Google Git
Sign in
cos / mirrors / cros / chromiumos / infra / proto / refs/heads/main / . / src / chromite / api / payload.proto
blob: 93b3f5955eebc883e2f76764a82168bfe278351a [file] [log] [blame]
// Copyright 2019 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto3";
package chromite.api;
option go_package = "go.chromium.org/chromiumos/infra/proto/go/chromite/api";
import "chromite/api/build_api.proto";
import "chromiumos/common.proto";
// Defines a single build directory in storage.
message Build {
// The board of the image "x86-mario", etc.
chromiumos.BuildTarget build_target = 1;
// The version of the image. "0.14.23.2", "3401.0.0", etc.
string version = 2;
// The bucket of the image. "chromeos-releases" as default.
string bucket = 3;
// The channel of the image "stable-channel", "nplusone", etc.
string channel = 4;
}
// Define a DLC image archived.
message DLCImage {
// An instance of Build that defines the build artifacts directory.
Build build = 1;
// The name of the DLC (e.g. 'terminal-dlc').
string dlc_id = 2;
// The name of the DLC package (e.g. 'package').
string dlc_package = 3;
// The name of the DLC image (e.g. 'dlc.img').
string dlc_image = 4;
// The type of the image. Currently, always 'DLC'.
chromiumos.ImageType image_type = 5;
}
// Define a signed ChromeOS image archived.
message SignedImage {
// An instance of Build that defines the build artifacts directory.
Build build = 1;
// The type of the image. Currently, "recovery" or "base" types are supported.
chromiumos.ImageType image_type = 2;
// The key the image was signed with. "premp", "mp", "mp-v2". This is not the
// board specific key name, but the general value used in image/payload names.
string key = 3;
}
// Define a unsigned ChromeOS image archived.
message UnsignedImage {
// An instance of Build that defines the build artifacts directory.
Build build = 1;
/// The type of the image. Currently one of "test", "recovery", or "base".
chromiumos.ImageType image_type = 2;
// The most recent branch corresponding to the version; "R19" etc.
string milestone = 3;
}
// Request payload generation to be done with a source and target image.
message GenerationRequest {
// Source image properties, must be either full_update or the same type as
// the included tgt_image_oneof. full_update indicates the lack of a source.
oneof src_image_oneof {
bool full_update = 1;
SignedImage src_signed_image = 2;
UnsignedImage src_unsigned_image = 3;
DLCImage src_dlc_image = 10;
}
// Target image properties.
oneof tgt_image_oneof {
SignedImage tgt_signed_image = 4;
UnsignedImage tgt_unsigned_image = 5;
DLCImage tgt_dlc_image = 11;
}
// The destination bucket (defaults to "chromeos-releases").
string bucket = 6;
// Should we run verification?
bool verify = 7;
// The keyset to sign with (e.g. "coral-mp-v16"), if empty do not sign,
// and may be ignored for certain request types (e.g. dlc).
string keyset = 8;
// Do not sign images or upload artifacts.
bool dryrun = 9;
// The chroot where the operations will be executed.
// Required.
chromiumos.Chroot chroot = 12;
// TODO(b/299105459): Don't special-case minios.
// Whether the request is for a miniOS payload.
// This is only meaningful if the src and tgt images are either
// both SignedImage or both UnsignedImage.
bool minios = 13;
// Target directory where output artifacts should be stored.
chromiumos.ResultPath result_path = 14;
// If set, will use the local signing flow (currently a prototype).
bool use_local_signing = 15;
// Docker image to use for local signing. Must already be pulled down on the
// host. This consists of the name of the docker image, followed by the tag,
// i.e. "signing:1234".
string docker_image = 16;
}
// Result of a payload generation.
message GenerationResponse {
// Deprecated since R112. Use versioned_artifact.
// If successful we may have a local artifact available. Generally this takes
// the form of '/tmp/ioadwjoawjd/delta.bin'.
string local_path = 2;
// Deprecated since R112. Use versioned_artifact.
// If successful we may have uploaded an artifact to google storage.
string remote_uri = 3;
// Remote and local artifacts along with a version ID (if successful).
message VersionedArtifact {
// Version of the payload (eg. 1).
uint32 version = 1;
// Local artifact path. Deprecated since R117. Use file_path.
string local_path = 2 [ deprecated = true ];
// If successful we may have uploaded an artifact to google storage.
string remote_uri = 3;
// If successful we may have a local artifact available. Generally this
// takes the form of '/path/to/tmp/ioadwjoawjd/delta.bin'.
chromiumos.Path file_path = 4;
}
repeated VersionedArtifact versioned_artifacts = 5;
// If no payload was generated, we may be able to report the reason why.
enum FailureReason {
UNSPECIFIED = 0;
NOT_MINIOS_COMPATIBLE = 1;
// This occurs when the source and target builds do not support the same
// number of recovery keys.
MINIOS_COUNT_MISMATCH = 2;
}
FailureReason failure_reason = 4;
reserved 1;
reserved "success";
}
// Request payload generation to be done with a source and target image.
message GenerateUnsignedPayloadRequest {
// Source image properties, must be either full_update or the same type as
// the included tgt_image_oneof. full_update indicates the lack of a source.
oneof src_image_oneof {
bool full_update = 1;
SignedImage src_signed_image = 2;
UnsignedImage src_unsigned_image = 3;
DLCImage src_dlc_image = 4;
}
// Target image properties.
oneof tgt_image_oneof {
SignedImage tgt_signed_image = 5;
UnsignedImage tgt_unsigned_image = 6;
DLCImage tgt_dlc_image = 7;
}
// The chroot where the operations will be executed.
// Required.
chromiumos.Chroot chroot = 8;
// TODO(b/299105459): Don't special-case minios.
// Whether the request is for a miniOS payload.
// This is only meaningful if the src and tgt images are either
// both SignedImage or both UnsignedImage.
bool minios = 9;
// Target directory where output artifacts should be stored.
chromiumos.ResultPath result_path = 10;
}
// Information about an unsigned payload.
message UnsignedPayload {
// Version of the payload (eg. 1).
uint32 version = 1;
// Path of the payload file, e.g. '/path/to/tmp/ioadwjoawjd/delta.bin'.
chromiumos.Path payload_file_path = 2;
reserved 3;
// Suffix used for this particular payload.
string rand_suffix = 7;
// Names of the partitions.
repeated string partition_names = 4;
// Paths of the source partition files.
repeated chromiumos.Path src_partitions = 5;
// Paths of the target partition files.
repeated chromiumos.Path tgt_partitions = 6;
// AppID. Need this in FinalizePayloadRequest.
string appid = 8;
// Path of the payload file with generation details.
chromiumos.Path payload_file_log_path = 9;
}
// Result of a payload generation.
message GenerateUnsignedPayloadResponse {
reserved 1;
// Unsigned payloads.
// Only multiple in the case of a minios payload.
repeated UnsignedPayload unsigned_payloads = 3;
// If no payload was generated, we may be able to report the reason why.
enum FailureReason {
UNSPECIFIED = 0;
NOT_MINIOS_COMPATIBLE = 1;
// This occurs when the source and target builds do not support the same
// number of recovery keys.
MINIOS_COUNT_MISMATCH = 2;
}
FailureReason failure_reason = 2;
}
// Request signing, validation, and uploading for an unsigned payload.
message FinalizePayloadRequest {
// The chroot where certain operations will be executed
// (the endpoint as a whole is still executed outside of the chroot).
// Required.
chromiumos.Chroot chroot = 1;
// Source image properties, must be either full_update or the same type as
// the included tgt_image_oneof. full_update indicates the lack of a source.
oneof src_image_oneof {
bool full_update = 10;
SignedImage src_signed_image = 11;
UnsignedImage src_unsigned_image = 12;
DLCImage src_dlc_image = 13;
}
// Target image properties.
oneof tgt_image_oneof {
SignedImage tgt_signed_image = 14;
UnsignedImage tgt_unsigned_image = 15;
DLCImage tgt_dlc_image = 16;
}
// TODO(b/299105459): Don't special-case minios.
// Whether the request is for a miniOS payload.
// This is only meaningful if the src and tgt images are either
// both SignedImage or both UnsignedImage.
bool minios = 9;
// Individual payloads to finalize.
// Only multiple in the case of a minios payload.
repeated UnsignedPayload payloads = 8;
// Do not sign images or upload artifacts.
bool dryrun = 2;
// Target directory where output artifacts should be stored.
chromiumos.ResultPath result_path = 3;
// The keyset to sign with (e.g. "coral-mp-v16"), if empty do not sign,
// and may be ignored for certain request types (e.g. dlc).
string keyset = 4;
// Should we run verification?
bool verify = 6;
// The destination bucket (defaults to "chromeos-releases").
string bucket = 7;
// If set, will use the local signing flow (currently a prototype).
bool use_local_signing = 5;
// Docker image to use for local signing. Must already be pulled down on the
// host. This consists of the name of the docker image, followed by the tag,
// i.e. "signing:1234".
string docker_image = 17;
}
// Response for a FinalizePayloadsRequest
// (which does signing, validation, uploading).
message FinalizePayloadResponse {
// Remote and local artifacts along with a version ID (if successful).
message VersionedArtifact {
// Version of the payload (eg. 1).
uint32 version = 1;
// If successful we may have uploaded an artifact to google storage.
string remote_uri = 2;
// If successful we may have a local artifact available. Generally this
// takes the form of '/path/to/tmp/ioadwjoawjd/delta.bin'.
chromiumos.Path file_path = 3;
}
repeated VersionedArtifact versioned_artifacts = 1;
}
// The image service definition.
service PayloadService {
option (service_options) = {
module : "payload",
service_chroot_assert : INSIDE,
};
// Added in R79.
rpc GeneratePayload(GenerationRequest) returns (GenerationResponse);
// Added in R121.
rpc GenerateUnsignedPayload(GenerateUnsignedPayloadRequest)
returns (GenerateUnsignedPayloadResponse);
// Added in R121.
rpc FinalizePayload(FinalizePayloadRequest)
returns (FinalizePayloadResponse) {
option (method_options) = {
method_branched_execution : EXECUTE_TOT,
method_chroot_assert : OUTSIDE,
};
};
}