From 69c7f2f2d8aad0defeb038e26d57c4e5b02a9d7e Mon Sep 17 00:00:00 2001 From: Luca Bello <36242061+lucabello@users.noreply.github.com> Date: Fri, 8 Dec 2023 10:53:20 +0100 Subject: [PATCH] add security manifest (#12) --- 1.6.0/rockcraft.yaml | 13 +++++++++++-- 1.6.1/rockcraft.yaml | 13 +++++++++++-- 1.6.2/rockcraft.yaml | 13 +++++++++++-- 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/1.6.0/rockcraft.yaml b/1.6.0/rockcraft.yaml index 2ddcd19..8eb7352 100644 --- a/1.6.0/rockcraft.yaml +++ b/1.6.0/rockcraft.yaml @@ -3,8 +3,8 @@ title: Prometheus Pushgateway summary: Prometheus PushGateway in a ROCK. description: "The Prometheus Pushgateway exists to allow ephemeral and batch jobs to expose their metrics to Prometheus." version: "1.6.0" -base: ubuntu:22.04 -build-base: ubuntu:22.04 +base: ubuntu@22.04 +build-base: ubuntu@22.04 license: Apache-2.0 services: prometheus-pushgateway: @@ -32,3 +32,12 @@ parts: ca-certs: plugin: nil stage-packages: [ca-certificates] + deb-security-manifest: + plugin: nil + after: + - prometheus-pushgateway + - ca-certs + override-prime: | + set -x + mkdir -p $CRAFT_PRIME/usr/share/rocks/ + (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query --admindir=$CRAFT_PRIME/var/lib/dpkg/ -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > $CRAFT_PRIME/usr/share/rocks/dpkg.query diff --git a/1.6.1/rockcraft.yaml b/1.6.1/rockcraft.yaml index db9cceb..9d70ba3 100644 --- a/1.6.1/rockcraft.yaml +++ b/1.6.1/rockcraft.yaml @@ -3,8 +3,8 @@ title: Prometheus Pushgateway summary: Prometheus PushGateway in a ROCK. description: "The Prometheus Pushgateway exists to allow ephemeral and batch jobs to expose their metrics to Prometheus." version: "1.6.1" -base: ubuntu:22.04 -build-base: ubuntu:22.04 +base: ubuntu@22.04 +build-base: ubuntu@22.04 license: Apache-2.0 services: prometheus-pushgateway: @@ -32,3 +32,12 @@ parts: ca-certs: plugin: nil stage-packages: [ca-certificates] + deb-security-manifest: + plugin: nil + after: + - prometheus-pushgateway + - ca-certs + override-prime: | + set -x + mkdir -p $CRAFT_PRIME/usr/share/rocks/ + (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query --admindir=$CRAFT_PRIME/var/lib/dpkg/ -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > $CRAFT_PRIME/usr/share/rocks/dpkg.query diff --git a/1.6.2/rockcraft.yaml b/1.6.2/rockcraft.yaml index e77d6d1..b04e954 100644 --- a/1.6.2/rockcraft.yaml +++ b/1.6.2/rockcraft.yaml @@ -3,8 +3,8 @@ title: Prometheus Pushgateway summary: Prometheus PushGateway in a ROCK. description: "The Prometheus Pushgateway exists to allow ephemeral and batch jobs to expose their metrics to Prometheus." version: "1.6.2" -base: ubuntu:22.04 -build-base: ubuntu:22.04 +base: ubuntu@22.04 +build-base: ubuntu@22.04 license: Apache-2.0 services: prometheus-pushgateway: @@ -32,3 +32,12 @@ parts: ca-certs: plugin: nil stage-packages: [ca-certificates] + deb-security-manifest: + plugin: nil + after: + - prometheus-pushgateway + - ca-certs + override-prime: | + set -x + mkdir -p $CRAFT_PRIME/usr/share/rocks/ + (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query --admindir=$CRAFT_PRIME/var/lib/dpkg/ -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > $CRAFT_PRIME/usr/share/rocks/dpkg.query