1#!/usr/bin/env python3 2# 3# Copyright (C) 2022 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17import argparse 18import hashlib 19import os.path 20import sys 21 22import google.protobuf.text_format as text_format 23import provenance_metadata_pb2 24 25def Log(*info): 26 if args.verbose: 27 for i in info: 28 print(i) 29 30def ParseArgs(argv): 31 parser = argparse.ArgumentParser(description='Create provenance metadata for a prebuilt artifact') 32 parser.add_argument('-v', '--verbose', action='store_true', help='Print more information in execution') 33 parser.add_argument('--module_name', help='Module name', required=True) 34 parser.add_argument('--artifact_path', help='Relative path of the prebuilt artifact in source tree', required=True) 35 parser.add_argument('--install_path', help='Absolute path of the artifact in the filesystem images', required=True) 36 parser.add_argument('--metadata_path', help='Path of the provenance metadata file created for the artifact', required=True) 37 return parser.parse_args(argv) 38 39def main(argv): 40 global args 41 args = ParseArgs(argv) 42 Log("Args:", vars(args)) 43 44 provenance_metadata = provenance_metadata_pb2.ProvenanceMetadata() 45 provenance_metadata.module_name = args.module_name 46 provenance_metadata.artifact_path = args.artifact_path 47 provenance_metadata.artifact_install_path = args.install_path 48 49 Log("Generating SHA256 hash") 50 h = hashlib.sha256() 51 with open(args.artifact_path, "rb") as artifact_file: 52 h.update(artifact_file.read()) 53 provenance_metadata.artifact_sha256 = h.hexdigest() 54 55 Log("Check if there is attestation for the artifact") 56 attestation_file_name = args.artifact_path + ".intoto.jsonl" 57 if os.path.isfile(attestation_file_name): 58 provenance_metadata.attestation_path = attestation_file_name 59 60 text_proto = [ 61 "# proto-file: build/soong/provenance/proto/provenance_metadata.proto", 62 "# proto-message: ProvenanceMetaData", 63 "", 64 text_format.MessageToString(provenance_metadata) 65 ] 66 with open(args.metadata_path, "wt") as metadata_file: 67 file_content = "\n".join(text_proto) 68 Log("Writing provenance metadata in textproto:", file_content) 69 metadata_file.write(file_content) 70 71if __name__ == '__main__': 72 main(sys.argv[1:]) 73