Export attestation file information to provenance metadata of an artifact if its attestation file exists.

Bug: 231239599 Test: m provenance_metadata Test: atest --host gen_provenance_metadata_test Change-Id: I6c53d7713874c9b2fd8a422b030b7c8d23317f5b
2022-05-03 16:13:00 -07:00 · 2022-05-03 16:13:00 -07:00 · b68b3675fd
commit b68b3675fd
parent 979ef5bb2a
3 changed files with 15 additions and 1 deletions
--- a/provenance/provenance_singleton.go
+++ b/provenance/provenance_singleton.go
@ -36,7 +36,8 @@ var (
 	mergeProvenanceMetaData = pctx.AndroidStaticRule("mergeProvenanceMetaData",
 		blueprint.RuleParams{
 			Command: `rm -rf $out $out.temp && ` +
-				`echo -e "# proto-file: build/soong/provenance/proto/provenance_metadata.proto\n# proto-message: ProvenanceMetaDataList" > $out && ` +
+				`echo "# proto-file: build/soong/provenance/proto/provenance_metadata.proto" > $out && ` +
+				`echo "# proto-message: ProvenanceMetaDataList" >> $out && ` +
 				`touch $out.temp && cat $out.temp $in | grep -v "^#.*" >> $out && rm -rf $out.temp`,
 		})
 )
--- a/provenance/tools/gen_provenance_metadata.py
+++ b/provenance/tools/gen_provenance_metadata.py
@ -16,6 +16,7 @@

 import argparse
 import hashlib
+import os.path
 import sys

 import google.protobuf.text_format as text_format
@ -51,6 +52,11 @@ def main(argv):
    h.update(artifact_file.read())
  provenance_metadata.artifact_sha256 = h.hexdigest()

+  Log("Check if there is attestation for the artifact")
+  attestation_file_name = args.artifact_path + ".intoto.jsonl"
+  if os.path.isfile(attestation_file_name):
+    provenance_metadata.attestation_path = attestation_file_name
+
  text_proto = [
      "# proto-file: build/soong/provenance/proto/provenance_metadata.proto",
      "# proto-message: ProvenanceMetaData",
--- a/provenance/tools/gen_provenance_metadata_test.py
+++ b/provenance/tools/gen_provenance_metadata_test.py
@ -100,6 +100,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase):
    artifact_file = tempfile.mktemp()
    with open(artifact_file,"wt") as f:
      f.write(artifact_content)
+
+    attestation_file = artifact_file + ".intoto.jsonl"
+    with open(attestation_file, "wt") as af:
+      af.write("attestation file")
+
    metadata_file = tempfile.mktemp()
    cmd = ["gen_provenance_metadata"]
    cmd.extend(["--module_name", "a"])
@ -117,9 +122,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase):
      self.assertEqual(provenance_metadata.artifact_path, artifact_file)
      self.assertEqual(provenance_metadata.artifact_install_path, "b")
      self.assertEqual(provenance_metadata.artifact_sha256, sha256(artifact_content))
+      self.assertEqual(provenance_metadata.attestation_path, attestation_file)

    os.remove(artifact_file)
    os.remove(metadata_file)
+    os.remove(attestation_file)

 if __name__ == '__main__':
  unittest.main(verbosity=2)