feat: verify protoc as a validation action

alexeagle · alexeagle · commit 1fd78541dae0 · 2025-11-20T03:39:15.000-08:00
Gives some protection against a repo accidentally registering a protoc binary on the toolchain that doesnt behave as expected. Based on #23539
diff --git a/bazel/private/prebuilt_tool_integrity.bzl b/bazel/private/prebuilt_tool_integrity.bzl
@@ -8,6 +8,7 @@ The checked in content is only here to allow load() statements in the sources to
 
 # An arbitrary version of protobuf that includes pre-built binaries.
 # See /examples/example_without_cc_toolchain which uses this for testing.
+# TODO(alexeagle): add some automation to update this version occasionally.
 _TEST_VERSION = "v33.0"
 _TEST_SHAS = dict()
 # Add a couple platforms which are commonly used for testing.
diff --git a/bazel/private/proto_library_rule.bzl b/bazel/private/proto_library_rule.bzl
@@ -113,6 +113,7 @@ def _proto_library_impl(ctx):
             default_runfiles = ctx.runfiles(),  # empty
             data_runfiles = data_runfiles,
         ),
+        OutputGroupInfo(_validation = ctx.attr._authenticity_validation[OutputGroupInfo]._validation),
     ]
 
 def _process_srcs(ctx, srcs, import_prefix, strip_import_prefix):
@@ -375,6 +376,10 @@ List of files containing extension declarations. This attribute is only allowed
 for use with MessageSet.
 """,
         ),
+        "_authenticity_validation": attr.label(
+            default = "//bazel/private/toolchains/prebuilt:authenticity_validation",
+            doc = "Validate that the binary registered on the toolchain is produced by protobuf team",
+        ),
         # buildifier: disable=attr-license (calling attr.license())
         "licenses": attr.license() if hasattr(attr, "license") else attr.string_list(),
         "_experimental_proto_descriptor_sets_include_source_info": attr.label(
diff --git a/bazel/private/toolchains/prebuilt/BUILD.bazel b/bazel/private/toolchains/prebuilt/BUILD.bazel
@@ -4,6 +4,7 @@ Ensures that Bazel only downloads required binaries for selected toolchains.
 In particular, see comment below on the toolchain#toolchain attribute.
 """
 
+load(":protoc_authenticity.bzl", "protoc_authenticity")
 load("//toolchain:platforms.bzl", "PROTOBUF_PLATFORMS")
 [
     toolchain(
@@ -18,3 +19,9 @@ load("//toolchain:platforms.bzl", "PROTOBUF_PLATFORMS")
     )
     for platform, meta in PROTOBUF_PLATFORMS.items()
 ]
+
+# Support verification of user-registered toolchains
+protoc_authenticity(
+    name = "authenticity_validation",
+    visibility = ["//visibility:public"],
+)
diff --git a/bazel/private/toolchains/prebuilt/protoc_authenticity.bzl b/bazel/private/toolchains/prebuilt/protoc_authenticity.bzl
@@ -0,0 +1,42 @@
+"Validate that the protoc binary is authentic and not spoofed by a malicious actor."
+load("//bazel/common:proto_common.bzl", "proto_common")
+load("//bazel/private:toolchain_helpers.bzl", "toolchains")
+load("//bazel/private:prebuilt_tool_integrity.bzl", "RELEASE_VERSION")
+
+def _protoc_authenticity_impl(ctx):
+    # When this flag is disabled, then users have no way to replace the protoc binary with their own toolchain registration.
+    # Therefore there's no validation to perform.
+    if not proto_common.INCOMPATIBLE_ENABLE_PROTO_TOOLCHAIN_RESOLUTION:
+        return []
+    toolchain = ctx.toolchains[toolchains.PROTO_TOOLCHAIN]
+    if not toolchain:
+        fail("Protocol compiler toolchain could not be resolved.")
+    proto_lang_toolchain_info = toolchain.proto
+    validation_output = ctx.actions.declare_file("validation_output.txt")
+
+    ctx.actions.run_shell(
+        outputs = [validation_output],
+        tools = [proto_lang_toolchain_info.proto_compiler],
+        command = """\
+        {protoc} --version > {validation_output}
+        grep -q "^libprotoc {RELEASE_VERSION}" {validation_output} || {{
+          echo >&2 'ERROR: protoc version does not match protobuf Bazel module; we do not support this. To suppress this error, run Bazel with --norun_validations'
+          exit 1
+        }}
+        """.format(protoc = proto_lang_toolchain_info.proto_compiler.executable.path, validation_output = validation_output.path, RELEASE_VERSION = RELEASE_VERSION.removeprefix("v")),
+    )
+    return [OutputGroupInfo(_validation = depset([validation_output]))]
+
+protoc_authenticity = rule(
+    implementation = _protoc_authenticity_impl,
+    fragments = ["proto"],
+    attrs = toolchains.if_legacy_toolchain({
+        "_proto_compiler": attr.label(
+            cfg = "exec",
+            executable = True,
+            allow_files = True,
+            default = "//src/google/protobuf/compiler:protoc_minimal",
+        ),
+    }),
+    toolchains = toolchains.use_toolchain(toolchains.PROTO_TOOLCHAIN),
+)

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ Ensures that Bazel only downloads required binaries for selected toolchains.`
`4`	`4`	`In particular, see comment below on the toolchain#toolchain attribute.`
`5`	`5`	`"""`
`6`	`6`
	`7`	`+load(":protoc_authenticity.bzl", "protoc_authenticity")`
`7`	`8`	`load("//toolchain:platforms.bzl", "PROTOBUF_PLATFORMS")`
`8`	`9`	`[`
`9`	`10`	`toolchain(`
`@@ -18,3 +19,9 @@ load("//toolchain:platforms.bzl", "PROTOBUF_PLATFORMS")`
`18`	`19`	`)`
`19`	`20`	`for platform, meta in PROTOBUF_PLATFORMS.items()`
`20`	`21`	`]`
	`22`	`+`
	`23`	`+# Support verification of user-registered toolchains`
	`24`	`+protoc_authenticity(`
	`25`	`+ name = "authenticity_validation",`
	`26`	`+ visibility = ["//visibility:public"],`
	`27`	`+)`