func (sdbs *sysDBSuite) TestOpenSysDatabaseKeypairManagerOpenFail(c *C) {
// make it not world-writeable
oldUmask := syscall.Umask(0)
os.MkdirAll(filepath.Join(dirs.SnapAssertsDBDir, "private-keys-v1"), 0777)
syscall.Umask(oldUmask)
db, err := sysdb.Open()
c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*")
c.Check(db, IsNil)
}
func (sdbs *sysDBSuite) TestOpenSysDatabaseExtras(c *C) {
restore := sysdb.InjectTrusted(sdbs.extraTrusted)
defer restore()
db, err := sysdb.Open()
c.Assert(err, IsNil)
c.Check(db, NotNil)
err = db.Check(sdbs.probeAssert)
c.Check(err, IsNil)
}
// Manager returns a new assertion manager.
func Manager(s *state.State) (*AssertManager, error) {
runner := state.NewTaskRunner(s)
runner.AddHandler("validate-snap", doValidateSnap, nil)
db, err := sysdb.Open()
if err != nil {
return nil, err
}
s.Lock()
ReplaceDB(s, db)
s.Unlock()
return &AssertManager{runner: runner}, nil
}
func (sdbs *sysDBSuite) TestOpenSysDatabase(c *C) {
db, err := sysdb.Open()
c.Assert(err, IsNil)
c.Check(db, NotNil)
// check trusted
_, err = db.Find(asserts.AccountKeyType, map[string]string{
"account-id": "canonical",
"public-key-sha3-384": "-CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk",
})
c.Assert(err, IsNil)
trustedAcc, err := db.Find(asserts.AccountType, map[string]string{
"account-id": "canonical",
})
c.Assert(err, IsNil)
err = db.Check(trustedAcc)
c.Check(err, IsNil)
// extraneous
err = db.Check(sdbs.probeAssert)
c.Check(err, ErrorMatches, "no matching public key.*")
}