func (chks *checkSuite) TestCheckUnsupportedFormat(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
Trusted: []asserts.Assertion{asserts.BootstrapAccountKeyForTest("canonical", trustedKey.PublicKey())},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
var a asserts.Assertion
(func() {
restore := asserts.MockMaxSupportedFormat(asserts.TestOnlyType, 77)
defer restore()
var err error
headers := map[string]interface{}{
"authority-id": "canonical",
"primary-key": "0",
"format": "77",
}
a, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, trustedKey)
c.Assert(err, IsNil)
})()
err = db.Check(a)
c.Assert(err, FitsTypeOf, &asserts.UnsupportedFormatError{})
c.Check(err, ErrorMatches, `proposed "test-only" assertion has format 77 but 1 is latest supported`)
}
func (s *assertMgrSuite) TestValidateSnapSnapDeclIsTooNewFirstInstall(c *C) {
c.Skip("the assertion service will make this scenario not possible")
s.prereqSnapAssertions(c, 10)
tempdir := c.MkDir()
snapPath := filepath.Join(tempdir, "foo.snap")
err := ioutil.WriteFile(snapPath, fakeSnap(10), 0644)
c.Assert(err, IsNil)
// update snap decl with one that is too new
(func() {
restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999)
defer restore()
headers := map[string]interface{}{
"format": "999",
"revision": "1",
"series": "16",
"snap-id": "snap-id-1",
"snap-name": "foo",
"publisher-id": s.dev1Acct.AccountID(),
"timestamp": time.Now().Format(time.RFC3339),
}
snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(snapDecl)
c.Assert(err, IsNil)
})()
s.state.Lock()
defer s.state.Unlock()
chg := s.state.NewChange("install", "...")
t := s.state.NewTask("validate-snap", "Fetch and check snap assertions")
ss := snapstate.SnapSetup{
SnapPath: snapPath,
UserID: 0,
SideInfo: &snap.SideInfo{
RealName: "foo",
SnapID: "snap-id-1",
Revision: snap.R(10),
},
}
t.Set("snap-setup", ss)
chg.AddTask(t)
s.state.Unlock()
defer s.mgr.Stop()
s.settle()
s.state.Lock()
c.Assert(chg.Err(), ErrorMatches, `(?s).*proposed "snap-declaration" assertion has format 999 but 0 is latest supported.*`)
}
func (s *assertMgrSuite) TestBatchAddUnsupported(c *C) {
batch := assertstate.NewBatch()
var a asserts.Assertion
(func() {
restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999)
defer restore()
headers := map[string]interface{}{
"format": "999",
"revision": "1",
"series": "16",
"snap-id": "snap-id-1",
"snap-name": "foo",
"publisher-id": s.dev1Acct.AccountID(),
"timestamp": time.Now().Format(time.RFC3339),
}
var err error
a, err = s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "")
c.Assert(err, IsNil)
})()
err := batch.Add(a)
c.Check(err, ErrorMatches, `proposed "snap-declaration" assertion has format 999 but 1 is latest supported`)
}
func (s *assertMgrSuite) TestRefreshSnapDeclarations(c *C) {
s.state.Lock()
defer s.state.Unlock()
snapDeclFoo := s.snapDecl(c, "foo", nil)
snapDeclBar := s.snapDecl(c, "bar", nil)
s.stateFromDecl(snapDeclFoo, snap.R(7))
s.stateFromDecl(snapDeclBar, snap.R(3))
snapstate.Set(s.state, "local", &snapstate.SnapState{
Active: false,
Sequence: []*snap.SideInfo{
{RealName: "local", Revision: snap.R(-1)},
},
Current: snap.R(-1),
})
// previous state
err := assertstate.Add(s.state, s.storeSigning.StoreAccountKey(""))
c.Assert(err, IsNil)
err = assertstate.Add(s.state, s.dev1Acct)
c.Assert(err, IsNil)
err = assertstate.Add(s.state, snapDeclFoo)
c.Assert(err, IsNil)
err = assertstate.Add(s.state, snapDeclBar)
c.Assert(err, IsNil)
// one changed assertion
headers := map[string]interface{}{
"series": "16",
"snap-id": "foo-id",
"snap-name": "fo-o",
"publisher-id": s.dev1Acct.AccountID(),
"timestamp": time.Now().Format(time.RFC3339),
"revision": "1",
}
snapDeclFoo1, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(snapDeclFoo1)
c.Assert(err, IsNil)
err = assertstate.RefreshSnapDeclarations(s.state, 0)
c.Assert(err, IsNil)
a, err := assertstate.DB(s.state).Find(asserts.SnapDeclarationType, map[string]string{
"series": "16",
"snap-id": "foo-id",
})
c.Assert(err, IsNil)
c.Check(a.(*asserts.SnapDeclaration).SnapName(), Equals, "fo-o")
// another one
// one changed assertion
headers = s.dev1Acct.Headers()
headers["display-name"] = "Dev 1 edited display-name"
headers["revision"] = "1"
dev1Acct1, err := s.storeSigning.Sign(asserts.AccountType, headers, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(dev1Acct1)
c.Assert(err, IsNil)
err = assertstate.RefreshSnapDeclarations(s.state, 0)
c.Assert(err, IsNil)
a, err = assertstate.DB(s.state).Find(asserts.AccountType, map[string]string{
"account-id": s.dev1Acct.AccountID(),
})
c.Assert(err, IsNil)
c.Check(a.(*asserts.Account).DisplayName(), Equals, "Dev 1 edited display-name")
// change snap decl to something that has a too new format
(func() {
restore := asserts.MockMaxSupportedFormat(asserts.SnapDeclarationType, 999)
defer restore()
headers := map[string]interface{}{
"format": "999",
"series": "16",
"snap-id": "foo-id",
"snap-name": "foo",
"publisher-id": s.dev1Acct.AccountID(),
"timestamp": time.Now().Format(time.RFC3339),
"revision": "2",
}
snapDeclFoo2, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "")
c.Assert(err, IsNil)
err = s.storeSigning.Add(snapDeclFoo2)
c.Assert(err, IsNil)
})()
// no error, kept the old one
err = assertstate.RefreshSnapDeclarations(s.state, 0)
c.Assert(err, IsNil)
a, err = assertstate.DB(s.state).Find(asserts.SnapDeclarationType, map[string]string{
"series": "16",
"snap-id": "foo-id",
})
c.Assert(err, IsNil)
c.Check(a.(*asserts.SnapDeclaration).SnapName(), Equals, "fo-o")
c.Check(a.(*asserts.SnapDeclaration).Revision(), Equals, 1)
}
