What needs to get done

oci-factory's IMAGE_MAINTAINER_AGREEMENT requires having a generic part in rocks that stage debs.

It would be super handy to have this as a plugin.

Why it needs to get done

It could reduce boilerpalte from the brittle

  deb-security-manifest:
    plugin: nil
    after:
      - alertmanager
      - ca-certs
    override-prime: |
      set -x
      mkdir -p $CRAFT_PRIME/usr/share/rocks/
      (echo "# os-release" && cat /etc/os-release && echo "# dpkg-query" && dpkg-query --admindir=$CRAFT_PRIME/var/lib/dpkg/ -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\n' -W) > $CRAFT_PRIME/usr/share/rocks/dpkg.query

to the concise

  deb-security-manifest:
    plugin: deb-security-manifest
    after:
      - alertmanager
      - ca-certs

Hi @sed-i ! Albeit understanding the current overhead of generating such a manifest, the current efforts are being put into proper cataloguing mechanisms that will replace this manifest. @cmatsuoka has been working on this.

Hey @cjdcordeiro @cmatsuoka , is there an approximate ETA on this? We're currently adding the security manifest to all of our ROCKs, but if it's something I have to scrap in a week or so, I'd rather wait :)

Not in the short term for sure. But I'll let @cmatsuoka provide a more accurate estimate

I don't have an estimate, I suggest using alternate methods if you need it in the short term.

Noted @cmatsuoka

I think we'll need to live with the custom security manifests for a while.