func (chks *checkSuite) TestCheckUnsupportedFormat(c *C) { trustedKey := testPrivKey0 cfg := &asserts.DatabaseConfig{ Backstore: chks.bs, Trusted: []asserts.Assertion{asserts.BootstrapAccountKeyForTest("canonical", trustedKey.PublicKey())}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) var a asserts.Assertion (func() { restore := asserts.MockMaxSupportedFormat(asserts.TestOnlyType, 77) defer restore() var err error headers := map[string]interface{}{ "authority-id": "canonical", "primary-key": "0", "format": "77", } a, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, trustedKey) c.Assert(err, IsNil) })() err = db.Check(a) c.Assert(err, FitsTypeOf, &asserts.UnsupportedFormatError{}) c.Check(err, ErrorMatches, `proposed "test-only" assertion has format 77 but 1 is latest supported`) }
func (s *assertMgrSuite) TestValidateSnapSnapDeclIsTooNewFirstInstall(c *C) { c.Skip("the assertion service will make this scenario not possible") s.prereqSnapAssertions(c, 10) tempdir := c.MkDir() snapPath := filepath.Join(tempdir, "foo.snap") err := ioutil.WriteFile(snapPath, fakeSnap(10), 0644) c.Assert(err, IsNil) // update snap decl with one that is too new (func() { restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999) defer restore() headers := map[string]interface{}{ "format": "999", "revision": "1", "series": "16", "snap-id": "snap-id-1", "snap-name": "foo", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(snapDecl) c.Assert(err, IsNil) })() s.state.Lock() defer s.state.Unlock() chg := s.state.NewChange("install", "...") t := s.state.NewTask("validate-snap", "Fetch and check snap assertions") ss := snapstate.SnapSetup{ SnapPath: snapPath, UserID: 0, SideInfo: &snap.SideInfo{ RealName: "foo", SnapID: "snap-id-1", Revision: snap.R(10), }, } t.Set("snap-setup", ss) chg.AddTask(t) s.state.Unlock() defer s.mgr.Stop() s.settle() s.state.Lock() c.Assert(chg.Err(), ErrorMatches, `(?s).*proposed "snap-declaration" assertion has format 999 but 0 is latest supported.*`) }
func (s *assertMgrSuite) TestBatchAddUnsupported(c *C) { batch := assertstate.NewBatch() var a asserts.Assertion (func() { restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999) defer restore() headers := map[string]interface{}{ "format": "999", "revision": "1", "series": "16", "snap-id": "snap-id-1", "snap-name": "foo", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } var err error a, err = s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) })() err := batch.Add(a) c.Check(err, ErrorMatches, `proposed "snap-declaration" assertion has format 999 but 1 is latest supported`) }
func (s *assertMgrSuite) TestRefreshSnapDeclarations(c *C) { s.state.Lock() defer s.state.Unlock() snapDeclFoo := s.snapDecl(c, "foo", nil) snapDeclBar := s.snapDecl(c, "bar", nil) s.stateFromDecl(snapDeclFoo, snap.R(7)) s.stateFromDecl(snapDeclBar, snap.R(3)) snapstate.Set(s.state, "local", &snapstate.SnapState{ Active: false, Sequence: []*snap.SideInfo{ {RealName: "local", Revision: snap.R(-1)}, }, Current: snap.R(-1), }) // previous state err := assertstate.Add(s.state, s.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) err = assertstate.Add(s.state, s.dev1Acct) c.Assert(err, IsNil) err = assertstate.Add(s.state, snapDeclFoo) c.Assert(err, IsNil) err = assertstate.Add(s.state, snapDeclBar) c.Assert(err, IsNil) // one changed assertion headers := map[string]interface{}{ "series": "16", "snap-id": "foo-id", "snap-name": "fo-o", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), "revision": "1", } snapDeclFoo1, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(snapDeclFoo1) c.Assert(err, IsNil) err = assertstate.RefreshSnapDeclarations(s.state, 0) c.Assert(err, IsNil) a, err := assertstate.DB(s.state).Find(asserts.SnapDeclarationType, map[string]string{ "series": "16", "snap-id": "foo-id", }) c.Assert(err, IsNil) c.Check(a.(*asserts.SnapDeclaration).SnapName(), Equals, "fo-o") // another one // one changed assertion headers = s.dev1Acct.Headers() headers["display-name"] = "Dev 1 edited display-name" headers["revision"] = "1" dev1Acct1, err := s.storeSigning.Sign(asserts.AccountType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(dev1Acct1) c.Assert(err, IsNil) err = assertstate.RefreshSnapDeclarations(s.state, 0) c.Assert(err, IsNil) a, err = assertstate.DB(s.state).Find(asserts.AccountType, map[string]string{ "account-id": s.dev1Acct.AccountID(), }) c.Assert(err, IsNil) c.Check(a.(*asserts.Account).DisplayName(), Equals, "Dev 1 edited display-name") // change snap decl to something that has a too new format (func() { restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999) defer restore() headers := map[string]interface{}{ "format": "999", "series": "16", "snap-id": "foo-id", "snap-name": "foo", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), "revision": "2", } snapDeclFoo2, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.storeSigning.Add(snapDeclFoo2) c.Assert(err, IsNil) })() // no error, kept the old one err = assertstate.RefreshSnapDeclarations(s.state, 0) c.Assert(err, IsNil) a, err = assertstate.DB(s.state).Find(asserts.SnapDeclarationType, map[string]string{ "series": "16", "snap-id": "foo-id", }) c.Assert(err, IsNil) c.Check(a.(*asserts.SnapDeclaration).SnapName(), Equals, "fo-o") c.Check(a.(*asserts.SnapDeclaration).Revision(), Equals, 1) }