at least initially we don't support using snap commands to create/delete
keys under an external keypair manager, organize things such that though
we can produce appropriate error messages and we can implement
supporting this later if required
this supports using an external program with a simple interface to
handle key management.
this starts with minimal support to be able to perform signing.
ReadSystemEssentialAndBetterEarliestTime retrieves in one go
information about the model and essential snaps of the given types
for the Core 20 recovery system seed specified by seedDir and label
(which cannot be empty).
It can operate even if current system time is unreliable by taking
a earliestTime lower bound for current time.
It returns as well an improved lower bound by considering appropriate
assertions in the seed.
* asserts: Batch.CommitToAndObserve
have a variant of CommitTo that supports a callback to consider each
assertion immediately after it has been added to the database, at
which point it also verified
if current system time is unreliable have a mode where Database checks
for key expiry just based on assuming that current time is >= known
earliest time
this is set up via Database.SetEarliestTime
internally a new predicate AccountKey.isKeyValidAbout(earliest,
latest) is used to support this
We occasionally get the following backtrace in the tests:
----------------------------------------------------------------------
PANIC: api_users_test.go:762: userSuite.TestPostCreateUserFromAssertionNoModel
... Panic: cannot add test assertions: model assertion timestamp outside of signing key validity (key valid since "2021-02-23 11:10:41 +0000 UTC") (PC=0x45CF4A)
/snap/go/2117/src/runtime/panic.go:491
in gopanic
/home/runner/work/snapd/snapd/src/github.com/snapcore/snapd/overlord/assertstate/assertstatetest/add_many.go:38
in AddMany
api_users_test.go:776
in userSuite.TestPostCreateUserFromAssertionNoModel
/snap/go/2117/src/reflect/value.go:302
in Value.Call
/snap/go/2117/src/runtime/asm_amd64.s:2337
in goexit
OOPS: 439 passed, 1 skipped, 1 PANICKED
--- FAIL: Test (9.62s)
FAIL
coverage: 86.4% of statements
FAIL github.com/snapcore/snapd/daemon 9.786s
Adding a timestamp of the assertion, will help it to debug the problem further.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
