diff --git a/ic-os/defs.bzl b/ic-os/defs.bzl index 9e06fd0653c..565f5dedcf2 100644 --- a/ic-os/defs.bzl +++ b/ic-os/defs.bzl @@ -8,7 +8,7 @@ load("//bazel:output_files.bzl", "output_files") load("//gitlab-ci/src/artifacts:upload.bzl", "upload_artifacts") load("//ic-os/bootloader:defs.bzl", "build_grub_partition") load("//ic-os/rootfs:boundary-guestos.bzl", boundary_rootfs_files = "rootfs_files") -load("//toolchains/sysimage:toolchain.bzl", "build_container_base_image", "build_container_filesystem", "disk_image", "ext4_image", "inject_files", "sha256sum", "tar_extract", "upgrade_image") +load("//toolchains/sysimage:toolchain.bzl", "build_container_base_image", "build_container_filesystem", "disk_image", "ext4_image", "inject_files", "sha256sum", "tar_extract", "tree_hash", "upgrade_image") def icos_build( name, @@ -118,6 +118,31 @@ def icos_build( tags = ["manual"], ) + # Helpful tool to print a hash of all input rootfs files + tree_hash( + name = "root-files-hash", + src = image_deps["rootfs_files"], + tags = ["manual"], + ) + + native.genrule( + name = "echo-root-files-hash", + srcs = [ + ":root-files-hash", + ], + outs = ["root-files-hash-script"], + cmd = """ + HASH="$(location :root-files-hash)" + cat < $@ +#!/usr/bin/env bash +set -euo pipefail +cat $$HASH +EOF + """, + executable = True, + tags = ["manual"], + ) + # -------------------- Extract root partition -------------------- ext4_image( diff --git a/toolchains/sysimage/toolchain.bzl b/toolchains/sysimage/toolchain.bzl index fa2f7615844..02bcd60e183 100644 --- a/toolchains/sysimage/toolchain.bzl +++ b/toolchains/sysimage/toolchain.bzl @@ -618,3 +618,28 @@ sha256sum = rule( ), }, ) + +def _tree_hash_impl(ctx): + out = ctx.actions.declare_file(ctx.label.name) + input_paths = [] + for src in sorted(ctx.attr.src.items(), key = lambda v: v[1]): + input_paths.append(src[0].files.to_list()[0].path) + input_paths = " ".join(input_paths) + + ctx.actions.run_shell( + inputs = ctx.files.src, + outputs = [out], + command = "cat {} | sha256sum | sed -e 's/ \\+-//' > {}".format(input_paths, out.path), + ) + + return [DefaultInfo(files = depset([out]), runfiles = ctx.runfiles([out]))] + +tree_hash = rule( + implementation = _tree_hash_impl, + attrs = { + "src": attr.label_keyed_string_dict( + allow_files = True, + mandatory = True, + ), + }, +)