFSSL_DIR=/path/to/wolfssl"; \
exit 1; \
fi
@if test -z "$(PYTHON3)"; then \
echo "ERROR: python3 not found in PATH."; exit 1; fi
$(MAKE) install DESTDIR=$(abs_builddir)/_sbom_stage
$(PYTHON3) $(GEN_SBOM) \
--name $(PRODUCT) \
--version $(VERSION) \
--supplier "wolfSSL Inc." \
--options-h $(WOLFSSL_INCLUDEDIR)/wolfssl/options.h \
--lib `find $(abs_builddir)/_sbom_stage$(libdir) -name 'libwolfengine.so.*.*.*' | head -1`
rm -rf $(abs_builddir)/_sbom_stage
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sameehj sameehj Awaiting requested review from sameehj

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MarkAtwood