* asserts: move aspect schema to assertion body
Move the aspect schema from a "storage" stanza to the assertion body.
Also format parse and re-encode the JSON with two spaces for indentation
and map ordered map keys. This should make the schema uniform and easy
to read while still using a format that can be emulated by other tools.
* many: nest schema in storage stanza
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* asserts: support checking JSON body format
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* asserts: improve err messages; move check
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
---------
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* asserts: add Model.AllSnaps method
* o/devicestate: use model.AllSnaps rather than concatenating essential and non-essential snaps
* asserts: update Model.AllSnaps doc comment to be more clear
* asserts: update Model.AllSnaps test to assert that test is actually useful
This PR makes remodels take into account revision constraints from validation sets on the new model. Additionally, snaps that are marked as invalid in validation sets are checked for in the model.
* a/snapasserts: add methods for extracting more information out of ValidationSets type
* o/assertstate: add ValidationSetsFromModel function for extracting a snapasserts.ValidationSets from an asserts.Model
* o/snapstate: prevent installing/updating a snap from a local file that does not match requested revision
* o/devicestate: consider validation sets during remodeling
* tests/nested/manual: add remodel test that downgrades a snap because of a validation set
* tests/nested/manual: add remodel test that fails to remodel because of an invalid snap in a validation set
* tests/nested/manual: extend offline remodel test to also include a validation set
* tests/lib/assertions: fix timestamps on assertions
* asserts: add Key method to ValidationSet and ModelValidationSet
* o/devicestate: use new Key methods
* o/devicestate: maybe enforce validation sets during doSetModel
* o/devicestate: add test for enforcing validation sets in doSetModel
* a/snapasserts: simplify TestCanBePresent with loop
* tests/lib/assertions: add bluez snap to offline remodel test
* o/devicestate: remove done TODO
* o/snapstate: if remodeling, do not install prereq if link-snap task is present
* tests/nested/manual/remodel-offline: extend test to verify that validation sets are accounted for
* Revert "o/snapstate: if remodeling, do not install prereq if link-snap task is present"
This reverts commit 57c7725a2513df51be7ac1c06c492aaed07a6e3b.
This change is independent and will be included in another PR.
* a/snapasserts: add methods for extracting more information out of ValidationSets type
* o/assertstate: add ValidationSetsFromModel function for extracting a snapasserts.ValidationSets from an asserts.Model
* o/devicestate: add test for ValidationSetsConflictError.Is
* a/snapasserts: move methods after New function
* a/snapasserts: add test for ValidationSets.Revisions to verify ValidationSetsConflictError is returned
* o/assertstate: change ValidationSetsFromModel to take in a DeviceContext, rather than a StoreService
* o/assertstate: rename ValidationSetsModelFlags to ValidationSetsModelOptions
* o/devicestate: add type to export_test to make testing simpler
* tests: add details to new spread tests
* asserts: rename ModelValidationSet.Key and ValidationSet.Key to .SequenceName and add unit tests for them
* o/snapstate: update snap revision mismatch error message to be more clear
* o/devicestate: introduce helper for setting ValidationSets on snapstate.RevisionOptions if Revision is set
* o/devicestate: verify the parameters that fakeSequenceStore receives
* o/devicestate: fix revisions not being respected for essential snaps (and add a test for it)
* o/devicestate: extend TestRemodelUC20EssentialSnapsAlreadyInstalledAndLocal to also exercise case where a validation set requires a revision but the currently installed version is unasserted
* s/seedtest: update retrieveSeq to handle unconstrained sequence forming assertions
* a/snapasserts: add ValidationSets.Sets method
* o/assertstate: add deviceContext to ForgetValidationSet function so that change can happen during remodel
* o/devicestate: attempt to handle rollback of validation sets during failed remodel
* overlord: test for replacing conflicting validation sets during remodel
* o/assertstate: update ForgetValidationSet to take in a DeviceContext and to allow for forcing removal even if the validation set is in use by the model
* o/devicestate: roll back validation set changes on remodel failure
* o/devicestate: make sure that validation sets unrelated to the model survive a remodel
* o/devicestate: rename param in installedSnapRevisionChanged
* o/devicestate: rename field newSnapRevision to newRequiredRevision in modelSnapsForRemodel
* o/devicestate: simplify loops in checkForInvalidSnapsInModel
* o/devicestate: compare validation sets using SequenceName methods
* o/devicestate: fail remodel if we attempt to use an unasserted snap as a specific revision
* tests/nested/manual/remodel-offline: fix test to actually use validation set
* o/devicestate: create helper for creating snapstate.RevisionOptions during remodel
* o/devicestate: name param literals for clarity
* o/devicestate: invert logic to eliminate double negative
* o/devicestate: fix missed inversion of logic
* o/assertstate: update comment on ForgetValidationSetOpts.ForceForget
* overlord, o/devicestate: update remodel test to change models that contain the same validation set
* o/assertstate: test ForceForget functionality in ForgetValidationSet
* o/devicestate: rename function newRevisionOptionsForRemodel to revisionOptionsForRemodel
* o/assertstate, o/devicestate, daemon: remove unneeded DeviceContext param from ForgetValidationSet
* o/devicestate: remove println
* o/devicestate: clarify comment in rollback of adding validation sets
* o/devicestate: rename variable in enforceValidationSetsForRemodel
* o/snapstate: clarify error when attempting to install/refresh local snap with different revision than requested
* o/devicestate: naming consistency
* o/devicestate: simplify error when model is missing snap that is required in validation set
* asserts, overlord, o/devicestate: rename SequenceName to SequenceKey and prefix the series to the string that is returned
these can be useful in the base-declaration in situations where
a slot can be app-provided or implicit both on classic and core
now we have at least one use case like this for upower-observe
as core/system snaps so far provide only slots there is no use
case for adding plug-side plug-snap-type connection constraints
Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
* asserts/model: add preseedAuthority field to Model
* seed20: allow authority-id to differ from the brand-id
* fixup! asserts/model: add preseedAuthority field to Model
fix comment wording to PreseedAuthority
* fixup! seed20: allow authority-id to differ from the brand-id
clarify error message as "preseed authority-id"
* fixup! asserts/model: add preseedAuthority field to Model
standardize checkOptionalAuthority() signature and make acceptsAny bool explicit when invoking it
* fixup! seed20: allow authority-id to differ from the brand-id
fix ineffectual assignment to preseedAs2
* fixup! asserts/model: add preseedAuthority field to Model
bump copyright years for files touched by 5593e76312
* fixup! seed20: allow authority-id to differ from the brand-id
bump copyright years for files touched by ce7ba34e0f
* fixup! asserts/model: add preseedAuthority field to Model
asserts/model.go: rename "acceptsAny" to "acceptsWildcard"
Address comments:
- Rename Integrity to SnapIntegrity
- Export SHA3_384 and Size field of SnapIntegrity
- Add What variants for checkDigest and checkUint helpers
* asserts,seed/seedwriter: support for validation sets when writing the image seed.
* seed/seedwriter: simplify writer code
* seed/seedwriter: updatethe docs for Start
* asserts,seed/seedwriter: review feedback
Add unit tests for AtSequence, ensure CheckValidationSets cannot be called unless download step has completed
* seed/seedwriter: review feedback
add unit test for CheckValidationSets to early call, reuse checkStepCompleted in checkSnapsAccessor
