* Initial changes to support centos-9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 3b56339b88..9b7b4e9bf1
9b7b4e9bf1 Merge pull request #28 from snapcore/add-centos-9-support
7fe2087423 Add support for centos-9
64a830b933 Merge pull request #27 from snapcore/improve-log-analyzer
7fe27d4aea Improve log analyzer utility
207536268e Merge pull request #19 from snapcore/new-spread-manager
2f2ff2e282 Update spread manager to support csv
33a44ca3be Merge branch 'main' into new-spread-manager
b4654950d4 Merge pull request #26 from snapcore/support-csv-for-expressions
3250bbd885 Support expressions with comma separation
2540135b90 Merge pull request #25 from snapcore/add-indent-to-log-parser
2536b0f070 Minor improvements in log-parser and log-analyzer based con review comments
84dc8092b1 Merge pull request #24 from snapcore/improve-log-parser
515770b3bf Add support for fedora-35
875c29b5ce Updated results with latest log-parser changes
d27f2bcdb7 Fix log-parser
b2cce1fcce fix wording
14d15e4fe4 Fixes for log-parser and changes for log analyzer
438d92d241 Log analyzer updated to support reexecute in all the scenarios
1c9dff58ff Merge pull request #23 from snapcore/improve-log-parser
cc7ee488d1 Fix shellcheck
324b99e719 revert change in log-analyzer test
f746f40ebe Fix shellcheck
2d7dbbe1bd Fix spelling
728dd64c2c Last set of changes for log analizer tools
bf389dcd01 New fixes for log parses
6b2b56afc3 Fix another shellcheck
56163e170b Fix shellcheck
d96ab8094f Merge branch 'main' into new-spread-manager
60fb99f02f new dir task5
259a7e188c Fix spread test
e674234454 New spread-manager tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 9b7b4e9bf102d9520be02959b184ee09d4021ec7
* Adding centos-9 to workflow
* Skip centos-9 on some tests
* data/selinux: update the policy to allow snap to access openssl certificates
As observed in the spread tests:
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { open } for
pid=47406 comm=snap path=/etc/pki/tls/openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { read } for
pid=47406 comm=snap name=openssl.cnf dev="sda2" ino=16781422
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=file permissive=1
type=AVC msg=audit(06/07/22 14:39:47.321:1164) : avc: denied { search } for
pid=47406 comm=snap name=pki dev="sda2" ino=50341780
scontext=system_u:system_r:snappy_cli_t:s0 tcontext=system_u:object_r:cert_t:s0
tclass=dir permissive=1
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* Work around the snap version unknown issue
* Revert chnage to force mkversion for centos-9
* Change spec used to build centos
In centos 9 if we use the spec "$packaging_path/snapd.spec" them
rpmbuild takes the packages from $packaging_path
* sources are also built from rpm_dir
* Updaing spec to support rhel 9
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 9b7b4e9bf1..54909c304d
54909c304d Merge pull request #29 from snapcore/udpate-os-query-new-systems
cc1729c2f4 preserve size for amazon-linux
bb3d8db60e preserve size for centos
d1089d5ce3 Fixing the tests
47793a6465 Fix auto-merge problem
f50be4ac5e Merge branch 'main' into udpate-os-query-new-systems
1a40a224c9 os.query tool cli simplified
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 54909c304ddbe284ee49142d3247aeb7876d1feb
* Update os.query uses following changes in the cli
* Skip test on centos-9
* fix os.query usage
* Skip rhbz-1708991 on centos-9
* Fix os.query error in tests
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* Handle var/lib/extrausers when preseeding uc20.
Fixes LP: #1978850
* Also test that extrausers are included in the preseed.tgz.
* Fix unit tests.
* Tweak formatting.
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
* Use PROJECT_PATH var instead of hardcoded path.
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
Co-authored-by: Maciej Borzecki <maciek.borzecki@gmail.com>
Snapd installs bash completion files from snaps in
`/usr/share/bash-completion/completions` which in some distributions
is a read-only filesystem.
Instead of installing them in `/usr` we can install them within
`/var/lib/snapd` which should always be writable.
Because `/var/lib/snapd/desktop` is already in `XDG_DATA_DIRS`, we can
save the files there.
Because bash-completion 2.1 and prior do not support `XDG_DATA_DIRS`,
on older distributions, the legacy path
`/usr/share/bash-completion/completions` will still be used.
* cmd/snap-update-ns/bootstrap.go: fix comment typos
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: sort needed, desired and not reused mount entries
Sort new mount entries by their mimic creation directories, such that the mimic
directories that end up being created are done so in lexographical order.
Also update a single unit test where there were multiple mimic directories
being created because now all mount entries that create mimic directories are
performed first.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns/change.go: stop using experimental flag
This experimental flag is not necessary anymore, and in fact is actively
harmful in that it is causing snaps to crash when they are running and an
update happens either to snapd or to their content snap dependencies and we end
up completely discarding the per-snap namespace, which leads to some
destructive effects inside the "sort of inheriting" per-user namespaces, that
then later do not get undone and thus recreated in the per-user namespace as
those namespaces aren't properly setup to inherit the constructive updates.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: remove old implementation
It's not used anymore, so we can just delete this code wholesale.
Also undo a typo fix, "s" is the British spelling so this can be left as-is.
Thanks to Alberto for spotting that this was leftover.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* cmd/snap-update-ns: unconditionally perform the "overname" mounts first
* cmd/snap-update-ns: ignore errors on unexisting mounts
When unmounting, we can get the EINVAL error if the given mount point
does not exist. Previously, this code was handling this fine for the
umount() syscall, but we do also need the same logic when attempting to
remount a mount as private.
* data/selinux: update policy to allow more mounts
When supporting appstream-metadata interface, snap-update-ns will mount
directories labeled as usr_t (eg. /usr/share/metainfo, /usr/share/appdata) and
fwdupd_cache_t (eg. /var/cache/app-info).
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/regression/lp-1855596: test parallel installs + $SNAP/... layouts too
Test that with parallel installs and layouts which trigger mounts on top of
$SNAP/... (which itself will be an overname mount in a parallel install snap)
still work and we can still refresh such mount setups.
This is successful because we always handle overname mounts first when creating
the mounts and any such mounts underneath the overname are then ordered
properly.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: remove duplicate tests
With commit df6bbd5c64d2820836e74039726a10dfe844cd91
(cmd/snap-update-ns/change.go: stop using experimental flag) a bunch of
tests which were nearly identical save for the fact that they were
exercising different implementations of the NeededChanges() function,
have become exact duplicates, since now there's only one implementation.
So, let's keep only one copy of them.
* cmd/snap-update-ns: add unit test for existing directories
Verify that the order of the changes matches the expectations when some
of the paths already exist.
* cmd/snap-update-ns: address review comments
* cmd/snap-update-ns: update doc-comments, eliminate code duplication
Thanks to Samuele for pointing out the inconsistency in the comment here.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: regression test for firefox crash
This ensures that files which are shared via mounts in the MountConnectedPlug
method in an interface like the desktop interface remain shared in the per-user
mount namespace when the content snap is refreshed (not the main snap itself
even). We don't expect this situation to happen much when refresh app awareness
is fully enabled by default, but it is still important to test that the
snap-update-ns isn't horribly breaking apps when refreshes happen to take place
when apps are still running (this could be the case for desktop systems which
have a running app for more than 14 days for example).
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix newline at EOF
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/mounts-persist-refresh-content-snap: fix firefox crash regression test
To actually reproduce the crash, we need to use layouts with sources from the
files that the content interface is sharing with the snap.
Additionally, create the fonts dir and restart snapd before installing the
snap, actually exit 1 if the process died and kill the parent process last with
the other child processes in the restore section, and fix the shellcheck issue.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: don't run on core
The rootfs is read-only and can't have the fonts directory created there.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests/main/mounts-persist-refresh-content-snap: fix exiting in happy case
It works much better to have the loop just exit itself and then kill the
process too just in case.
Finally, limit to 10 minutes in case we do get something wrong so we don't
waste too much time waiting for processes to exit.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
* tests: improve process handling
The `-p` option to `ps` was missing, and we can just use `wait` for
checking process termination.
* tests: sort yaml keys according to predefined order
Co-authored-by: Alberto Mardegan <mardy@users.sourceforge.net>
Co-authored-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Tweak snapd.fish to be compatible with even older releases of fish, going back to 2.7, which was shipped with Ubuntu 18.04.
* data/env: make fish setup compatible with fish 2.7
Make the environment setup script compatible with fish 2.7 which was shipped
with Ubuntu 18.04.
Thanks to @faho for the review.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: verify env in fish shell
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: tweak comments
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* data/env: provide reasonable default if XDG_DATA_DIRS is unset in fish shell
Fixes: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1960702
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
* tests/main/user-session-env: verify that XDG_DATA_DIRS contains reasonable defaults
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
It is possible that system.d may be missing if no services were installed on the
system yet. In which case, snapd will create the directory and thus trigger the
denial.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
During boot, the initial transaction may contain both snapd.socket and
snapd.service at the same time. In such cases, snapd.service should be
started strictly after snapd.socket (After+Requires), instead of just
simultaniously with it (Requires alone).
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Tell fish to treat XDG_DATA_DIRS as a column separated list and not space separated (default).
Otherwise, get corrupted list with mixed separators:
XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop /var/lib/snapd/desktop /var/lib/snapd/desktop
When running in a Xen guest, systemd-detect-virt when invoked by snapd may
trigger the following denial:
type=PROCTITLE msg=audit(1640771959.147:236972): proctitle="systemd-detect-virt"
type=AVC msg=audit(1640771959.147:236972): avc: denied { search } for pid=21113
comm="systemd-detect-" name="xen" dev="proc"
ino=4026532003
scontext=system_u:system_r:snappy_t:s0
tcontext=system_u:object_r:proc_xen_t:s0
tclass=dir permissive=1
See https://forum.snapcraft.io/t/snapd-unavailable-red-hat-enterprise-linux/28004/15
for details.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
