1*333d2b36SAndroid Build Coastguard Worker#!/usr/bin/env python3 2*333d2b36SAndroid Build Coastguard Worker# 3*333d2b36SAndroid Build Coastguard Worker# Copyright (C) 2022 The Android Open Source Project 4*333d2b36SAndroid Build Coastguard Worker# 5*333d2b36SAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License"); 6*333d2b36SAndroid Build Coastguard Worker# you may not use this file except in compliance with the License. 7*333d2b36SAndroid Build Coastguard Worker# You may obtain a copy of the License at 8*333d2b36SAndroid Build Coastguard Worker# 9*333d2b36SAndroid Build Coastguard Worker# http://www.apache.org/licenses/LICENSE-2.0 10*333d2b36SAndroid Build Coastguard Worker# 11*333d2b36SAndroid Build Coastguard Worker# Unless required by applicable law or agreed to in writing, software 12*333d2b36SAndroid Build Coastguard Worker# distributed under the License is distributed on an "AS IS" BASIS, 13*333d2b36SAndroid Build Coastguard Worker# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*333d2b36SAndroid Build Coastguard Worker# See the License for the specific language governing permissions and 15*333d2b36SAndroid Build Coastguard Worker# limitations under the License. 16*333d2b36SAndroid Build Coastguard Worker 17*333d2b36SAndroid Build Coastguard Workerimport argparse 18*333d2b36SAndroid Build Coastguard Workerimport hashlib 19*333d2b36SAndroid Build Coastguard Workerimport os.path 20*333d2b36SAndroid Build Coastguard Workerimport sys 21*333d2b36SAndroid Build Coastguard Worker 22*333d2b36SAndroid Build Coastguard Workerimport google.protobuf.text_format as text_format 23*333d2b36SAndroid Build Coastguard Workerimport provenance_metadata_pb2 24*333d2b36SAndroid Build Coastguard Worker 25*333d2b36SAndroid Build Coastguard Workerdef Log(*info): 26*333d2b36SAndroid Build Coastguard Worker if args.verbose: 27*333d2b36SAndroid Build Coastguard Worker for i in info: 28*333d2b36SAndroid Build Coastguard Worker print(i) 29*333d2b36SAndroid Build Coastguard Worker 30*333d2b36SAndroid Build Coastguard Workerdef ParseArgs(argv): 31*333d2b36SAndroid Build Coastguard Worker parser = argparse.ArgumentParser(description='Create provenance metadata for a prebuilt artifact') 32*333d2b36SAndroid Build Coastguard Worker parser.add_argument('-v', '--verbose', action='store_true', help='Print more information in execution') 33*333d2b36SAndroid Build Coastguard Worker parser.add_argument('--module_name', help='Module name', required=True) 34*333d2b36SAndroid Build Coastguard Worker parser.add_argument('--artifact_path', help='Relative path of the prebuilt artifact in source tree', required=True) 35*333d2b36SAndroid Build Coastguard Worker parser.add_argument('--install_path', help='Absolute path of the artifact in the filesystem images', required=True) 36*333d2b36SAndroid Build Coastguard Worker parser.add_argument('--metadata_path', help='Path of the provenance metadata file created for the artifact', required=True) 37*333d2b36SAndroid Build Coastguard Worker return parser.parse_args(argv) 38*333d2b36SAndroid Build Coastguard Worker 39*333d2b36SAndroid Build Coastguard Workerdef main(argv): 40*333d2b36SAndroid Build Coastguard Worker global args 41*333d2b36SAndroid Build Coastguard Worker args = ParseArgs(argv) 42*333d2b36SAndroid Build Coastguard Worker Log("Args:", vars(args)) 43*333d2b36SAndroid Build Coastguard Worker 44*333d2b36SAndroid Build Coastguard Worker provenance_metadata = provenance_metadata_pb2.ProvenanceMetadata() 45*333d2b36SAndroid Build Coastguard Worker provenance_metadata.module_name = args.module_name 46*333d2b36SAndroid Build Coastguard Worker provenance_metadata.artifact_path = args.artifact_path 47*333d2b36SAndroid Build Coastguard Worker provenance_metadata.artifact_install_path = args.install_path 48*333d2b36SAndroid Build Coastguard Worker 49*333d2b36SAndroid Build Coastguard Worker Log("Generating SHA256 hash") 50*333d2b36SAndroid Build Coastguard Worker h = hashlib.sha256() 51*333d2b36SAndroid Build Coastguard Worker with open(args.artifact_path, "rb") as artifact_file: 52*333d2b36SAndroid Build Coastguard Worker h.update(artifact_file.read()) 53*333d2b36SAndroid Build Coastguard Worker provenance_metadata.artifact_sha256 = h.hexdigest() 54*333d2b36SAndroid Build Coastguard Worker 55*333d2b36SAndroid Build Coastguard Worker Log("Check if there is attestation for the artifact") 56*333d2b36SAndroid Build Coastguard Worker attestation_file_name = args.artifact_path + ".intoto.jsonl" 57*333d2b36SAndroid Build Coastguard Worker if os.path.isfile(attestation_file_name): 58*333d2b36SAndroid Build Coastguard Worker provenance_metadata.attestation_path = attestation_file_name 59*333d2b36SAndroid Build Coastguard Worker 60*333d2b36SAndroid Build Coastguard Worker text_proto = [ 61*333d2b36SAndroid Build Coastguard Worker "# proto-file: build/soong/provenance/proto/provenance_metadata.proto", 62*333d2b36SAndroid Build Coastguard Worker "# proto-message: ProvenanceMetaData", 63*333d2b36SAndroid Build Coastguard Worker "", 64*333d2b36SAndroid Build Coastguard Worker text_format.MessageToString(provenance_metadata) 65*333d2b36SAndroid Build Coastguard Worker ] 66*333d2b36SAndroid Build Coastguard Worker with open(args.metadata_path, "wt") as metadata_file: 67*333d2b36SAndroid Build Coastguard Worker file_content = "\n".join(text_proto) 68*333d2b36SAndroid Build Coastguard Worker Log("Writing provenance metadata in textproto:", file_content) 69*333d2b36SAndroid Build Coastguard Worker metadata_file.write(file_content) 70*333d2b36SAndroid Build Coastguard Worker 71*333d2b36SAndroid Build Coastguard Workerif __name__ == '__main__': 72*333d2b36SAndroid Build Coastguard Worker main(sys.argv[1:]) 73