| # Copyright 2021 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/assembly/assembled_system.gni") |
| import("//build/assembly/generated_assembly_inputs.gni") |
| import("//build/assembly/legacy_image_metadata_overrides.gni") |
| import("//build/assembly/update_package.gni") |
| import("//build/board.gni") |
| import("//build/images/args.gni") |
| import("//build/images/filesystem_limits.gni") |
| import("//build/images/vboot/vboot.gni") |
| import("//build/product.gni") |
| import("//build/python/python_action.gni") |
| import("//build/sdk/product_bundle.gni") |
| import("//build/security.gni") |
| import("//build/testing/host_test_data.gni") |
| import("//src/security/bin/scrutiny_x_smoke_test/scrutiny_x_smoke_test.gni") |
| import("//src/sys/core/build/core.gni") |
| import("//zircon/kernel/phys/qemu.gni") |
| |
| declare_args() { |
| # Create the package and archive for the legacy assembly input bundle. This |
| # can be a time-consuming operation, which due to limits in GN and groups, |
| # ends up being a blocking step in the build, so only enable this if we know |
| # that we want the legacy AIB packaged and archived for a given product: |
| create_legacy_aib_archive = false |
| } |
| |
| if (is_host) { |
| host_test_data("fuchsia_zbi_for_host_tests") { |
| sources = [ "$root_build_dir/fuchsia.zbi" ] |
| # This dep cannot be specified, because it creates a dependency cycle. It |
| # could be added if all tests using this were not in any package set (and |
| # were just in host_labels) |
| #deps = [ ":fuchsia($default_toolchain)" ] |
| } |
| } |
| |
| # The assembly operation should only be defined in the default (fuchsia) |
| # toolchain. |
| if (is_fuchsia) { |
| assert(current_toolchain == default_toolchain, |
| "//build/images/* are only valid in the Fuchsia toolchain") |
| |
| # This catches inadvertent dependencies on the "fucshia" assembly implementation |
| # in bringup-only configurations. |
| assert( |
| !use_bringup_assembly, |
| "The bringup product config cannot rely on the fuchsia assembly. Bringup has it's own in //build/images/bringup") |
| |
| ################################################## |
| # Shared parameters across assemblies in this file |
| ################################################## |
| |
| files = { |
| assembly_inputs = "$target_out_dir/fuchsia/assembly_inputs.json" |
| platform_aib_dir = get_label_info("//bundles/assembly", "target_out_dir") |
| |
| # Outputs of assembly. |
| outdir = target_out_dir + "/fuchsia" |
| zbi = "${outdir}/fuchsia.zbi" |
| zbi_signed = "${outdir}/fuchsia.zbi.signed" |
| vbmeta = "${outdir}/fuchsia.vbmeta" |
| blobfs = "${outdir}/blob.blk" |
| fvm = "${outdir}/fvm.blk" |
| fvm_sparse = "${outdir}/fvm.sparse.blk" |
| fvm_fastboot = "${outdir}/fvm.fastboot.blk" |
| fxfs = "${outdir}/fxfs.blk" |
| fxfs_sparse = "${outdir}/fxfs.sparse.blk" |
| packages_json = "${outdir}/packages.json" |
| images_json = "${outdir}/images.json" |
| |
| # Outputs of recovery. |
| recovery_name = get_label_info(recovery_label, "name") |
| recovery_outdir = |
| get_label_info(recovery_label, "target_out_dir") + "/" + recovery_name |
| recovery_zbi = "${recovery_outdir}/${recovery_name}.zbi" |
| recovery_zbi_signed = "${recovery_outdir}/${recovery_name}.zbi.signed" |
| recovery_vbmeta = "${recovery_outdir}/${recovery_name}.vbmeta" |
| recovery_blobfs = "${recovery_outdir}/blob.blk" |
| recovery_fvm = "${recovery_outdir}/fvm.blk" |
| recovery_fvm_sparse = "${recovery_outdir}/fvm.sparse.blk" |
| recovery_fvm_fastboot = "${recovery_outdir}/fvm.fastboot.blk" |
| recovery_fxfs = "${recovery_outdir}/fxfs.blk" |
| recovery_fxfs_sparse = "${recovery_outdir}/fxfs.sparse.blk" |
| recovery_images_json = "${recovery_outdir}/images.json" |
| |
| esp_image_path = "${root_build_dir}/fuchsia.esp.blk" |
| |
| qemu_kernel = qemu_boot_shim.path |
| } |
| |
| # A scope of dependencies that serves to transition deps from the |
| # legacy_assembly_input_bundle.gni mechanism to the new platform |
| # assembly_input_bundle.gni. |
| # |
| # This is used to do a metadata walk on the list of dependencies we intend to |
| # delete from the legacy AIB after a successful transition, because the |
| # assembly_input_bundle.gni template does not use a metadata walk to gather |
| # transitive dependencies, and thus the set of declared targets in the |
| # assembly_input_bundle invocation will often contain more explicit targets |
| # than those being removed from the legacy_assembly_input_bundle invocation. |
| # This makes it otherwise difficult to validate that the list of resultant |
| # dependencies in the build does not change. |
| |
| must_exist = { |
| base_packages = [] |
| cache_packages = [] |
| bootfs_labels = [] |
| bootfs_package_labels = [] |
| extra_base_deps = [] |
| boot_args = [] |
| cmdline = [] |
| cmdline_deps = [] |
| } |
| |
| fuchsia_base = { |
| testonly = fuchsia_zbi_testonly |
| check_production_tag = check_production_eligibility |
| |
| # In non-prod builds, allow use of the eng and userdebug platform bundles. |
| allow_eng_platform_bundle_use = !check_production_eligibility |
| allow_userdebug_platform_bundle_use = !check_production_eligibility |
| |
| generate_fvm = !fxfs_blob |
| generate_fxfs = fxfs_blob |
| generate_fvm_fastboot = !fxfs_blob && assembly_generate_fvm_fastboot |
| generate_fvm_nand = !fxfs_blob && assembly_generate_fvm_nand |
| generate_vbmeta = use_vbmeta |
| |
| # Use the GN arg for including shell commands. |
| include_shell_commands = include_shell_commands_package |
| |
| board_config_label = board_configuration_label |
| cmdline_deps = [ "//build/input:bootfs" ] |
| |
| base_packages = [ |
| "//:developer_base_driver_packages", |
| "//:developer_base_packages", |
| "//:legacy_base_packages", |
| ] |
| |
| core_realm_definition = ":core_realm" |
| |
| base_driver_packages = [ |
| "//:developer_base_driver_packages", |
| "//:legacy_base_driver_packages", |
| ] |
| cache_packages = [ |
| "//:developer_cache_packages", |
| "//:legacy_cache_packages", |
| ] |
| system_image_deps = [ "//build/input:system_image" ] |
| universe_packages = [ "//:developer_universe_packages" ] |
| bootfs_labels = [ "//build/input:bootfs" ] |
| bootfs_package_labels = product_bootfs_packages |
| |
| if (generate_fvm) { |
| assembly_include_account_in_fvm = include_account_in_fvm |
| } |
| |
| # zbi arguments |
| if (custom_signing_script != "") { |
| inputs = custom_signing_script_inputs |
| generate_signed_zbi = true |
| } else if (use_vboot) { |
| inputs = vboot_action.inputs |
| generate_signed_zbi = true |
| } |
| } |
| |
| core_realm_definition("core_realm") { |
| deps = core_realm_shards + board_core_realm_shards |
| } |
| |
| ################################################## |
| # Fuchsia |
| ################################################## |
| |
| # The `:fuchsia` target assembles the main Fuchsia image, for all non-bringup |
| # product definitions. |
| # |
| # This group only provides GN metadata about the update package(s), none of |
| # packages that are included in the assembled image are present in GN metadata |
| # walks of this target. |
| # |
| # To get the list of packages in this assembly, use the |
| # `package_list_from_assembly()` GN template. |
| group("fuchsia") { |
| testonly = fuchsia_zbi_testonly |
| public_deps = [ ":scrutiny_x_smoke_test" ] |
| |
| if (!use_bazel_images_only) { |
| public_deps += [ |
| ":assembly_inputs", |
| ":fuchsia_assembly", |
| ":product_bundle", |
| ":update", |
| ":validate_universe_config_data_entries_empty", |
| ] |
| } |
| |
| metadata = { |
| package_barrier = [] |
| if (!use_bazel_images_only) { |
| # Only include the update package(s) manifest(s) in metadata collection. |
| # To get a file containing a list of the base & cache packages, use the |
| # `package_list_from_assembly()` GN template. |
| package_barrier = [ ":update" ] |
| } |
| assembly_inputs = [ |
| { |
| path = rebase_path(files.assembly_inputs, root_build_dir) |
| }, |
| ] |
| } |
| } |
| |
| assembled_system("fuchsia_assembly") { |
| forward_variables_from(fuchsia_base, "*") |
| if (fuchsia_product_assembly_config_label != false) { |
| product_assembly_config_label = fuchsia_product_assembly_config_label |
| } |
| |
| output_dir = root_build_dir |
| image_name = "fuchsia" |
| |
| # Bazel assembly should not depend on any targets from GN assembly other |
| # than the legacy AIB. |
| legacy_bundle_only = use_bazel_images_only |
| |
| create_legacy_aib_package = create_legacy_aib_archive |
| create_legacy_aib_archive = create_legacy_aib_archive |
| |
| image_metadata_overrides = legacy_fuchsia_image_metadata_overrides |
| must_exist_deps = must_exist |
| } |
| |
| # Bazel assembly builds a product bundle, so we don't need to build product |
| # bundle and update packages in GN. |
| if (!use_bazel_images_only) { |
| _partitions_config = "//boards/partitions:default" |
| if (has_board) { |
| assert(partitions_config_label != false, |
| "Need to define partitions_config_label") |
| _partitions_config = partitions_config_label |
| } |
| _partitions_config_file = |
| get_label_info(_partitions_config, "target_out_dir") + "/" + |
| get_label_info(_partitions_config, "name") + ".json" |
| |
| update_epoch = update_platform_epoch + update_product_epoch |
| update_package("update") { |
| testonly = fuchsia_zbi_testonly |
| deps = [ |
| ":fuchsia_assembly", |
| "//build/info:build_info_files", |
| _partitions_config, |
| recovery_label, |
| ] |
| partitions = _partitions_config_file |
| system_a = files.images_json |
| system_r = files.recovery_images_json |
| board_name = board_name |
| version_file = build_info_files.version |
| epoch = "${update_epoch}" |
| } |
| |
| product_bundle_label = "product_bundle" |
| product_bundle(product_bundle_label) { |
| testonly = fuchsia_zbi_testonly |
| name = main_product_bundle_name |
| deps = [ |
| ":fuchsia_assembly", |
| "//build/info:build_info_files", |
| _partitions_config, |
| recovery_label, |
| ] |
| |
| update = { |
| version_file = build_info_files.version |
| epoch = "${update_epoch}" |
| } |
| |
| partitions = _partitions_config_file |
| system_a = files.images_json |
| system_r = files.recovery_images_json |
| |
| # Add the virtual devices. |
| if (board_is_emu) { |
| virtual_devices = [ |
| "$root_build_dir/virtual_device_recommended.json", |
| "$root_build_dir/virtual_device_min.json", |
| "$root_build_dir/virtual_device_large.json", |
| ] |
| deps += [ |
| "//build/images/flash:virtual_device_specification_large", |
| "//build/images/flash:virtual_device_specification_min", |
| "//build/images/flash:virtual_device_specification_recommended", |
| ] |
| default_virtual_device = "virtual_device_recommended" |
| } |
| |
| # Create lists of the files that are referenced by the assembly manifests. |
| _assembly_contents = [ files.qemu_kernel ] |
| if (fxfs_blob) { |
| _assembly_contents += [ |
| files.fxfs, |
| files.fxfs_sparse, |
| ] |
| } else { |
| _assembly_contents += [ |
| files.blobfs, |
| files.fvm, |
| files.fvm_sparse, |
| ] |
| } |
| _recovery_contents = [ files.qemu_kernel ] |
| if (files.recovery_name != "zedboot") { |
| if (fxfs_blob) { |
| _recovery_contents += [ |
| files.recovery_fxfs, |
| files.recovery_fxfs_sparse, |
| ] |
| } else { |
| _recovery_contents += [ |
| files.blobfs, |
| files.fvm, |
| files.fvm_sparse, |
| ] |
| } |
| } |
| if (!fxfs_blob && |
| (assembly_generate_fvm_fastboot || assembly_generate_fvm_nand)) { |
| _assembly_contents += [ files.fvm_fastboot ] |
| if (files.recovery_name != "zedboot") { |
| _recovery_contents += [ files.recovery_fvm_fastboot ] |
| } |
| } |
| if (custom_signing_script != "" || use_vboot) { |
| _assembly_contents += [ files.zbi_signed ] |
| _recovery_contents += [ files.recovery_zbi_signed ] |
| } else { |
| _assembly_contents += [ files.zbi ] |
| _recovery_contents += [ files.recovery_zbi ] |
| } |
| if (use_vbmeta) { |
| _assembly_contents += [ files.vbmeta ] |
| _recovery_contents += [ files.recovery_vbmeta ] |
| } |
| |
| # List the contents of each input so that the outputs can be calculated. |
| partitions_contents = partitions_config_contents |
| system_a_contents = _assembly_contents |
| system_r_contents = _recovery_contents |
| |
| if (delivery_blob_type != false) { |
| delivery_blob_type = delivery_blob_type |
| } |
| } |
| |
| generated_assembly_inputs("assembly_inputs") { |
| testonly = fuchsia_zbi_testonly |
| output_path = files.assembly_inputs |
| |
| # Add the legacy AIB for the assemblies. The platform AIBs are added |
| # automatically from the build_api_module("assembly_input_archives") |
| sources = [ "${files.outdir}/legacy" ] |
| |
| deps = [ ":fuchsia.legacy_input_bundle" ] |
| } |
| } |
| |
| scrutiny_x_smoke_test("scrutiny_x_smoke_test") { |
| testonly = fuchsia_zbi_testonly |
| test_binary = "//src/security/bin/scrutiny_x_smoke_test" |
| if (use_bazel_images_only) { |
| product_bundle_target = bazel_product_bundle_target |
| product_bundle_path = |
| get_label_info(bazel_product_bundle_target, "target_out_dir") + "/" + |
| get_label_info(bazel_product_bundle_target, "name") + |
| "/product_bundle" |
| } else { |
| product_bundle_target = ":${product_bundle_label}" |
| product_bundle_path = |
| get_label_info(":${product_bundle_label}", "target_out_dir") + "/" + |
| product_bundle_label |
| } |
| } |
| |
| generated_file("universe_config_data_entries") { |
| testonly = fuchsia_base.testonly |
| deps = fuchsia_base.universe_packages |
| data_keys = [ "config_package_entries" ] |
| walk_keys = [ "config_package_barrier" ] |
| output_conversion = "json" |
| outputs = [ "${target_out_dir}/universe_config_data_entries.json" ] |
| } |
| |
| python_action("validate_universe_config_data_entries_empty") { |
| testonly = fuchsia_base.testonly |
| binary_label = "//build/assembly/scripts:validate_config_data_is_empty" |
| args = [ |
| "--package-set", |
| "universe", |
| "--metadata-walk-results", |
| rebase_path("${target_out_dir}/universe_config_data_entries.json", |
| root_build_dir), |
| "--package-allowlist", |
| rebase_path("//build/assembly/universe_config_data.allowlist.json", |
| root_build_dir), |
| "--output", |
| rebase_path("${target_out_dir}/universe_config_data_entries_empty.txt", |
| root_build_dir), |
| ] |
| inputs = [ |
| "${target_out_dir}/universe_config_data_entries.json", |
| "//build/assembly/universe_config_data.allowlist.json", |
| ] |
| deps = [ ":universe_config_data_entries" ] |
| outputs = [ "${target_out_dir}/universe_config_data_entries_empty.txt" ] |
| } |
| |
| ################################################## |
| # Netboot |
| ################################################## |
| if (enable_netboot) { |
| assert( |
| fuchsia_product_assembly_config_label != false, |
| "fuchsia_product_assembly_config_label must be defined to use netboot") |
| |
| # This rolls the primary ZBI together with a compressed RAMDISK image of |
| # fvm.blk into a fat ZBI that boots the full system without using any real |
| # storage. The system decompresses the fvm.blk image into memory and then |
| # sees that RAM disk just as if it were a real disk on the device. |
| assembled_system("netboot") { |
| image_name = "fuchsia" |
| namespace = "netboot" |
| forward_variables_from(fuchsia_base, "*") |
| product_assembly_config_label = fuchsia_product_assembly_config_label |
| ramdisk_in_zbi = true |
| |
| board_config_label = board_configuration_label |
| image_metadata_overrides = { |
| zbi = { |
| name = "netboot" |
| archive = enable_netboot |
| bootserver_netboot = [ "--boot" ] |
| } |
| } |
| } |
| } |
| } |