Documentation ¶
Overview ¶
Package assertstate implements the manager and state aspects responsible for the enforcement of assertions in the system and manages the system-wide assertion database.
Index ¶
- func Add(s *state.State, a asserts.Assertion) error
- func AddBatch(s *state.State, batch *asserts.Batch, opts *asserts.CommitOptions) error
- func ApplyEnforcedValidationSets(st *state.State, valsets map[string]*asserts.ValidationSet, ...) error
- func AutoAliases(s *state.State, info *snap.Info) (map[string]string, error)
- func AutoRefreshAssertions(s *state.State, userID int) error
- func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)
- func DB(s *state.State) asserts.RODatabase
- func ForgetValidationSet(st *state.State, accountID, name string) error
- func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error
- func Publisher(s *state.State, snapID string) (*asserts.Account, error)
- func PublisherStoreAccount(st *state.State, snapID string) (snap.StoreAccount, error)
- func RefreshSnapAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error
- func RefreshSnapDeclarations(s *state.State, userID int, opts *RefreshAssertionsOptions) error
- func RefreshValidationSetAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error
- func ReplaceDB(state *state.State, db *asserts.Database)
- func RestoreValidationSetsTracking(st *state.State) error
- func SnapDeclaration(s *state.State, snapID string) (*asserts.SnapDeclaration, error)
- func Store(s *state.State, store string) (*asserts.Store, error)
- func TemporaryDB(st *state.State) *asserts.Database
- func TrackedEnforcedValidationSets(st *state.State, extraVss ...*asserts.ValidationSet) (*snapasserts.ValidationSets, error)
- func TryEnforcedValidationSets(st *state.State, validationSets []string, userID int, ...) error
- func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)
- func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, ...) (validated []*snap.Info, err error)
- func ValidationSetKey(accountID, name string) string
- func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)
- func ValidationSetsHistory(st *state.State) ([]map[string]*ValidationSetTracking, error)
- type AssertManager
- type RefreshAssertionsOptions
- type ResolveOptions
- type ValidationSetMode
- type ValidationSetTracking
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyEnforcedValidationSets ¶
func ApplyEnforcedValidationSets(st *state.State, valsets map[string]*asserts.ValidationSet, pinnedSeqs map[string]int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool, userID int) error
ApplyEnforcedValidationSets enforces the supplied validation sets. It takes a map of validation set keys to validation sets, pinned sequence numbers (if any), installed snaps and ignored snaps. It fetches any pre-requisites necessary.
func AutoAliases ¶
AutoAliases returns the explicit automatic aliases alias=>app mapping for the given installed snap.
func AutoRefreshAssertions ¶
AutoRefreshAssertions tries to refresh all assertions
func BaseDeclaration ¶
func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)
BaseDeclaration returns the base-declaration assertion with policies governing all snaps.
func DB ¶
func DB(s *state.State) asserts.RODatabase
DB returns a read-only view of system assertion database.
func ForgetValidationSet ¶
ForgetValidationSet deletes a validation set for the given accountID and name. It is not an error to delete a non-existing one.
func GetValidationSet ¶
func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error
GetValidationSet retrieves the ValidationSetTracking for the given account and name.
func Publisher ¶
Publisher returns the account assertion for publisher of the given snap-id if it is present in the system assertion database.
func PublisherStoreAccount ¶
PublisherStoreAccount returns the store account information from the publisher assertion.
func RefreshSnapAssertions ¶
func RefreshSnapAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error
RefreshSnapAssertions tries to refresh all snap-centered assertions
func RefreshSnapDeclarations ¶
func RefreshSnapDeclarations(s *state.State, userID int, opts *RefreshAssertionsOptions) error
RefreshSnapDeclarations refetches all the current snap declarations and their prerequisites.
func RefreshValidationSetAssertions ¶
func RefreshValidationSetAssertions(s *state.State, userID int, opts *RefreshAssertionsOptions) error
RefreshValidationSetAssertions tries to refresh all validation set assertions.
func RestoreValidationSetsTracking ¶
RestoreValidationSetsTracking restores validation-sets state to the last state stored in the validation-sets-stack. It should only be called when the stack is not empty, otherwise an error is returned.
func SnapDeclaration ¶
SnapDeclaration returns the snap-declaration for the given snap-id if it is present in the system assertion database.
func Store ¶
Store returns the store assertion with the given name/id if it is present in the system assertion database.
func TemporaryDB ¶
TemporaryDB returns a temporary database stacked on top of the assertions database. Writing to it will not affect the assertions database.
func TrackedEnforcedValidationSets ¶
func TrackedEnforcedValidationSets(st *state.State, extraVss ...*asserts.ValidationSet) (*snapasserts.ValidationSets, error)
TrackedEnforcedValidationSets returns ValidationSets object with all currently tracked validation sets that are in enforcing mode. If extraVss is not nil then they are added to the returned set and replaces validation sets with same account/name in case they were tracked already.
func TryEnforcedValidationSets ¶
func TryEnforcedValidationSets(st *state.State, validationSets []string, userID int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool) error
TryEnforcedValidationSets tries to fetch the given validation sets and enforce them (together with currently tracked validation sets) against installed snaps, but doesn't update tracking information in case of an error. It may return snapasserts.ValidationSetsValidationError which can be used to install/remove snaps as required to satisfy validation sets constraints.
func UpdateValidationSet ¶
func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)
UpdateValidationSet updates ValidationSetTracking. The method assumes valid tr fields.
func ValidateRefreshes ¶
func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, userID int, deviceCtx snapstate.DeviceContext) (validated []*snap.Info, err error)
ValidateRefreshes validates the refresh candidate revisions represented by the snapInfos, looking for the needed refresh control validation assertions, it returns a validated subset in validated and a summary error if not all candidates validated. ignoreValidation is a set of snap-instance-names that should not be gated.
func ValidationSetKey ¶
ValidationSetKey formats the given account id and name into a validation set key.
func ValidationSets ¶
func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)
ValidationSets retrieves all ValidationSetTracking data.
func ValidationSetsHistory ¶
func ValidationSetsHistory(st *state.State) ([]map[string]*ValidationSetTracking, error)
ValidationSetsHistory returns the complete history of validation sets tracking.
Types ¶
type AssertManager ¶
type AssertManager struct{}
AssertManager is responsible for the enforcement of assertions in system states. It manipulates the observed system state to ensure nothing in it violates existing assertions, or misses required ones.
func Manager ¶
func Manager(s *state.State, runner *state.TaskRunner) (*AssertManager, error)
Manager returns a new assertion manager.
func (*AssertManager) Ensure ¶
func (m *AssertManager) Ensure() error
Ensure implements StateManager.Ensure.
type ResolveOptions ¶
type ResolveOptions struct {
AllowLocalFallback bool
}
ResolveOptions carries extra options for ValidationSetAssertionForMonitor.
type ValidationSetMode ¶
type ValidationSetMode int
ValidationSetMode reflects the mode of respective validation set, which is either monitoring or enforcing.
const ( Monitor ValidationSetMode = iota Enforce )
type ValidationSetTracking ¶
type ValidationSetTracking struct { AccountID string `json:"account-id"` Name string `json:"name"` Mode ValidationSetMode `json:"mode"` // PinnedAt is an optional pinned sequence point, or 0 if not pinned. PinnedAt int `json:"pinned-at,omitempty"` // Current is the current sequence point. Current int `json:"current,omitempty"` // LocalOnly indicates that the assertion was only available locally at the // time it was applied for monitor mode. This tells bulk refresh logic not // to error out on such assertion if it's not in the store. // This flag makes sense only in monitor mode and if pinned. LocalOnly bool `json:"local-only,omitempty"` }
ValidationSetTracking holds tracking parameters for associated validation set.
func FetchAndApplyEnforcedValidationSet ¶
func FetchAndApplyEnforcedValidationSet(st *state.State, accountID, name string, sequence, userID int, snaps []*snapasserts.InstalledSnap, ignoreValidation map[string]bool) (*ValidationSetTracking, error)
FetchAndApplyEnforcedValidationSet tries to fetch the given validation set and enforce it. If all validation sets constrains are satisfied, the current validation sets tracking state is saved in validation sets history.
func MonitorValidationSet ¶
func MonitorValidationSet(st *state.State, accountID, name string, sequence int, userID int) (*ValidationSetTracking, error)
MonitorValidationSet tries to fetch the given validation set and monitor it. The current validation sets tracking state is saved in validation sets history.