assertstate

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package assertstate implements the manager and state aspects responsible for the enforcement of assertions in the system and manages the system-wide assertion database.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add

func Add(s *state.State, a asserts.Assertion) error

Add the given assertion to the system assertion database.

func AddBatch

func AddBatch(s *state.State, batch *asserts.Batch, opts *asserts.CommitOptions) error

AddBatch adds the given assertion batch to the system assertion database.

func ApplyEnforcedValidationSets

func ApplyEnforcedValidationSets(st *state.State, valsets map[string]*asserts.ValidationSet, pinnedSeqs map[string]int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool, userID int) error

ApplyEnforcedValidationSets enforces the supplied validation sets. It takes a map of validation set keys to validation sets, pinned sequence numbers (if any), installed snaps and ignored snaps. It fetches any pre-requisites necessary.

func AutoAliases

func AutoAliases(s *state.State, info *snap.Info) (map[string]string, error)

AutoAliases returns the explicit automatic aliases alias=>app mapping for the given installed snap.

func AutoRefreshAssertions

func AutoRefreshAssertions(s *state.State, userID int) error

AutoRefreshAssertions tries to refresh all assertions

func BaseDeclaration

func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)

BaseDeclaration returns the base-declaration assertion with policies governing all snaps.

func DB

DB returns a read-only view of system assertion database.

func ForgetValidationSet

func ForgetValidationSet(st *state.State, accountID, name string) error

ForgetValidationSet deletes a validation set for the given accountID and name. It is not an error to delete a non-existing one.

func GetValidationSet

func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error

GetValidationSet retrieves the ValidationSetTracking for the given account and name.

func Publisher

func Publisher(s *state.State, snapID string) (*asserts.Account, error)

Publisher returns the account assertion for publisher of the given snap-id if it is present in the system assertion database.

func PublisherStoreAccount

func PublisherStoreAccount(st *state.State, snapID string) (snap.StoreAccount, error)

PublisherStoreAccount returns the store account information from the publisher assertion.

func RefreshSnapAssertions

func RefreshSnapAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error

RefreshSnapAssertions tries to refresh all snap-centered assertions

func RefreshSnapDeclarations

func RefreshSnapDeclarations(s *state.State, userID int, opts *RefreshAssertionsOptions) error

RefreshSnapDeclarations refetches all the current snap declarations and their prerequisites.

func RefreshValidationSetAssertions

func RefreshValidationSetAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error

RefreshValidationSetAssertions tries to refresh all validation set assertions.

func ReplaceDB

func ReplaceDB(state *state.State, db *asserts.Database)

ReplaceDB replaces the assertion database used by the manager.

func RestoreValidationSetsTracking

func RestoreValidationSetsTracking(st *state.State) error

RestoreValidationSetsTracking restores validation-sets state to the last state stored in the validation-sets-stack. It should only be called when the stack is not empty, otherwise an error is returned.

func SnapDeclaration

func SnapDeclaration(s *state.State, snapID string) (*asserts.SnapDeclaration, error)

SnapDeclaration returns the snap-declaration for the given snap-id if it is present in the system assertion database.

func Store

func Store(s *state.State, store string) (*asserts.Store, error)

Store returns the store assertion with the given name/id if it is present in the system assertion database.

func TemporaryDB

func TemporaryDB(st *state.State) *asserts.Database

TemporaryDB returns a temporary database stacked on top of the assertions database. Writing to it will not affect the assertions database.

func TrackedEnforcedValidationSets

func TrackedEnforcedValidationSets(st *state.State, extraVss ...*asserts.ValidationSet) (*snapasserts.ValidationSets, error)

TrackedEnforcedValidationSets returns ValidationSets object with all currently tracked validation sets that are in enforcing mode. If extraVss is not nil then they are added to the returned set and replaces validation sets with same account/name in case they were tracked already.

func TryEnforcedValidationSets

func TryEnforcedValidationSets(st *state.State, validationSets []string, userID int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool) error

TryEnforcedValidationSets tries to fetch the given validation sets and enforce them (together with currently tracked validation sets) against installed snaps, but doesn't update tracking information in case of an error. It may return snapasserts.ValidationSetsValidationError which can be used to install/remove snaps as required to satisfy validation sets constraints.

func UpdateValidationSet

func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)

UpdateValidationSet updates ValidationSetTracking. The method assumes valid tr fields.

func ValidateRefreshes

func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, userID int, deviceCtx snapstate.DeviceContext) (validated []*snap.Info, err error)

ValidateRefreshes validates the refresh candidate revisions represented by the snapInfos, looking for the needed refresh control validation assertions, it returns a validated subset in validated and a summary error if not all candidates validated. ignoreValidation is a set of snap-instance-names that should not be gated.

func ValidationSetKey

func ValidationSetKey(accountID, name string) string

ValidationSetKey formats the given account id and name into a validation set key.

func ValidationSets

func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)

ValidationSets retrieves all ValidationSetTracking data.

func ValidationSetsHistory

func ValidationSetsHistory(st *state.State) ([]map[string]*ValidationSetTracking, error)

ValidationSetsHistory returns the complete history of validation sets tracking.

Types

type AssertManager

type AssertManager struct{}

AssertManager is responsible for the enforcement of assertions in system states. It manipulates the observed system state to ensure nothing in it violates existing assertions, or misses required ones.

func Manager

func Manager(s *state.State, runner *state.TaskRunner) (*AssertManager, error)

Manager returns a new assertion manager.

func (*AssertManager) Ensure

func (m *AssertManager) Ensure() error

Ensure implements StateManager.Ensure.

type RefreshAssertionsOptions

type RefreshAssertionsOptions struct {
	IsAutoRefresh bool
	// IsRefreshOfAllSnaps indicates if assertions are refreshed together with
	// all installed snaps, which means validation set assertions can be refreshed
	// as well. It is implied if IsAutoRefresh is true.
	IsRefreshOfAllSnaps bool
}

type ResolveOptions

type ResolveOptions struct {
	AllowLocalFallback bool
}

ResolveOptions carries extra options for ValidationSetAssertionForMonitor.

type ValidationSetMode

type ValidationSetMode int

ValidationSetMode reflects the mode of respective validation set, which is either monitoring or enforcing.

const (
	Monitor ValidationSetMode = iota
	Enforce
)

type ValidationSetTracking

type ValidationSetTracking struct {
	AccountID string            `json:"account-id"`
	Name      string            `json:"name"`
	Mode      ValidationSetMode `json:"mode"`

	// PinnedAt is an optional pinned sequence point, or 0 if not pinned.
	PinnedAt int `json:"pinned-at,omitempty"`

	// Current is the current sequence point.
	Current int `json:"current,omitempty"`

	// LocalOnly indicates that the assertion was only available locally at the
	// time it was applied for monitor mode. This tells bulk refresh logic not
	// to error out on such assertion if it's not in the store.
	// This flag makes sense only in monitor mode and if pinned.
	LocalOnly bool `json:"local-only,omitempty"`
}

ValidationSetTracking holds tracking parameters for associated validation set.

func FetchAndApplyEnforcedValidationSet

func FetchAndApplyEnforcedValidationSet(st *state.State, accountID, name string, sequence, userID int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool) (*ValidationSetTracking, error)

FetchAndApplyEnforcedValidationSet tries to fetch the given validation set and enforce it. If all validation sets constrains are satisfied, the current validation sets tracking state is saved in validation sets history.

func MonitorValidationSet

func MonitorValidationSet(st *state.State, accountID, name string, sequence int, userID int) (*ValidationSetTracking, error)

MonitorValidationSet tries to fetch the given validation set and monitor it. The current validation sets tracking state is saved in validation sets history.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL