Skip to content

fix: hardcode Microsoft SBOM tool checksum#22

Merged
ramonclaudio merged 1 commit intomainfrom
fix/microsoft-sbom-checksum
Sep 7, 2025
Merged

fix: hardcode Microsoft SBOM tool checksum#22
ramonclaudio merged 1 commit intomainfrom
fix/microsoft-sbom-checksum

Conversation

@ramonclaudio
Copy link
Owner

@ramonclaudio ramonclaudio commented Sep 7, 2025

Summary

  • Fix Microsoft SBOM tool checksum verification failure
  • Use hardcoded SHA256 for v4.1.2 instead of downloading non-existent .sha256 file
  • Clean up workflow to remove reference to .sha256 file

Problem

The workflow was failing with:

sha256sum: sbom-tool-linux-x64.sha256: no properly formatted checksum lines found

Microsoft doesn't provide .sha256 files for their SBOM tool releases.

Solution

Use a hardcoded checksum like we did for minisign:

echo "0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5  sbom-tool-linux-x64" | sha256sum -c

Testing

This ensures the Microsoft SBOM tool is properly verified and the workflow completes successfully.

@ramonclaudio
fix: hardcode Microsoft SBOM tool checksum
1793b54 
- Microsoft doesn't provide .sha256 files for their releases
- Use hardcoded SHA256 checksum for v4.1.2
- Remove reference to non-existent .sha256 file in cleanup
@ramonclaudio ramonclaudio mentioned this pull request Sep 7, 2025
Merged
@ramonclaudio ramonclaudio merged commit b5278c4 into main Sep 7, 2025
5 checks passed
@ramonclaudio ramonclaudio deleted the fix/microsoft-sbom-checksum branch September 7, 2025 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramonclaudio