Merge branch 'jammy-cpc-sbom-everywhere' into ubuntu/jammy

debian/changelog

@@ -1,3 +1,9 @@
+livecd-rootfs (2.765.51) jammy; urgency=medium
+
+  * add cpc-sbom to create_manifest calls to generate sboms (LP: #2077105) 
+
+ -- jchittum <john.chittum@canonical.com>  Wed, 28 Aug 2024 07:57:11 -0400
+
 livecd-rootfs (2.765.50) jammy; urgency=medium
 
   * Replace some functionalities done by the windows launcher (which will

live-build/functions

@@ -37,6 +37,10 @@ create_empty_disk_image() {
 create_manifest() {
     local chroot_root=${1}
     local target_file=${2}
+    local base_default_sbom_name="ubuntu-cloud-image-$(grep "VERSION_ID" $chroot_root/etc/os-release | cut --delimiter "=" --field 2 | tr -d '"')-${ARCH}-$(date +%Y%m%dT%H:%M:%S)"
+    local sbom_file_name=${3:-"${base_default_sbom_name}.spdx"}
+    local sbom_document_name=${4:-"${base_default_sbom_name}"}
+    local sbom_log=${sbom_document_name}.log
     echo "create_manifest chroot_root: ${chroot_root}"
     dpkg-query --show --admindir="${chroot_root}/var/lib/dpkg" > ${target_file}
     echo "create_manifest call to dpkg-query finished."
@@ -45,7 +49,23 @@ create_manifest() {
     if [ "$PROJECT" = ubuntu-cpc ]; then
         echo "create_manifest creating file listing."
         local target_filelist=${2%.manifest}.filelist
-        (cd "${chroot_root}" && find -xdev) > "${target_filelist}"
+        (cd "${chroot_root}" && find -xdev) | sort > "${target_filelist}"
+        # only creating sboms for CPC project at this time
+        if [[ ! $(which cpc-sbom) ]]; then
+            # ensure the tool is installed
+            sudo snap install --classic --edge cpc-sbom
+        fi
+        # generate the SBOM
+        cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}"
+        SBOM_GENERATION_EXIT_CODE=$?
+        if [[ ${SBOM_GENERATION_EXIT_CODE} !=  "0" ]]; then
+        # check for failure and print log
+            echo "ERROR: SBOM generation failed. See ${sbom_log}"
+            cat "$sbom_log"
+            exit 1
+        else
+            echo "SBOM generation succeeded. see ${sbom_log} for details"
+        fi    
     fi
     echo "create_manifest finished"
 }

live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary

@@ -24,6 +24,6 @@ rm -rf $rootfs_dir/boot/grub
 # Keep this as some derivatives mount a tempfs here
 mkdir -p $rootfs_dir/lib/modules
 
-teardown_mountpoint $rootfs_dir
+create_manifest $rootfs_dir "livecd.ubuntu-cpc.rootfs.manifest" "livecd.ubuntu-cpc.rootfs.spdx"  "cloud-image-rootfs-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
 
-create_manifest "${rootfs_dir}" "${rootfs_dir}.manifest"
+teardown_mountpoint $rootfs_dir

live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary

@@ -75,6 +75,10 @@ make_ext4_partition "${rootfs_dev_mapper}"
 mkdir mountpoint
 mount "${rootfs_dev_mapper}" mountpoint
 cp -a chroot/* mountpoint/
+
+# the image has been modified from its disk-image-uefi base so the manifest and filelist should be regenerated
+create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx"  "cloud-image-$ARCH-$(date +Y%m%dT%H:%M:%S)"
+
 umount mountpoint
 rmdir mountpoint
 

live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary

@@ -452,6 +452,11 @@ EOF
     rm mountpoint/tmp/device.map
     umount mountpoint/boot/efi
     mount
+
+    # create sorted filelist as the very last step before unmounting
+    # explicitly generate manifest and sbom
+    create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-uefi.manifest" "$PWD/livecd.ubuntu-cpc.disk-uefi.spdx"  "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
+
     umount_partition mountpoint
     rmdir mountpoint
 }
@@ -467,6 +472,7 @@ make_ext4_partition "${rootfs_dev_mapper}"
 mkdir mountpoint
 mount "${rootfs_dev_mapper}" mountpoint
 cp -a chroot/* mountpoint/
+
 umount mountpoint
 rmdir mountpoint
 

live-build/ubuntu-cpc/hooks.d/base/disk-image.binary

@@ -179,6 +179,8 @@ EOF
         $ZIPL_EXTRA_PARAMS
 fi
 
+create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx"  "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
+
 if [ -n "$BOOT_MOUNTPOINT" ]; then
 	umount "mountpoint/$BOOT_MOUNTPOINT"
 fi

live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary

@@ -2,8 +2,17 @@
 
 . config/functions
 
+qcow_file=${PWD}/livecd.ubuntu-cpc.qcow
 if [ -f binary/boot/disk-uefi.ext4 ]; then
     convert_to_qcow2 binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.img
+    uefi_file="livecd.ubuntu-cpc.disk-uefi"
+    cp ${uefi_file}.manifest ${qcow_file}.manifest
+    cp ${uefi_file}.filelist ${qcow_file}.filelist
+    cp ${uefi_file}.spdx ${qcow_file}.spdx
 elif [ -f binary/boot/disk.ext4 ]; then
     convert_to_qcow2 binary/boot/disk.ext4 livecd.ubuntu-cpc.img
+    disk_file="livecd.ubuntu-cpc.disk-image"
+    cp ${disk_file}.manifest ${qcow_file}.manifest
+    cp ${disk_file}.filelist ${qcow_file}.filelist
+    cp ${disk_file}.spdx ${qcow_file}.spdx
 fi

live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary

@@ -15,8 +15,11 @@ rootfs_dir=rootfs.dir
 
 squashfs_f="$PWD/livecd.ubuntu-cpc.squashfs"
 
-cp $rootfs_dir.manifest $squashfs_f.manifest
+cp livecd.ubuntu-cpc.rootfs.manifest ${squashfs_f}.manifest
+cp livecd.ubuntu-cpc.rootfs.filelist ${squashfs_f}.filelist
+cp livecd.ubuntu-cpc.rootfs.spdx ${squashfs_f}.spdx
+
 # fstab is omitted from the squashfs
-grep -v '^/etc/fstab$' $rootfs_dir.filelist >$squashfs_f.filelist
+grep -v '^/etc/fstab$' livecd.ubuntu-cpc.rootfs.filelist >$squashfs_f.filelist
 
 create_squashfs $rootfs_dir $squashfs_f

live-build/ubuntu-cpc/hooks.d/base/root-xz.binary

@@ -11,6 +11,4 @@ fi
 # This is the directory created by create-root-dir.binary
 rootfs_dir=rootfs.dir
 
-cp $rootfs_dir.manifest livecd.ubuntu-cpc.rootfs.manifest
-cp $rootfs_dir.filelist livecd.ubuntu-cpc.rootfs.filelist
 (cd $rootfs_dir/ && tar -c --sort=name --xattrs *) | xz > livecd.ubuntu-cpc.rootfs.tar.xz

live-build/ubuntu-cpc/hooks.d/base/series/disk-image

@@ -8,3 +8,6 @@ provides livecd.ubuntu-cpc.kernel-generic
 provides livecd.ubuntu-cpc.kernel-generic-lpae
 provides livecd.ubuntu-cpc.manifest
 provides livecd.ubuntu-cpc.filelist
+provides livecd.ubuntu-cpc.disk-image.manifest
+provides livecd.ubuntu-cpc.disk-image.filelist
+provides livecd.ubuntu-cpc.disk-image.spdx

live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi

@@ -6,3 +6,6 @@ provides livecd.ubuntu-cpc.kernel-generic
 provides livecd.ubuntu-cpc.kernel-generic-lpae
 provides livecd.ubuntu-cpc.manifest
 provides livecd.ubuntu-cpc.filelist
+provides livecd.ubuntu-cpc.disk-uefi.manifest
+provides livecd.ubuntu-cpc.disk-uefi.filelist
+provides livecd.ubuntu-cpc.disk-uefi.spdx

live-build/ubuntu-cpc/hooks.d/base/series/qcow2

@@ -1,3 +1,6 @@
 depends disk-image
 base/qcow2-image.binary
 provides livecd.ubuntu-cpc.img
+provides livecd.ubuntu-cpc.qcow.manifest
+provides livecd.ubuntu-cpc.qcow.filelist
+provides livecd.ubuntu-cpc.qcow.spdx

live-build/ubuntu-cpc/hooks.d/base/series/squashfs

@@ -3,3 +3,4 @@ base/root-squashfs.binary
 provides livecd.ubuntu-cpc.squashfs
 provides livecd.ubuntu-cpc.squashfs.manifest
 provides livecd.ubuntu-cpc.squashfs.filelist
+provides livecd.ubuntu-cpc.squashfs.spdx

live-build/ubuntu-cpc/hooks.d/base/series/tarball

@@ -3,3 +3,4 @@ base/root-xz.binary
 provides livecd.ubuntu-cpc.rootfs.tar.xz
 provides livecd.ubuntu-cpc.rootfs.manifest
 provides livecd.ubuntu-cpc.rootfs.filelist
+provides livecd.ubuntu-cpc.rootfs.spdx

live-build/ubuntu-cpc/hooks.d/base/series/vagrant

@@ -1,3 +1,6 @@
 depends disk-image
 base/vagrant.binary
 provides livecd.ubuntu-cpc.vagrant.box
+provides livecd.ubuntu-cpc.vagrant.manifest
+provides livecd.ubuntu-cpc.vagrant.filelist
+provides livecd.ubuntu-cpc.vagrant.spdx

live-build/ubuntu-cpc/hooks.d/base/series/vmdk

@@ -3,3 +3,6 @@ base/vmdk-image.binary
 base/vmdk-ova-image.binary
 provides livecd.ubuntu-cpc.vmdk
 provides livecd.ubuntu-cpc.ova
+provides livecd.ubuntu-cpc.vmdk.manifest
+provides livecd.ubuntu-cpc.vmdk.filelist
+provides livecd.ubuntu-cpc.vmdk.spdx

live-build/ubuntu-cpc/hooks.d/base/vagrant.binary

@@ -80,6 +80,8 @@ EOF
 chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh
 chroot ${mount_d} chmod 700 /home/vagrant/.ssh
 
+create_manifest $mount_d "livecd.ubuntu-cpc.vagrant.manifest" "livecd.ubuntu-cpc.vagrant.spdx"  "cloud-image-vagrant-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
+
 umount_disk_image "$mount_d"
 rmdir "$mount_d"
 

live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary

@@ -20,8 +20,18 @@ esac
 
 . config/functions
 
+vmdk_file="$PWD/livecd.ubuntu-cpc.vmdk"
+
 if [ -e binary/boot/disk-uefi.ext4 ]; then
     create_vmdk binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.vmdk
+    uefi_file="livecd.ubuntu-cpc.disk-uefi"
+    cp ${uefi_file}.manifest ${vmdk_file}.manifest
+    cp ${uefi_file}.filelist ${vmdk_file}.filelist
+    cp ${uefi_file}.spdx ${vmdk_file}.spdx
 elif [ -f binary/boot/disk.ext4 ]; then
     create_vmdk binary/boot/disk.ext4 livecd.ubuntu-cpc.vmdk
+    disk_file="livecd.ubuntu-cpc.disk-image"
+    cp ${disk_file}.manifest ${vmdk_file}.manifest
+    cp ${disk_file}.filelist ${vmdk_file}.filelist
+    cp ${disk_file}.spdx ${vmdk_file}.spdx
 fi