** Description changed: cloud images are not currently producing spdx formatted SBOMs equally. Some builds do produce sboms continuously. all cloud images must produce SBOMs, across all Suites and products. + + # REQUIREMENTS # + + * Current calls to create_manifest in livecd-rootfs/live-build/functions must not break + * sbom generation must only be done for ubuntu-cpc project. + + # TEST PLAN # + * test all the ubuntu-cpc livecd-rootfs only hooks and series. ensure that an spdx formatted sbom, manifest, and filelist is generated and saved + * test non-ubuntu-cpc hook and make sure that nothing is generated (check for calls of create_manifest. if they aren't even calling it, then it's safe) + * test private ubuntu-cpc hooks. ensure that current calls to create_manifest are not broken + + # POSSIBLE REGRESSIONS # + * any hook calling create_manifest is at risk if there is an issue with create_manifest + * any build where access to the snapstore is restricted, as this requires a snap + * NOTE: launchpad livefs builds have access to the snapstore
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077105 Title: cloud-images do not produce sboms To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/2077105/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
