func (sdbs *sysDBSuite) SetUpTest(c *C) { tmpdir := c.MkDir() pk, _ := assertstest.GenerateKey(752) signingDB := assertstest.NewSigningDB("can0nical", pk) trustedAcct := assertstest.NewAccount(signingDB, "can0nical", map[string]interface{}{ "account-id": "can0nical", "validation": "certified", "timestamp": "2015-11-20T15:04:00Z", }, "") trustedAccKey := assertstest.NewAccountKey(signingDB, trustedAcct, map[string]interface{}{ "account-id": "can0nical", "since": "2015-11-20T15:04:00Z", "until": "2500-11-20T15:04:00Z", }, pk.PublicKey(), "") sdbs.extraTrusted = []asserts.Assertion{trustedAcct, trustedAccKey} fakeRoot := filepath.Join(tmpdir, "root") err := os.Mkdir(fakeRoot, os.ModePerm) c.Assert(err, IsNil) dirs.SetRootDir(fakeRoot) sdbs.probeAssert = assertstest.NewAccount(signingDB, "probe", nil, "") }
func (s *assertMgrSuite) SetUpTest(c *C) { dirs.SetRootDir(c.MkDir()) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted) dev1PrivKey, _ := assertstest.GenerateKey(752) s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "") err := s.storeSigning.Add(s.dev1Acct) c.Assert(err, IsNil) // developer signing dev1AcctKey := assertstest.NewAccountKey(s.storeSigning, s.dev1Acct, nil, dev1PrivKey.PublicKey(), "") err = s.storeSigning.Add(dev1AcctKey) c.Assert(err, IsNil) s.dev1Signing = assertstest.NewSigningDB(s.dev1Acct.AccountID(), dev1PrivKey) s.state = state.New(nil) mgr, err := assertstate.Manager(s.state) c.Assert(err, IsNil) s.mgr = mgr s.state.Lock() snapstate.ReplaceStore(s.state, &fakeStore{ state: s.state, db: s.storeSigning, }) s.state.Unlock() }
func prereqDevAccount(c *C, storeDB assertstest.SignerDB, db *asserts.Database) { dev1Acct := assertstest.NewAccount(storeDB, "developer1", map[string]interface{}{ "account-id": "dev-id1", }, "") err := db.Add(dev1Acct) c.Assert(err, IsNil) }
func (s *fetcherSuite) prereqSnapAssertions(c *C, revisions ...int) { dev1Acct := assertstest.NewAccount(s.storeSigning, "developer1", nil, "") err := s.storeSigning.Add(dev1Acct) c.Assert(err, IsNil) headers := map[string]interface{}{ "series": "16", "snap-id": "snap-id-1", "snap-name": "foo", "publisher-id": dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(snapDecl) c.Assert(err, IsNil) for _, rev := range revisions { headers = map[string]interface{}{ "series": "16", "snap-id": "snap-id-1", "snap-sha3-384": makeDigest(rev), "snap-size": "1000", "snap-revision": fmt.Sprintf("%d", rev), "developer-id": dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(snapRev) c.Assert(err, IsNil) } }
func (s *snapassertsSuite) SetUpTest(c *C) { rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "") localDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: s.storeSigning.Trusted, }) c.Assert(err, IsNil) s.localDB = localDB // add in prereqs assertions err = s.localDB.Add(s.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) err = s.localDB.Add(s.dev1Acct) c.Assert(err, IsNil) headers := map[string]interface{}{ "series": "16", "snap-id": "snap-id-1", "snap-name": "foo", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.localDB.Add(snapDecl) c.Assert(err, IsNil) }
func (safs *signAddFindSuite) TestFindFindsTrustedAccountKeys(c *C) { pk1 := testPrivKey1 acct1 := assertstest.NewAccount(safs.signingDB, "acc-id1", map[string]interface{}{ "authority-id": "canonical", }, safs.signingKeyID) acct1Key := assertstest.NewAccountKey(safs.signingDB, acct1, map[string]interface{}{ "authority-id": "canonical", }, pk1.PublicKey(), safs.signingKeyID) err := safs.db.Add(acct1) c.Assert(err, IsNil) err = safs.db.Add(acct1Key) c.Assert(err, IsNil) // find the trusted key as well tKey, err := safs.db.Find(asserts.AccountKeyType, map[string]string{ "account-id": "canonical", "public-key-sha3-384": safs.signingKeyID, }) c.Assert(err, IsNil) c.Assert(tKey.(*asserts.AccountKey).AccountID(), Equals, "canonical") c.Assert(tKey.(*asserts.AccountKey).PublicKeyID(), Equals, safs.signingKeyID) // find trusted and indirectly trusted accKeys, err := safs.db.FindMany(asserts.AccountKeyType, nil) c.Assert(err, IsNil) c.Check(accKeys, HasLen, 2) }
func (s *SnapKeysSuite) TestExportKeyAccount(c *C) { rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) storeSigning := assertstest.NewStoreStack("canonical", rootPrivKey, storePrivKey) manager := asserts.NewGPGKeypairManager() assertstest.NewAccount(storeSigning, "developer1", nil, "") rest, err := snap.Parser().ParseArgs([]string{"export-key", "another", "--account=developer1"}) c.Assert(err, IsNil) c.Assert(rest, DeepEquals, []string{}) assertion, err := asserts.Decode(s.stdout.Bytes()) c.Assert(err, IsNil) c.Check(assertion.Type(), Equals, asserts.AccountKeyRequestType) c.Check(assertion.Revision(), Equals, 0) c.Check(assertion.HeaderString("account-id"), Equals, "developer1") c.Check(assertion.HeaderString("name"), Equals, "another") c.Check(assertion.HeaderString("public-key-sha3-384"), Equals, "DVQf1U4mIsuzlQqAebjjTPYtYJ-GEhJy0REuj3zvpQYTZ7EJj7adBxIXLJ7Vmk3L") since, err := time.Parse(time.RFC3339, assertion.HeaderString("since")) c.Assert(err, IsNil) zone, offset := since.Zone() c.Check(zone, Equals, "UTC") c.Check(offset, Equals, 0) c.Check(s.Stderr(), Equals, "") privKey, err := manager.Get(assertion.HeaderString("public-key-sha3-384")) c.Assert(err, IsNil) err = asserts.SignatureCheck(assertion, privKey.PublicKey()) c.Assert(err, IsNil) }
func (ms *mgrsSuite) SetUpTest(c *C) { ms.tempdir = c.MkDir() dirs.SetRootDir(ms.tempdir) err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755) c.Assert(err, IsNil) os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1") // create a fake systemd environment os.MkdirAll(filepath.Join(dirs.SnapServicesDir, "multi-user.target.wants"), 0755) ms.prevctlCmd = systemd.SystemctlCmd systemd.SystemctlCmd = func(cmd ...string) ([]byte, error) { return []byte("ActiveState=inactive\n"), nil } ms.aa = testutil.MockCommand(c, "apparmor_parser", "") ms.udev = testutil.MockCommand(c, "udevadm", "") ms.umount = testutil.MockCommand(c, "umount", "") ms.snapDiscardNs = testutil.MockCommand(c, "snap-discard-ns", "") dirs.LibExecDir = ms.snapDiscardNs.BinDir() ms.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) ms.restoreTrusted = sysdb.InjectTrusted(ms.storeSigning.Trusted) ms.devAcct = assertstest.NewAccount(ms.storeSigning, "devdevev", map[string]interface{}{ "account-id": "devdevdev", }, "") err = ms.storeSigning.Add(ms.devAcct) c.Assert(err, IsNil) o, err := overlord.New() c.Assert(err, IsNil) ms.o = o }
func (s *interfaceManagerSuite) mockSnapDecl(c *C, name, publisher string, extraHeaders map[string]interface{}) { _, err := s.db.Find(asserts.AccountType, map[string]string{ "account-id": publisher, }) if err == asserts.ErrNotFound { acct := assertstest.NewAccount(s.storeSigning, publisher, map[string]interface{}{ "account-id": publisher, }, "") err = s.db.Add(acct) } c.Assert(err, IsNil) headers := map[string]interface{}{ "series": "16", "snap-name": name, "publisher-id": publisher, "snap-id": (name + strings.Repeat("id", 16))[:32], "timestamp": time.Now().Format(time.RFC3339), } for k, v := range extraHeaders { headers[k] = v } snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.db.Add(snapDecl) c.Assert(err, IsNil) }
func setup3rdPartySigning(c *C, username string, storeDB *assertstest.SigningDB, checkDB *asserts.Database) (signingDB *assertstest.SigningDB) { privKey := testPrivKey2 acct := assertstest.NewAccount(storeDB, username, map[string]interface{}{ "account-id": username, }, "") accKey := assertstest.NewAccountKey(storeDB, acct, nil, privKey.PublicKey(), "") err := checkDB.Add(acct) c.Assert(err, IsNil) err = checkDB.Add(accKey) c.Assert(err, IsNil) return assertstest.NewSigningDB(acct.AccountID(), privKey) }
func (aks *accountKeySuite) TestAccountKeyCheckSameNameAndDifferentAccount(c *C) { trustedKey := testPrivKey0 headers := map[string]interface{}{ "authority-id": "canonical", "account-id": "acc-id1", "name": "default", "public-key-sha3-384": aks.keyID, "since": aks.since.Format(time.RFC3339), "until": aks.until.Format(time.RFC3339), } accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(aks.pubKeyBody), trustedKey) c.Assert(err, IsNil) db := aks.openDB(c) err = db.ImportKey(trustedKey) c.Assert(err, IsNil) aks.prereqAccount(c, db) err = db.Add(accKey) c.Assert(err, IsNil) newPrivKey, _ := assertstest.GenerateKey(752) err = db.ImportKey(newPrivKey) c.Assert(err, IsNil) newPubKey, err := db.PublicKey(newPrivKey.PublicKey().ID()) c.Assert(err, IsNil) newPubKeyEncoded, err := asserts.EncodePublicKey(newPubKey) c.Assert(err, IsNil) acct2 := assertstest.NewAccount(db, "acc-id2", map[string]interface{}{ "authority-id": "canonical", "account-id": "acc-id2", }, trustedKey.PublicKey().ID()) db.Add(acct2) headers["account-id"] = "acc-id2" headers["public-key-sha3-384"] = newPubKey.ID() headers["revision"] = "1" newAccKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, newPubKeyEncoded, trustedKey) c.Assert(err, IsNil) err = db.Check(newAccKey) c.Assert(err, IsNil) }
func (safs *signAddFindSuite) TestFindTrusted(c *C) { pk1 := testPrivKey1 acct1 := assertstest.NewAccount(safs.signingDB, "acc-id1", map[string]interface{}{ "authority-id": "canonical", }, safs.signingKeyID) acct1Key := assertstest.NewAccountKey(safs.signingDB, acct1, map[string]interface{}{ "authority-id": "canonical", }, pk1.PublicKey(), safs.signingKeyID) err := safs.db.Add(acct1) c.Assert(err, IsNil) err = safs.db.Add(acct1Key) c.Assert(err, IsNil) // find the trusted account tAcct, err := safs.db.FindTrusted(asserts.AccountType, map[string]string{ "account-id": "canonical", }) c.Assert(err, IsNil) c.Assert(tAcct.(*asserts.Account).AccountID(), Equals, "canonical") // find the trusted key tKey, err := safs.db.FindTrusted(asserts.AccountKeyType, map[string]string{ "account-id": "canonical", "public-key-sha3-384": safs.signingKeyID, }) c.Assert(err, IsNil) c.Assert(tKey.(*asserts.AccountKey).AccountID(), Equals, "canonical") c.Assert(tKey.(*asserts.AccountKey).PublicKeyID(), Equals, safs.signingKeyID) // doesn't find not trusted assertions _, err = safs.db.FindTrusted(asserts.AccountType, map[string]string{ "account-id": acct1.AccountID(), }) c.Check(err, Equals, asserts.ErrNotFound) _, err = safs.db.FindTrusted(asserts.AccountKeyType, map[string]string{ "account-id": acct1.AccountID(), "public-key-sha3-384": acct1Key.PublicKeyID(), }) c.Check(err, Equals, asserts.ErrNotFound) }
func (gkms *gpgKeypairMgrSuite) TestUseInSigning(c *C) { store := assertstest.NewStoreStack("trusted", testPrivKey0, testPrivKey1) devKey, err := gkms.keypairMgr.Get(assertstest.DevKeyID) c.Assert(err, IsNil) devAcct := assertstest.NewAccount(store, "devel1", map[string]interface{}{ "account-id": "dev1-id", }, "") devAccKey := assertstest.NewAccountKey(store, devAcct, nil, devKey.PublicKey(), "") signDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ KeypairManager: gkms.keypairMgr, }) c.Assert(err, IsNil) checkDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: store.Trusted, }) c.Assert(err, IsNil) // add store key err = checkDB.Add(store.StoreAccountKey("")) c.Assert(err, IsNil) // enable devel key err = checkDB.Add(devAcct) c.Assert(err, IsNil) err = checkDB.Add(devAccKey) c.Assert(err, IsNil) headers := map[string]interface{}{ "authority-id": "dev1-id", "snap-sha3-384": blobSHA3_384, "snap-id": "snap-id-1", "grade": "devel", "snap-size": "1025", "timestamp": time.Now().Format(time.RFC3339), } snapBuild, err := signDB.Sign(asserts.SnapBuildType, headers, nil, assertstest.DevKeyID) c.Assert(err, IsNil) err = checkDB.Check(snapBuild) c.Check(err, IsNil) }
func (s *FirstBootTestSuite) makeModelAssertionChain(c *C) []asserts.Assertion { assertChain := []asserts.Assertion{} brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") assertChain = append(assertChain, brandAcct) brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, s.brandPrivKey.PublicKey(), "") assertChain = append(assertChain, brandAccKey) model := s.makeModelAssertion(c, "my-model") assertChain = append(assertChain, model) storeAccountKey := s.storeSigning.StoreAccountKey("") assertChain = append(assertChain, storeAccountKey) return assertChain }
func (s *imageSuite) SetUpTest(c *C) { s.root = c.MkDir() s.bootloader = boottest.NewMockBootloader("grub", c.MkDir()) partition.ForceBootloader(s.bootloader) s.stdout = bytes.NewBuffer(nil) image.Stdout = s.stdout s.downloadedSnaps = make(map[string]string) s.storeSnapInfo = make(map[string]*snap.Info) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) brandPrivKey, _ := assertstest.GenerateKey(752) s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey) brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") s.storeSigning.Add(brandAcct) brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "") s.storeSigning.Add(brandAccKey) model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{ "series": "16", "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "architecture": "amd64", "gadget": "pc", "kernel": "pc-kernel", "required-snaps": []interface{}{"required-snap1"}, "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.model = model.(*asserts.Model) }
func (s *authContextSetupSuite) SetUpTest(c *C) { tempdir := c.MkDir() dirs.SetRootDir(tempdir) err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755) c.Assert(err, IsNil) captureAuthContext := func(_ *store.Config, ac auth.AuthContext) *store.Store { s.ac = ac return nil } r := overlord.MockStoreNew(captureAuthContext) defer r() s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.restoreTrusted = sysdb.InjectTrusted(s.storeSigning.Trusted) s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey) brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") s.storeSigning.Add(brandAcct) brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "") s.storeSigning.Add(brandAccKey) model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{ "series": "16", "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "architecture": "amd64", "store": "my-brand-store-id", "gadget": "pc", "kernel": "pc-kernel", "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.model = model.(*asserts.Model) encDevKey, err := asserts.EncodePublicKey(deviceKey.PublicKey()) c.Assert(err, IsNil) serial, err := s.brandSigning.Sign(asserts.SerialType, map[string]interface{}{ "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "serial": "7878", "device-key": string(encDevKey), "device-key-sha3-384": deviceKey.PublicKey().ID(), "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.serial = serial.(*asserts.Serial) o, err := overlord.New() c.Assert(err, IsNil) s.o = o st := o.State() st.Lock() defer st.Unlock() prereqs := []asserts.Assertion{s.storeSigning.StoreAccountKey(""), brandAcct, brandAccKey} for _, a := range prereqs { err = assertstate.Add(st, a) c.Assert(err, IsNil) } }
func (s *FirstBootTestSuite) TestPopulateFromSeedHappy(c *C) { // put a firstboot snap into the SnapBlobDir snapYaml := `name: foo version: 1.0` mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) targetSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err := os.Rename(mockSnapFile, targetSnapFile) c.Assert(err, IsNil) // put a firstboot local snap into the SnapBlobDir snapYaml = `name: local version: 1.0` mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) targetSnapFile2 := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err = os.Rename(mockSnapFile, targetSnapFile2) c.Assert(err, IsNil) devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{ "account-id": "developerid", }, "") devAcctFn := filepath.Join(dirs.SnapSeedDir, "assertions", "developer.account") err = ioutil.WriteFile(devAcctFn, asserts.Encode(devAcct), 0644) c.Assert(err, IsNil) snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{ "series": "16", "snap-id": "snapidsnapid", "publisher-id": "developerid", "snap-name": "foo", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) declFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-declaration") err = ioutil.WriteFile(declFn, asserts.Encode(snapDecl), 0644) c.Assert(err, IsNil) sha3_384, size, err := asserts.SnapFileSHA3_384(targetSnapFile) c.Assert(err, IsNil) snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{ "snap-sha3-384": sha3_384, "snap-size": fmt.Sprintf("%d", size), "snap-id": "snapidsnapid", "developer-id": "developerid", "snap-revision": "128", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) revFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-revision") err = ioutil.WriteFile(revFn, asserts.Encode(snapRev), 0644) c.Assert(err, IsNil) // add a model assertion and its chain assertsChain := s.makeModelAssertionChain(c) for i, as := range assertsChain { fn := filepath.Join(dirs.SnapSeedDir, "assertions", strconv.Itoa(i)) err := ioutil.WriteFile(fn, asserts.Encode(as), 0644) c.Assert(err, IsNil) } // create a seed.yaml content := []byte(fmt.Sprintf(` snaps: - name: foo file: %s devmode: true - name: local unasserted: true file: %s `, filepath.Base(targetSnapFile), filepath.Base(targetSnapFile2))) err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644) c.Assert(err, IsNil) // run the firstboot stuff st := s.overlord.State() st.Lock() defer st.Unlock() tsAll, err := devicestate.PopulateStateFromSeedImpl(st) c.Assert(err, IsNil) // the last task of the last taskset must be mark-seeded markSeededTask := tsAll[len(tsAll)-1].Tasks()[0] c.Check(markSeededTask.Kind(), Equals, "mark-seeded") // and the markSeededTask must wait for the other tasks prevTasks := tsAll[len(tsAll)-2].Tasks() otherTask := prevTasks[len(prevTasks)-1] c.Check(markSeededTask.WaitTasks(), testutil.Contains, otherTask) // now run the change and check the result chg := st.NewChange("run-it", "run the populate from seed changes") for _, ts := range tsAll { chg.AddAll(ts) } c.Assert(st.Changes(), HasLen, 1) st.Unlock() s.overlord.Settle() st.Lock() c.Assert(chg.Err(), IsNil) // and check the snap got correctly installed c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true) c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "local", "x1", "meta", "snap.yaml")), Equals, true) // verify r, err := os.Open(dirs.SnapStateFile) c.Assert(err, IsNil) state, err := state.ReadState(nil, r) c.Assert(err, IsNil) state.Lock() defer state.Unlock() // check foo info, err := snapstate.CurrentInfo(state, "foo") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "snapidsnapid") c.Assert(info.Revision, Equals, snap.R(128)) c.Assert(info.DeveloperID, Equals, "developerid") var snapst snapstate.SnapState err = snapstate.Get(state, "foo", &snapst) c.Assert(err, IsNil) c.Assert(snapst.DevMode, Equals, true) // check local info, err = snapstate.CurrentInfo(state, "local") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "") c.Assert(info.Revision, Equals, snap.R("x1")) c.Assert(info.DeveloperID, Equals, "") // and ensure state is now considered seeded var seeded bool err = state.Get("seeded", &seeded) c.Assert(err, IsNil) c.Check(seeded, Equals, true) }
func (s *FirstBootTestSuite) TestPopulateFromSeedHappyMultiAssertsFiles(c *C) { // put a firstboot snap into the SnapBlobDir snapYaml := `name: foo version: 1.0` mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) fooSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err := os.Rename(mockSnapFile, fooSnapFile) c.Assert(err, IsNil) // put a 2nd firstboot snap into the SnapBlobDir snapYaml = `name: bar version: 1.0` mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) barSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err = os.Rename(mockSnapFile, barSnapFile) c.Assert(err, IsNil) devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{ "account-id": "developerid", }, "") snapDeclFoo, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{ "series": "16", "snap-id": "foosnapidsnapid", "publisher-id": "developerid", "snap-name": "foo", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) sha3_384, size, err := asserts.SnapFileSHA3_384(fooSnapFile) c.Assert(err, IsNil) snapRevFoo, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{ "snap-sha3-384": sha3_384, "snap-size": fmt.Sprintf("%d", size), "snap-id": "foosnapidsnapid", "developer-id": "developerid", "snap-revision": "128", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) writeAssertionsToFile("foo.asserts", []asserts.Assertion{devAcct, snapRevFoo, snapDeclFoo}) snapDeclBar, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{ "series": "16", "snap-id": "barsnapidsnapid", "publisher-id": "developerid", "snap-name": "bar", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) sha3_384, size, err = asserts.SnapFileSHA3_384(barSnapFile) c.Assert(err, IsNil) snapRevBar, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{ "snap-sha3-384": sha3_384, "snap-size": fmt.Sprintf("%d", size), "snap-id": "barsnapidsnapid", "developer-id": "developerid", "snap-revision": "65", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) writeAssertionsToFile("bar.asserts", []asserts.Assertion{devAcct, snapDeclBar, snapRevBar}) // add a model assertion and its chain assertsChain := s.makeModelAssertionChain(c) writeAssertionsToFile("model.asserts", assertsChain) // create a seed.yaml content := []byte(fmt.Sprintf(` snaps: - name: foo file: %s - name: bar file: %s `, filepath.Base(fooSnapFile), filepath.Base(barSnapFile))) err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644) c.Assert(err, IsNil) // run the firstboot stuff st := s.overlord.State() st.Lock() defer st.Unlock() tsAll, err := devicestate.PopulateStateFromSeedImpl(st) c.Assert(err, IsNil) chg := st.NewChange("run-it", "run the populate from seed changes") for _, ts := range tsAll { chg.AddAll(ts) } c.Assert(st.Changes(), HasLen, 1) st.Unlock() s.overlord.Settle() st.Lock() c.Assert(chg.Err(), IsNil) // and check the snap got correctly installed c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true) // and check the snap got correctly installed c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "bar", "65", "meta", "snap.yaml")), Equals, true) // verify r, err := os.Open(dirs.SnapStateFile) c.Assert(err, IsNil) state, err := state.ReadState(nil, r) c.Assert(err, IsNil) state.Lock() defer state.Unlock() // check foo info, err := snapstate.CurrentInfo(state, "foo") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "foosnapidsnapid") c.Assert(info.Revision, Equals, snap.R(128)) c.Assert(info.DeveloperID, Equals, "developerid") // check bar info, err = snapstate.CurrentInfo(state, "bar") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "barsnapidsnapid") c.Assert(info.Revision, Equals, snap.R(65)) c.Assert(info.DeveloperID, Equals, "developerid") }
func (ms *mgrsSuite) TestInstallKernelSnapUpdatesBootloader(c *C) { bootloader := boottest.NewMockBootloader("mock", c.MkDir()) partition.ForceBootloader(bootloader) defer partition.ForceBootloader(nil) restore := release.MockOnClassic(false) defer restore() brandAcct := assertstest.NewAccount(ms.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") brandAccKey := assertstest.NewAccountKey(ms.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "") brandSigning := assertstest.NewSigningDB("my-brand", brandPrivKey) model, err := brandSigning.Sign(asserts.ModelType, map[string]interface{}{ "series": "16", "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "architecture": "amd64", "store": "my-brand-store-id", "gadget": "gadget", "kernel": "krnl", "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) const packageKernel = ` name: krnl version: 4.0-1 type: kernel` files := [][]string{ {"kernel.img", "I'm a kernel"}, {"initrd.img", "...and I'm an initrd"}, {"meta/kernel.yaml", "version: 4.2"}, } snapPath := snaptest.MakeTestSnapWithFiles(c, packageKernel, files) st := ms.o.State() st.Lock() defer st.Unlock() // setup model assertion err = assertstate.Add(st, ms.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) err = assertstate.Add(st, brandAcct) c.Assert(err, IsNil) err = assertstate.Add(st, brandAccKey) c.Assert(err, IsNil) auth.SetDevice(st, &auth.DeviceState{ Brand: "my-brand", Model: "my-model", }) err = assertstate.Add(st, model) c.Assert(err, IsNil) ts, err := snapstate.InstallPath(st, &snap.SideInfo{RealName: "krnl"}, snapPath, "", snapstate.Flags{}) c.Assert(err, IsNil) chg := st.NewChange("install-snap", "...") chg.AddAll(ts) st.Unlock() err = ms.o.Settle() st.Lock() c.Assert(err, IsNil) c.Assert(chg.Status(), Equals, state.DoneStatus, Commentf("install-snap change failed with: %v", chg.Err())) c.Assert(bootloader.BootVars, DeepEquals, map[string]string{ "snap_try_kernel": "krnl_x1.snap", "snap_mode": "try", }) }
func (s *FirstBootTestSuite) TestPopulateFromSeedHappy(c *C) { // put a firstboot snap into the SnapBlobDir snapYaml := `name: foo version: 1.0` mockSnapFile := snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) targetSnapFile := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err := os.Rename(mockSnapFile, targetSnapFile) c.Assert(err, IsNil) // put a firstboot local snap into the SnapBlobDir snapYaml = `name: local version: 1.0` mockSnapFile = snaptest.MakeTestSnapWithFiles(c, snapYaml, nil) targetSnapFile2 := filepath.Join(dirs.SnapSeedDir, "snaps", filepath.Base(mockSnapFile)) err = os.Rename(mockSnapFile, targetSnapFile2) c.Assert(err, IsNil) devAcct := assertstest.NewAccount(s.storeSigning, "developer", map[string]interface{}{ "account-id": "developerid", }, "") devAcctFn := filepath.Join(dirs.SnapSeedDir, "assertions", "developer.account") err = ioutil.WriteFile(devAcctFn, asserts.Encode(devAcct), 0644) c.Assert(err, IsNil) snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, map[string]interface{}{ "series": "16", "snap-id": "snapidsnapid", "publisher-id": "developerid", "snap-name": "foo", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) declFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-declaration") err = ioutil.WriteFile(declFn, asserts.Encode(snapDecl), 0644) c.Assert(err, IsNil) sha3_384, size, err := asserts.SnapFileSHA3_384(targetSnapFile) c.Assert(err, IsNil) snapRev, err := s.storeSigning.Sign(asserts.SnapRevisionType, map[string]interface{}{ "snap-sha3-384": sha3_384, "snap-size": fmt.Sprintf("%d", size), "snap-id": "snapidsnapid", "developer-id": "developerid", "snap-revision": "128", "timestamp": time.Now().UTC().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) revFn := filepath.Join(dirs.SnapSeedDir, "assertions", "foo.snap-revision") err = ioutil.WriteFile(revFn, asserts.Encode(snapRev), 0644) c.Assert(err, IsNil) // add a model assertion and its chain assertsChain := s.makeModelAssertionChain(c) for i, as := range assertsChain { fn := filepath.Join(dirs.SnapSeedDir, "assertions", strconv.Itoa(i)) err := ioutil.WriteFile(fn, asserts.Encode(as), 0644) c.Assert(err, IsNil) } // create a seed.yaml content := []byte(fmt.Sprintf(` snaps: - name: foo file: %s devmode: true - name: local unasserted: true file: %s `, filepath.Base(targetSnapFile), filepath.Base(targetSnapFile2))) err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), content, 0644) c.Assert(err, IsNil) // run the firstboot stuff err = boot.PopulateStateFromSeed() c.Assert(err, IsNil) // and check the snap got correctly installed c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "foo", "128", "meta", "snap.yaml")), Equals, true) c.Check(osutil.FileExists(filepath.Join(dirs.SnapMountDir, "local", "x1", "meta", "snap.yaml")), Equals, true) // verify r, err := os.Open(dirs.SnapStateFile) c.Assert(err, IsNil) state, err := state.ReadState(nil, r) c.Assert(err, IsNil) state.Lock() defer state.Unlock() // check foo info, err := snapstate.CurrentInfo(state, "foo") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "snapidsnapid") c.Assert(info.Revision, Equals, snap.R(128)) c.Assert(info.DeveloperID, Equals, "developerid") var snapst snapstate.SnapState err = snapstate.Get(state, "foo", &snapst) c.Assert(err, IsNil) c.Assert(snapst.DevMode(), Equals, true) // check local info, err = snapstate.CurrentInfo(state, "local") c.Assert(err, IsNil) c.Assert(info.SnapID, Equals, "") c.Assert(info.Revision, Equals, snap.R("x1")) c.Assert(info.DeveloperID, Equals, "") }