token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
60,036 Commits 69 Branches 314 Tags
master
Commit Graph

204 Commits

Author SHA1 Message Date
Samuele Pedroni
6cc7429752 asserts: add support for account-key constraints (#12988) 
and take them into account when verifying assertion signatures
 2023-08-08 15:43:19 +02:00
Zeyad Yasser
12ad23f53a fix infinite recursion in errors.Is(err, &NotFoundError{}) 2023-02-09 16:02:40 +00:00
Zeyad Yasser
54c6a1d8c3 refactor: replace IsNotFound usages for errors.Is(err, &NotFoundError{}) 2023-02-09 16:02:40 +00:00
Miguel Pires
f277d90279 o/snapstate: mostly test and documentation improvements 
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
 2022-09-30 17:13:33 +01:00
Samuele Pedroni
920389ac46 asserts,cmd/snap-repair: drop not pursued AuthorityDelegation/signatory-id code 
in the end we went for a control assertion (snap-declaration) specific
delegation approach, instead of the generic one
 2022-08-24 14:04:35 +02:00
Miguel Pires
77534584ce asserts: minor improvements 
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
 2022-07-08 18:17:59 +01:00
Miguel Pires
438424b702 asserts: improve time range formatting 
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
 2022-07-08 10:56:01 +01:00
Miguel Pires
24c876c8ce asserts: add more context to key expiry error 
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
 2022-07-06 15:13:49 +01:00
Samuele Pedroni
98de63ac23 asserts: support optional primary keys in Find family 
change PrimaryKeyFromHeaders to allow for omitted optional primary
keys
 2022-04-06 14:17:12 +02:00
Samuele Pedroni
bf45d31d59 Merge remote-tracking branch 'upstream/master' into asserts-opt-primary-keys-1 
fix conflict
 2022-04-05 09:56:54 +02:00
Michael Vogt
51f2f283c1 Merge pull request #11501 from mvo5/less-sanity-2 
many: replace use of "sanity" with more inclusive naming in comments
 2022-03-15 16:02:20 +01:00
Samuele Pedroni
331724d76d asserts: minimal changes to disable authority-delegation before full revert 
authority-delegation might have been premature, disable until we might
decide for a full revert
 2022-03-14 18:47:04 +01:00
Michael Vogt
277eb06412 many: replace use of "sanity" with more inclusive naming 
This commit replaces the use of "sanity" with more inclusive
naming.

When `sanity` is used in a more general sense either `validity`
or `quick` is used.
 2022-03-14 18:22:34 +01:00
Maciej Borzecki
00bb743c35 asserts: simplify keypair manager errors 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-03-02 16:14:36 +01:00
Maciej Borzecki
bf89ad6f86 asserts: return an explicit error when key cannot be found 
Return an explicit error, which can be checked for, when a key with given
ID/name is not found by the keypair manager.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-03-02 12:01:04 +01:00
Samuele Pedroni
4308154ed2 asserts: start supporting optional primary keys, fs backstore Put/Get 2022-02-28 11:13:26 +01:00
Samuele Pedroni
b5fe1f036a asserts: more tests, typos and tweaks 
thanks @stolowski and @MiguelPires
 2022-02-04 17:22:50 +01:00
Samuele Pedroni
d59e2e8f47 asserts: fix error message and test 
thanks @MiguelPires and @stolowski
 2022-02-04 17:22:50 +01:00
Samuele Pedroni
e3b23eef45 asserts: implementent Check*Delegation* 
these implement the logic to validate delegation
if needed
 2022-02-04 17:22:50 +01:00
Samuele Pedroni
130242ee7e asserts: start supporting delegation when validating signatures 
* start of basic test (failing here)
* start of signatory-id support
 2022-02-03 11:22:12 +01:00
Samuele Pedroni
8f6bbee4a2 asserts: extract since-until support to a dedicated struct 2022-02-03 11:22:12 +01:00
Samuele Pedroni
4a8ecace54 devicestate: Unregister deletes the device key pair as well 
* daemon,tests: support forgetting device serial via API

this is done by posting {"action":"forget"} to /v2/model/serial

a flag no-registration-until-reboot is also supported

* many: more consistent naming Delete => DeleteByName on keypair mgrs

we actually want to introduce a Delete by key id on some of them now

* asserts: implement KeypairManager.Delete

* devicestate: Unregister deletes the device key pair as well

* tests: test device key deletion in generic-unregister

* asserts: avoid skipping the GPGKeypairManager.Delete test

pair --yes to --batch in the test
 2021-12-02 18:04:53 +01:00
Alberto Mardegan
37e83765f3 asserts: fix errors reported by linter 
Besides some trivial fixes, this also adds the (previously unused) class
`isUnacceptedUpdateSuite` to the tests suite.
 2021-05-05 10:16:20 +03:00
Samuele Pedroni
f3d9f94d54 asserts: clarify/simplify AccountKey.isValidAssumingCurTimeWithin 
simplify the code a bit, try to improve the name/comments

thanks @mvo and @stolowski
 2021-03-10 14:14:54 +01:00
Samuele Pedroni
0409b0d0e9 asserts: mode where Database only assumes cur time >= earliest time 
if current system time is unreliable have a mode where Database checks
for key expiry just based on assuming that current time is >= known
earliest time

this is set up via Database.SetEarliestTime

internally a new predicate AccountKey.isKeyValidAbout(earliest,
latest) is used to support this
 2021-03-05 09:27:12 +01:00