func getSha(fn string) string {
snapDigest, _, err := asserts.SnapFileSHA3_384(fn)
if err != nil {
panic(err)
}
return hexify(snapDigest)
}
func (s *imageSuite) addSystemSnapAssertions(c *C, snapName string) {
snapID := snapName + "-Id"
decl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{
"series": "16",
"snap-id": snapID,
"snap-name": snapName,
"publisher-id": "can0nical",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(decl)
c.Assert(err, IsNil)
snapSHA3_384, snapSize, err := asserts.SnapFileSHA3_384(s.downloadedSnaps[snapName])
c.Assert(err, IsNil)
snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{
"snap-sha3-384": snapSHA3_384,
"snap-size": fmt.Sprintf("%d", snapSize),
"snap-id": snapID,
"snap-revision": s.storeSnapInfo[snapName].Revision.String(),
"developer-id": "can0nical",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(snapRev)
c.Assert(err, IsNil)
}
func (s *storeTestSuite) makeAssertions(c *C, snapFn, name, snapID, develName, develID string, revision int) {
dgst, size, err := asserts.SnapFileSHA3_384(snapFn)
c.Assert(err, IsNil)
info := essentialInfo{
Name: name,
SnapID: snapID,
DeveloperID: develID,
DevelName: develName,
Revision: revision,
Size: size,
Digest: dgst,
}
f, err := os.OpenFile(filepath.Join(s.store.assertDir, snapID+".fake.snap-declaration"), os.O_CREATE|os.O_WRONLY, 0644)
c.Assert(err, IsNil)
err = tSnapDecl.Execute(f, info)
c.Assert(err, IsNil)
f, err = os.OpenFile(filepath.Join(s.store.assertDir, dgst+".fake.snap-revision"), os.O_CREATE|os.O_WRONLY, 0644)
c.Assert(err, IsNil)
err = tSnapRev.Execute(f, info)
c.Assert(err, IsNil)
f, err = os.OpenFile(filepath.Join(s.store.assertDir, develID+".fake.account"), os.O_CREATE|os.O_WRONLY, 0644)
c.Assert(err, IsNil)
err = tAccount.Execute(f, info)
c.Assert(err, IsNil)
}
func main() {
sha3_384, _, err := asserts.SnapFileSHA3_384(os.Args[1])
if err != nil {
fmt.Fprintf(os.Stderr, "cannot compute digest: %v\n", err)
os.Exit(1)
}
fmt.Fprintf(os.Stdout, "%s\n", sha3_384)
}
// FetchAndCheckSnapAssertions fetches and cross checks the snap assertions matching the given snap file using the provided asserts.Fetcher and assertion database.
func FetchAndCheckSnapAssertions(snapPath string, info *snap.Info, f asserts.Fetcher, db asserts.RODatabase) error {
sha3_384, size, err := asserts.SnapFileSHA3_384(snapPath)
if err != nil {
return err
}
if err := snapasserts.FetchSnapAssertions(f, sha3_384); err != nil {
return fmt.Errorf("cannot fetch snap signatures/assertions: %v", err)
}
// cross checks
return snapasserts.CrossCheck(info.Name(), sha3_384, size, &info.SideInfo, db)
}
func snapEssentialInfo(w http.ResponseWriter, fn, snapID string, bs asserts.Backstore) (*essentialInfo, error) {
snapFile, err := snap.Open(fn)
if err != nil {
http.Error(w, fmt.Sprintf("cannot read: %v: %v", fn, err), http.StatusBadRequest)
return nil, errInfo
}
info, err := snap.ReadInfoFromSnapFile(snapFile, nil)
if err != nil {
http.Error(w, fmt.Sprintf("can get info for: %v: %v", fn, err), http.StatusBadRequest)
return nil, errInfo
}
snapDigest, size, err := asserts.SnapFileSHA3_384(fn)
if err != nil {
http.Error(w, fmt.Sprintf("can get digest for: %v: %v", fn, err), http.StatusBadRequest)
return nil, errInfo
}
snapRev, devAcct, err := findSnapRevision(snapDigest, bs)
if err != nil && err != asserts.ErrNotFound {
http.Error(w, fmt.Sprintf("can get info for: %v: %v", fn, err), http.StatusBadRequest)
return nil, errInfo
}
var devel, develID string
var revision int
if snapRev != nil {
snapID = snapRev.SnapID()
develID = snapRev.DeveloperID()
devel = devAcct.Username()
revision = snapRev.SnapRevision()
} else {
// XXX: fallback until we are always assertion based
develID = defaultDeveloperID
devel = defaultDeveloper
revision = makeRevision(info)
}
return &essentialInfo{
Name: info.Name(),
SnapID: snapID,
DeveloperID: develID,
DevelName: devel,
Revision: revision,
Version: info.Version,
Digest: snapDigest,
Size: size,
}, nil
}
func (x *cmdSignBuild) Execute(args []string) error {
if len(args) > 0 {
return ErrExtraArgs
}
snapDigest, snapSize, err := asserts.SnapFileSHA3_384(x.Positional.Filename)
if err != nil {
return err
}
gkm := asserts.NewGPGKeypairManager()
privKey, err := gkm.GetByName(x.KeyName)
if err != nil {
// TRANSLATORS: %q is the key name, %v the error message
return fmt.Errorf(i18n.G("cannot use %q key: %v"), x.KeyName, err)
}
pubKey := privKey.PublicKey()
timestamp := time.Now().Format(time.RFC3339)
headers := map[string]interface{}{
"developer-id": x.DeveloperID,
"authority-id": x.DeveloperID,
"snap-sha3-384": snapDigest,
"snap-id": x.SnapID,
"snap-size": fmt.Sprintf("%d", snapSize),
"grade": x.Grade,
"timestamp": timestamp,
}
adb, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: gkm,
})
if err != nil {
return fmt.Errorf(i18n.G("cannot open the assertions database: %v"), err)
}
a, err := adb.Sign(asserts.SnapBuildType, headers, nil, pubKey.ID())
if err != nil {
return fmt.Errorf(i18n.G("cannot sign assertion: %v"), err)
}
_, err = Stdout.Write(asserts.Encode(a))
if err != nil {
return err
}
return nil
}
func (s *snapFileDigestSuite) TestSnapFileSHA3_384(c *C) {
exData := []byte("hashmeplease")
tempdir := c.MkDir()
snapFn := filepath.Join(tempdir, "ex.snap")
err := ioutil.WriteFile(snapFn, exData, 0644)
c.Assert(err, IsNil)
encDgst, size, err := asserts.SnapFileSHA3_384(snapFn)
c.Assert(err, IsNil)
c.Check(size, Equals, uint64(len(exData)))
h3_384 := sha3.Sum384(exData)
expected := base64.RawURLEncoding.EncodeToString(h3_384[:])
c.Check(encDgst, DeepEquals, expected)
}
// DeriveSideInfo tries to construct a SideInfo for the given snap using its digest to find the relevant snap assertions with the information in the given database. It will fail with asserts.ErrNotFound if it cannot find them.
func DeriveSideInfo(snapPath string, db asserts.RODatabase) (*snap.SideInfo, error) {
snapSHA3_384, snapSize, err := asserts.SnapFileSHA3_384(snapPath)
if err != nil {
return nil, err
}
// get relevant assertions and reconstruct metadata
a, err := db.Find(asserts.SnapRevisionType, map[string]string{
"snap-sha3-384": snapSHA3_384,
})
if err != nil {
return nil, err
}
snapRev := a.(*asserts.SnapRevision)
if snapRev.SnapSize() != snapSize {
return nil, fmt.Errorf("snap %q does not have expected size according to signatures (broken or tampered): %d != %d", snapPath, snapSize, snapRev.SnapSize())
}
snapID := snapRev.SnapID()
snapDecl, err := findSnapDeclaration(snapID, snapPath, db)
if err != nil {
return nil, err
}
name := snapDecl.SnapName()
// TODO: once we are fully migrated to assertions this can
// be done dynamically later instead of statically here
a, err = db.Find(asserts.AccountType, map[string]string{
"account-id": snapRev.DeveloperID(),
})
if err != nil {
return nil, fmt.Errorf("internal error: cannot find developer account for snap %q (%q): %s", name, snapPath, snapRev.DeveloperID())
}
devAcct := a.(*asserts.Account)
return &snap.SideInfo{
RealName: name,
SnapID: snapID,
Revision: snap.R(snapRev.SnapRevision()),
DeveloperID: snapRev.DeveloperID(),
Developer: devAcct.Username(),
}, nil
}
func buildSnap(snapDir, targetDir string) (*info, error) {
// build in /var/tmp (which is not a tempfs)
cmd := exec.Command("snapbuild", snapDir, targetDir)
cmd.Env = append(os.Environ(), "TMPDIR=/var/tmp")
output, err := cmd.CombinedOutput()
if err != nil {
return nil, fmt.Errorf("building fake snap: %v, output: %s", err, output)
}
out := strings.TrimSpace(string(output))
if !strings.HasPrefix(out, "built: ") {
return nil, fmt.Errorf("building fake snap got unexpected output: %s", output)
}
fn := out[len("built: "):]
newDigest, size, err := asserts.SnapFileSHA3_384(fn)
if err != nil {
return nil, err
}
return &info{digest: newDigest, size: size}, nil
}
func (ms *mgrsSuite) makeStoreTestSnap(c *C, snapYaml string, revno string) (path, digest string) {
snapPath := makeTestSnap(c, snapYaml)
snapDigest, size, err := asserts.SnapFileSHA3_384(snapPath)
c.Assert(err, IsNil)
headers := map[string]interface{}{
"snap-id": fooSnapID,
"snap-sha3-384": snapDigest,
"snap-size": fmt.Sprintf("%d", size),
"snap-revision": revno,
"developer-id": "devdevdev",
"timestamp": time.Now().Format(time.RFC3339),
}
snapRev, err := ms.storeSigning.Sign(asserts.SnapRevisionType, headers, nil, "")
c.Assert(err, IsNil)
err = ms.storeSigning.Add(snapRev)
c.Assert(err, IsNil)
return snapPath, snapDigest
}
// doValidateSnap fetches the relevant assertions for the snap being installed and cross checks them with the snap.
func doValidateSnap(t *state.Task, _ *tomb.Tomb) error {
t.State().Lock()
defer t.State().Unlock()
ss, err := snapstate.TaskSnapSetup(t)
if err != nil {
return nil
}
sha3_384, snapSize, err := asserts.SnapFileSHA3_384(ss.SnapPath)
if err != nil {
return err
}
err = doFetch(t.State(), ss.UserID, func(f asserts.Fetcher) error {
return snapasserts.FetchSnapAssertions(f, sha3_384)
})
if notFound, ok := err.(*store.AssertionNotFoundError); ok {
if notFound.Ref.Type == asserts.SnapRevisionType {
return fmt.Errorf("cannot verify snap %q, no matching signatures found", ss.Name())
} else {
return fmt.Errorf("cannot find supported signatures to verify snap %q and its hash (%v)", ss.Name(), notFound)
}
}
if err != nil {
return err
}
db := DB(t.State())
err = snapasserts.CrossCheck(ss.Name(), sha3_384, snapSize, ss.SideInfo, db)
if err != nil {
// TODO: trigger a global sanity check
// that will generate the changes to deal with this
// for things like snap-decl revocation and renames?
return err
}
// TODO: set DeveloperID from assertions
return nil
}
func copySnap(snapName, targetDir string) (*info, error) {
baseDir := filepath.Join(dirs.SnapMountDir, snapName)
if _, err := os.Stat(baseDir); err != nil {
return nil, err
}
sourceDir := filepath.Join(baseDir, "current")
files, err := filepath.Glob(filepath.Join(sourceDir, "*"))
if err != nil {
return nil, err
}
revnoDir, err := filepath.EvalSymlinks(sourceDir)
if err != nil {
return nil, err
}
origRevision := filepath.Base(revnoDir)
for _, m := range files {
if err = exec.Command("sudo", "cp", "-a", m, targetDir).Run(); err != nil {
return nil, err
}
}
rev, err := snap.ParseRevision(origRevision)
if err != nil {
return nil, err
}
place := snap.MinimalPlaceInfo(snapName, rev)
origDigest, origSize, err := asserts.SnapFileSHA3_384(place.MountFile())
if err != nil {
return nil, err
}
return &info{revision: origRevision, size: origSize, digest: origDigest}, nil
}
func (s *FirstBootTestSuite) TestPopulateFromSeedHappyMultiAssertsFiles(c *C) {
// put a firstboot snap into the SnapBlobDir
snapYaml := `name: foo
version: 1.0`
mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
fooSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err := os.Rename(mockSnapFile, fooSnapFile)
c.Assert(err, IsNil)
// put a 2nd firstboot snap into the SnapBlobDir
snapYaml = `name: bar
version: 1.0`
mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
barSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err = os.Rename(mockSnapFile, barSnapFile)
c.Assert(err, IsNil)
devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{
"account-id": "developerid",
}, "")
snapDeclFoo, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{
"series": "16",
"snap-id": "foosnapidsnapid",
"publisher-id": "developerid",
"snap-name": "foo",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
sha3_384, size, err := asserts.SnapFileSHA3_384(fooSnapFile)
c.Assert(err, IsNil)
snapRevFoo, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{
"snap-sha3-384": sha3_384,
"snap-size": fmt.Sprintf("%d", size),
"snap-id": "foosnapidsnapid",
"developer-id": "developerid",
"snap-revision": "128",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
writeAssertionsToFile("foo.asserts", []asserts.Assertion{devAcct, snapRevFoo, snapDeclFoo})
snapDeclBar, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{
"series": "16",
"snap-id": "barsnapidsnapid",
"publisher-id": "developerid",
"snap-name": "bar",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
sha3_384, size, err = asserts.SnapFileSHA3_384(barSnapFile)
c.Assert(err, IsNil)
snapRevBar, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{
"snap-sha3-384": sha3_384,
"snap-size": fmt.Sprintf("%d", size),
"snap-id": "barsnapidsnapid",
"developer-id": "developerid",
"snap-revision": "65",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
writeAssertionsToFile("bar.asserts", []asserts.Assertion{devAcct, snapDeclBar, snapRevBar})
// add a model assertion and its chain
assertsChain := s.makeModelAssertionChain(c)
writeAssertionsToFile("model.asserts", assertsChain)
// create a seed.yaml
content := []byte(fmt.Sprintf(`
snaps:
- name: foo
file: %s
- name: bar
file: %s
`, filepath.Base(fooSnapFile), filepath.Base(barSnapFile)))
err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644)
c.Assert(err, IsNil)
// run the firstboot stuff
st := s.overlord.State()
st.Lock()
defer st.Unlock()
tsAll, err := devicestate.PopulateStateFromSeedImpl(st)
c.Assert(err, IsNil)
chg := st.NewChange("run-it", "run the populate from seed changes")
for _, ts := range tsAll {
chg.AddAll(ts)
}
c.Assert(st.Changes(), HasLen, 1)
st.Unlock()
s.overlord.Settle()
st.Lock()
c.Assert(chg.Err(), IsNil)
// and check the snap got correctly installed
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true)
// and check the snap got correctly installed
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "bar", "65", "meta", "snap.yaml")), Equals, true)
// verify
r, err := os.Open(dirs.SnapStateFile)
c.Assert(err, IsNil)
state, err := state.ReadState(nil, r)
c.Assert(err, IsNil)
state.Lock()
defer state.Unlock()
// check foo
info, err := snapstate.CurrentInfo(state, "foo")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "foosnapidsnapid")
c.Assert(info.Revision, Equals, snap.R(128))
c.Assert(info.DeveloperID, Equals, "developerid")
// check bar
info, err = snapstate.CurrentInfo(state, "bar")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "barsnapidsnapid")
c.Assert(info.Revision, Equals, snap.R(65))
c.Assert(info.DeveloperID, Equals, "developerid")
}
func (s *FirstBootTestSuite) TestPopulateFromSeedHappy(c *C) {
// put a firstboot snap into the SnapBlobDir
snapYaml := `name: foo
version: 1.0`
mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
targetSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err := os.Rename(mockSnapFile, targetSnapFile)
c.Assert(err, IsNil)
// put a firstboot local snap into the SnapBlobDir
snapYaml = `name: local
version: 1.0`
mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
targetSnapFile2 := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err = os.Rename(mockSnapFile, targetSnapFile2)
c.Assert(err, IsNil)
devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{
"account-id": "developerid",
}, "")
devAcctFn := filepath.Join(dirs.SnapSeedDir, "assertions", "developer.account")
err = ioutil.WriteFile(devAcctFn, asserts.Encode(devAcct), 0644)
c.Assert(err, IsNil)
snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{
"series": "16",
"snap-id": "snapidsnapid",
"publisher-id": "developerid",
"snap-name": "foo",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
declFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-declaration")
err = ioutil.WriteFile(declFn, asserts.Encode(snapDecl), 0644)
c.Assert(err, IsNil)
sha3_384, size, err := asserts.SnapFileSHA3_384(targetSnapFile)
c.Assert(err, IsNil)
snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{
"snap-sha3-384": sha3_384,
"snap-size": fmt.Sprintf("%d", size),
"snap-id": "snapidsnapid",
"developer-id": "developerid",
"snap-revision": "128",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
revFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-revision")
err = ioutil.WriteFile(revFn, asserts.Encode(snapRev), 0644)
c.Assert(err, IsNil)
// add a model assertion and its chain
assertsChain := s.makeModelAssertionChain(c)
for i, as := range assertsChain {
fn := filepath.Join(dirs.SnapSeedDir, "assertions", strconv.Itoa(i))
err := ioutil.WriteFile(fn, asserts.Encode(as), 0644)
c.Assert(err, IsNil)
}
// create a seed.yaml
content := []byte(fmt.Sprintf(`
snaps:
- name: foo
file: %s
devmode: true
- name: local
unasserted: true
file: %s
`, filepath.Base(targetSnapFile), filepath.Base(targetSnapFile2)))
err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644)
c.Assert(err, IsNil)
// run the firstboot stuff
st := s.overlord.State()
st.Lock()
defer st.Unlock()
tsAll, err := devicestate.PopulateStateFromSeedImpl(st)
c.Assert(err, IsNil)
// the last task of the last taskset must be mark-seeded
markSeededTask := tsAll[len(tsAll)-1].Tasks()[0]
c.Check(markSeededTask.Kind(), Equals, "mark-seeded")
// and the markSeededTask must wait for the other tasks
prevTasks := tsAll[len(tsAll)-2].Tasks()
otherTask := prevTasks[len(prevTasks)-1]
c.Check(markSeededTask.WaitTasks(), testutil.Contains, otherTask)
// now run the change and check the result
chg := st.NewChange("run-it", "run the populate from seed changes")
for _, ts := range tsAll {
chg.AddAll(ts)
}
c.Assert(st.Changes(), HasLen, 1)
st.Unlock()
s.overlord.Settle()
st.Lock()
c.Assert(chg.Err(), IsNil)
// and check the snap got correctly installed
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true)
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "local", "x1", "meta", "snap.yaml")), Equals, true)
// verify
r, err := os.Open(dirs.SnapStateFile)
c.Assert(err, IsNil)
state, err := state.ReadState(nil, r)
c.Assert(err, IsNil)
state.Lock()
defer state.Unlock()
// check foo
info, err := snapstate.CurrentInfo(state, "foo")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "snapidsnapid")
c.Assert(info.Revision, Equals, snap.R(128))
c.Assert(info.DeveloperID, Equals, "developerid")
var snapst snapstate.SnapState
err = snapstate.Get(state, "foo", &snapst)
c.Assert(err, IsNil)
c.Assert(snapst.DevMode, Equals, true)
// check local
info, err = snapstate.CurrentInfo(state, "local")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "")
c.Assert(info.Revision, Equals, snap.R("x1"))
c.Assert(info.DeveloperID, Equals, "")
// and ensure state is now considered seeded
var seeded bool
err = state.Get("seeded", &seeded)
c.Assert(err, IsNil)
c.Check(seeded, Equals, true)
}
func (s *FirstBootTestSuite) TestPopulateFromSeedHappy(c *C) {
// put a firstboot snap into the SnapBlobDir
snapYaml := `name: foo
version: 1.0`
mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
targetSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err := os.Rename(mockSnapFile, targetSnapFile)
c.Assert(err, IsNil)
// put a firstboot local snap into the SnapBlobDir
snapYaml = `name: local
version: 1.0`
mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil)
targetSnapFile2 := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile))
err = os.Rename(mockSnapFile, targetSnapFile2)
c.Assert(err, IsNil)
devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{
"account-id": "developerid",
}, "")
devAcctFn := filepath.Join(dirs.SnapSeedDir, "assertions", "developer.account")
err = ioutil.WriteFile(devAcctFn, asserts.Encode(devAcct), 0644)
c.Assert(err, IsNil)
snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{
"series": "16",
"snap-id": "snapidsnapid",
"publisher-id": "developerid",
"snap-name": "foo",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
declFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-declaration")
err = ioutil.WriteFile(declFn, asserts.Encode(snapDecl), 0644)
c.Assert(err, IsNil)
sha3_384, size, err := asserts.SnapFileSHA3_384(targetSnapFile)
c.Assert(err, IsNil)
snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{
"snap-sha3-384": sha3_384,
"snap-size": fmt.Sprintf("%d", size),
"snap-id": "snapidsnapid",
"developer-id": "developerid",
"snap-revision": "128",
"timestamp": time.Now().UTC().Format(time.RFC3339),
}, nil, "")
c.Assert(err, IsNil)
revFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-revision")
err = ioutil.WriteFile(revFn, asserts.Encode(snapRev), 0644)
c.Assert(err, IsNil)
// add a model assertion and its chain
assertsChain := s.makeModelAssertionChain(c)
for i, as := range assertsChain {
fn := filepath.Join(dirs.SnapSeedDir, "assertions", strconv.Itoa(i))
err := ioutil.WriteFile(fn, asserts.Encode(as), 0644)
c.Assert(err, IsNil)
}
// create a seed.yaml
content := []byte(fmt.Sprintf(`
snaps:
- name: foo
file: %s
devmode: true
- name: local
unasserted: true
file: %s
`, filepath.Base(targetSnapFile), filepath.Base(targetSnapFile2)))
err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644)
c.Assert(err, IsNil)
// run the firstboot stuff
err = boot.PopulateStateFromSeed()
c.Assert(err, IsNil)
// and check the snap got correctly installed
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true)
c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "local", "x1", "meta", "snap.yaml")), Equals, true)
// verify
r, err := os.Open(dirs.SnapStateFile)
c.Assert(err, IsNil)
state, err := state.ReadState(nil, r)
c.Assert(err, IsNil)
state.Lock()
defer state.Unlock()
// check foo
info, err := snapstate.CurrentInfo(state, "foo")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "snapidsnapid")
c.Assert(info.Revision, Equals, snap.R(128))
c.Assert(info.DeveloperID, Equals, "developerid")
var snapst snapstate.SnapState
err = snapstate.Get(state, "foo", &snapst)
c.Assert(err, IsNil)
c.Assert(snapst.DevMode(), Equals, true)
// check local
info, err = snapstate.CurrentInfo(state, "local")
c.Assert(err, IsNil)
c.Assert(info.SnapID, Equals, "")
c.Assert(info.Revision, Equals, snap.R("x1"))
c.Assert(info.DeveloperID, Equals, "")
}