func (s *assertMgrSuite) SetUpTest(c *C) {
dirs.SetRootDir(c.MkDir())
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted)
dev1PrivKey, _ := assertstest.GenerateKey(752)
s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "")
err := s.storeSigning.Add(s.dev1Acct)
c.Assert(err, IsNil)
// developer signing
dev1AcctKey := assertstest.NewAccountKey(s.storeSigning, s.dev1Acct, nil, dev1PrivKey.PublicKey(), "")
err = s.storeSigning.Add(dev1AcctKey)
c.Assert(err, IsNil)
s.dev1Signing = assertstest.NewSigningDB(s.dev1Acct.AccountID(), dev1PrivKey)
s.state = state.New(nil)
mgr, err := assertstate.Manager(s.state)
c.Assert(err, IsNil)
s.mgr = mgr
s.state.Lock()
snapstate.ReplaceStore(s.state, &fakeStore{
state: s.state,
db: s.storeSigning,
})
s.state.Unlock()
}
func (s *FirstBootTestSuite) SetUpTest(c *C) {
tempdir := c.MkDir()
dirs.SetRootDir(tempdir)
// mock the world!
err := os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "snaps"), 0755)
c.Assert(err, IsNil)
err = os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "assertions"), 0755)
c.Assert(err, IsNil)
err = os.MkdirAll(dirs.SnapServicesDir, 0755)
c.Assert(err, IsNil)
os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1")
s.systemctl = testutil.MockCommand(c, "systemctl", "")
s.mockUdevAdm = testutil.MockCommand(c, "udevadm", "")
err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), nil, 0644)
c.Assert(err, IsNil)
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted)
s.brandPrivKey, _ = assertstest.GenerateKey(752)
s.brandSigning = assertstest.NewSigningDB("my-brand", s.brandPrivKey)
ovld, err := overlord.New()
c.Assert(err, IsNil)
s.overlord = ovld
}
func (ms *mgrsSuite) SetUpTest(c *C) {
ms.tempdir = c.MkDir()
dirs.SetRootDir(ms.tempdir)
err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755)
c.Assert(err, IsNil)
os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1")
// create a fake systemd environment
os.MkdirAll(filepath.Join(dirs.SnapServicesDir, "multi-user.target.wants"), 0755)
ms.prevctlCmd = systemd.SystemctlCmd
systemd.SystemctlCmd = func(cmd ...string) ([]byte, error) {
return []byte("ActiveState=inactive\n"), nil
}
ms.aa = testutil.MockCommand(c, "apparmor_parser", "")
ms.udev = testutil.MockCommand(c, "udevadm", "")
ms.umount = testutil.MockCommand(c, "umount", "")
ms.snapDiscardNs = testutil.MockCommand(c, "snap-discard-ns", "")
dirs.LibExecDir = ms.snapDiscardNs.BinDir()
ms.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
ms.restoreTrusted = sysdb.InjectTrusted(ms.storeSigning.Trusted)
ms.devAcct = assertstest.NewAccount(ms.storeSigning, "devdevev", map[string]interface{}{
"account-id": "devdevdev",
}, "")
err = ms.storeSigning.Add(ms.devAcct)
c.Assert(err, IsNil)
o, err := overlord.New()
c.Assert(err, IsNil)
ms.o = o
}
func (sdbs *sysDBSuite) TestTrusted(c *C) {
trusted := sysdb.Trusted()
c.Check(trusted, HasLen, 2)
restore := sysdb.InjectTrusted(sdbs.extraTrusted)
defer restore()
trustedEx := sysdb.Trusted()
c.Check(trustedEx, HasLen, 4)
}
func (sdbs *sysDBSuite) TestOpenSysDatabaseExtras(c *C) {
restore := sysdb.InjectTrusted(sdbs.extraTrusted)
defer restore()
db, err := sysdb.Open()
c.Assert(err, IsNil)
c.Check(db, NotNil)
err = db.Check(sdbs.probeAssert)
c.Check(err, IsNil)
}
// Inject includes the test trusted assertions in the system trusted set.
func Inject() {
sysdb.InjectTrusted([]asserts.Assertion{TestRootAccount, TestRootAccountKey})
}
func (s *imageSuite) TestBootstrapToRootDirDevmodeSnap(c *C) {
restore := sysdb.InjectTrusted(s.storeSigning.Trusted)
defer restore()
rootdir := filepath.Join(c.MkDir(), "imageroot")
// FIXME: bootstrapToRootDir needs an unpacked gadget yaml
gadgetUnpackDir := filepath.Join(c.MkDir(), "gadget")
err := os.MkdirAll(gadgetUnpackDir, 0755)
c.Assert(err, IsNil)
err = ioutil.WriteFile(filepath.Join(gadgetUnpackDir, "grub.conf"), nil, 0644)
c.Assert(err, IsNil)
s.setupSnaps(c, gadgetUnpackDir)
s.downloadedSnaps["devmode-snap"] = snaptest.MakeTestSnapWithFiles(c, devmodeSnap, nil)
s.storeSnapInfo["devmode-snap"] = infoFromSnapYaml(c, devmodeSnap, snap.R(0))
// mock the mount cmds (for the extract kernel assets stuff)
c1 := testutil.MockCommand(c, "mount", "")
defer c1.Restore()
c2 := testutil.MockCommand(c, "umount", "")
defer c2.Restore()
opts := &image.Options{
Snaps: []string{s.downloadedSnaps["devmode-snap"]},
RootDir: rootdir,
GadgetUnpackDir: gadgetUnpackDir,
}
local, err := image.LocalSnaps(opts)
c.Assert(err, IsNil)
err = image.BootstrapToRootDir(s, s.model, opts, local)
c.Assert(err, IsNil)
// check seed yaml
seed, err := snap.ReadSeedYaml(filepath.Join(rootdir, "var/lib/snapd/seed/seed.yaml"))
c.Assert(err, IsNil)
c.Check(seed.Snaps, HasLen, 5)
// check devmode-snap
info := &snap.Info{
SideInfo: snap.SideInfo{
RealName: "devmode-snap",
Revision: snap.R("x1"),
},
}
fn := filepath.Base(info.MountFile())
p := filepath.Join(rootdir, "var/lib/snapd/seed/snaps", fn)
c.Check(osutil.FileExists(p), Equals, true)
// ensure local snaps are put last in seed.yaml
last := len(seed.Snaps) - 1
c.Check(seed.Snaps[last], DeepEquals, &snap.SeedSnap{
Name: "devmode-snap",
File: fn,
DevMode: true,
Unasserted: true,
})
}
func (s *imageSuite) TestBootstrapToRootDirLocalCore(c *C) {
restore := sysdb.InjectTrusted(s.storeSigning.Trusted)
defer restore()
rootdir := filepath.Join(c.MkDir(), "imageroot")
// FIXME: bootstrapToRootDir needs an unpacked gadget yaml
gadgetUnpackDir := filepath.Join(c.MkDir(), "gadget")
s.setupSnaps(c, gadgetUnpackDir)
// mock the mount cmds (for the extract kernel assets stuff)
c1 := testutil.MockCommand(c, "mount", "")
defer c1.Restore()
c2 := testutil.MockCommand(c, "umount", "")
defer c2.Restore()
opts := &image.Options{
Snaps: []string{
s.downloadedSnaps["core"],
s.downloadedSnaps["required-snap1"],
},
RootDir: rootdir,
GadgetUnpackDir: gadgetUnpackDir,
}
local, err := image.LocalSnaps(opts)
c.Assert(err, IsNil)
err = image.BootstrapToRootDir(s, s.model, opts, local)
c.Assert(err, IsNil)
// check seed yaml
seed, err := snap.ReadSeedYaml(filepath.Join(rootdir, "var/lib/snapd/seed/seed.yaml"))
c.Assert(err, IsNil)
c.Check(seed.Snaps, HasLen, 4)
// check the files are in place
for i, name := range []string{"core_x1.snap", "pc-kernel", "pc", "required-snap1_x1.snap"} {
unasserted := false
info := s.storeSnapInfo[name]
if info == nil {
switch name {
case "core_x1.snap":
info = &snap.Info{
SideInfo: snap.SideInfo{
RealName: "core",
Revision: snap.R("x1"),
},
}
unasserted = true
case "required-snap1_x1.snap":
info = &snap.Info{
SideInfo: snap.SideInfo{
RealName: "required-snap1",
Revision: snap.R("x1"),
},
}
unasserted = true
}
}
fn := filepath.Base(info.MountFile())
p := filepath.Join(rootdir, "var/lib/snapd/seed/snaps", fn)
c.Check(osutil.FileExists(p), Equals, true)
c.Check(seed.Snaps[i], DeepEquals, &snap.SeedSnap{
Name: info.Name(),
SnapID: info.SnapID,
File: fn,
Unasserted: unasserted,
})
}
l, err := ioutil.ReadDir(filepath.Join(rootdir, "var/lib/snapd/seed/snaps"))
c.Assert(err, IsNil)
c.Check(l, HasLen, 4)
storeAccountKey := s.storeSigning.StoreAccountKey("")
brandPubKey, err := s.brandSigning.PublicKey("")
c.Assert(err, IsNil)
// check the assertions are in place
for _, fn := range []string{"model", brandPubKey.ID() + ".account-key", "my-brand.account", storeAccountKey.PublicKeyID() + ".account-key"} {
p := filepath.Join(rootdir, "var/lib/snapd/seed/assertions", fn)
c.Check(osutil.FileExists(p), Equals, true)
}
b, err := ioutil.ReadFile(filepath.Join(rootdir, "var/lib/snapd/seed/assertions", "model"))
c.Assert(err, IsNil)
c.Check(b, DeepEquals, asserts.Encode(s.model))
b, err = ioutil.ReadFile(filepath.Join(rootdir, "var/lib/snapd/seed/assertions", "my-brand.account"))
c.Assert(err, IsNil)
a, err := asserts.Decode(b)
c.Assert(err, IsNil)
c.Check(a.Type(), Equals, asserts.AccountType)
c.Check(a.HeaderString("account-id"), Equals, "my-brand")
decls, err := filepath.Glob(filepath.Join(rootdir, "var/lib/snapd/seed/assertions", "*.snap-declaration"))
c.Assert(err, IsNil)
// nothing for core
c.Check(decls, HasLen, 2)
// check the bootloader config
m, err := s.bootloader.GetBootVars("snap_kernel", "snap_core")
c.Assert(err, IsNil)
c.Check(m["snap_kernel"], Equals, "pc-kernel_2.snap")
c.Assert(err, IsNil)
c.Check(m["snap_core"], Equals, "core_x1.snap")
// check that cloud-init is setup correctly
c.Check(osutil.FileExists(filepath.Join(rootdir, "etc/cloud/cloud-init.disabled")), Equals, true)
}
func (s *imageSuite) TestBootstrapToRootDir(c *C) {
restore := sysdb.InjectTrusted(s.storeSigning.Trusted)
defer restore()
rootdir := filepath.Join(c.MkDir(), "imageroot")
// FIXME: bootstrapToRootDir needs an unpacked gadget yaml
gadgetUnpackDir := filepath.Join(c.MkDir(), "gadget")
s.setupSnaps(c, gadgetUnpackDir)
// mock the mount cmds (for the extract kernel assets stuff)
c1 := testutil.MockCommand(c, "mount", "")
defer c1.Restore()
c2 := testutil.MockCommand(c, "umount", "")
defer c2.Restore()
opts := &image.Options{
RootDir: rootdir,
GadgetUnpackDir: gadgetUnpackDir,
}
local, err := image.LocalSnaps(opts)
c.Assert(err, IsNil)
err = image.BootstrapToRootDir(s, s.model, opts, local)
c.Assert(err, IsNil)
// check seed yaml
seed, err := snap.ReadSeedYaml(filepath.Join(rootdir, "var/lib/snapd/seed/seed.yaml"))
c.Assert(err, IsNil)
c.Check(seed.Snaps, HasLen, 4)
// check the files are in place
for i, name := range []string{"core", "pc-kernel", "pc"} {
info := s.storeSnapInfo[name]
fn := filepath.Base(info.MountFile())
p := filepath.Join(rootdir, "var/lib/snapd/seed/snaps", fn)
c.Check(osutil.FileExists(p), Equals, true)
c.Check(seed.Snaps[i], DeepEquals, &snap.SeedSnap{
Name: name,
SnapID: name + "-Id",
File: fn,
})
}
storeAccountKey := s.storeSigning.StoreAccountKey("")
brandPubKey, err := s.brandSigning.PublicKey("")
c.Assert(err, IsNil)
// check the assertions are in place
for _, fn := range []string{"model", brandPubKey.ID() + ".account-key", "my-brand.account", storeAccountKey.PublicKeyID() + ".account-key"} {
p := filepath.Join(rootdir, "var/lib/snapd/seed/assertions", fn)
c.Check(osutil.FileExists(p), Equals, true)
}
b, err := ioutil.ReadFile(filepath.Join(rootdir, "var/lib/snapd/seed/assertions", "model"))
c.Assert(err, IsNil)
c.Check(b, DeepEquals, asserts.Encode(s.model))
b, err = ioutil.ReadFile(filepath.Join(rootdir, "var/lib/snapd/seed/assertions", "my-brand.account"))
c.Assert(err, IsNil)
a, err := asserts.Decode(b)
c.Assert(err, IsNil)
c.Check(a.Type(), Equals, asserts.AccountType)
c.Check(a.HeaderString("account-id"), Equals, "my-brand")
// check the snap assertions are also in place
for _, snapId := range []string{"pc-Id", "pc-kernel-Id", "core-Id"} {
p := filepath.Join(rootdir, "var/lib/snapd/seed/assertions", fmt.Sprintf("16,%s.snap-declaration", snapId))
c.Check(osutil.FileExists(p), Equals, true)
}
// check the bootloader config
m, err := s.bootloader.GetBootVars("snap_kernel", "snap_core")
c.Assert(err, IsNil)
c.Check(m["snap_kernel"], Equals, "pc-kernel_2.snap")
c.Check(m["snap_core"], Equals, "core_3.snap")
}
func (s *authContextSetupSuite) SetUpTest(c *C) {
tempdir := c.MkDir()
dirs.SetRootDir(tempdir)
err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755)
c.Assert(err, IsNil)
captureAuthContext := func(_ *store.Config, ac auth.AuthContext) *store.Store {
s.ac = ac
return nil
}
r := overlord.MockStoreNew(captureAuthContext)
defer r()
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.restoreTrusted = sysdb.InjectTrusted(s.storeSigning.Trusted)
s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey)
brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{
"account-id": "my-brand",
"verification": "certified",
}, "")
s.storeSigning.Add(brandAcct)
brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "")
s.storeSigning.Add(brandAccKey)
model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{
"series": "16",
"authority-id": "my-brand",
"brand-id": "my-brand",
"model": "my-model",
"architecture": "amd64",
"store": "my-brand-store-id",
"gadget": "pc",
"kernel": "pc-kernel",
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
s.model = model.(*asserts.Model)
encDevKey, err := asserts.EncodePublicKey(deviceKey.PublicKey())
c.Assert(err, IsNil)
serial, err := s.brandSigning.Sign(asserts.SerialType, map[string]interface{}{
"authority-id": "my-brand",
"brand-id": "my-brand",
"model": "my-model",
"serial": "7878",
"device-key": string(encDevKey),
"device-key-sha3-384": deviceKey.PublicKey().ID(),
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
s.serial = serial.(*asserts.Serial)
o, err := overlord.New()
c.Assert(err, IsNil)
s.o = o
st := o.State()
st.Lock()
defer st.Unlock()
prereqs := []asserts.Assertion{s.storeSigning.StoreAccountKey(""), brandAcct, brandAccKey}
for _, a := range prereqs {
err = assertstate.Add(st, a)
c.Assert(err, IsNil)
}
}