StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch SBOM generation of products to Soong and remove the function in Make.

Browse Source 
Bug: 324467079
Test: m sbom
Test: m dist
Test: banchan com.android.adbd module_arm64 userdebug && m sbom && m dist
Test: build/soong/tests/sbom_test.sh
Change-Id: Ic862604acd3ad11ef238748a744a8e675d2a141a
This commit is contained in:
Wei Li
2024-08-02 17:56:28 -07:00
parent a4007985ec
commit 4d7e700997
1 changed files with 1 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
core/main.mk
View File

@@ -1860,75 +1860,8 @@ else
installed_files := $(apps_only_installed_files)
endif # TARGET_BUILD_APPS
# sbom-metadata.csv contains all raw data collected in Make for generating SBOM in generate-sbom.py.
# There are multiple columns and each identifies the source of an installed file for a specific case.
# The columns and their uses are described as below:
# installed_file: the file path on device, e.g. /product/app/Browser2/Browser2.apk
# module_path: the path of the module that generates the installed file, e.g. packages/apps/Browser2
# soong_module_type: Soong module type, e.g. android_app, cc_binary
# is_prebuilt_make_module: Y, if the installed file is from a prebuilt Make module, see prebuilt_internal.mk
# product_copy_files: the installed file is from variable PRODUCT_COPY_FILES, e.g. device/google/cuttlefish/shared/config/init.product.rc:product/etc/init/init.rc
# kernel_module_copy_files: the installed file is from variable KERNEL_MODULE_COPY_FILES, similar to product_copy_files
# is_platform_generated: this is an aggregated value including some small cases instead of adding more columns. It is set to Y if any case is Y
# is_build_prop: build.prop in each partition, see sysprop.mk.
# is_notice_file: NOTICE.xml.gz in each partition, see Makefile.
# is_dexpreopt_image_profile: see the usage of DEXPREOPT_IMAGE_PROFILE_BUILT_INSTALLED in Soong and Make
# is_product_system_other_avbkey: see INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET
# is_system_other_odex_marker: see INSTALLED_SYSTEM_OTHER_ODEX_MARKER
# is_event_log_tags_file: see variable event_log_tags_file in Makefile
# is_kernel_modules_blocklist: modules.blocklist created for _dlkm partitions, see macro build-image-kernel-modules-dir in Makefile.
# is_fsverity_build_manifest_apk: BuildManifest<part>.apk files for system and system_ext partition, see ALL_FSVERITY_BUILD_MANIFEST_APK in Makefile.
# is_linker_config: see SYSTEM_LINKER_CONFIG and vendor_linker_config_file in Makefile.
# build_output_path: the path of the built file, used to calculate checksum
# static_libraries/whole_static_libraries: list of module name of the static libraries the file links against, e.g. libclang_rt.builtins or libclang_rt.builtins_32
# Info of all static libraries of all installed files are collected in variable _all_static_libs that is used to list all the static library files in sbom-metadata.csv.
# See the second foreach loop in the rule of sbom-metadata.csv for the detailed info of static libraries collected in _all_static_libs.
# is_static_lib: whether the file is a static library
metadata_list := $(OUT_DIR)/.module_paths/METADATA.list
metadata_files := $(subst $(newline),$(space),$(file <$(metadata_list)))
$(PRODUCT_OUT)/sbom-metadata.csv:
rm -f $@
echo 'installed_file,module_path,soong_module_type,is_prebuilt_make_module,product_copy_files,kernel_module_copy_files,is_platform_generated,build_output_path,static_libraries,whole_static_libraries,is_static_lib' >> $@
$(eval _all_static_libs :=)
$(foreach f,$(installed_files),\
$(eval _module_name := $(ALL_INSTALLED_FILES.$f)) \
$(eval _path_on_device := $(patsubst $(PRODUCT_OUT)/%,%,$f)) \
$(eval _build_output_path := $(PRODUCT_OUT)/$(_path_on_device)) \
$(eval _module_path := $(strip $(sort $(ALL_MODULES.$(_module_name).PATH)))) \
$(eval _soong_module_type := $(strip $(sort $(ALL_MODULES.$(_module_name).SOONG_MODULE_TYPE)))) \
$(eval _is_prebuilt_make_module := $(ALL_MODULES.$(_module_name).IS_PREBUILT_MAKE_MODULE)) \
$(eval _product_copy_files := $(sort $(filter %:$(_path_on_device),$(product_copy_files_without_owner)))) \
$(eval _kernel_module_copy_files := $(sort $(filter %$(_path_on_device),$(KERNEL_MODULE_COPY_FILES)))) \
$(eval _is_build_prop := $(call is-build-prop,$f)) \
$(eval _is_notice_file := $(call is-notice-file,$f)) \
$(eval _is_dexpreopt_image_profile := $(if $(filter %:/$(_path_on_device),$(DEXPREOPT_IMAGE_PROFILE_BUILT_INSTALLED)),Y)) \
$(eval _is_product_system_other_avbkey := $(if $(findstring $f,$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)),Y)) \
$(eval _is_event_log_tags_file := $(if $(findstring $f,$(event_log_tags_file)),Y)) \
$(eval _is_system_other_odex_marker := $(if $(findstring $f,$(INSTALLED_SYSTEM_OTHER_ODEX_MARKER)),Y)) \
$(eval _is_kernel_modules_blocklist := $(if $(findstring $f,$(ALL_KERNEL_MODULES_BLOCKLIST)),Y)) \
$(eval _is_fsverity_build_manifest_apk := $(if $(findstring $f,$(ALL_FSVERITY_BUILD_MANIFEST_APK)),Y)) \
$(eval _is_linker_config := $(if $(findstring $f,$(SYSTEM_LINKER_CONFIG) $(vendor_linker_config_file)),Y)) \
$(eval _is_partition_compat_symlink := $(if $(findstring $f,$(PARTITION_COMPAT_SYMLINKS)),Y)) \
$(eval _is_flags_file := $(if $(findstring $f, $(ALL_FLAGS_FILES)),Y)) \
$(eval _is_rootdir_symlink := $(if $(findstring $f, $(ALL_ROOTDIR_SYMLINKS)),Y)) \
$(eval _is_platform_generated := $(_is_build_prop)$(_is_notice_file)$(_is_dexpreopt_image_profile)$(_is_product_system_other_avbkey)$(_is_event_log_tags_file)$(_is_system_other_odex_marker)$(_is_kernel_modules_blocklist)$(_is_fsverity_build_manifest_apk)$(_is_linker_config)$(_is_partition_compat_symlink)$(_is_flags_file)$(_is_rootdir_symlink)) \
$(eval _static_libs := $(ALL_INSTALLED_FILES.$f.STATIC_LIBRARIES)) \
$(eval _whole_static_libs := $(ALL_INSTALLED_FILES.$f.WHOLE_STATIC_LIBRARIES)) \
$(foreach l,$(_static_libs),$(eval _all_static_libs += $l:$(strip $(sort $(ALL_MODULES.$l.PATH))):$(strip $(sort $(ALL_MODULES.$l.SOONG_MODULE_TYPE))):$(ALL_STATIC_LIBRARIES.$l.BUILT_FILE))) \
$(foreach l,$(_whole_static_libs),$(eval _all_static_libs += $l:$(strip $(sort $(ALL_MODULES.$l.PATH))):$(strip $(sort $(ALL_MODULES.$l.SOONG_MODULE_TYPE))):$(ALL_STATIC_LIBRARIES.$l.BUILT_FILE))) \
echo '/$(_path_on_device),$(_module_path),$(_soong_module_type),$(_is_prebuilt_make_module),$(_product_copy_files),$(_kernel_module_copy_files),$(_is_platform_generated),$(_build_output_path),$(_static_libs),$(_whole_static_libs),' >> $@; \
)
$(foreach l,$(sort $(_all_static_libs)), \
$(eval _lib_stem := $(call word-colon,1,$l)) \
$(eval _module_path := $(call word-colon,2,$l)) \
$(eval _soong_module_type := $(call word-colon,3,$l)) \
$(eval _built_file := $(call word-colon,4,$l)) \
$(eval _static_libs := $(ALL_STATIC_LIBRARIES.$l.STATIC_LIBRARIES)) \
$(eval _whole_static_libs := $(ALL_STATIC_LIBRARIES.$l.WHOLE_STATIC_LIBRARIES)) \
$(eval _is_static_lib := Y) \
echo '$(_lib_stem).a,$(_module_path),$(_soong_module_type),,,,,$(_built_file),$(_static_libs),$(_whole_static_libs),$(_is_static_lib)' >> $@; \
)
# Create metadata for compliance support in Soong
.PHONY: make-compliance-metadata
@@ -1988,22 +1921,13 @@ $(SOONG_OUT_DIR)/compliance-metadata/$(TARGET_PRODUCT)/make-modules.csv:
$(SOONG_OUT_DIR)/compliance-metadata/$(TARGET_PRODUCT)/installed_files.stamp: $(installed_files)
touch $@
# (TODO: b/272358583 find another way of always rebuilding sbom.spdx)
# Remove the always_dirty_file.txt whenever the makefile is evaluated
$(shell rm -f $(PRODUCT_OUT)/always_dirty_file.txt)
$(PRODUCT_OUT)/always_dirty_file.txt:
touch $@
.PHONY: sbom
ifeq ($(TARGET_BUILD_APPS),)
sbom: $(PRODUCT_OUT)/sbom.spdx.json
$(PRODUCT_OUT)/sbom.spdx.json: $(PRODUCT_OUT)/sbom.spdx
$(PRODUCT_OUT)/sbom.spdx: $(PRODUCT_OUT)/sbom-metadata.csv $(GEN_SBOM) $(installed_files) $(metadata_list) $(metadata_files) $(PRODUCT_OUT)/always_dirty_file.txt
rm -rf $@
$(GEN_SBOM) --output_file $@ --metadata $(PRODUCT_OUT)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --json
$(call dist-for-goals,droid,$(PRODUCT_OUT)/sbom.spdx.json:sbom/sbom.spdx.json)
else
ifneq ($(TARGET_BUILD_APPS),)
# Create build rules for generating SBOMs of unbundled APKs and APEXs
# $1: sbom file
# $2: sbom fragment file