Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
to have the information available when we seal capture classic in
modeenv and bootchains as we do for other mode characteristics
as for now we assume we don't want so support classic/core remodels
some things need to be tested but it's best if the tests are added
when we are actually looking at the full picture of installing classic
systems with modes
This commit replaces the use of "sanity" with more inclusive
naming. When "sanity" is used in a more general sense either
"validity" or "quick" is used.
It is desired that the seal/reseal code only operates on the input provided in
modeenv rather than poking other external structures. The change decouples the
lower level code from accessing the model directly.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Add a family of functions for reading and writing boot-flags in various
contexts:
* Reading the current effective boot flags from either the modeenv or the
bootenv from the initramfs depending on the mode.
* Writing the current effective boot flags to a file in /run from the initramfs
* Reading the current effective boot flags from userspace (this is from a file
in /run)
* Writing the next boot flags to the modeenv from userspace
* Reading the next boot flags from the modeenv from userspace
* Writing the next boot flags to the bootenv during snap
prepare-image/ubuntu-image time
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
We need this to be exported to be able to serialize a trusted asset observer
across multiple tasks during UC20 install mode. The only state that is not
currently observable from filesystem state are the keys and the boot asset maps
for tracked assets here. The keys can easily be saved in state.json to
serialize, but the boot asset map needs to be exported to be able to serialize
it in the state.json across tasks.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Add a new modeenv entry to tracking recovery systems that have been verified to
work.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
This ensures that if we need to add new keys to the modeenv later on, and also
need to modify the modeenv with an old snapd/snap-bootstrap, such as in recovery
or the initramfs, we will not lose those keys in the modeenv.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
