func (s *assertMgrSuite) SetUpTest(c *C) {
dirs.SetRootDir(c.MkDir())
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted)
dev1PrivKey, _ := assertstest.GenerateKey(752)
s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "")
err := s.storeSigning.Add(s.dev1Acct)
c.Assert(err, IsNil)
// developer signing
dev1AcctKey := assertstest.NewAccountKey(s.storeSigning, s.dev1Acct, nil, dev1PrivKey.PublicKey(), "")
err = s.storeSigning.Add(dev1AcctKey)
c.Assert(err, IsNil)
s.dev1Signing = assertstest.NewSigningDB(s.dev1Acct.AccountID(), dev1PrivKey)
s.state = state.New(nil)
mgr, err := assertstate.Manager(s.state)
c.Assert(err, IsNil)
s.mgr = mgr
s.state.Lock()
snapstate.ReplaceStore(s.state, &fakeStore{
state: s.state,
db: s.storeSigning,
})
s.state.Unlock()
}
func (s *snapassertsSuite) SetUpTest(c *C) {
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "")
localDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
Backstore: asserts.NewMemoryBackstore(),
Trusted: s.storeSigning.Trusted,
})
c.Assert(err, IsNil)
s.localDB = localDB
// add in prereqs assertions
err = s.localDB.Add(s.storeSigning.StoreAccountKey(""))
c.Assert(err, IsNil)
err = s.localDB.Add(s.dev1Acct)
c.Assert(err, IsNil)
headers := map[string]interface{}{
"series": "16",
"snap-id": "snap-id-1",
"snap-name": "foo",
"publisher-id": s.dev1Acct.AccountID(),
"timestamp": time.Now().Format(time.RFC3339),
}
snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "")
c.Assert(err, IsNil)
err = s.localDB.Add(snapDecl)
c.Assert(err, IsNil)
}
func (s *FirstBootTestSuite) SetUpTest(c *C) {
tempdir := c.MkDir()
dirs.SetRootDir(tempdir)
// mock the world!
err := os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "snaps"), 0755)
c.Assert(err, IsNil)
err = os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "assertions"), 0755)
c.Assert(err, IsNil)
err = os.MkdirAll(dirs.SnapServicesDir, 0755)
c.Assert(err, IsNil)
os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1")
s.systemctl = testutil.MockCommand(c, "systemctl", "")
s.mockUdevAdm = testutil.MockCommand(c, "udevadm", "")
err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), nil, 0644)
c.Assert(err, IsNil)
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted)
s.brandPrivKey, _ = assertstest.GenerateKey(752)
s.brandSigning = assertstest.NewSigningDB("my-brand", s.brandPrivKey)
ovld, err := overlord.New()
c.Assert(err, IsNil)
s.overlord = ovld
}
func (s *deviceMgrSuite) SetUpTest(c *C) {
dirs.SetRootDir(c.MkDir())
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("canonical", rootPrivKey, storePrivKey)
s.state = state.New(nil)
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
Backstore: asserts.NewMemoryBackstore(),
Trusted: s.storeSigning.Trusted,
})
c.Assert(err, IsNil)
s.state.Lock()
assertstate.ReplaceDB(s.state, db)
s.state.Unlock()
err = db.Add(s.storeSigning.StoreAccountKey(""))
c.Assert(err, IsNil)
mgr, err := devicestate.Manager(s.state)
c.Assert(err, IsNil)
s.db = db
s.mgr = mgr
s.state.Lock()
snapstate.ReplaceStore(s.state, &fakeStore{
state: s.state,
db: s.storeSigning,
})
s.state.Unlock()
}
func (s *SnapKeysSuite) TestExportKeyAccount(c *C) {
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
storeSigning := assertstest.NewStoreStack("canonical", rootPrivKey, storePrivKey)
manager := asserts.NewGPGKeypairManager()
assertstest.NewAccount(storeSigning, "developer1", nil, "")
rest, err := snap.Parser().ParseArgs([]string{"export-key", "another", "--account=developer1"})
c.Assert(err, IsNil)
c.Assert(rest, DeepEquals, []string{})
assertion, err := asserts.Decode(s.stdout.Bytes())
c.Assert(err, IsNil)
c.Check(assertion.Type(), Equals, asserts.AccountKeyRequestType)
c.Check(assertion.Revision(), Equals, 0)
c.Check(assertion.HeaderString("account-id"), Equals, "developer1")
c.Check(assertion.HeaderString("name"), Equals, "another")
c.Check(assertion.HeaderString("public-key-sha3-384"), Equals, "DVQf1U4mIsuzlQqAebjjTPYtYJ-GEhJy0REuj3zvpQYTZ7EJj7adBxIXLJ7Vmk3L")
since, err := time.Parse(time.RFC3339, assertion.HeaderString("since"))
c.Assert(err, IsNil)
zone, offset := since.Zone()
c.Check(zone, Equals, "UTC")
c.Check(offset, Equals, 0)
c.Check(s.Stderr(), Equals, "")
privKey, err := manager.Get(assertion.HeaderString("public-key-sha3-384"))
c.Assert(err, IsNil)
err = asserts.SignatureCheck(assertion, privKey.PublicKey())
c.Assert(err, IsNil)
}
func (sdbs *sysDBSuite) SetUpTest(c *C) {
tmpdir := c.MkDir()
pk, _ := assertstest.GenerateKey(752)
signingDB := assertstest.NewSigningDB("can0nical", pk)
trustedAcct := assertstest.NewAccount(signingDB, "can0nical", map[string]interface{}{
"account-id": "can0nical",
"validation": "certified",
"timestamp": "2015-11-20T15:04:00Z",
}, "")
trustedAccKey := assertstest.NewAccountKey(signingDB, trustedAcct, map[string]interface{}{
"account-id": "can0nical",
"since": "2015-11-20T15:04:00Z",
"until": "2500-11-20T15:04:00Z",
}, pk.PublicKey(), "")
sdbs.extraTrusted = []asserts.Assertion{trustedAcct, trustedAccKey}
fakeRoot := filepath.Join(tmpdir, "root")
err := os.Mkdir(fakeRoot, os.ModePerm)
c.Assert(err, IsNil)
dirs.SetRootDir(fakeRoot)
sdbs.probeAssert = assertstest.NewAccount(signingDB, "probe", nil, "")
}
func (s *signSuite) SetUpSuite(c *C) {
testKey, _ := assertstest.GenerateKey(752)
s.keypairMgr = asserts.NewMemoryKeypairManager()
s.keypairMgr.Put(testKey)
s.testKeyID = testKey.PublicKey().ID()
}
func (aks *accountKeySuite) TestAccountKeyCheckNameClash(c *C) {
trustedKey := testPrivKey0
headers := map[string]interface{}{
"authority-id": "canonical",
"account-id": "acc-id1",
"name": "default",
"public-key-sha3-384": aks.keyID,
"since": aks.since.Format(time.RFC3339),
"until": aks.until.Format(time.RFC3339),
}
accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(aks.pubKeyBody), trustedKey)
c.Assert(err, IsNil)
db := aks.openDB(c)
aks.prereqAccount(c, db)
err = db.Add(accKey)
c.Assert(err, IsNil)
newPrivKey, _ := assertstest.GenerateKey(752)
err = db.ImportKey(newPrivKey)
c.Assert(err, IsNil)
newPubKey, err := db.PublicKey(newPrivKey.PublicKey().ID())
c.Assert(err, IsNil)
newPubKeyEncoded, err := asserts.EncodePublicKey(newPubKey)
headers["public-key-sha3-384"] = newPubKey.ID()
headers["revision"] = "1"
newAccKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, newPubKeyEncoded, trustedKey)
c.Assert(err, IsNil)
err = db.Check(newAccKey)
c.Assert(err, ErrorMatches, fmt.Sprintf(`account-key assertion for "acc-id1" with ID %q has the same name "default" as existing ID %q`, newPubKey.ID(), aks.keyID))
}
func (aks *accountKeySuite) TestAccountKeyCheckSameAccountAndDifferentName(c *C) {
trustedKey := testPrivKey0
headers := map[string]interface{}{
"authority-id": "canonical",
"account-id": "acc-id1",
"name": "default",
"public-key-sha3-384": aks.keyID,
"since": aks.since.Format(time.RFC3339),
"until": aks.until.Format(time.RFC3339),
}
accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(aks.pubKeyBody), trustedKey)
c.Assert(err, IsNil)
db := aks.openDB(c)
aks.prereqAccount(c, db)
err = db.Add(accKey)
c.Assert(err, IsNil)
newPrivKey, _ := assertstest.GenerateKey(752)
err = db.ImportKey(newPrivKey)
c.Assert(err, IsNil)
newPubKey, err := db.PublicKey(newPrivKey.PublicKey().ID())
c.Assert(err, IsNil)
newPubKeyEncoded, err := asserts.EncodePublicKey(newPubKey)
headers["name"] = "another"
headers["public-key-sha3-384"] = newPubKey.ID()
newAccKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, newPubKeyEncoded, trustedKey)
c.Assert(err, IsNil)
err = db.Check(newAccKey)
c.Assert(err, IsNil)
}
func (s *deviceMgrSuite) TestDoRequestSerialIdempotentAfterGotSerial(c *C) {
privKey, _ := assertstest.GenerateKey(1024)
mockServer := s.mockServer(c, "REQID-1")
defer mockServer.Close()
mockRequestIDURL := mockServer.URL + "/identity/api/v1/request-id"
restore := devicestate.MockRequestIDURL(mockRequestIDURL)
defer restore()
mockSerialRequestURL := mockServer.URL + "/identity/api/v1/devices"
restore = devicestate.MockSerialRequestURL(mockSerialRequestURL)
defer restore()
restore = devicestate.MockRepeatRequestSerial("after-got-serial")
defer restore()
s.state.Lock()
defer s.state.Unlock()
// setup state as done by first-boot/Ensure/doGenerateDeviceKey
auth.SetDevice(s.state, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
KeyID: privKey.PublicKey().ID(),
})
s.mgr.KeypairManager().Put(privKey)
t := s.state.NewTask("request-serial", "test")
chg := s.state.NewChange("become-operational", "...")
chg.AddTask(t)
s.state.Unlock()
s.mgr.Ensure()
s.mgr.Wait()
s.state.Lock()
c.Check(chg.Status(), Equals, state.DoingStatus)
device, err := auth.Device(s.state)
c.Check(err, IsNil)
_, err = s.db.Find(asserts.SerialType, map[string]string{
"brand-id": "canonical",
"model": "pc",
"serial": "9999",
})
c.Assert(err, Equals, asserts.ErrNotFound)
s.state.Unlock()
s.mgr.Ensure()
s.mgr.Wait()
s.state.Lock()
// Repeated handler run but set original serial.
c.Check(chg.Status(), Equals, state.DoneStatus)
device, err = auth.Device(s.state)
c.Check(err, IsNil)
c.Check(device.Serial, Equals, "9999")
}
func (s *imageSuite) SetUpTest(c *C) {
s.root = c.MkDir()
s.bootloader = boottest.NewMockBootloader("grub", c.MkDir())
partition.ForceBootloader(s.bootloader)
s.stdout = bytes.NewBuffer(nil)
image.Stdout = s.stdout
s.downloadedSnaps = make(map[string]string)
s.storeSnapInfo = make(map[string]*snap.Info)
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
brandPrivKey, _ := assertstest.GenerateKey(752)
s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey)
brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{
"account-id": "my-brand",
"verification": "certified",
}, "")
s.storeSigning.Add(brandAcct)
brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "")
s.storeSigning.Add(brandAccKey)
model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{
"series": "16",
"authority-id": "my-brand",
"brand-id": "my-brand",
"model": "my-model",
"architecture": "amd64",
"gadget": "pc",
"kernel": "pc-kernel",
"required-snaps": []interface{}{"required-snap1"},
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
s.model = model.(*asserts.Model)
}
func (s *deviceMgrSuite) TestDeviceAssertionsDeviceSessionRequest(c *C) {
// nothing there
_, _, err := s.mgr.DeviceSessionRequest("NONCE-1")
c.Check(err, Equals, state.ErrNoState)
// setup state as done by device initialisation
s.state.Lock()
devKey, _ := assertstest.GenerateKey(1024)
encDevKey, err := asserts.EncodePublicKey(devKey.PublicKey())
c.Check(err, IsNil)
seriala, err := s.storeSigning.Sign(asserts.SerialType, map[string]interface{}{
"brand-id": "canonical",
"model": "pc",
"serial": "8989",
"device-key": string(encDevKey),
"device-key-sha3-384": devKey.PublicKey().ID(),
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
err = assertstate.Add(s.state, seriala)
c.Assert(err, IsNil)
auth.SetDevice(s.state, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
Serial: "8989",
KeyID: devKey.PublicKey().ID(),
})
s.mgr.KeypairManager().Put(devKey)
s.state.Unlock()
sessReq, serial, err := s.mgr.DeviceSessionRequest("NONCE-1")
c.Assert(err, IsNil)
c.Check(serial.Serial(), Equals, "8989")
// correctly signed with device key
err = asserts.SignatureCheck(sessReq, devKey.PublicKey())
c.Check(err, IsNil)
c.Check(sessReq.BrandID(), Equals, "canonical")
c.Check(sessReq.Model(), Equals, "pc")
c.Check(sessReq.Serial(), Equals, "8989")
c.Check(sessReq.Nonce(), Equals, "NONCE-1")
}
func (s *deviceMgrSuite) TestDeviceAssertionsModelAndSerial(c *C) {
// nothing in the state
s.state.Lock()
_, err := devicestate.Model(s.state)
s.state.Unlock()
c.Check(err, Equals, state.ErrNoState)
s.state.Lock()
_, err = devicestate.Serial(s.state)
s.state.Unlock()
c.Check(err, Equals, state.ErrNoState)
_, err = s.mgr.Model()
c.Check(err, Equals, state.ErrNoState)
_, err = s.mgr.Serial()
c.Check(err, Equals, state.ErrNoState)
// just brand and model
s.state.Lock()
auth.SetDevice(s.state, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
})
s.state.Unlock()
_, err = s.mgr.Model()
c.Check(err, Equals, state.ErrNoState)
_, err = s.mgr.Serial()
c.Check(err, Equals, state.ErrNoState)
// have a model assertion
model, err := s.storeSigning.Sign(asserts.ModelType, map[string]interface{}{
"series": "16",
"brand-id": "canonical",
"model": "pc",
"gadget": "pc",
"kernel": "kernel",
"architecture": "amd64",
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
s.state.Lock()
err = assertstate.Add(s.state, model)
s.state.Unlock()
c.Assert(err, IsNil)
mod, err := s.mgr.Model()
c.Assert(err, IsNil)
c.Assert(mod.BrandID(), Equals, "canonical")
s.state.Lock()
mod, err = devicestate.Model(s.state)
s.state.Unlock()
c.Assert(err, IsNil)
c.Assert(mod.BrandID(), Equals, "canonical")
_, err = s.mgr.Serial()
c.Check(err, Equals, state.ErrNoState)
// have a serial as well
s.state.Lock()
auth.SetDevice(s.state, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
Serial: "8989",
})
s.state.Unlock()
_, err = s.mgr.Model()
c.Assert(err, IsNil)
_, err = s.mgr.Serial()
c.Check(err, Equals, state.ErrNoState)
// have a serial assertion
devKey, _ := assertstest.GenerateKey(752)
encDevKey, err := asserts.EncodePublicKey(devKey.PublicKey())
c.Assert(err, IsNil)
serial, err := s.storeSigning.Sign(asserts.SerialType, map[string]interface{}{
"brand-id": "canonical",
"model": "pc",
"serial": "8989",
"device-key": string(encDevKey),
"device-key-sha3-384": devKey.PublicKey().ID(),
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
s.state.Lock()
err = assertstate.Add(s.state, serial)
s.state.Unlock()
c.Assert(err, IsNil)
_, err = s.mgr.Model()
c.Assert(err, IsNil)
ser, err := s.mgr.Serial()
c.Assert(err, IsNil)
c.Check(ser.Serial(), Equals, "8989")
s.state.Lock()
ser, err = devicestate.Serial(s.state)
s.state.Unlock()
c.Assert(err, IsNil)
c.Check(ser.Serial(), Equals, "8989")
}
func (s *fetcherSuite) SetUpTest(c *C) {
rootPrivKey, _ := assertstest.GenerateKey(1024)
storePrivKey, _ := assertstest.GenerateKey(752)
s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey)
}
"github.com/snapcore/snapd/asserts"
"github.com/snapcore/snapd/asserts/assertstest"
"github.com/snapcore/snapd/dirs"
"github.com/snapcore/snapd/interfaces"
"github.com/snapcore/snapd/overlord/assertstate"
"github.com/snapcore/snapd/overlord/ifacestate"
"github.com/snapcore/snapd/overlord/snapstate"
"github.com/snapcore/snapd/overlord/state"
"github.com/snapcore/snapd/snap"
"github.com/snapcore/snapd/snap/snaptest"
)
func TestInterfaceManager(t *testing.T) { TestingT(t) }
var (
rootKey, _ = assertstest.GenerateKey(752)
storeKey, _ = assertstest.GenerateKey(752)
)
type interfaceManagerSuite struct {
state *state.State
db *asserts.Database
privateMgr *ifacestate.InterfaceManager
extraIfaces []interfaces.Interface
secBackend *interfaces.TestSecurityBackend
restoreBackends func()
storeSigning *assertstest.StoreStack
}
var _ = Suite(&interfaceManagerSuite{})
devAcct *asserts.Account
o *overlord.Overlord
serveSnapPath string
serveRevision string
}
var (
_ = Suite(&mgrsSuite{})
_ = Suite(&authContextSetupSuite{})
)
var (
rootPrivKey, _ = assertstest.GenerateKey(1024)
storePrivKey, _ = assertstest.GenerateKey(752)
brandPrivKey, _ = assertstest.GenerateKey(752)
develPrivKey, _ = assertstest.GenerateKey(752)
deviceKey, _ = assertstest.GenerateKey(752)
)
func (ms *mgrsSuite) SetUpTest(c *C) {
ms.tempdir = c.MkDir()
dirs.SetRootDir(ms.tempdir)
err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755)
c.Assert(err, IsNil)
func (s *deviceMgrSuite) TestDeviceManagerEnsureSeedYamlRecover(c *C) {
release.OnClassic = false
restore := devicestate.MockPopulateStateFromSeed(func(*state.State) (ts []*state.TaskSet, err error) {
return nil, errors.New("should not be called")
})
defer restore()
s.state.Lock()
defer s.state.Unlock()
s.setupCore(c, "ubuntu-core", `
name: ubuntu-core
type: os
version: ubuntu-core
`, "")
// have a model assertion
model, err := s.storeSigning.Sign(asserts.ModelType, map[string]interface{}{
"series": "16",
"brand-id": "canonical",
"model": "pc",
"gadget": "pc",
"kernel": "kernel",
"architecture": "amd64",
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
err = assertstate.Add(s.state, model)
c.Assert(err, IsNil)
// have a serial assertion
devKey, _ := assertstest.GenerateKey(752)
encDevKey, err := asserts.EncodePublicKey(devKey.PublicKey())
keyID := devKey.PublicKey().ID()
c.Assert(err, IsNil)
serial, err := s.storeSigning.Sign(asserts.SerialType, map[string]interface{}{
"brand-id": "canonical",
"model": "pc",
"serial": "8989",
"device-key": string(encDevKey),
"device-key-sha3-384": keyID,
"timestamp": time.Now().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
err = assertstate.Add(s.state, serial)
c.Assert(err, IsNil)
// forgotten key id and serial
auth.SetDevice(s.state, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
})
// put key on disk
err = s.mgr.KeypairManager().Put(devKey)
c.Assert(err, IsNil)
// extra unused stuff
junk1 := filepath.Join(dirs.SnapDeviceDir, "private-keys-v1", "junkjunk1")
err = ioutil.WriteFile(junk1, nil, 0644)
c.Assert(err, IsNil)
junk2 := filepath.Join(dirs.SnapDeviceDir, "private-keys-v1", "junkjunk2")
err = ioutil.WriteFile(junk2, nil, 0644)
c.Assert(err, IsNil)
// double check
pat := filepath.Join(dirs.SnapDeviceDir, "private-keys-v1", "*")
onDisk, err := filepath.Glob(pat)
c.Assert(err, IsNil)
c.Check(onDisk, HasLen, 3)
s.state.Unlock()
err = s.mgr.EnsureSeedYaml()
s.state.Lock()
c.Assert(err, IsNil)
c.Check(s.state.Changes(), HasLen, 0)
var seeded bool
err = s.state.Get("seeded", &seeded)
c.Assert(err, IsNil)
c.Check(seeded, Equals, true)
device, err := auth.Device(s.state)
c.Assert(err, IsNil)
c.Check(device, DeepEquals, &auth.DeviceState{
Brand: "canonical",
Model: "pc",
KeyID: keyID,
Serial: "8989",
})
// key is still there
_, err = s.mgr.KeypairManager().Get(keyID)
c.Assert(err, IsNil)
onDisk, err = filepath.Glob(pat)
c.Assert(err, IsNil)
// junk was removed
c.Check(onDisk, HasLen, 1)
}