diff --git a/core/main.mk b/core/main.mk index 8d737939fd..ac1953bc1c 100644 --- a/core/main.mk +++ b/core/main.mk @@ -1860,75 +1860,8 @@ else installed_files := $(apps_only_installed_files) endif # TARGET_BUILD_APPS -# sbom-metadata.csv contains all raw data collected in Make for generating SBOM in generate-sbom.py. -# There are multiple columns and each identifies the source of an installed file for a specific case. -# The columns and their uses are described as below: -# installed_file: the file path on device, e.g. /product/app/Browser2/Browser2.apk -# module_path: the path of the module that generates the installed file, e.g. packages/apps/Browser2 -# soong_module_type: Soong module type, e.g. android_app, cc_binary -# is_prebuilt_make_module: Y, if the installed file is from a prebuilt Make module, see prebuilt_internal.mk -# product_copy_files: the installed file is from variable PRODUCT_COPY_FILES, e.g. device/google/cuttlefish/shared/config/init.product.rc:product/etc/init/init.rc -# kernel_module_copy_files: the installed file is from variable KERNEL_MODULE_COPY_FILES, similar to product_copy_files -# is_platform_generated: this is an aggregated value including some small cases instead of adding more columns. It is set to Y if any case is Y -# is_build_prop: build.prop in each partition, see sysprop.mk. -# is_notice_file: NOTICE.xml.gz in each partition, see Makefile. -# is_dexpreopt_image_profile: see the usage of DEXPREOPT_IMAGE_PROFILE_BUILT_INSTALLED in Soong and Make -# is_product_system_other_avbkey: see INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET -# is_system_other_odex_marker: see INSTALLED_SYSTEM_OTHER_ODEX_MARKER -# is_event_log_tags_file: see variable event_log_tags_file in Makefile -# is_kernel_modules_blocklist: modules.blocklist created for _dlkm partitions, see macro build-image-kernel-modules-dir in Makefile. -# is_fsverity_build_manifest_apk: BuildManifest.apk files for system and system_ext partition, see ALL_FSVERITY_BUILD_MANIFEST_APK in Makefile. -# is_linker_config: see SYSTEM_LINKER_CONFIG and vendor_linker_config_file in Makefile. -# build_output_path: the path of the built file, used to calculate checksum -# static_libraries/whole_static_libraries: list of module name of the static libraries the file links against, e.g. libclang_rt.builtins or libclang_rt.builtins_32 -# Info of all static libraries of all installed files are collected in variable _all_static_libs that is used to list all the static library files in sbom-metadata.csv. -# See the second foreach loop in the rule of sbom-metadata.csv for the detailed info of static libraries collected in _all_static_libs. -# is_static_lib: whether the file is a static library - metadata_list := $(OUT_DIR)/.module_paths/METADATA.list metadata_files := $(subst $(newline),$(space),$(file <$(metadata_list))) -$(PRODUCT_OUT)/sbom-metadata.csv: - rm -f $@ - echo 'installed_file,module_path,soong_module_type,is_prebuilt_make_module,product_copy_files,kernel_module_copy_files,is_platform_generated,build_output_path,static_libraries,whole_static_libraries,is_static_lib' >> $@ - $(eval _all_static_libs :=) - $(foreach f,$(installed_files),\ - $(eval _module_name := $(ALL_INSTALLED_FILES.$f)) \ - $(eval _path_on_device := $(patsubst $(PRODUCT_OUT)/%,%,$f)) \ - $(eval _build_output_path := $(PRODUCT_OUT)/$(_path_on_device)) \ - $(eval _module_path := $(strip $(sort $(ALL_MODULES.$(_module_name).PATH)))) \ - $(eval _soong_module_type := $(strip $(sort $(ALL_MODULES.$(_module_name).SOONG_MODULE_TYPE)))) \ - $(eval _is_prebuilt_make_module := $(ALL_MODULES.$(_module_name).IS_PREBUILT_MAKE_MODULE)) \ - $(eval _product_copy_files := $(sort $(filter %:$(_path_on_device),$(product_copy_files_without_owner)))) \ - $(eval _kernel_module_copy_files := $(sort $(filter %$(_path_on_device),$(KERNEL_MODULE_COPY_FILES)))) \ - $(eval _is_build_prop := $(call is-build-prop,$f)) \ - $(eval _is_notice_file := $(call is-notice-file,$f)) \ - $(eval _is_dexpreopt_image_profile := $(if $(filter %:/$(_path_on_device),$(DEXPREOPT_IMAGE_PROFILE_BUILT_INSTALLED)),Y)) \ - $(eval _is_product_system_other_avbkey := $(if $(findstring $f,$(INSTALLED_PRODUCT_SYSTEM_OTHER_AVBKEY_TARGET)),Y)) \ - $(eval _is_event_log_tags_file := $(if $(findstring $f,$(event_log_tags_file)),Y)) \ - $(eval _is_system_other_odex_marker := $(if $(findstring $f,$(INSTALLED_SYSTEM_OTHER_ODEX_MARKER)),Y)) \ - $(eval _is_kernel_modules_blocklist := $(if $(findstring $f,$(ALL_KERNEL_MODULES_BLOCKLIST)),Y)) \ - $(eval _is_fsverity_build_manifest_apk := $(if $(findstring $f,$(ALL_FSVERITY_BUILD_MANIFEST_APK)),Y)) \ - $(eval _is_linker_config := $(if $(findstring $f,$(SYSTEM_LINKER_CONFIG) $(vendor_linker_config_file)),Y)) \ - $(eval _is_partition_compat_symlink := $(if $(findstring $f,$(PARTITION_COMPAT_SYMLINKS)),Y)) \ - $(eval _is_flags_file := $(if $(findstring $f, $(ALL_FLAGS_FILES)),Y)) \ - $(eval _is_rootdir_symlink := $(if $(findstring $f, $(ALL_ROOTDIR_SYMLINKS)),Y)) \ - $(eval _is_platform_generated := $(_is_build_prop)$(_is_notice_file)$(_is_dexpreopt_image_profile)$(_is_product_system_other_avbkey)$(_is_event_log_tags_file)$(_is_system_other_odex_marker)$(_is_kernel_modules_blocklist)$(_is_fsverity_build_manifest_apk)$(_is_linker_config)$(_is_partition_compat_symlink)$(_is_flags_file)$(_is_rootdir_symlink)) \ - $(eval _static_libs := $(ALL_INSTALLED_FILES.$f.STATIC_LIBRARIES)) \ - $(eval _whole_static_libs := $(ALL_INSTALLED_FILES.$f.WHOLE_STATIC_LIBRARIES)) \ - $(foreach l,$(_static_libs),$(eval _all_static_libs += $l:$(strip $(sort $(ALL_MODULES.$l.PATH))):$(strip $(sort $(ALL_MODULES.$l.SOONG_MODULE_TYPE))):$(ALL_STATIC_LIBRARIES.$l.BUILT_FILE))) \ - $(foreach l,$(_whole_static_libs),$(eval _all_static_libs += $l:$(strip $(sort $(ALL_MODULES.$l.PATH))):$(strip $(sort $(ALL_MODULES.$l.SOONG_MODULE_TYPE))):$(ALL_STATIC_LIBRARIES.$l.BUILT_FILE))) \ - echo '/$(_path_on_device),$(_module_path),$(_soong_module_type),$(_is_prebuilt_make_module),$(_product_copy_files),$(_kernel_module_copy_files),$(_is_platform_generated),$(_build_output_path),$(_static_libs),$(_whole_static_libs),' >> $@; \ - ) - $(foreach l,$(sort $(_all_static_libs)), \ - $(eval _lib_stem := $(call word-colon,1,$l)) \ - $(eval _module_path := $(call word-colon,2,$l)) \ - $(eval _soong_module_type := $(call word-colon,3,$l)) \ - $(eval _built_file := $(call word-colon,4,$l)) \ - $(eval _static_libs := $(ALL_STATIC_LIBRARIES.$l.STATIC_LIBRARIES)) \ - $(eval _whole_static_libs := $(ALL_STATIC_LIBRARIES.$l.WHOLE_STATIC_LIBRARIES)) \ - $(eval _is_static_lib := Y) \ - echo '$(_lib_stem).a,$(_module_path),$(_soong_module_type),,,,,$(_built_file),$(_static_libs),$(_whole_static_libs),$(_is_static_lib)' >> $@; \ - ) # Create metadata for compliance support in Soong .PHONY: make-compliance-metadata @@ -1988,22 +1921,13 @@ $(SOONG_OUT_DIR)/compliance-metadata/$(TARGET_PRODUCT)/make-modules.csv: $(SOONG_OUT_DIR)/compliance-metadata/$(TARGET_PRODUCT)/installed_files.stamp: $(installed_files) touch $@ -# (TODO: b/272358583 find another way of always rebuilding sbom.spdx) # Remove the always_dirty_file.txt whenever the makefile is evaluated $(shell rm -f $(PRODUCT_OUT)/always_dirty_file.txt) $(PRODUCT_OUT)/always_dirty_file.txt: touch $@ .PHONY: sbom -ifeq ($(TARGET_BUILD_APPS),) -sbom: $(PRODUCT_OUT)/sbom.spdx.json -$(PRODUCT_OUT)/sbom.spdx.json: $(PRODUCT_OUT)/sbom.spdx -$(PRODUCT_OUT)/sbom.spdx: $(PRODUCT_OUT)/sbom-metadata.csv $(GEN_SBOM) $(installed_files) $(metadata_list) $(metadata_files) $(PRODUCT_OUT)/always_dirty_file.txt - rm -rf $@ - $(GEN_SBOM) --output_file $@ --metadata $(PRODUCT_OUT)/sbom-metadata.csv --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr "$(PRODUCT_MANUFACTURER)" --json - -$(call dist-for-goals,droid,$(PRODUCT_OUT)/sbom.spdx.json:sbom/sbom.spdx.json) -else +ifneq ($(TARGET_BUILD_APPS),) # Create build rules for generating SBOMs of unbundled APKs and APEXs # $1: sbom file # $2: sbom fragment file