token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
54,607 Commits 69 Branches 314 Tags
7ba2e21543ea88df8753b02bc192084067971bab
Commit Graph

1097 Commits

Author SHA1 Message Date
Maciej Borzecki
b1709a9e07 asserts: tweak external keypair manager error to include more info 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-03-02 16:49:09 +01:00
Maciej Borzecki
00bb743c35 asserts: simplify keypair manager errors 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-03-02 16:14:36 +01:00
Maciej Borzecki
bf89ad6f86 asserts: return an explicit error when key cannot be found 
Return an explicit error, which can be checked for, when a key with given
ID/name is not found by the keypair manager.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2022-03-02 12:01:04 +01:00
Paweł Stołowski
17977aa380 Renamed preseed-sha3-384 to artifact-sha3-384. 2022-02-21 16:15:38 +01:00
Paweł Stołowski
746c6c235e uc20 -> UC20. 2022-02-21 16:07:50 +01:00
Paweł Stołowski
b1ba7f2c75 Drop the check for brand-id since it must match authority-id (and there 
needs to be a valid account assertion).
 2022-02-21 16:07:50 +01:00
Paweł Stołowski
626b74ea69 Check brand-id, remove AccountID getter, add missing comments. 2022-02-21 16:07:50 +01:00
Paweł Stołowski
3553b89fca Move ValidateUC20SeedSystemLabel from seed/internal to asserts and 
rename to IsValidSystemLabel.
 2022-02-21 16:07:50 +01:00
Paweł Stołowski
0fe92618b3 Add missing tests, remove account-id, check that authority matches 
brand.
 2022-02-21 16:07:50 +01:00
Paweł Stołowski
13ed0da7ba Fix gci error. 2022-02-21 16:07:49 +01:00
Paweł Stołowski
537b9b1612 Add preseed assertion type. 2022-02-21 16:07:49 +01:00
Samuele Pedroni
f8d77dabc7 asserts,interfaces/policy: move and prepare DeviceScopeConstraint for reuse 
Merge pull request #11387 from pedronis/device-scope-constraint

this moves DeviceScopeConstraint to constraint.go and adds a Check method in preparation for reuse of DeviceScopeConstraint for assertion constraints from authority-delegation.
 2022-02-15 11:50:39 +01:00
Samuele Pedroni
b8ce8ad908 asserts: add comments about SignatoryID() not being empty when fetching 2022-02-15 11:03:00 +01:00
Samuele Pedroni
cfaf48ef20 asserts,interfaces/policy: introduce DeviceScopeConstraint.Check 
this is logic extracted from the helpers in interface/policy as now
DeviceScopeConstraint will also be used by assertion constraints for
delegation
 2022-02-14 15:21:55 +01:00
Samuele Pedroni
0656be2213 asserts: adapt to new usage of compileDeviceScopeConstraint 
as used in baseCompileConstraints

it now does its own detection and returns nil for no device-scope
constraints
 2022-02-14 15:21:55 +01:00
Samuele Pedroni
52de97d821 asserts: move DeviceScopeConstraint to constraint.go 
cleanup some things
have dedicated tests
 2022-02-14 15:21:55 +01:00
Samuele Pedroni
8b397923cb asserts: teach Pool about delegation 2022-02-14 15:20:29 +01:00
Samuele Pedroni
d3bc9d65bc asserts: teach the Fetcher implemention about delegation 
it should fetch authority-delegation assertions as needed
 2022-02-14 15:20:29 +01:00
Samuele Pedroni
d5c752b103 asserts: drop wrong and unnecessary type in fixture headers 2022-02-14 15:20:10 +01:00
Samuele Pedroni
ae292381b7 asserts: first-class support for formatting/encoding signatory-id 
Merge pull request #11380 from pedronis/signatory-id-support

together with checks for it
 2022-02-14 15:19:03 +01:00
Samuele Pedroni
e600a66137 asserts: small cleanups in check(No)Authority 
thanks @stolowski and @MiguelPires
 2022-02-14 11:44:12 +01:00
Samuele Pedroni
50d83b8790 asserts: remove unused function 
this was flagged by deadcode/unused.

there is no obvious future use case for this anymore so I'm removing it
but this will not always be clear cut with header_checks.go functions
which is a growing helper library
 2022-02-11 16:20:39 +01:00
Samuele Pedroni
ffbb0e404c asserts: error consistency tweak 2022-02-11 15:24:41 +01:00
Samuele Pedroni
078cb5f74c asserts: first-class support for formatting/encoding signatory-id 
together with checks for it
 2022-02-11 15:24:41 +01:00
Samuele Pedroni
984e5be0a0 asserts,cmd/snap-repair: support delegation when validating signatures 
Merge pull request #11338 from pedronis/authority-delegation-checks

this adds support for since-until in assertion constraints and needed checks during assertion/signature validation.

Currently prohibit delegation for repairs.
 2022-02-11 15:17:25 +01:00