diff --git a/live-build/functions b/live-build/functions index ca09e81e..28b2c289 100644 --- a/live-build/functions +++ b/live-build/functions @@ -46,6 +46,10 @@ create_empty_disk_image() { create_manifest() { local chroot_root=${1} local target_file=${2} + local base_default_sbom_name="ubuntu-cloud-image-$(grep "VERSION_ID" $chroot_root/etc/os-release | cut --delimiter "=" --field 2 | tr -d '"')-${ARCH}-$(date +%Y%m%dT%H:%M:%S)" + local sbom_file_name=${3:-"${base_default_sbom_name}.spdx"} + local sbom_document_name=${4:-"${base_default_sbom_name}"} + local sbom_log=${sbom_document_name}.log echo "create_manifest chroot_root: ${chroot_root}" dpkg-query --show --admindir="${chroot_root}/var/lib/dpkg" > ${target_file} echo "create_manifest call to dpkg-query finished." @@ -54,7 +58,23 @@ create_manifest() { if [ "$PROJECT" = ubuntu-cpc ]; then echo "create_manifest creating file listing." local target_filelist=${2%.manifest}.filelist - (cd "${chroot_root}" && find -xdev) > "${target_filelist}" + (cd "${chroot_root}" && find -xdev) | sort > "${target_filelist}" + # only creating sboms for CPC project at this time + if [[ ! $(which cpc-sbom) ]]; then + # ensure the tool is installed + sudo snap install --classic --edge cpc-sbom + fi + # generate the SBOM + cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}" + SBOM_GENERATION_EXIT_CODE=$? + if [[ ${SBOM_GENERATION_EXIT_CODE} != "0" ]]; then + # check for failure and print log + echo "ERROR: SBOM generation failed. See ${sbom_log}" + cat "$sbom_log" + exit 1 + else + echo "SBOM generation succeeded. see ${sbom_log} for details" + fi fi echo "create_manifest finished" } diff --git a/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary b/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary index 6ba4fe9c..46d9479a 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary @@ -24,6 +24,6 @@ rm -rf $rootfs_dir/boot/grub # Keep this as some derivatives mount a tempfs here mkdir -p $rootfs_dir/lib/modules -teardown_mountpoint $rootfs_dir +create_manifest $rootfs_dir "livecd.ubuntu-cpc.rootfs.manifest" "livecd.ubuntu-cpc.rootfs.spdx" "cloud-image-rootfs-$ARCH-$(date +%Y%m%dT%H:%M:%S)" -create_manifest "${rootfs_dir}" "${rootfs_dir}.manifest" +teardown_mountpoint $rootfs_dir diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary index dc87a361..cce4cae1 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary @@ -75,6 +75,11 @@ make_ext4_partition "${rootfs_dev_mapper}" mkdir mountpoint mount "${rootfs_dev_mapper}" mountpoint cp -a chroot/* mountpoint/ + +# the image has been modified from its disk-image-uefi base so the manifest and filelist should be regenerated +# explicitly generate manifest and sbom +create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx" "cloud-image-$ARCH-$(date +Y%m%dT%H:%M:%S)" + umount mountpoint rmdir mountpoint diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary index 130d9b7a..cd02b607 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary @@ -236,6 +236,11 @@ EOF rm mountpoint/tmp/device.map umount mountpoint/boot/efi mount + + # create sorted filelist as the very last step before unmounting + # explicitly generate manifest and sbom + create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-uefi.manifest" "$PWD/livecd.ubuntu-cpc.disk-uefi.spdx" "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)" + umount_partition mountpoint rmdir mountpoint } @@ -251,6 +256,7 @@ make_ext4_partition "${rootfs_dev_mapper}" mkdir mountpoint mount "${rootfs_dev_mapper}" mountpoint cp -a chroot/* mountpoint/ + umount mountpoint rmdir mountpoint diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary index ed383109..3771881b 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary @@ -175,6 +175,8 @@ EOF $ZIPL_EXTRA_PARAMS fi +create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx" "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)" + if [ -n "$BOOT_MOUNTPOINT" ]; then umount "mountpoint/$BOOT_MOUNTPOINT" fi diff --git a/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary b/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary index 5b38fe69..1101a1f2 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary @@ -15,8 +15,17 @@ esac . config/functions +qcow_file=${PWD}/livecd.ubuntu-cpc.qcow if [ -f binary/boot/disk-uefi.ext4 ]; then convert_to_qcow2 binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.img + uefi_file="livecd.ubuntu-cpc.disk-uefi" + cp ${uefi_file}.manifest ${qcow_file}.manifest + cp ${uefi_file}.filelist ${qcow_file}.filelist + cp ${uefi_file}.spdx ${qcow_file}.spdx elif [ -f binary/boot/disk.ext4 ]; then convert_to_qcow2 binary/boot/disk.ext4 livecd.ubuntu-cpc.img + disk_file="livecd.ubuntu-cpc.disk-image" + cp ${disk_file}.manifest ${qcow_file}.manifest + cp ${disk_file}.filelist ${qcow_file}.filelist + cp ${disk_file}.spdx ${qcow_file}.spdx fi diff --git a/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary b/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary index 873cee59..53dd5d8b 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary @@ -13,8 +13,12 @@ rootfs_dir=rootfs.dir squashfs_f="$PWD/livecd.ubuntu-cpc.squashfs" -cp $rootfs_dir.manifest $squashfs_f.manifest -cp $rootfs_dir.filelist $squashfs_f.filelist +cp livecd.ubuntu-cpc.rootfs.manifest ${squashfs_f}.manifest +cp livecd.ubuntu-cpc.rootfs.filelist ${squashfs_f}.filelist +cp livecd.ubuntu-cpc.rootfs.spdx ${squashfs_f}.spdx + +# fstab is omitted from the squashfs +grep -v '^/etc/fstab$' livecd.ubuntu-cpc.rootfs.filelist >$squashfs_f.filelist (cd $rootfs_dir && mksquashfs . $squashfs_f \ diff --git a/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary b/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary index c8aad906..9c5db0b8 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/root-xz.binary @@ -11,6 +11,4 @@ fi # This is the directory created by create-root-dir.binary rootfs_dir=rootfs.dir -cp $rootfs_dir.manifest livecd.ubuntu-cpc.rootfs.manifest -cp $rootfs_dir.filelist livecd.ubuntu-cpc.rootfs.filelist (cd $rootfs_dir/ && tar -c --sort=name --xattrs *) | xz > livecd.ubuntu-cpc.rootfs.tar.xz diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image index 3b356075..e1d5284c 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image +++ b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image @@ -8,3 +8,6 @@ provides livecd.ubuntu-cpc.kernel-generic provides livecd.ubuntu-cpc.kernel-generic-lpae provides livecd.ubuntu-cpc.manifest provides livecd.ubuntu-cpc.filelist +provides livecd.ubuntu-cpc.disk-image.manifest +provides livecd.ubuntu-cpc.disk-image.filelist +provides livecd.ubuntu-cpc.disk-image.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi index 438930b7..d8b7ad44 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi +++ b/live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi @@ -6,3 +6,6 @@ provides livecd.ubuntu-cpc.kernel-generic provides livecd.ubuntu-cpc.kernel-generic-lpae provides livecd.ubuntu-cpc.manifest provides livecd.ubuntu-cpc.filelist +provides livecd.ubuntu-cpc.disk-uefi.manifest +provides livecd.ubuntu-cpc.disk-uefi.filelist +provides livecd.ubuntu-cpc.disk-uefi.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 b/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 index 745adb9b..0fdbc81c 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 +++ b/live-build/ubuntu-cpc/hooks.d/base/series/qcow2 @@ -1,3 +1,6 @@ depends disk-image base/qcow2-image.binary provides livecd.ubuntu-cpc.img +provides livecd.ubuntu-cpc.qcow.manifest +provides livecd.ubuntu-cpc.qcow.filelist +provides livecd.ubuntu-cpc.qcow.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/squashfs b/live-build/ubuntu-cpc/hooks.d/base/series/squashfs index b9f0d8db..991bf12e 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/squashfs +++ b/live-build/ubuntu-cpc/hooks.d/base/series/squashfs @@ -3,3 +3,4 @@ base/root-squashfs.binary provides livecd.ubuntu-cpc.squashfs provides livecd.ubuntu-cpc.squashfs.manifest provides livecd.ubuntu-cpc.squashfs.filelist +provides livecd.ubuntu-cpc.squashfs.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/tarball b/live-build/ubuntu-cpc/hooks.d/base/series/tarball index 8e2bc766..293fc4a5 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/tarball +++ b/live-build/ubuntu-cpc/hooks.d/base/series/tarball @@ -3,3 +3,4 @@ base/root-xz.binary provides livecd.ubuntu-cpc.rootfs.tar.xz provides livecd.ubuntu-cpc.rootfs.manifest provides livecd.ubuntu-cpc.rootfs.filelist +provides livecd.ubuntu-cpc.rootfs.spdx diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/vagrant b/live-build/ubuntu-cpc/hooks.d/base/series/vagrant index 6e5fcf39..0e4d8dd4 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/vagrant +++ b/live-build/ubuntu-cpc/hooks.d/base/series/vagrant @@ -1,3 +1,6 @@ depends disk-image base/vagrant.binary provides livecd.ubuntu-cpc.vagrant.box +provides livecd.ubuntu-cpc.vagrant.manifest +provides livecd.ubuntu-cpc.vagrant.filelist +provides livecd.ubuntu-cpc.vagrant.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/series/vmdk b/live-build/ubuntu-cpc/hooks.d/base/series/vmdk index c583fe96..855063e3 100644 --- a/live-build/ubuntu-cpc/hooks.d/base/series/vmdk +++ b/live-build/ubuntu-cpc/hooks.d/base/series/vmdk @@ -3,3 +3,6 @@ base/vmdk-image.binary base/vmdk-ova-image.binary provides livecd.ubuntu-cpc.vmdk provides livecd.ubuntu-cpc.ova +provides livecd.ubuntu-cpc.vmdk.manifest +provides livecd.ubuntu-cpc.vmdk.filelist +provides livecd.ubuntu-cpc.vmdk.spdx \ No newline at end of file diff --git a/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary b/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary index 504c667e..fe281d9c 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/vagrant.binary @@ -86,6 +86,8 @@ EOF chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh chroot ${mount_d} chmod 700 /home/vagrant/.ssh +create_manifest $mount_d "livecd.ubuntu-cpc.vagrant.manifest" "livecd.ubuntu-cpc.vagrant.spdx" "cloud-image-vagrant-$ARCH-$(date +%Y%m%dT%H:%M:%S)" + umount_disk_image "$mount_d" rmdir "$mount_d" diff --git a/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary b/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary index 3c2a6449..f4c0ade8 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary @@ -20,8 +20,18 @@ esac . config/functions +vmdk_file="$PWD/livecd.ubuntu-cpc.vmdk" + if [ -e binary/boot/disk-uefi.ext4 ]; then create_vmdk binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.vmdk + uefi_file="livecd.ubuntu-cpc.disk-uefi" + cp ${uefi_file}.manifest ${vmdk_file}.manifest + cp ${uefi_file}.filelist ${vmdk_file}.filelist + cp ${uefi_file}.spdx ${vmdk_file}.spdx elif [ -f binary/boot/disk.ext4 ]; then create_vmdk binary/boot/disk.ext4 livecd.ubuntu-cpc.vmdk + disk_file="livecd.ubuntu-cpc.disk-image" + cp ${disk_file}.manifest ${vmdk_file}.manifest + cp ${disk_file}.filelist ${vmdk_file}.filelist + cp ${disk_file}.spdx ${vmdk_file}.spdx fi