tequilaOS/platform_build_soong
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Export attestation file information to provenance metadata of an artifact if its attestation file exists.

Browse source 
Bug: 231239599
Test: m provenance_metadata
Test: atest --host gen_provenance_metadata_test
Change-Id: I6c53d7713874c9b2fd8a422b030b7c8d23317f5b
This commit is contained in:
Wei Li 2022-05-03 16:13:00 -07:00
parent 979ef5bb2a
commit b68b3675fd
3 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
provenance/provenance_singleton.go
View file

@ -36,7 +36,8 @@ var (
mergeProvenanceMetaData = pctx.AndroidStaticRule("mergeProvenanceMetaData", mergeProvenanceMetaData = pctx.AndroidStaticRule("mergeProvenanceMetaData",
blueprint.RuleParams{ blueprint.RuleParams{
Command: `rm -rf $out $out.temp && ` + Command: `rm -rf $out $out.temp && ` +
`echo -e "# proto-file: build/soong/provenance/proto/provenance_metadata.proto\n# proto-message: ProvenanceMetaDataList" > $out && ` + `echo "# proto-file: build/soong/provenance/proto/provenance_metadata.proto" > $out && ` +
`echo "# proto-message: ProvenanceMetaDataList" >> $out && ` +
`touch $out.temp && cat $out.temp $in | grep -v "^#.*" >> $out && rm -rf $out.temp`, `touch $out.temp && cat $out.temp $in | grep -v "^#.*" >> $out && rm -rf $out.temp`,
}) })
) )

6
provenance/tools/gen_provenance_metadata.py
View file

@ -16,6 +16,7 @@
import argparse import argparse
import hashlib import hashlib
import os.path
import sys import sys
import google.protobuf.text_format as text_format import google.protobuf.text_format as text_format
@ -51,6 +52,11 @@ def main(argv):
h.update(artifact_file.read()) h.update(artifact_file.read())
provenance_metadata.artifact_sha256 = h.hexdigest() provenance_metadata.artifact_sha256 = h.hexdigest()
Log("Check if there is attestation for the artifact")
attestation_file_name = args.artifact_path + ".intoto.jsonl"
if os.path.isfile(attestation_file_name):
provenance_metadata.attestation_path = attestation_file_name
text_proto = [ text_proto = [
"# proto-file: build/soong/provenance/proto/provenance_metadata.proto", "# proto-file: build/soong/provenance/proto/provenance_metadata.proto",
"# proto-message: ProvenanceMetaData", "# proto-message: ProvenanceMetaData",

7
provenance/tools/gen_provenance_metadata_test.py
View file

@ -100,6 +100,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase):
artifact_file = tempfile.mktemp() artifact_file = tempfile.mktemp()
with open(artifact_file,"wt") as f: with open(artifact_file,"wt") as f:
f.write(artifact_content) f.write(artifact_content)
attestation_file = artifact_file + ".intoto.jsonl"
with open(attestation_file, "wt") as af:
af.write("attestation file")
metadata_file = tempfile.mktemp() metadata_file = tempfile.mktemp()
cmd = ["gen_provenance_metadata"] cmd = ["gen_provenance_metadata"]
cmd.extend(["--module_name", "a"]) cmd.extend(["--module_name", "a"])
@ -117,9 +122,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase):
self.assertEqual(provenance_metadata.artifact_path, artifact_file) self.assertEqual(provenance_metadata.artifact_path, artifact_file)
self.assertEqual(provenance_metadata.artifact_install_path, "b") self.assertEqual(provenance_metadata.artifact_install_path, "b")
self.assertEqual(provenance_metadata.artifact_sha256, sha256(artifact_content)) self.assertEqual(provenance_metadata.artifact_sha256, sha256(artifact_content))
self.assertEqual(provenance_metadata.attestation_path, attestation_file)
os.remove(artifact_file) os.remove(artifact_file)
os.remove(metadata_file) os.remove(metadata_file)
os.remove(attestation_file)
if __name__ == '__main__': if __name__ == '__main__':
unittest.main(verbosity=2) unittest.main(verbosity=2)