| # Copyright 2023 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/compiled_action.gni") |
| import("//build/images/args.gni") |
| |
| # Directory containing developer signing keys. |
| amber_keys_dir = "//src/sys/pkg/repositories/devhost/keys" |
| |
| # Directory containing developer root metadata. |
| amber_metadata_dir = "//src/sys/pkg/repositories/devhost/metadata" |
| |
| # Generate TUF repository metadata and data in a zip file. |
| # |
| # The zip file will be created at `${target_out_dir}/${target_name}.zip`. |
| # |
| # NOTE: Unlike `devhost_repository_publish()`, this template will *not* add |
| # the latest version of artifacts to an existing repository, but rather it |
| # creates a fresh repository containing only packages referenced in the |
| # `inputs[0]` list of package metadata. |
| # |
| # Globals |
| # |
| # amber_keys_dir |
| # [path] Directory where TUF keys for signing metadata are stored. |
| # |
| # amber_metadata_dir |
| # [path] Directory where TUF root metadata is stored. |
| # |
| # Parameters |
| # |
| # inputs (required) |
| # [list of labels] A list of exactly one input: A list of package metadata |
| # from the set of packages to be published in the TUF repository. For |
| # example, the output from a generate_package_metadata() target. |
| # |
| # deps (optional) |
| # data_deps (optional) |
| # testonly (optional) |
| # visibility (optional) |
| # Same as for any GN `action()` target. |
| template("publish_archive") { |
| action(target_name) { |
| forward_variables_from(invoker, |
| [ |
| "deps", |
| "data_deps", |
| "inputs", |
| "testonly", |
| "visibility", |
| ]) |
| output = "${target_out_dir}/${target_name}.zip" |
| |
| if (!defined(deps)) { |
| deps = [] |
| } |
| deps += [ "//src/sys/pkg/bin/package-tool($host_toolchain)" ] |
| depfile = "${target_out_dir}/${target_name}.d" |
| |
| sources = [ |
| # Injected key files read by `package-tool repository publish`. |
| "${amber_keys_dir}/root.json", |
| "${amber_keys_dir}/snapshot.json", |
| "${amber_keys_dir}/targets.json", |
| "${amber_keys_dir}/timestamp.json", |
| |
| # Injected root metadata for TUF repository. |
| "${amber_metadata_dir}/1.root.json", |
| "${amber_metadata_dir}/2.root.json", |
| "${amber_metadata_dir}/3.root.json", |
| "${amber_metadata_dir}/4.root.json", |
| "${amber_metadata_dir}/5.root.json", |
| "${amber_metadata_dir}/6.root.json", |
| "${amber_metadata_dir}/7.root.json", |
| "${amber_metadata_dir}/8.root.json", |
| "${amber_metadata_dir}/9.root.json", |
| ] |
| |
| assert(inputs == [ inputs[0] ], |
| "publish_archive(\"$target_name\") requires exactly one input") |
| |
| # inputs[0] is input to `package-tool repository publish`; the action's |
| # other input is the `package-tool` binary itself. |
| inputs += [ "${host_out_dir}/package-tool" ] |
| |
| script = "//build/packages/publish_archive.py" |
| args = [ |
| "--package-tool", |
| rebase_path("${host_out_dir}/package-tool", root_build_dir), |
| |
| "--trusted-keys", |
| rebase_path("${amber_keys_dir}", root_build_dir), |
| |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/1.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/2.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/3.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/4.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/5.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/6.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/7.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/8.root.json", root_build_dir), |
| "--root-metadata", |
| rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir), |
| |
| "--default-root-metadata", |
| rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir), |
| |
| "--depfile", |
| rebase_path("${depfile}", root_build_dir), |
| |
| "--input", |
| rebase_path(inputs[0], root_build_dir), |
| "--output", |
| rebase_path(output, root_build_dir), |
| ] |
| |
| if (delivery_blob_type != false) { |
| args += [ |
| "--delivery-blob-type", |
| "${delivery_blob_type}", |
| ] |
| } |
| |
| outputs = [ |
| # `outputs[0]` must be final output described by depfile. |
| output, |
| ] |
| } |
| } |