Skip to content

feat: add make sbom / install-sbom / uninstall-sbom targets #410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MarkAtwood wants to merge 2 commits into
base: master
Choose a base branch
from
+75 −0
Open

feat: add make sbom / install-sbom / uninstall-sbom targets #410

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
225924e
feat: add make sbom / install-sbom / uninstall-sbom targets
MarkAtwood Jun 23, 2026
a93e1f6
docs: add SBOM/EU CRA Compliance section to README
MarkAtwood Jun 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,47 @@ test: check
# is necessary when they are installed somewhere other than /usr/local.
AM_DISTCHECK_CONFIGURE_FLAGS=CPPFLAGS="-I@abs_top_srcdir@/include" --with-openssl=@OPENSSL_INSTALL_DIR@ --with-wolfssl=@WOLFSSL_INSTALL_DIR@

# ---------------------------------------------------------------------------
# SBOM generation (CycloneDX + SPDX) via wolfssl's gen-sbom script
# ---------------------------------------------------------------------------
WOLFSSL_DIR ?= $(WOLFSSL_INSTALL_DIR)
WOLFSSL_INCLUDEDIR ?= $(WOLFSSL_DIR)/include
PRODUCT = wolfprov
VERSION = $(shell grep LIBWOLFPROV_VERSION_STRING $(srcdir)/include/wolfprovider/version.h 2>/dev/null | sed 's/.*"\(.*\)".*/\1/')
GEN_SBOM = $(WOLFSSL_DIR)/scripts/gen-sbom
SBOM_OPTS = --name $(PRODUCT) \
--version $(VERSION) \
--supplier "wolfSSL Inc." \
--options-h $(WOLFSSL_INCLUDEDIR)/wolfssl/options.h \
--lib $(builddir)/_sbom_stage$(libdir)/libwolfprov.so.0.0.0

SBOM_OUT_DIR = $(builddir)
SBOM_CDX = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).cdx.json
SBOM_SPDX_J = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).spdx.json
SBOM_SPDX_TV = $(SBOM_OUT_DIR)/$(PRODUCT)-$(VERSION).spdx

.PHONY: sbom install-sbom uninstall-sbom

sbom: all
@if test -z "$(WOLFSSL_DIR)"; then \
echo "ERROR: WOLFSSL_DIR not set. Usage: make sbom WOLFSSL_DIR=/path/to/wolfssl"; \
exit 1; \
fi
@if test -z "$(PYTHON3)"; then \
echo "ERROR: python3 not found in PATH."; exit 1; fi
$(MAKE) install DESTDIR=$(builddir)/_sbom_stage
$(PYTHON3) $(GEN_SBOM) $(SBOM_OPTS)
rm -rf $(builddir)/_sbom_stage

install-sbom: sbom
$(MKDIR_P) $(DESTDIR)$(datadir)/doc/$(PRODUCT)
$(INSTALL_DATA) $(SBOM_CDX) $(SBOM_SPDX_J) $(SBOM_SPDX_TV) \
$(DESTDIR)$(datadir)/doc/$(PRODUCT)/

uninstall-sbom:
-rm -f $(DESTDIR)$(datadir)/doc/$(PRODUCT)/$(PRODUCT)-*.cdx.json
-rm -f $(DESTDIR)$(datadir)/doc/$(PRODUCT)/$(PRODUCT)-*.spdx.json
-rm -f $(DESTDIR)$(datadir)/doc/$(PRODUCT)/$(PRODUCT)-*.spdx

uninstall-hook: uninstall-sbom

28 changes: 28 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,34 @@ Information on how to configure, build, and test wolfProvider can be found here:
* Ed25519, Ed448 (signatures)


## SBOM / EU CRA Compliance

wolfProvider generates a Software Bill of Materials (SBOM) in CycloneDX 1.6 and
SPDX 2.3 formats to support compliance with the EU Cyber Resilience Act (CRA).

```sh
make sbom WOLFSSL_DIR=/path/to/wolfssl
```

Requires `python3` and `pyspdxtools` (`pip install spdx-tools`). `WOLFSSL_DIR`
must point to a wolfssl source tree containing `scripts/gen-sbom` (branch
`feat/sbom-embedded`, or `master` once wolfSSL/wolfssl#10343 merges).

Output files in the build directory:

| File | Format |
|------|--------|
| `wolfprov-1.1.1.cdx.json` | CycloneDX 1.6 |
| `wolfprov-1.1.1.spdx.json` | SPDX 2.3 JSON |
| `wolfprov-1.1.1.spdx` | SPDX 2.3 tag-value |

```sh
make install-sbom # installs to $(datadir)/doc/wolfprov/
make uninstall-sbom
```

For further CRA guidance see [wolfssl/doc/CRA.md](https://github.com/wolfSSL/wolfssl/blob/master/doc/CRA.md).

## Support

- [GitHub Issues](https://github.com/wolfssl/wolfProvider/issues)
Expand Down
3 changes: 3 additions & 0 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ USER_CFLAGS="$CFLAGS"
AC_PROG_CC
AC_LANG(C)

AC_CHECK_PROG([PYTHON3], [python3], [python3])
AC_CHECK_PROG([PYSPDXTOOLS], [pyspdxtools], [pyspdxtools])

# wolfSSL - check first so its -I/-L paths take precedence over OpenSSL prefix
# which may contain stale wolfSSL headers from a different version
AX_CHECK_WOLFSSL(
Expand Down