build/packages/publish-archive.gni - fuchsia - Git at Google

 # Copyright 2023 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 import("//build/compiled_action.gni")
 import("//build/images/args.gni")

 # Directory containing developer signing keys.
 amber_keys_dir = "//src/sys/pkg/repositories/devhost/keys"

 # Directory containing developer root metadata.
 amber_metadata_dir = "//src/sys/pkg/repositories/devhost/metadata"

 # Generate TUF repository metadata and data in a zip file.
 #
 # The zip file will be created at `${target_out_dir}/${target_name}.zip`.
 #
 # NOTE: Unlike `devhost_repository_publish()`, this template will *not* add
 # the latest version of artifacts to an existing repository, but rather it
 # creates a fresh repository containing only packages referenced in the
 # `inputs[0]` list of package metadata.
 #
 # Globals
 #
 #   amber_keys_dir
 #     [path] Directory where TUF keys for signing metadata are stored.
 #
 #   amber_metadata_dir
 #     [path] Directory where TUF root metadata is stored.
 #
 # Parameters
 #
 #   inputs (required)
 #     [list of labels] A list of exactly one input: A list of package metadata
 #     from the set of packages to be published in the TUF repository. For
 #     example, the output from a generate_package_metadata() target.
 #
 #   deps (optional)
 #   data_deps (optional)
 #   testonly (optional)
 #   visibility (optional)
 #     Same as for any GN `action()` target.
 template("publish_archive") {
   action(target_name) {
     forward_variables_from(invoker,
                            [
                              "deps",
                              "data_deps",
                              "inputs",
                              "testonly",
                              "visibility",
                            ])
     output = "${target_out_dir}/${target_name}.zip"

     if (!defined(deps)) {
       deps = []
     }
     deps += [ "//src/sys/pkg/bin/package-tool($host_toolchain)" ]
     depfile = "${target_out_dir}/${target_name}.d"

     sources = [
       # Injected key files read by `package-tool repository publish`.
       "${amber_keys_dir}/root.json",
       "${amber_keys_dir}/snapshot.json",
       "${amber_keys_dir}/targets.json",
       "${amber_keys_dir}/timestamp.json",

       # Injected root metadata for TUF repository.
       "${amber_metadata_dir}/1.root.json",
       "${amber_metadata_dir}/2.root.json",
       "${amber_metadata_dir}/3.root.json",
       "${amber_metadata_dir}/4.root.json",
       "${amber_metadata_dir}/5.root.json",
       "${amber_metadata_dir}/6.root.json",
       "${amber_metadata_dir}/7.root.json",
       "${amber_metadata_dir}/8.root.json",
       "${amber_metadata_dir}/9.root.json",
     ]

     assert(inputs == [ inputs[0] ],
            "publish_archive(\"$target_name\") requires exactly one input")

     # inputs[0] is input to `package-tool repository publish`; the action's
     # other input is the `package-tool` binary itself.
     inputs += [ "${host_out_dir}/package-tool" ]

     script = "//build/packages/publish_archive.py"
     args = [
       "--package-tool",
       rebase_path("${host_out_dir}/package-tool", root_build_dir),

       "--trusted-keys",
       rebase_path("${amber_keys_dir}", root_build_dir),

       "--root-metadata",
       rebase_path("${amber_metadata_dir}/1.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/2.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/3.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/4.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/5.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/6.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/7.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/8.root.json", root_build_dir),
       "--root-metadata",
       rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir),

       "--default-root-metadata",
       rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir),

       "--depfile",
       rebase_path("${depfile}", root_build_dir),

       "--input",
       rebase_path(inputs[0], root_build_dir),
       "--output",
       rebase_path(output, root_build_dir),
     ]

     if (delivery_blob_type != false) {
       args += [
         "--delivery-blob-type",
         "${delivery_blob_type}",
       ]
     }

     outputs = [
       # `outputs[0]` must be final output described by depfile.
       output,
     ]
   }
 }
	# Copyright 2023 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	import("//build/compiled_action.gni")
	import("//build/images/args.gni")

	# Directory containing developer signing keys.
	amber_keys_dir = "//src/sys/pkg/repositories/devhost/keys"

	# Directory containing developer root metadata.
	amber_metadata_dir = "//src/sys/pkg/repositories/devhost/metadata"

	# Generate TUF repository metadata and data in a zip file.
	#
	# The zip file will be created at `${target_out_dir}/${target_name}.zip`.
	#
	# NOTE: Unlike `devhost_repository_publish()`, this template will not add
	# the latest version of artifacts to an existing repository, but rather it
	# creates a fresh repository containing only packages referenced in the
	# `inputs[0]` list of package metadata.
	#
	# Globals
	#
	# amber_keys_dir
	# [path] Directory where TUF keys for signing metadata are stored.
	#
	# amber_metadata_dir
	# [path] Directory where TUF root metadata is stored.
	#
	# Parameters
	#
	# inputs (required)
	# [list of labels] A list of exactly one input: A list of package metadata
	# from the set of packages to be published in the TUF repository. For
	# example, the output from a generate_package_metadata() target.
	#
	# deps (optional)
	# data_deps (optional)
	# testonly (optional)
	# visibility (optional)
	# Same as for any GN `action()` target.
	template("publish_archive") {
	action(target_name) {
	forward_variables_from(invoker,
	[
	"deps",
	"data_deps",
	"inputs",
	"testonly",
	"visibility",
	])
	output = "${target_out_dir}/${target_name}.zip"

	if (!defined(deps)) {
	deps = []
	}
	deps += [ "//src/sys/pkg/bin/package-tool($host_toolchain)" ]
	depfile = "${target_out_dir}/${target_name}.d"

	sources = [
	# Injected key files read by `package-tool repository publish`.
	"${amber_keys_dir}/root.json",
	"${amber_keys_dir}/snapshot.json",
	"${amber_keys_dir}/targets.json",
	"${amber_keys_dir}/timestamp.json",

	# Injected root metadata for TUF repository.
	"${amber_metadata_dir}/1.root.json",
	"${amber_metadata_dir}/2.root.json",
	"${amber_metadata_dir}/3.root.json",
	"${amber_metadata_dir}/4.root.json",
	"${amber_metadata_dir}/5.root.json",
	"${amber_metadata_dir}/6.root.json",
	"${amber_metadata_dir}/7.root.json",
	"${amber_metadata_dir}/8.root.json",
	"${amber_metadata_dir}/9.root.json",
	]

	assert(inputs == [ inputs[0] ],
	"publish_archive(\"$target_name\") requires exactly one input")

	# inputs[0] is input to `package-tool repository publish`; the action's
	# other input is the `package-tool` binary itself.
	inputs += [ "${host_out_dir}/package-tool" ]

	script = "//build/packages/publish_archive.py"
	args = [
	"--package-tool",
	rebase_path("${host_out_dir}/package-tool", root_build_dir),

	"--trusted-keys",
	rebase_path("${amber_keys_dir}", root_build_dir),

	"--root-metadata",
	rebase_path("${amber_metadata_dir}/1.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/2.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/3.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/4.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/5.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/6.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/7.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/8.root.json", root_build_dir),
	"--root-metadata",
	rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir),

	"--default-root-metadata",
	rebase_path("${amber_metadata_dir}/9.root.json", root_build_dir),

	"--depfile",
	rebase_path("${depfile}", root_build_dir),

	"--input",
	rebase_path(inputs[0], root_build_dir),
	"--output",
	rebase_path(output, root_build_dir),
	]

	if (delivery_blob_type != false) {
	args += [
	"--delivery-blob-type",
	"${delivery_blob_type}",
	]
	}

	outputs = [
	# `outputs[0]` must be final output described by depfile.
	output,
	]
	}
	}