diff --git a/live-build/functions b/live-build/functions index 918bd064..bd3c8898 100644 --- a/live-build/functions +++ b/live-build/functions @@ -39,6 +39,10 @@ create_empty_disk_image() { create_manifest() { local chroot_root=${1} local target_file=${2} + local base_default_sbom_name="ubuntu-cloud-image-$(grep "VERSION_ID" $chroot_root/etc/os-release | cut --delimiter "=" --field 2 | tr -d '"')-${ARCH}-$(date +%Y%m%dT%H:%M:%S)" + local sbom_file_name=${3:-"${base_default_sbom_name}.spdx"} + local sbom_document_name=${4:-"${base_default_sbom_name}"} + local sbom_log=${sbom_document_name}.log echo "create_manifest chroot_root: ${chroot_root}" dpkg-query --show --admindir="${chroot_root}/var/lib/dpkg" > ${target_file} echo "create_manifest call to dpkg-query finished." @@ -48,6 +52,22 @@ create_manifest() { echo "create_manifest creating file listing." local target_filelist=${2%.manifest}.filelist (cd "${chroot_root}" && find -xdev) | sort > "${target_filelist}" + # only creating sboms for CPC project at this time + if [[ ! $(which cpc-sbom) ]]; then + # ensure the tool is installed + sudo snap install --classic --edge cpc-sbom + fi + # generate the SBOM + cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}" + SBOM_GENERATION_EXIT_CODE=$? + if [[ ${SBOM_GENERATION_EXIT_CODE} != "0" ]]; then + # check for failure and print log + echo "ERROR: SBOM generation failed. See ${sbom_log}" + cat "$sbom_log" + exit 1 + else + echo "SBOM generation succeeded. see ${sbom_log} for details" + fi fi echo "create_manifest finished" } diff --git a/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary b/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary index 6ba4fe9c..46d9479a 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary @@ -24,6 +24,6 @@ rm -rf $rootfs_dir/boot/grub # Keep this as some derivatives mount a tempfs here mkdir -p $rootfs_dir/lib/modules -teardown_mountpoint $rootfs_dir +create_manifest $rootfs_dir "livecd.ubuntu-cpc.rootfs.manifest" "livecd.ubuntu-cpc.rootfs.spdx" "cloud-image-rootfs-$ARCH-$(date +%Y%m%dT%H:%M:%S)" -create_manifest "${rootfs_dir}" "${rootfs_dir}.manifest" +teardown_mountpoint $rootfs_dir diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary index e02c6338..f393482b 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary @@ -80,6 +80,8 @@ cp -a chroot/* mountpoint/ chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages (cd mountpoint && find -xdev) | sort > binary/boot/filesystem.filelist +create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx" "cloud-image-$ARCH-$(date +Y%m%dT%H:%M:%S)" + umount mountpoint rmdir mountpoint diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary index d4ec5f0c..474b145b 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary @@ -184,7 +184,8 @@ install_grub() { mount # create sorted filelist as the very last step before unmounting - (cd mountpoint && find -xdev) | sort > binary/boot/filesystem.filelist + # explicitly generate manifest and sbom + create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-uefi.manifest" "$PWD/livecd.ubuntu-cpc.disk-uefi.spdx" "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)" umount_partition mountpoint rmdir mountpoint @@ -201,6 +202,7 @@ make_ext4_partition "${rootfs_dev_mapper}" mkdir mountpoint mount "${rootfs_dev_mapper}" mountpoint cp -a chroot/* mountpoint/ + umount mountpoint rmdir mountpoint diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary index ba577ef5..63d28ab0 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary @@ -158,6 +158,8 @@ EOF $ZIPL_EXTRA_PARAMS fi +create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx" "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)" + if [ -n "$BOOT_MOUNTPOINT" ]; then umount "mountpoint/$BOOT_MOUNTPOINT" fi diff --git a/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary b/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary index 8dbbb9ae..4a8e321a 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary @@ -2,8 +2,17 @@ . config/functions +qcow_file=${PWD}/livecd.ubuntu-cpc.qcow if [ -f binary/boot/disk-uefi.ext4 ]; then convert_to_qcow2 binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.img + uefi_file="livecd.ubuntu-cpc.disk-uefi" + cp ${uefi_file}.manifest ${qcow_file}.manifest + cp ${uefi_file}.filelist ${qcow_file}.filelist + cp ${uefi_file}.spdx ${qcow_file}.spdx elif [ -f binary/boot/disk.ext4 ]; then convert_to_qcow2 binary/boot/disk.ext4 livecd.ubuntu-cpc.img + disk_file="livecd.ubuntu-cpc.disk-image" + cp ${disk_file}.manifest ${qcow_file}.manifest + cp ${disk_file}.filelist ${qcow_file}.filelist + cp ${disk_file}.spdx ${qcow_file}.spdx fi diff --git a/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary b/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary index bc56bc42..ab90c963 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary @@ -15,8 +15,11 @@ rootfs_dir=rootfs.dir squashfs_f="$PWD/livecd.ubuntu-cpc.squashfs" -cp $rootfs_dir.manifest $squashfs_f.manifest +cp livecd.ubuntu-cpc.rootfs.manifest ${squashfs_f}.manifest +cp livecd.ubuntu-cpc.rootfs.filelist ${squashfs_f}.filelist +cp livecd.ubuntu-cpc.rootfs.spdx ${squashfs_f}.spdx + # fstab is omitted from the squashfs -grep -v '^/etc/fstab$' $rootfs_dir.filelist >$squashfs_f.filelist +grep -v '^/etc/fstab$' livecd.ubuntu-cpc.rootfs.filelist >$squashfs_f.filelist create_squashfs $rootfs_dir $squashfs_f diff --git a/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary b/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary index c8aad906..9c5db0b8 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary @@ -11,6 +11,4 @@ fi # This is the directory created by create-root-dir.binary rootfs_dir=rootfs.dir -cp $rootfs_dir.manifest livecd.ubuntu-cpc.rootfs.manifest -cp $rootfs_dir.filelist livecd.ubuntu-cpc.rootfs.filelist (cd $rootfs_dir/ && tar -c --sort=name --xattrs *) | xz > livecd.ubuntu-cpc.rootfs.tar.xz diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image index 8e6e9726..4e269aca 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image +++ b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image @@ -6,3 +6,6 @@ provides livecd.ubuntu-cpc.initrd-generic provides livecd.ubuntu-cpc.kernel-generic provides livecd.ubuntu-cpc.manifest provides livecd.ubuntu-cpc.filelist +provides livecd.ubuntu-cpc.disk-image.manifest +provides livecd.ubuntu-cpc.disk-image.filelist +provides livecd.ubuntu-cpc.disk-image.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi index 2faa4aa1..ac0bf936 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi +++ b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi @@ -4,3 +4,6 @@ provides livecd.ubuntu-cpc.initrd-generic provides livecd.ubuntu-cpc.kernel-generic provides livecd.ubuntu-cpc.manifest provides livecd.ubuntu-cpc.filelist +provides livecd.ubuntu-cpc.disk-uefi.manifest +provides livecd.ubuntu-cpc.disk-uefi.filelist +provides livecd.ubuntu-cpc.disk-uefi.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 b/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 index 745adb9b..0fdbc81c 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 +++ b/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 @@ -1,3 +1,6 @@ depends disk-image base/qcow2-image.binary provides livecd.ubuntu-cpc.img +provides livecd.ubuntu-cpc.qcow.manifest +provides livecd.ubuntu-cpc.qcow.filelist +provides livecd.ubuntu-cpc.qcow.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/squashfs b/live-build/ubuntu-cpc/hooks.d/base/series/squashfs index b9f0d8db..991bf12e 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/squashfs +++ b/live-build/ubuntu-cpc/hooks.d/base/series/squashfs @@ -3,3 +3,4 @@ base/root-squashfs.binary provides livecd.ubuntu-cpc.squashfs provides livecd.ubuntu-cpc.squashfs.manifest provides livecd.ubuntu-cpc.squashfs.filelist +provides livecd.ubuntu-cpc.squashfs.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/tarball b/live-build/ubuntu-cpc/hooks.d/base/series/tarball index 8e2bc766..293fc4a5 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/tarball +++ b/live-build/ubuntu-cpc/hooks.d/base/series/tarball @@ -3,3 +3,4 @@ base/root-xz.binary provides livecd.ubuntu-cpc.rootfs.tar.xz provides livecd.ubuntu-cpc.rootfs.manifest provides livecd.ubuntu-cpc.rootfs.filelist +provides livecd.ubuntu-cpc.rootfs.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/vagrant b/live-build/ubuntu-cpc/hooks.d/base/series/vagrant index 6e5fcf39..0e4d8dd4 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/vagrant +++ b/live-build/ubuntu-cpc/hooks.d/base/series/vagrant @@ -1,3 +1,6 @@ depends disk-image base/vagrant.binary provides livecd.ubuntu-cpc.vagrant.box +provides livecd.ubuntu-cpc.vagrant.manifest +provides livecd.ubuntu-cpc.vagrant.filelist +provides livecd.ubuntu-cpc.vagrant.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/vmdk b/live-build/ubuntu-cpc/hooks.d/base/series/vmdk index c583fe96..855063e3 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/vmdk +++ b/live-build/ubuntu-cpc/hooks.d/base/series/vmdk @@ -3,3 +3,6 @@ base/vmdk-image.binary base/vmdk-ova-image.binary provides livecd.ubuntu-cpc.vmdk provides livecd.ubuntu-cpc.ova +provides livecd.ubuntu-cpc.vmdk.manifest +provides livecd.ubuntu-cpc.vmdk.filelist +provides livecd.ubuntu-cpc.vmdk.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary b/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary index 19e8738b..3c679929 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary @@ -93,6 +93,8 @@ EOF chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh chroot ${mount_d} chmod 700 /home/vagrant/.ssh +create_manifest $mount_d "livecd.ubuntu-cpc.vagrant.manifest" "livecd.ubuntu-cpc.vagrant.spdx" "cloud-image-vagrant-$ARCH-$(date +%Y%m%dT%H:%M:%S)" + umount_disk_image "$mount_d" rmdir "$mount_d" diff --git a/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary b/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary index 3c2a6449..f4c0ade8 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary @@ -20,8 +20,18 @@ esac . config/functions +vmdk_file="$PWD/livecd.ubuntu-cpc.vmdk" + if [ -e binary/boot/disk-uefi.ext4 ]; then create_vmdk binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.vmdk + uefi_file="livecd.ubuntu-cpc.disk-uefi" + cp ${uefi_file}.manifest ${vmdk_file}.manifest + cp ${uefi_file}.filelist ${vmdk_file}.filelist + cp ${uefi_file}.spdx ${vmdk_file}.spdx elif [ -f binary/boot/disk.ext4 ]; then create_vmdk binary/boot/disk.ext4 livecd.ubuntu-cpc.vmdk + disk_file="livecd.ubuntu-cpc.disk-image" + cp ${disk_file}.manifest ${vmdk_file}.manifest + cp ${disk_file}.filelist ${vmdk_file}.filelist + cp ${disk_file}.spdx ${vmdk_file}.spdx fi