As discussed with @DaanDeMeyer on Matrix, it would helpful to have the manifest inside a built image.

My own use-case is diffing my current ParticleOS version against an updated version to see what packages have changed. Currently, I save manifests of all installed images somewhere on my build machine's filesystem, and then match against IMAGE_VERSION from /etc/os-release to get the current version's manifest. From there, I can diff against a newly-built image's manifest. It would be nicer to have something like, for example, {/etc,/usr/lib}/os-manifest.json.

More generally, I think it makes sense for OS images to be able to self-describe their contents. /etc/os-release already contains some high-level self-description, but more granular SBOM-y stuff feels desirable too.

As far as implementation goes, Daan mentioned on Matrix that it could make sense to emit the manifest earlier in the build process, and then optionally write it somewhere in /usr. It could be conditioned behind something like CleanPackageMetadata= so that there's no additional configuration added for this feature.

Not sure if it makes sense to compress the manifest; with my fully-featured ParticleOS desktop image, an uncompressed manifest is 302k. gzip brings it down to 25k. (Changelog goes from 3.5M to 538k with gzip.) Edit: compression would of course only matter for output formats that don't have transparent compression.