// BaseDeclaration returns the base-declaration assertion with policies governing all snaps.
func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error) {
// TODO: switch keeping this in the DB and have it revisioned/updated
// via the store
baseDecl := asserts.BuiltinBaseDeclaration()
if baseDecl == nil {
return nil, asserts.ErrNotFound
}
return baseDecl, nil
}
func (s *baseDeclSuite) TestBuiltin(c *C) {
baseDecl := asserts.BuiltinBaseDeclaration()
c.Check(baseDecl, IsNil)
defer asserts.InitBuiltinBaseDeclaration(nil)
const headers = `
type: base-declaration
authority-id: canonical
series: 16
revision: 0
plugs:
network: true
slots:
network:
allow-installation:
slot-snap-type:
- core
`
err := asserts.InitBuiltinBaseDeclaration([]byte(headers))
c.Assert(err, IsNil)
baseDecl = asserts.BuiltinBaseDeclaration()
c.Assert(baseDecl, NotNil)
cont, _ := baseDecl.Signature()
c.Check(string(cont), Equals, strings.TrimSpace(headers))
c.Check(baseDecl.AuthorityID(), Equals, "canonical")
c.Check(baseDecl.Series(), Equals, "16")
c.Check(baseDecl.PlugRule("network").AllowAutoConnection[0].SlotAttributes, Equals, asserts.AlwaysMatchAttributes)
c.Check(baseDecl.SlotRule("network").AllowInstallation[0].SlotSnapTypes, DeepEquals, []string{"core"})
enc := asserts.Encode(baseDecl)
// it's expected that it cannot be decoded
_, err = asserts.Decode(enc)
c.Check(err, NotNil)
}
// MockBuiltinBaseDeclaration mocks the builtin base-declaration exposed by asserts.BuiltinBaseDeclaration.
func MockBuiltinBaseDeclaration(headers []byte) (restore func()) {
var prevHeaders []byte
decl := asserts.BuiltinBaseDeclaration()
if decl != nil {
prevHeaders, _ = decl.Signature()
}
err := asserts.InitBuiltinBaseDeclaration(headers)
if err != nil {
panic(err)
}
return func() {
err := asserts.InitBuiltinBaseDeclaration(prevHeaders)
if err != nil {
panic(err)
}
}
}
func (s *baseDeclSuite) SetUpSuite(c *C) {
s.baseDecl = asserts.BuiltinBaseDeclaration()
}