From f734d8cb8c7cce91975520654ea9fdc7ee76b2e9 Mon Sep 17 00:00:00 2001
From: Allen Abraham <allen.abraham@canonical.com>
Date: Thu, 19 Feb 2026 15:30:28 -0500
Subject: [PATCH] feat(ubuntu-cpc): make SBOM generation optional in
 create_manifest function

There are case in CPC built images where we don't want to create an SBOM.
Add an argument in create_manifest which defaults to creating an SBOM, but can also skip generating an SBOM
---
 live-build/functions | 35 ++++++++++++++++++++---------------
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/live-build/functions b/live-build/functions
index 20759cfc..2a8c52ee 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -44,6 +44,7 @@ create_manifest() {
     local base_default_sbom_name="ubuntu-cloud-image-$(grep "VERSION_ID" $chroot_root/etc/os-release | cut --delimiter "=" --field 2 | tr -d '"')-${ARCH}-$(date +%Y%m%dT%H:%M:%S)"
     local sbom_file_name=${3:-"${base_default_sbom_name}.spdx"}
     local sbom_document_name=${4:-"${base_default_sbom_name}"}
+    local should_include_sbom=${5:-"true"}
     local sbom_log=${sbom_document_name}.log
     echo "create_manifest chroot_root: ${chroot_root}"
     dpkg-query --show --admindir="${chroot_root}/var/lib/dpkg" > ${target_file}
@@ -54,22 +55,26 @@ create_manifest() {
         echo "create_manifest creating file listing."
         local target_filelist=${2%.manifest}.filelist
         (cd "${chroot_root}" && find -xdev) | sort > "${target_filelist}"
-        # only creating sboms for CPC project at this time
-        if [[ ! $(which cpc-sbom) ]]; then
-            # ensure the tool is installed
-            sudo snap install --classic --edge cpc-sbom
-        fi
-        # generate the SBOM
-        cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}"
-        SBOM_GENERATION_EXIT_CODE=$?
-        if [[ ${SBOM_GENERATION_EXIT_CODE} !=  "0" ]]; then
-        # check for failure and print log
-            echo "ERROR: SBOM generation failed. See ${sbom_log}"
-            cat "$sbom_log"
-            exit 1
+        if [ "$should_include_sbom" = "true" ]; then
+            # only creating sboms for CPC project at this time
+            if [[ ! $(which cpc-sbom) ]]; then
+                # ensure the tool is installed
+                sudo snap install --classic --edge cpc-sbom
+            fi
+            # generate the SBOM
+            cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}"
+            SBOM_GENERATION_EXIT_CODE=$?
+            if [[ ${SBOM_GENERATION_EXIT_CODE} !=  "0" ]]; then
+            # check for failure and print log
+                echo "ERROR: SBOM generation failed. See ${sbom_log}"
+                cat "$sbom_log"
+                exit 1
+            else
+                echo "SBOM generation succeeded. see ${sbom_log} for details"
+            fi
         else
-            echo "SBOM generation succeeded. see ${sbom_log} for details"
-        fi    
+            echo "SBOM generation skipped"
+        fi
     fi
     echo "create_manifest finished"
 }