* snap, s/snaptest: add function for reading the ComponentInfo of the current revision of a component for a snap revision
* s/snapenv, c/snap: add support for component hooks to ExtendEnvForRun
* c/snap: update run to be able to run component hooks
* c/snap: refactor runSnapConfine to operate on a runnable that can represent snap hooks, component hooks, and apps
This commit doesn't need to be here, and things will work without it.
But things were getting a bit complicated in runSnapConfine with
arguments that represented different things based on what we were
running.
* c/snap-exec: handle running component hooks in snap-exec
* c/snap-exec: move parsing of snap-exec target into execHook and execApp
* snap: make error message when failing to parse current component revision a bit better
* c/snap: add IsHook method to runnable type for easier checking
* s/snaptest: use os.Symlink rather than atomic variant in test code
* snap, s/snapdir, c/snap: fix import cycle issue with hook from snapdir into snap
* c/snap, c/snap-exec: docs and panicking default for NewContainerFromDir
* c/snap, c/snap-exec: set up hook for snap.NewContainerFromDir
* c/snap: remove TODO about getting component revision
* c/snap, c/snap-exec: use _ imports rather than initializing hook manually
* s/naming: add ParseComponentRef function
* snap, o/s/backend, daemon: replace ComponentLinkPath and ComponentInstallDate param with naming.ComponentRef
* snap: use ComponentLinkPath helper in ComponentLinkPath
* s/snapdir: add doc comment for NewContainerForDir
* Revert "snap: use ComponentLinkPath helper in ComponentLinkPath"
This reverts commit 9a56c379779490f798613db31aa66b2b177ddd3d.
* Revert "snap, o/s/backend, daemon: replace ComponentLinkPath and ComponentInstallDate param with naming.ComponentRef"
This reverts commit ca39dc1e60174d769ef2345f1e4b58d63f0f7528.
* Revert "s/naming: add ParseComponentRef function"
This reverts commit a3a9130f6d617bc817a76d884a84c1b83282bb46.
* snap: use ComponentLinkPath helper in ComponentLinkPath
* snap: remove whitespace
* snap: update doc comment on ComponentLinkPath to mention usage constraints of the ContainerPlaceInfo param
* snap: replace NOTE with TODO
Now that we have app sets in the interfaces repo, keep a pointer to them in ConnectedPlug/Slot types. Use this to build label expressions in the interfaces.
* many: add a pointer to a SnapAppSet into Connected(Plug|Slot) to that interfaces can build a complete label expression, including component hooks
* interfaces: update doc comments on ConnectedPlug/Slot.AppSet
* interfaces: remove TODO that has been addressed
* interfaces: use app set pointer for instance name check
* snap: add Runnable type that represents the runnable parts of a snap
* interfaces, o/ifacestate: use snap.Runnable rather than interfaces.Runnable
* interfaces, i/builtin, o/ifacestate: panic on failed invariant check in NewConnectedPlug/Slot
* interfaces: add methods to app set for getting runnables that can connect to plug/slot
* interfaces: build label expressions using runnables
* interfaces: doc comment for SlotRunnables
* interfaces: implement Slot/PlugRunnables with shared helper
* interfaces: log and skip security tags that do not match expected pattern
* snap, interfaces: move runnable constructors to methods on AppInfo and HookInfo
* interfaces: refactor to allow labelExpr to operate directly on a ConnectedPlug/Slot
* snap: move around Runnable methods
Add a Provenance to snap.ComponentInfo. This allows snap pack to work with components that define a provenance in their component.yaml file.
* snap, interfaces, daemon: add Provenance field to ComponentInfo
* s/pack: test packing component with provenance
* snap: validate provenance when parsing component.yaml
* many: replace interfaces.Repo.AddSnap with AddAppSet
* interfaces: remove repo.RemovePlug since it is unused
* interfaces: simplify check for a snap's presence in interfaces repo
* interfaces: update doc comment on Repository.AddAppSet
* o/ifacestate: fix duplicate init of app set following refactor in master
* o/snapstate: fix bug that caused implicit slots to be added to core and snapd snaps
* many: update snap.ReadComponentInfoFromContainer to take in an optional snap.ComponentSideInfo that contains the component revision
* snap: add back NewComponentInfo function
* daemon, snap, interfaces: replace manual creation of ComponentInfo with usage of NewComponentInfo
* store: add resources to snap action results
* store: parse resources into snap components in store responses
* store: only request resources in SnapAction if one of the actions includes resources
* snap: add function for converting a string to a ComponentType, with checks
* store: explictly ignore unknown component types
* store: remove usage of strings.CutPrefix
* store: add comment noting that resources do not have download deltas
* snap: correct doc comment on ComponentTypeFromString
* store: remove incorrect usage of description in component summary
Build drivers tree on installation so kernel modules can be found on first boot after installation (otherwise the modules would be available too late, after initial installation of the kernel has happened while seeding).
Also, make sure that the tree is not re-created when seeding, and add a spread test for kernel-modules components.
* dirs: add function to get root of drivers trees
* kernel: do not recreate drivers tree if it already exists
On installation, a drivers tree has already been copied to the data
partition. Do not re-create if found when seeding happens (note though
that on preseeding we will not find the tree and we will still create
it).
* gadget/install: create device tree on installations
Create a device tree on installation so we have it on first boot.
* o/snapstate: fix task message
* tests/nested/manual: add kernel-modules-components test
This test installs a kernel-modules component and verifies that the
shipped kernel module is installed and can be loaded.
* tests/lib: do not error out if cloud-init finished with
'recoverable error' status.
* kernel: have destination as argument when building drivers tree
We need to tackle the generic installation case as opposed to creating
the drivers tree when seeding the system. In that case the destination
tree can vary depending on installation type.
* overlord: pass kernel information to install package
so the drivers tree can be created.
* cmd/snap-bootstrap: build drivers tree on installation from initramfs
* tests: adapt to additional parameters in install.Run
* snap/naming: add ancillary method to split a full component name
into snap and component names.
* gadget/install: fix nosecboot tests
* interfaces: add method to SnapAppSet for getting list of runnable entities
* interfaces: replace references to hooks/apps in backends with usage of SnapAppSet.Runnables
* interfaces: rename SecurityTagGlob to SecurityTagGlobs and make it handle component hooks
* snap: add method for getting component hooks for a specific plug
* interfaces: add component hooks to output of SecurityTagsForConnectedPlug
* snapstate: add methods for getting components installed for the current and arbitrary revisions of a snap
* o/ifacestate: properly set up SnapAppSets with components prior to passing them off to security backends
* o/snapstate: create setup-profiles task when installing a component
* many: add side info param to snaptest.MockComponent
* many: fix failing tests caused by changes in rebase
* snap: add ComponentHookSecurityTag for getting a component hook's security tag
* interfaces: implement SecurityTagGlobs with snap.ComponentHookSecurityTag
* interfaces: move some helper functions to helpers.go
* o/snapstate: add functions that are useful when operating on component-related tasks
* o/ifacestate: use functions from snapstate rather than local functions
* i/apparmor: cleanup comment and whitespace
* o/snapstate: replace some speculative code with TODOs for now
* interfaces, o/ifacestate: remove Type from interfaces.Runnable and do not sort the result of SnapAppSet.Runnables()
* o/snapstate: remove unused variable
Mksquashfs isn't always at /usr/bin/mksquashfs. For instance on Fedora, the path
is /usr/sbin/mksquashfs. Update the code to find out the right path at runtime.
Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
* daemon, o/snapstate, snap: add hook information to snap.ComponentInfo
* snap: add functions for helping with snap component instances
* snap: return correct security tags from hook if it is a component hook
* s/snaptest: add function for mocking an installed component
* snap: add functions to help with hook and component locations
* snap: add test for ReadComponentInfoFromContainer where component is not found in provided snap.Info
* snap, o/snapstate: move component and snap consistency checks into snap.ReadComponentInfoFromContainer
* snap: remove unneeded json tag
* snap: log if we ignore an unsuppported implicit component hook
* snap: reorder addAndBindImplicitComponentHooksFromContainer args to be more consistent
* snap: add extra component hook to test
* snap: reorder ComponentHooksDir args and implement it using ComponentMountDir
* snap: correct doc comment on SnapComponentName
* snap: use two spaces for indentation in yaml literals
* snap: upgrade debug log for unsupported hook to notice
* systemd: add function that implements "systemd-escape" in addition to already existing "systemd-escape --path"
* s/cgroup: escape created unit name in CreateTransientScopeForTracking
With the addition of component hooks, we'll have unit names that include
a '+', like 'snap.snapname+comp.hook.install'. This causes systemd to
complain that the unit isn't properly escaped. On the command line,
systemd-run will properly escape this for you (with a warning), but the
dbus API doesn't do that.
* s/naming: teach ParseSecurityTag to handle tags from component hooks
* Revert "systemd: add function that implements "systemd-escape" in addition to already existing "systemd-escape --path""
This reverts commit 0521600ec8fa785b69d2b7a85fa8da9be4938a5a.
* systemd: add functions for escaping security tags to valid systemd unit names
We must at least partially escape unit names that are created from
security tags, since they may potentially contain '+' characters from
snap components.
Since we already use unit names with '-' in them, we cannot simply use a
reimplementation of systemd-escape. This is because '-' is escaped by
systemd-escape. Note that '-' is a valid character is a unit name, since
it is used as the replacement for the '/' character by systemd-escapes.
Thus, we have our own functions for converting a security tag to a unit
name, and the inverse. These functions only escape the '+' character
that appears in security tags.
* s/cgroup: use new conversions from security tags to unit names, and the inverse
* systemd: update doc comment on UnitNameFromSecurityTag
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
* s/naming: add ComponentName method to HookSecurityTag interface
* systemd: split tests for UnitNameFromSecurityTag and SecurityTagFromUnitName
* s/naming: add test for invalid snap instance that is a part of a component
* s/naming: refactor ParseSecurityTag to clarify that components cannot have apps yet
* systemd, s/cgroup: rename security tag and unit name conversion functions for clarity
---------
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
* snap: return NotFoundError when current symlink is missing in ReadCurrentInfo
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* cmd/snap: use updated "current" revision after snap refresh run inhibition
* cmd/snap: retry snap-run when race condition is detected
* cmd/snap: remove commented out test (thanks @olivercalder)
* cmd/snap: add doc comments for {w,maybeW}aitWhileInhibited (thanks @olivercalder)
* cmd/snap: add better comments and debug logs (thanks @bboozzoo)
* cmd/snap: explain why we cannot rely on O_CLOEXEC (thanks @zyga)
* cmd/snap: simplify snap refresh conflict detection
Only check that if we start without a hint lock file and after creating
the tracking cgroup it exists then it means that a refresh was started
for the snap.
* cmd/snap: retry on failure due to missing current symlink (thanks @pedronis)
We could have started without a hint lock file and then we have
an ongoing refresh which removed current symlink.
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* tests/main/snap-run-symlink-error: fix error matching
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
---------
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
This was introduced by b66fee8160 (many:
container validation improvements) but somehow flew under our radar in CI?
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
RemoveSnapDataDir was leaving behind empty snap home data directories
after the snap was removed (leaving a broken symlink behind).
Fixes: https://bugs.launchpad.net/snapd/+bug/2009617
* o/snapstate/backend: avoid os.RemoveAll() in RemoveSnapDataDir
Thanks @andrewphelpsj @alexmurray
* o/snapstate/backend: fix firstRemoveErr in RemoveSnapDataDir
* o/snapstate/backend: fix snap base directory not removed
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
* Apply new home directory rules to data copy
* Cleanups and adding caching of home directories
* optimizing home directory caching
* Adding tests for new home directory behavior
* improvements and enhancements to Get/SetSnapHomeDirs and tests
* snapdata_test and copydata_test fixes
* Adding tests/main/user-data-handling-homedirs/task.yaml
It also performs the verification for the root user as well as the test user present in /home
* Adding Mock functions for snapDataDirs and snapCommonDataDirs and creating unit tests
* Adding data copy between revisions test to snapd-homedirs spread test
This commit also deletes the test-snapd-sh snap files and the user-data-handling-homedirs spread test
* Change return behavior of GetSnapHomeDirs to be more in line with other functions and TestDataHomeDirs rename and fixes
* Adding unit tests and renaming GetSnapHomeDirs
* Adding unit tests and doing some cleanups
* go.sum cleanups
* cleanups, globbing expressions and root directory improvements
* more s.tempdir cleanups in unit tests, removing debug remnants
* unit test fixups, dirs.go fixups, typo fixups
* SetSnapHomeDirs optimizations, fixups and unit test improvements
* make globs only accessible via DataHomeGlobs
* fixups and conflict resolution
* comment fixup
* dirs.go fixups and improvements
* tests/main/snapd-homedirs: revision improvements and spread fix
* tests/main/snapd-homedirs: adding details section to fix static-checks
* tests/main/snapd-homedirs-vendored: fixing AppArmor tunable check
* tests/main/snapd-homedirs: reverting rev read to using snap list
This fixes issues with FHS compliant distros such as arch linux where the /snap directory is located in /var/lib/snapd/snap
* fixing comments, small dirs.go and homedirs.go improvements
* dirs/dirs.go: SeSnapHomeDirs comment fixup
