token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
release/2.54
snapd/tests/core/basic20/task.yaml
Valentin David 2af8390b32 snap-bootstrap: Mount snaps read only 
While squashfs is always read-only, when mount creates the required
loop device, it does not know that squashfs is a read-only
filesystem. This causes the loop devices for snaps mounted in the
initramfs to be be writable. Since the snaps are stored on
`/run/mnt/data`, it means the `/run/mnt/data` cannot be remounted
read-only.

There is a mount cycle now in Ubuntu Core where `/run/mnt/data` cannot
be unmounted because it contains the snap for the Core snap which is
mounted as root. After switching to the shutdown ramfs, then systemd
tries again to umount the remaining file systems as well as the root
file system. At this point, it still cannot umount `/run/mnt/data`, so
`systemd-shutdown` tries to remount read-only. But since the loop
device for the Core snap that cannot be unmounted is still writable,
then `/run/mnt/data` cannnot be remounted read-only.

This results in Ubuntu Core not properly unmounting `/run/mnt/data`.
This can be seen in the screen or serial console right before powering
off or rebooting:

```
Failed to remount '/oldroot/run/mnt/data' read-only: Device or resource busy
```

With this fix, this error disappears. While other errors about
unmounting are still here, it is safer because everything is
read-only.
2021-12-03 14:05:31 +01:00

92 lines
3.5 KiB
YAML
Raw Permalink Blame History

summary: Check basic core20 system functionality
systems: [ubuntu-core-20-*]
execute: |
echo "Check that the system snaps are there"
snap list core20
snap list snapd
if snap list core; then
echo "The old core snap is installed but should not"
exit 1
fi
echo "Ensure that the system is fully seeded"
snap changes | MATCH "Done.*Initialize system state"
echo "Check that a simple shell snap"
snap install test-snapd-sh-core20
test-snapd-sh-core20.sh -c 'echo hello' | MATCH hello
if python3 -m json.tool < /var/lib/snapd/system-key | grep '"build-id": ""'; then
echo "The build-id of snapd must not be empty."
exit 1
fi
echo "Ensure passwd/group is available for snaps"
test-snapd-sh-core20.sh -c 'cat /var/lib/extrausers/passwd' | MATCH test
#shellcheck source=tests/lib/names.sh
. "$TESTSLIB"/names.sh
if [[ "$SPREAD_SYSTEM" = ubuntu-core-20-64 ]]; then
echo "Ensure extracted kernel.efi exists"
test -e /boot/grub/"$kernel_name"*/kernel.efi
echo "Ensure kernel.efi is a symlink"
test -L /boot/grub/kernel.efi
echo "Ensure we are using managed boot assets"
MATCH '# Snapd-Boot-Config-Edition: [0-9]+' < /boot/grub/grub.cfg
MATCH '# Snapd-Boot-Config-Edition: [0-9]+' < /run/mnt/ubuntu-seed/EFI/ubuntu/grub.cfg
else
echo "Ensure extracted {kernel,initrd}.img exists"
test -e /run/mnt/ubuntu-seed/systems/*/kernel/kernel.img
test -e /run/mnt/ubuntu-seed/systems/*/kernel/initrd.img
fi
echo "Ensure that model was written to ubuntu-boot"
test -e /run/mnt/ubuntu-boot/device/model
# ensure that our the-tool (and thus our snap-bootstrap ran)
# for external backend the initramfs is not rebuilt
echo "Check that we booted with the rebuilt initramfs in the kernel snap"
if [ "$SPREAD_BACKEND" != "external" ]; then
test -e /writable/system-data/the-tool-ran
fi
# ensure we handled cloud-init, either we have:
# a) cloud init is disabled
# b) there was a cloud.cfg.d override (e.g. MAAS), then we must have more
# files in writable than in the core20 snap. The core20 content and the
# extra config will be merged
test -e /writable/system-data/etc/cloud/cloud-init.disabled || [ "$(find /writable/system-data/etc/cloud/cloud.cfg.d/ | wc -l)" -gt "$(find /snap/core20/current/etc/cloud/cloud.cfg.d/ | wc -l)" ]
# ensure that we have no symlinks from /var/lib/snapd/snaps to
# /var/lib/snapd/seed
for sn in /var/lib/snapd/snaps/*.snap ; do
if [[ -L $sn ]]; then
echo "snap $sn is a symlink but should not be"
exit 1
fi
done
# ensure the "snap recovery" command works
MODEL="$(snap model --verbose | grep '^model' | awk '{ print $2 }')"
BRAND_ID="$(snap model --verbose | grep '^brand-id:' | awk '{print $2}')"
if [ "$(snap known account "username=$BRAND_ID" | grep '^validation:' | awk '{print $2}')" != "unproven" ]; then
BRAND_ID="$BRAND_ID\*"
fi
snap recovery --unicode=never | MATCH "[0-9]+ +$BRAND_ID +$MODEL +current"
# check that we have a boot-flags file
test -f /run/snapd/boot-flags
# make sure that loop devices created by snap-bootstrap initramfs-mounts for snaps are readonly
for mount in /run/mnt/base /run/mnt/kernel; do
mountpoint "${mount}"
loop="$(findmnt -o source "${mount}" -n)"
echo "${loop}" | MATCH "/dev/loop[0-9]+"
losetup -O ro -n --raw "${loop}" | MATCH "1"
done
Reference in New Issue View Git Blame Copy Permalink