diff options
| author | 2022-05-03 16:13:00 -0700 | |
|---|---|---|
| committer | 2022-05-10 02:24:43 +0000 | |
| commit | b68b3675fd96526e4a1f9c9909f5befb4a650d5b (patch) | |
| tree | 5272f107d020d013a4ed4682e7f7c711142854a8 /provenance | |
| parent | 979ef5bb2a728f681522744739f5cd12fc86cc95 (diff) | |
Export attestation file information to provenance metadata of an artifact if its attestation file exists.
Bug: 231239599
Test: m provenance_metadata
Test: atest --host gen_provenance_metadata_test
Change-Id: I6c53d7713874c9b2fd8a422b030b7c8d23317f5b
Diffstat (limited to 'provenance')
| -rw-r--r-- | provenance/provenance_singleton.go | 3 | ||||
| -rw-r--r-- | provenance/tools/gen_provenance_metadata.py | 6 | ||||
| -rw-r--r-- | provenance/tools/gen_provenance_metadata_test.py | 7 |
3 files changed, 15 insertions, 1 deletions
diff --git a/provenance/provenance_singleton.go b/provenance/provenance_singleton.go index e49f3d4f3..d1cbd8f42 100644 --- a/provenance/provenance_singleton.go +++ b/provenance/provenance_singleton.go @@ -36,7 +36,8 @@ var ( mergeProvenanceMetaData = pctx.AndroidStaticRule("mergeProvenanceMetaData", blueprint.RuleParams{ Command: `rm -rf $out $out.temp && ` + - `echo -e "# proto-file: build/soong/provenance/proto/provenance_metadata.proto\n# proto-message: ProvenanceMetaDataList" > $out && ` + + `echo "# proto-file: build/soong/provenance/proto/provenance_metadata.proto" > $out && ` + + `echo "# proto-message: ProvenanceMetaDataList" >> $out && ` + `touch $out.temp && cat $out.temp $in | grep -v "^#.*" >> $out && rm -rf $out.temp`, }) ) diff --git a/provenance/tools/gen_provenance_metadata.py b/provenance/tools/gen_provenance_metadata.py index b33f9112b..f3f4d1f73 100644 --- a/provenance/tools/gen_provenance_metadata.py +++ b/provenance/tools/gen_provenance_metadata.py @@ -16,6 +16,7 @@ import argparse import hashlib +import os.path import sys import google.protobuf.text_format as text_format @@ -51,6 +52,11 @@ def main(argv): h.update(artifact_file.read()) provenance_metadata.artifact_sha256 = h.hexdigest() + Log("Check if there is attestation for the artifact") + attestation_file_name = args.artifact_path + ".intoto.jsonl" + if os.path.isfile(attestation_file_name): + provenance_metadata.attestation_path = attestation_file_name + text_proto = [ "# proto-file: build/soong/provenance/proto/provenance_metadata.proto", "# proto-message: ProvenanceMetaData", diff --git a/provenance/tools/gen_provenance_metadata_test.py b/provenance/tools/gen_provenance_metadata_test.py index 2fc04bf12..1f69b8f4b 100644 --- a/provenance/tools/gen_provenance_metadata_test.py +++ b/provenance/tools/gen_provenance_metadata_test.py @@ -100,6 +100,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase): artifact_file = tempfile.mktemp() with open(artifact_file,"wt") as f: f.write(artifact_content) + + attestation_file = artifact_file + ".intoto.jsonl" + with open(attestation_file, "wt") as af: + af.write("attestation file") + metadata_file = tempfile.mktemp() cmd = ["gen_provenance_metadata"] cmd.extend(["--module_name", "a"]) @@ -117,9 +122,11 @@ class ProvenanceMetaDataToolTest(unittest.TestCase): self.assertEqual(provenance_metadata.artifact_path, artifact_file) self.assertEqual(provenance_metadata.artifact_install_path, "b") self.assertEqual(provenance_metadata.artifact_sha256, sha256(artifact_content)) + self.assertEqual(provenance_metadata.attestation_path, attestation_file) os.remove(artifact_file) os.remove(metadata_file) + os.remove(attestation_file) if __name__ == '__main__': unittest.main(verbosity=2)
\ No newline at end of file |