From b1af36a2a2110bc67e95a533963db0bfc2e3d1ab Mon Sep 17 00:00:00 2001 From: Wei Li Date: Fri, 2 Aug 2024 18:00:38 -0700 Subject: [PATCH] Switch SBOM generation of products to Soong. Also remove the tests in sbom_test.sh for product SBOM generated by Make. Bug: 324467079 Test: m sbom Test: m dist Test: banchan com.android.adbd module_arm64 userdebug && m sbom && m dist Test: build/soong/tests/sbom_test.sh Change-Id: Ie3f405f0a09a3b1f1176dba67167773801b9337a --- android/sbom.go | 29 ++++++++++++++++++++--------- tests/sbom_test.sh | 37 +++++++++---------------------------- 2 files changed, 29 insertions(+), 37 deletions(-) diff --git a/android/sbom.go b/android/sbom.go index dd2d2fa26..2a5499ed8 100644 --- a/android/sbom.go +++ b/android/sbom.go @@ -42,7 +42,9 @@ func RegisterSbomSingleton(ctx RegistrationContext) { } // sbomSingleton is used to generate build actions of generating SBOM of products. -type sbomSingleton struct{} +type sbomSingleton struct { + sbomFile OutputPath +} func sbomSingletonFactory() Singleton { return &sbomSingleton{} @@ -77,12 +79,12 @@ func (this *sbomSingleton) GenerateBuildActions(ctx SingletonContext) { implicits = append(implicits, installedFilesStamp) metadataDb := PathForOutput(ctx, "compliance-metadata", ctx.Config().DeviceProduct(), "compliance-metadata.db") - sbomFile := PathForOutput(ctx, "sbom", ctx.Config().DeviceProduct(), "sbom.spdx.json") + this.sbomFile = PathForOutput(ctx, "sbom", ctx.Config().DeviceProduct(), "sbom.spdx.json") ctx.Build(pctx, BuildParams{ Rule: genSbomRule, Input: metadataDb, Implicits: implicits, - Output: sbomFile, + Output: this.sbomFile, Args: map[string]string{ "productOut": filepath.Join(ctx.Config().OutDir(), "target", "product", String(prodVars.DeviceName)), "soongOut": ctx.Config().soongOutDir, @@ -91,10 +93,19 @@ func (this *sbomSingleton) GenerateBuildActions(ctx SingletonContext) { }, }) - // Phony rule "soong-sbom". "m soong-sbom" to generate product SBOM in Soong. - ctx.Build(pctx, BuildParams{ - Rule: blueprint.Phony, - Inputs: []Path{sbomFile}, - Output: PathForPhony(ctx, "soong-sbom"), - }) + if !ctx.Config().UnbundledBuildApps() { + // When building SBOM of products, phony rule "sbom" is for generating product SBOM in Soong. + ctx.Build(pctx, BuildParams{ + Rule: blueprint.Phony, + Inputs: []Path{this.sbomFile}, + Output: PathForPhony(ctx, "sbom"), + }) + } +} + +func (this *sbomSingleton) MakeVars(ctx MakeVarsContext) { + // When building SBOM of products + if !ctx.Config().UnbundledBuildApps() { + ctx.DistForGoalWithFilename("droid", this.sbomFile, "sbom/sbom.spdx.json") + } } diff --git a/tests/sbom_test.sh b/tests/sbom_test.sh index 794003de8..04718537d 100755 --- a/tests/sbom_test.sh +++ b/tests/sbom_test.sh @@ -76,8 +76,8 @@ function test_sbom_aosp_cf_x86_64_phone { mkdir -p $sbom_test cp $product_out/*.img $sbom_test - # m sbom soong-sbom - run_soong "${out_dir}" "sbom soong-sbom" + # m sbom + run_soong "${out_dir}" "sbom" # Generate installed file list from .img files in PRODUCT_OUT dump_erofs=$out_dir/host/linux-x86/bin/dump.erofs @@ -118,7 +118,6 @@ function test_sbom_aosp_cf_x86_64_phone { for f in $EROFS_IMAGES; do partition_name=$(basename $f | cut -d. -f1) file_list_file="${sbom_test}/sbom-${partition_name}-files.txt" - files_in_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-spdx.txt" files_in_soong_spdx_file="${sbom_test}/soong-sbom-${partition_name}-files-in-spdx.txt" rm "$file_list_file" > /dev/null 2>&1 || true all_dirs="/" @@ -147,34 +146,22 @@ function test_sbom_aosp_cf_x86_64_phone { done sort -n -o "$file_list_file" "$file_list_file" - # Diff the file list from image and file list in SBOM created by Make - grep "FileName: /${partition_name}/" $product_out/sbom.spdx | sed 's/^FileName: //' > "$files_in_spdx_file" - if [ "$partition_name" = "system" ]; then - # system partition is mounted to /, so include FileName starts with /root/ too. - grep "FileName: /root/" $product_out/sbom.spdx | sed 's/^FileName: \/root//' >> "$files_in_spdx_file" - fi - sort -n -o "$files_in_spdx_file" "$files_in_spdx_file" - - echo ============ Diffing files in $f and SBOM - diff_files "$file_list_file" "$files_in_spdx_file" "$partition_name" "" - # Diff the file list from image and file list in SBOM created by Soong grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' > "$files_in_soong_spdx_file" - if [ "$partition_name" = "system" ]; then - # system partition is mounted to /, so include FileName starts with /root/ too. - grep "FileName: /root/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: \/root//' >> "$files_in_soong_spdx_file" - fi - sort -n -o "$files_in_soong_spdx_file" "$files_in_soong_spdx_file" + if [ "$partition_name" = "system" ]; then + # system partition is mounted to /, so include FileName starts with /root/ too. + grep "FileName: /root/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: \/root//' >> "$files_in_soong_spdx_file" + fi + sort -n -o "$files_in_soong_spdx_file" "$files_in_soong_spdx_file" - echo ============ Diffing files in $f and SBOM created by Soong - diff_files "$file_list_file" "$files_in_soong_spdx_file" "$partition_name" "" + echo ============ Diffing files in $f and SBOM created by Soong + diff_files "$file_list_file" "$files_in_soong_spdx_file" "$partition_name" "" done RAMDISK_IMAGES="$product_out/ramdisk.img" for f in $RAMDISK_IMAGES; do partition_name=$(basename $f | cut -d. -f1) file_list_file="${sbom_test}/sbom-${partition_name}-files.txt" - files_in_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-spdx.txt" files_in_soong_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-soong-spdx.txt" # lz4 decompress $f to stdout # cpio list all entries like ls -l @@ -183,18 +170,12 @@ function test_sbom_aosp_cf_x86_64_phone { # sed remove partition name from entry names $lz4 -c -d $f | cpio -tv 2>/dev/null | grep '^[-l]' | awk -F ' ' '{print $9}' | sed "s:^:/$partition_name/:" | sort -n > "$file_list_file" - grep "FileName: /${partition_name}/" $product_out/sbom.spdx | sed 's/^FileName: //' | sort -n > "$files_in_spdx_file" - grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' | sort -n > "$files_in_soong_spdx_file" - echo ============ Diffing files in $f and SBOM - diff_files "$file_list_file" "$files_in_spdx_file" "$partition_name" "" - echo ============ Diffing files in $f and SBOM created by Soong diff_files "$file_list_file" "$files_in_soong_spdx_file" "$partition_name" "" done - verify_package_verification_code "$product_out/sbom.spdx" verify_package_verification_code "$soong_sbom_out/sbom.spdx" verify_packages_licenses "$soong_sbom_out/sbom.spdx"