feat(docs): add point about chiselled deb slices#620
Open
lczyk wants to merge 1 commit intocanonical:mainfrom
Open
feat(docs): add point about chiselled deb slices#620lczyk wants to merge 1 commit intocanonical:mainfrom
lczyk wants to merge 1 commit intocanonical:mainfrom
Conversation
lczyk
requested review from
ROCKsBot,
alesancor1 and
zhijie-yang
as code owners
alesancor1
reviewed
Sep 19, 2025
| @@ -167,6 +167,7 @@ and stating: | |||
| ``` | |||
|
|
|||
| - if this deb-based security manifest is not present, the Maintainer **acknowledges** that it *might* be automatically added by the Build system, consequently adding a new OCI layer to the Ubuntu Rock. | |||
Member
There was a problem hiding this comment.
In fact, the script presented above these lines may be old - @clay-lake can you confirm the script from https://github.com/canonical/rocks-security-manifest already cover the use cases for custom debs, apart from slices? If so, we can rewrite these 3 points as a single one:
if the Ubuntu Rock has additional
.debpackages on top of the Ubuntu base, and/or chisel slices are being installed, then it must include a security manifest/usr/share/rocks/dpkg.querygenerated via https://github.com/canonical/rocks-security-manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ping the @canonical/rocks team.
Description
I've added an item to the IMAGE_MAINTAINER_AGREEMENT which more clearly specifies that we also want manifests in chiselled rocks + added a link to the rocks-security-manifest repo.