StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch SBOM generation of products to Soong.

Browse Source 
Also remove the tests in sbom_test.sh for product SBOM generated by Make.

Bug: 324467079
Test: m sbom
Test: m dist
Test: banchan com.android.adbd module_arm64 userdebug && m sbom && m dist
Test: build/soong/tests/sbom_test.sh
Change-Id: Ie3f405f0a09a3b1f1176dba67167773801b9337a
This commit is contained in:
Wei Li
2024-08-02 18:00:38 -07:00
parent 0ca0dd8e1c
commit b1af36a2a2
2 changed files with 29 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
android/sbom.go
View File

@@ -42,7 +42,9 @@ func RegisterSbomSingleton(ctx RegistrationContext) {
} }
// sbomSingleton is used to generate build actions of generating SBOM of products. // sbomSingleton is used to generate build actions of generating SBOM of products.
type sbomSingleton struct{} type sbomSingleton struct {
sbomFile OutputPath
}
func sbomSingletonFactory() Singleton { func sbomSingletonFactory() Singleton {
return &sbomSingleton{} return &sbomSingleton{}
@@ -77,12 +79,12 @@ func (this *sbomSingleton) GenerateBuildActions(ctx SingletonContext) {
implicits = append(implicits, installedFilesStamp) implicits = append(implicits, installedFilesStamp)
metadataDb := PathForOutput(ctx, "compliance-metadata", ctx.Config().DeviceProduct(), "compliance-metadata.db") metadataDb := PathForOutput(ctx, "compliance-metadata", ctx.Config().DeviceProduct(), "compliance-metadata.db")
sbomFile := PathForOutput(ctx, "sbom", ctx.Config().DeviceProduct(), "sbom.spdx.json") this.sbomFile = PathForOutput(ctx, "sbom", ctx.Config().DeviceProduct(), "sbom.spdx.json")
ctx.Build(pctx, BuildParams{ ctx.Build(pctx, BuildParams{
Rule: genSbomRule, Rule: genSbomRule,
Input: metadataDb, Input: metadataDb,
Implicits: implicits, Implicits: implicits,
Output: sbomFile, Output: this.sbomFile,
Args: map[string]string{ Args: map[string]string{
"productOut": filepath.Join(ctx.Config().OutDir(), "target", "product", String(prodVars.DeviceName)), "productOut": filepath.Join(ctx.Config().OutDir(), "target", "product", String(prodVars.DeviceName)),
"soongOut": ctx.Config().soongOutDir, "soongOut": ctx.Config().soongOutDir,
@@ -91,10 +93,19 @@ func (this *sbomSingleton) GenerateBuildActions(ctx SingletonContext) {
}, },
}) })
// Phony rule "soong-sbom". "m soong-sbom" to generate product SBOM in Soong. if !ctx.Config().UnbundledBuildApps() {
// When building SBOM of products, phony rule "sbom" is for generating product SBOM in Soong.
ctx.Build(pctx, BuildParams{ ctx.Build(pctx, BuildParams{
Rule: blueprint.Phony, Rule: blueprint.Phony,
Inputs: []Path{sbomFile}, Inputs: []Path{this.sbomFile},
Output: PathForPhony(ctx, "soong-sbom"), Output: PathForPhony(ctx, "sbom"),
}) })
}
}
func (this *sbomSingleton) MakeVars(ctx MakeVarsContext) {
// When building SBOM of products
if !ctx.Config().UnbundledBuildApps() {
ctx.DistForGoalWithFilename("droid", this.sbomFile, "sbom/sbom.spdx.json")
}
} }

23
tests/sbom_test.sh
View File

@@ -76,8 +76,8 @@ function test_sbom_aosp_cf_x86_64_phone {
mkdir -p $sbom_test mkdir -p $sbom_test
cp $product_out/*.img $sbom_test cp $product_out/*.img $sbom_test
# m sbom soong-sbom # m sbom
run_soong "${out_dir}" "sbom soong-sbom" run_soong "${out_dir}" "sbom"
# Generate installed file list from .img files in PRODUCT_OUT # Generate installed file list from .img files in PRODUCT_OUT
dump_erofs=$out_dir/host/linux-x86/bin/dump.erofs dump_erofs=$out_dir/host/linux-x86/bin/dump.erofs
@@ -118,7 +118,6 @@ function test_sbom_aosp_cf_x86_64_phone {
for f in $EROFS_IMAGES; do for f in $EROFS_IMAGES; do
partition_name=$(basename $f | cut -d. -f1) partition_name=$(basename $f | cut -d. -f1)
file_list_file="${sbom_test}/sbom-${partition_name}-files.txt" file_list_file="${sbom_test}/sbom-${partition_name}-files.txt"
files_in_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-spdx.txt"
files_in_soong_spdx_file="${sbom_test}/soong-sbom-${partition_name}-files-in-spdx.txt" files_in_soong_spdx_file="${sbom_test}/soong-sbom-${partition_name}-files-in-spdx.txt"
rm "$file_list_file" > /dev/null 2>&1 || true rm "$file_list_file" > /dev/null 2>&1 || true
all_dirs="/" all_dirs="/"
@@ -147,17 +146,6 @@ function test_sbom_aosp_cf_x86_64_phone {
done done
sort -n -o "$file_list_file" "$file_list_file" sort -n -o "$file_list_file" "$file_list_file"
# Diff the file list from image and file list in SBOM created by Make
grep "FileName: /${partition_name}/" $product_out/sbom.spdx | sed 's/^FileName: //' > "$files_in_spdx_file"
if [ "$partition_name" = "system" ]; then
# system partition is mounted to /, so include FileName starts with /root/ too.
grep "FileName: /root/" $product_out/sbom.spdx | sed 's/^FileName: \/root//' >> "$files_in_spdx_file"
fi
sort -n -o "$files_in_spdx_file" "$files_in_spdx_file"
echo ============ Diffing files in $f and SBOM
diff_files "$file_list_file" "$files_in_spdx_file" "$partition_name" ""
# Diff the file list from image and file list in SBOM created by Soong # Diff the file list from image and file list in SBOM created by Soong
grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' > "$files_in_soong_spdx_file" grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' > "$files_in_soong_spdx_file"
if [ "$partition_name" = "system" ]; then if [ "$partition_name" = "system" ]; then
@@ -174,7 +162,6 @@ function test_sbom_aosp_cf_x86_64_phone {
for f in $RAMDISK_IMAGES; do for f in $RAMDISK_IMAGES; do
partition_name=$(basename $f | cut -d. -f1) partition_name=$(basename $f | cut -d. -f1)
file_list_file="${sbom_test}/sbom-${partition_name}-files.txt" file_list_file="${sbom_test}/sbom-${partition_name}-files.txt"
files_in_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-spdx.txt"
files_in_soong_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-soong-spdx.txt" files_in_soong_spdx_file="${sbom_test}/sbom-${partition_name}-files-in-soong-spdx.txt"
# lz4 decompress $f to stdout # lz4 decompress $f to stdout
# cpio list all entries like ls -l # cpio list all entries like ls -l
@@ -183,18 +170,12 @@ function test_sbom_aosp_cf_x86_64_phone {
# sed remove partition name from entry names # sed remove partition name from entry names
$lz4 -c -d $f | cpio -tv 2>/dev/null | grep '^[-l]' | awk -F ' ' '{print $9}' | sed "s:^:/$partition_name/:" | sort -n > "$file_list_file" $lz4 -c -d $f | cpio -tv 2>/dev/null | grep '^[-l]' | awk -F ' ' '{print $9}' | sed "s:^:/$partition_name/:" | sort -n > "$file_list_file"
grep "FileName: /${partition_name}/" $product_out/sbom.spdx | sed 's/^FileName: //' | sort -n > "$files_in_spdx_file"
grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' | sort -n > "$files_in_soong_spdx_file" grep "FileName: /${partition_name}/" $soong_sbom_out/sbom.spdx | sed 's/^FileName: //' | sort -n > "$files_in_soong_spdx_file"
echo ============ Diffing files in $f and SBOM
diff_files "$file_list_file" "$files_in_spdx_file" "$partition_name" ""
echo ============ Diffing files in $f and SBOM created by Soong echo ============ Diffing files in $f and SBOM created by Soong
diff_files "$file_list_file" "$files_in_soong_spdx_file" "$partition_name" "" diff_files "$file_list_file" "$files_in_soong_spdx_file" "$partition_name" ""
done done
verify_package_verification_code "$product_out/sbom.spdx"
verify_package_verification_code "$soong_sbom_out/sbom.spdx" verify_package_verification_code "$soong_sbom_out/sbom.spdx"
verify_packages_licenses "$soong_sbom_out/sbom.spdx" verify_packages_licenses "$soong_sbom_out/sbom.spdx"