| // Copyright 2019 The ChromiumOS Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| syntax = "proto3"; |
| |
| package chromite.api; |
| |
| option go_package = "go.chromium.org/chromiumos/infra/proto/go/chromite/api"; |
| |
| import "chromite/api/build_api.proto"; |
| import "chromiumos/common.proto"; |
| |
| // Defines a single build directory in storage. |
| message Build { |
| // The board of the image "x86-mario", etc. |
| chromiumos.BuildTarget build_target = 1; |
| |
| // The version of the image. "0.14.23.2", "3401.0.0", etc. |
| string version = 2; |
| |
| // The bucket of the image. "chromeos-releases" as default. |
| string bucket = 3; |
| |
| // The channel of the image "stable-channel", "nplusone", etc. |
| string channel = 4; |
| } |
| |
| // Define a DLC image archived. |
| message DLCImage { |
| // An instance of Build that defines the build artifacts directory. |
| Build build = 1; |
| |
| // The name of the DLC (e.g. 'terminal-dlc'). |
| string dlc_id = 2; |
| |
| // The name of the DLC package (e.g. 'package'). |
| string dlc_package = 3; |
| |
| // The name of the DLC image (e.g. 'dlc.img'). |
| string dlc_image = 4; |
| |
| // The type of the image. Currently, always 'DLC'. |
| chromiumos.ImageType image_type = 5; |
| } |
| |
| // Define a signed ChromeOS image archived. |
| message SignedImage { |
| // An instance of Build that defines the build artifacts directory. |
| Build build = 1; |
| |
| // The type of the image. Currently, "recovery" or "base" types are supported. |
| chromiumos.ImageType image_type = 2; |
| |
| // The key the image was signed with. "premp", "mp", "mp-v2". This is not the |
| // board specific key name, but the general value used in image/payload names. |
| string key = 3; |
| } |
| |
| // Define a unsigned ChromeOS image archived. |
| message UnsignedImage { |
| // An instance of Build that defines the build artifacts directory. |
| Build build = 1; |
| |
| /// The type of the image. Currently one of "test", "recovery", or "base". |
| chromiumos.ImageType image_type = 2; |
| |
| // The most recent branch corresponding to the version; "R19" etc. |
| string milestone = 3; |
| } |
| |
| // Request payload generation to be done with a source and target image. |
| message GenerationRequest { |
| |
| // Source image properties, must be either full_update or the same type as |
| // the included tgt_image_oneof. full_update indicates the lack of a source. |
| oneof src_image_oneof { |
| bool full_update = 1; |
| SignedImage src_signed_image = 2; |
| UnsignedImage src_unsigned_image = 3; |
| DLCImage src_dlc_image = 10; |
| } |
| |
| // Target image properties. |
| oneof tgt_image_oneof { |
| SignedImage tgt_signed_image = 4; |
| UnsignedImage tgt_unsigned_image = 5; |
| DLCImage tgt_dlc_image = 11; |
| } |
| |
| // The destination bucket (defaults to "chromeos-releases"). |
| string bucket = 6; |
| |
| // Should we run verification? |
| bool verify = 7; |
| |
| // The keyset to sign with (e.g. "coral-mp-v16"), if empty do not sign, |
| // and may be ignored for certain request types (e.g. dlc). |
| string keyset = 8; |
| |
| // Do not sign images or upload artifacts. |
| bool dryrun = 9; |
| |
| // The chroot where the operations will be executed. |
| // Required. |
| chromiumos.Chroot chroot = 12; |
| |
| // TODO(b/299105459): Don't special-case minios. |
| // Whether the request is for a miniOS payload. |
| // This is only meaningful if the src and tgt images are either |
| // both SignedImage or both UnsignedImage. |
| bool minios = 13; |
| |
| // Target directory where output artifacts should be stored. |
| chromiumos.ResultPath result_path = 14; |
| |
| // If set, will use the local signing flow (currently a prototype). |
| bool use_local_signing = 15; |
| |
| // Docker image to use for local signing. Must already be pulled down on the |
| // host. This consists of the name of the docker image, followed by the tag, |
| // i.e. "signing:1234". |
| string docker_image = 16; |
| } |
| |
| // Result of a payload generation. |
| message GenerationResponse { |
| // Deprecated since R112. Use versioned_artifact. |
| // If successful we may have a local artifact available. Generally this takes |
| // the form of '/tmp/ioadwjoawjd/delta.bin'. |
| string local_path = 2; |
| |
| // Deprecated since R112. Use versioned_artifact. |
| // If successful we may have uploaded an artifact to google storage. |
| string remote_uri = 3; |
| |
| // Remote and local artifacts along with a version ID (if successful). |
| message VersionedArtifact { |
| // Version of the payload (eg. 1). |
| uint32 version = 1; |
| // Local artifact path. Deprecated since R117. Use file_path. |
| string local_path = 2 [ deprecated = true ]; |
| // If successful we may have uploaded an artifact to google storage. |
| string remote_uri = 3; |
| // If successful we may have a local artifact available. Generally this |
| // takes the form of '/path/to/tmp/ioadwjoawjd/delta.bin'. |
| chromiumos.Path file_path = 4; |
| } |
| repeated VersionedArtifact versioned_artifacts = 5; |
| |
| // If no payload was generated, we may be able to report the reason why. |
| enum FailureReason { |
| UNSPECIFIED = 0; |
| NOT_MINIOS_COMPATIBLE = 1; |
| // This occurs when the source and target builds do not support the same |
| // number of recovery keys. |
| MINIOS_COUNT_MISMATCH = 2; |
| } |
| FailureReason failure_reason = 4; |
| |
| reserved 1; |
| reserved "success"; |
| } |
| |
| // Request payload generation to be done with a source and target image. |
| message GenerateUnsignedPayloadRequest { |
| // Source image properties, must be either full_update or the same type as |
| // the included tgt_image_oneof. full_update indicates the lack of a source. |
| oneof src_image_oneof { |
| bool full_update = 1; |
| SignedImage src_signed_image = 2; |
| UnsignedImage src_unsigned_image = 3; |
| DLCImage src_dlc_image = 4; |
| } |
| |
| // Target image properties. |
| oneof tgt_image_oneof { |
| SignedImage tgt_signed_image = 5; |
| UnsignedImage tgt_unsigned_image = 6; |
| DLCImage tgt_dlc_image = 7; |
| } |
| |
| // The chroot where the operations will be executed. |
| // Required. |
| chromiumos.Chroot chroot = 8; |
| |
| // TODO(b/299105459): Don't special-case minios. |
| // Whether the request is for a miniOS payload. |
| // This is only meaningful if the src and tgt images are either |
| // both SignedImage or both UnsignedImage. |
| bool minios = 9; |
| |
| // Target directory where output artifacts should be stored. |
| chromiumos.ResultPath result_path = 10; |
| } |
| |
| // Information about an unsigned payload. |
| message UnsignedPayload { |
| // Version of the payload (eg. 1). |
| uint32 version = 1; |
| // Path of the payload file, e.g. '/path/to/tmp/ioadwjoawjd/delta.bin'. |
| chromiumos.Path payload_file_path = 2; |
| |
| reserved 3; |
| // Suffix used for this particular payload. |
| string rand_suffix = 7; |
| |
| // Names of the partitions. |
| repeated string partition_names = 4; |
| // Paths of the source partition files. |
| repeated chromiumos.Path src_partitions = 5; |
| // Paths of the target partition files. |
| repeated chromiumos.Path tgt_partitions = 6; |
| |
| // AppID. Need this in FinalizePayloadRequest. |
| string appid = 8; |
| |
| // Path of the payload file with generation details. |
| chromiumos.Path payload_file_log_path = 9; |
| } |
| |
| // Result of a payload generation. |
| message GenerateUnsignedPayloadResponse { |
| reserved 1; |
| |
| // Unsigned payloads. |
| // Only multiple in the case of a minios payload. |
| repeated UnsignedPayload unsigned_payloads = 3; |
| |
| // If no payload was generated, we may be able to report the reason why. |
| enum FailureReason { |
| UNSPECIFIED = 0; |
| NOT_MINIOS_COMPATIBLE = 1; |
| // This occurs when the source and target builds do not support the same |
| // number of recovery keys. |
| MINIOS_COUNT_MISMATCH = 2; |
| } |
| FailureReason failure_reason = 2; |
| } |
| |
| // Request signing, validation, and uploading for an unsigned payload. |
| message FinalizePayloadRequest { |
| // The chroot where certain operations will be executed |
| // (the endpoint as a whole is still executed outside of the chroot). |
| // Required. |
| chromiumos.Chroot chroot = 1; |
| |
| // Source image properties, must be either full_update or the same type as |
| // the included tgt_image_oneof. full_update indicates the lack of a source. |
| oneof src_image_oneof { |
| bool full_update = 10; |
| SignedImage src_signed_image = 11; |
| UnsignedImage src_unsigned_image = 12; |
| DLCImage src_dlc_image = 13; |
| } |
| |
| // Target image properties. |
| oneof tgt_image_oneof { |
| SignedImage tgt_signed_image = 14; |
| UnsignedImage tgt_unsigned_image = 15; |
| DLCImage tgt_dlc_image = 16; |
| } |
| |
| // TODO(b/299105459): Don't special-case minios. |
| // Whether the request is for a miniOS payload. |
| // This is only meaningful if the src and tgt images are either |
| // both SignedImage or both UnsignedImage. |
| bool minios = 9; |
| |
| // Individual payloads to finalize. |
| // Only multiple in the case of a minios payload. |
| repeated UnsignedPayload payloads = 8; |
| |
| // Do not sign images or upload artifacts. |
| bool dryrun = 2; |
| |
| // Target directory where output artifacts should be stored. |
| chromiumos.ResultPath result_path = 3; |
| |
| // The keyset to sign with (e.g. "coral-mp-v16"), if empty do not sign, |
| // and may be ignored for certain request types (e.g. dlc). |
| string keyset = 4; |
| |
| // Should we run verification? |
| bool verify = 6; |
| |
| // The destination bucket (defaults to "chromeos-releases"). |
| string bucket = 7; |
| |
| // If set, will use the local signing flow (currently a prototype). |
| bool use_local_signing = 5; |
| |
| // Docker image to use for local signing. Must already be pulled down on the |
| // host. This consists of the name of the docker image, followed by the tag, |
| // i.e. "signing:1234". |
| string docker_image = 17; |
| } |
| |
| // Response for a FinalizePayloadsRequest |
| // (which does signing, validation, uploading). |
| message FinalizePayloadResponse { |
| // Remote and local artifacts along with a version ID (if successful). |
| message VersionedArtifact { |
| // Version of the payload (eg. 1). |
| uint32 version = 1; |
| // If successful we may have uploaded an artifact to google storage. |
| string remote_uri = 2; |
| // If successful we may have a local artifact available. Generally this |
| // takes the form of '/path/to/tmp/ioadwjoawjd/delta.bin'. |
| chromiumos.Path file_path = 3; |
| } |
| repeated VersionedArtifact versioned_artifacts = 1; |
| } |
| |
| // The image service definition. |
| service PayloadService { |
| option (service_options) = { |
| module : "payload", |
| service_chroot_assert : INSIDE, |
| }; |
| |
| // Added in R79. |
| rpc GeneratePayload(GenerationRequest) returns (GenerationResponse); |
| |
| // Added in R121. |
| rpc GenerateUnsignedPayload(GenerateUnsignedPayloadRequest) |
| returns (GenerateUnsignedPayloadResponse); |
| |
| // Added in R121. |
| rpc FinalizePayload(FinalizePayloadRequest) |
| returns (FinalizePayloadResponse) { |
| option (method_options) = { |
| method_branched_execution : EXECUTE_TOT, |
| method_chroot_assert : OUTSIDE, |
| }; |
| }; |
| } |