asserts

package
v0.0.0-...-c7fba9c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2021 License: GPL-3.0 Imports: 36 Imported by: 0

Documentation

Overview

Package asserts implements snappy assertions and a database abstraction for managing and holding them.

Index

Constants

View Source 
const (
	MaxBodySize      = 2 * 1024 * 1024
	MaxHeadersSize   = 128 * 1024
	MaxSignatureSize = 128 * 1024
)

Maximum assertion component sizes.

View Source 
const MediaType = "application/x.ubuntu.assertion"

MediaType is the media type for encoded assertions on the wire.

View Source 
const RevisionNotKnown = -1

Variables

View Source 
var (
	AccountType         = &AssertionType{"account", []string{"account-id"}, assembleAccount, 0}
	AccountKeyType      = &AssertionType{"account-key", []string{"public-key-sha3-384"}, assembleAccountKey, 0}
	RepairType          = &AssertionType{"repair", []string{"brand-id", "repair-id"}, assembleRepair, sequenceForming}
	ModelType           = &AssertionType{"model", []string{"series", "brand-id", "model"}, assembleModel, 0}
	SerialType          = &AssertionType{"serial", []string{"brand-id", "model", "serial"}, assembleSerial, 0}
	BaseDeclarationType = &AssertionType{"base-declaration", []string{"series"}, assembleBaseDeclaration, 0}
	SnapDeclarationType = &AssertionType{"snap-declaration", []string{"series", "snap-id"}, assembleSnapDeclaration, 0}
	SnapBuildType       = &AssertionType{"snap-build", []string{"snap-sha3-384"}, assembleSnapBuild, 0}
	SnapRevisionType    = &AssertionType{"snap-revision", []string{"snap-sha3-384"}, assembleSnapRevision, 0}
	SnapDeveloperType   = &AssertionType{"snap-developer", []string{"snap-id", "publisher-id"}, assembleSnapDeveloper, 0}
	SystemUserType      = &AssertionType{"system-user", []string{"brand-id", "email"}, assembleSystemUser, 0}
	ValidationType      = &AssertionType{"validation", []string{"series", "snap-id", "approved-snap-id", "approved-snap-revision"}, assembleValidation, 0}
	ValidationSetType   = &AssertionType{"validation-set", []string{"series", "account-id", "name", "sequence"}, assembleValidationSet, sequenceForming}
	StoreType           = &AssertionType{"store", []string{"store"}, assembleStore, 0}
)

Understood assertion types.

View Source 
var (
	DeviceSessionRequestType = &AssertionType{"device-session-request", []string{"brand-id", "model", "serial"}, assembleDeviceSessionRequest, noAuthority}
	SerialRequestType        = &AssertionType{"serial-request", nil, assembleSerialRequest, noAuthority}
	AccountKeyRequestType    = &AssertionType{"account-key-request", []string{"public-key-sha3-384"}, assembleAccountKeyRequest, noAuthority}
)

Assertion types without a definite authority set (on the wire and/or self-signed).

View Source 
var (
	AlwaysMatchAttributes = &AttributeConstraints{matcher: fixedAttrMatcher{nil}}
	NeverMatchAttributes  = &AttributeConstraints{matcher: fixedAttrMatcher{errors.New("not allowed")}}
)
View Source 
var (
	ErrUnresolved       = errors.New("unresolved assertion")
	ErrUnknownPoolGroup = errors.New("unknown pool group")
)
View Source 
var DefaultCheckers = []Checker{
	CheckSigningKeyIsNotExpired,
	CheckSignature,
	CheckTimestampVsSigningKeyValidity,
	CheckCrossConsistency,
}

DefaultCheckers lists the default and recommended assertion checkers used by Database if none are specified in the DatabaseConfig.Checkers.

View Source 
var MetaHeaders = [...]string{
	"type",
	"format",
	"authority-id",
	"revision",
	"body-length",
	"sign-key-sha3-384",
}

MetaHeaders is a list of headers in assertions which are about the assertion itself.

Functions

func CheckCrossConsistency 

func CheckCrossConsistency(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTimeEarliest, checkTimeLatest time.Time) error

CheckCrossConsistency verifies that the assertion is consistent with the other statements in the database.

func CheckSignature 

func CheckSignature(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTimeEarliest, checkTimeLatest time.Time) error

CheckSignature checks that the signature is valid.

func CheckSigningKeyIsNotExpired 

func CheckSigningKeyIsNotExpired(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTimeEarliest, checkTimeLatest time.Time) error

CheckSigningKeyIsNotExpired checks that the signing key is not expired.

func CheckTimestampVsSigningKeyValidity 

func CheckTimestampVsSigningKeyValidity(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTimeEarliest, checkTimeLatest time.Time) error

CheckTimestampVsSigningKeyValidity verifies that the timestamp of the assertion is within the signing key validity.

func Encode 

func Encode(assert Assertion) []byte

Encode serializes an assertion.

func EncodeDigest 

func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)

EncodeDigest encodes the digest from hash algorithm to be put in an assertion header.

func EncodePublicKey 

func EncodePublicKey(pubKey PublicKey) ([]byte, error)

EncodePublicKey serializes a public key, typically for embedding in an assertion.

func HeadersFromPrimaryKey 

func HeadersFromPrimaryKey(assertType *AssertionType, primaryKey []string) (headers map[string]string, err error)

HeadersFromPrimaryKey constructs a headers mapping from the primaryKey values and the assertion type, it errors if primaryKey has the wrong length.

func HeadersFromSequenceKey 

func HeadersFromSequenceKey(assertType *AssertionType, sequenceKey []string) (headers map[string]string, err error)

HeadersFromSequenceKey constructs a headers mapping from the sequenceKey values and the sequence forming assertion type, it errors if sequenceKey has the wrong length; the length must be one less than the primary key of the given assertion type.

func InitBuiltinBaseDeclaration 

func InitBuiltinBaseDeclaration(headers []byte) error

InitBuiltinBaseDeclaration initializes the builtin base-declaration based on headers (or resets it if headers is nil).

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound returns whether err is an assertion not found error.

func IsUnaccceptedUpdate 

func IsUnaccceptedUpdate(err error) bool

IsUnaccceptedUpdate returns whether the error indicates that an assertion revision was already present and has been kept because the update was not accepted.

func IsValidAccountID 

func IsValidAccountID(accountID string) bool

func IsValidAccountKeyName 

func IsValidAccountKeyName(name string) bool

func IsValidValidationSetName 

func IsValidValidationSetName(name string) bool

func MaxSupportedFormats 

func MaxSupportedFormats(min int) (maxFormats map[string]int)

MaxSupportedFormats returns a mapping between assertion type names and corresponding max supported format if it is >= min. Typical usage passes 1 or 0 for min.

func MockMaxSupportedFormat 

func MockMaxSupportedFormat(assertType *AssertionType, maxFormat int) (restore func())

func PrimaryKeyFromHeaders 

func PrimaryKeyFromHeaders(assertType *AssertionType, headers map[string]string) (primaryKey []string, err error)

PrimaryKeyFromHeaders extracts the tuple of values from headers corresponding to a primary key under the assertion type, it errors if there are missing primary key headers.

func SignatureCheck 

func SignatureCheck(assert Assertion, pubKey PublicKey) error

SignatureCheck checks the signature of the assertion against the given public key. Useful for assertions with no authority.

func SnapFileSHA3_384 

func SnapFileSHA3_384(snapPath string) (digest string, size uint64, err error)

SnapFileSHA3_384 computes the SHA3-384 digest of the given snap file. It also returns its size.

func SuggestFormat 

func SuggestFormat(assertType *AssertionType, headers map[string]interface{}, body []byte) (formatnum int, err error)

SuggestFormat returns a minimum format that supports the features that would be used by an assertion with the given components.

func TypeNames 

func TypeNames() []string

TypeNames returns a sorted list of known assertion type names.

Types

type Account 

type Account struct {
	// contains filtered or unexported fields
}

Account holds an account assertion, which ties a name for an account to its identifier and provides the authority's confidence in the name's validity.

func (*Account) AccountID 

func (acc *Account) AccountID() string

AccountID returns the account-id of the account.

func (*Account) At 

func (ab *Account) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Account) AuthorityID 

func (ab *Account) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Account) Body 

func (ab *Account) Body() []byte

Body returns the body of the assertion.

func (*Account) DisplayName 

func (acc *Account) DisplayName() string

DisplayName returns the human-friendly name for the account.

func (*Account) Format 

func (ab *Account) Format() int

Format returns the assertion format iteration.

func (*Account) Header 

func (ab *Account) Header(name string) interface{}

Header returns the value of an header by name.

func (*Account) HeaderString 

func (ab *Account) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Account) Headers 

func (ab *Account) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Account) Prerequisites 

func (ab *Account) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Account) Ref 

func (ab *Account) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Account) Revision 

func (ab *Account) Revision() int

Revision returns the assertion revision.

func (*Account) SignKeyID 

func (ab *Account) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Account) Signature 

func (ab *Account) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Account) SupportedFormat 

func (ab *Account) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Account) Timestamp 

func (acc *Account) Timestamp() time.Time

Timestamp returns the time when the account was issued.

func (*Account) Type 

func (ab *Account) Type() *AssertionType

Type returns the assertion type.

func (*Account) Username 

func (acc *Account) Username() string

Username returns the user name for the account.

func (*Account) Validation 

func (acc *Account) Validation() string

Validation returns the level of confidence of the authority in the account's identity, expected to be "unproven" or "verified", and for forward compatibility any value != "unproven" can be considered at least "verified".

type AccountKey 

type AccountKey struct {
	// contains filtered or unexported fields
}

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

func (*AccountKey) AccountID 

func (ak *AccountKey) AccountID() string

AccountID returns the account-id of this account-key.

func (*AccountKey) At 

func (ab *AccountKey) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*AccountKey) AuthorityID 

func (ab *AccountKey) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKey) Body 

func (ab *AccountKey) Body() []byte

Body returns the body of the assertion.

func (*AccountKey) Format 

func (ab *AccountKey) Format() int

Format returns the assertion format iteration.

func (*AccountKey) Header 

func (ab *AccountKey) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKey) HeaderString 

func (ab *AccountKey) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKey) Headers 

func (ab *AccountKey) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKey) Name 

func (ak *AccountKey) Name() string

Name returns the name of the account key.

func (*AccountKey) Prerequisites 

func (ak *AccountKey) Prerequisites() []*Ref

Prerequisites returns references to this account-key's prerequisite assertions.

func (*AccountKey) PublicKeyID 

func (ak *AccountKey) PublicKeyID() string

PublicKeyID returns the key id used for lookup of the account key.

func (*AccountKey) Ref 

func (ab *AccountKey) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKey) Revision 

func (ab *AccountKey) Revision() int

Revision returns the assertion revision.

func (*AccountKey) SignKeyID 

func (ab *AccountKey) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKey) Signature 

func (ab *AccountKey) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKey) Since 

func (ak *AccountKey) Since() time.Time

Since returns the time when the account key starts being valid.

func (*AccountKey) SupportedFormat 

func (ab *AccountKey) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKey) Type 

func (ab *AccountKey) Type() *AssertionType

Type returns the assertion type.

func (*AccountKey) Until 

func (ak *AccountKey) Until() time.Time

Until returns the time when the account key stops being valid. A zero time means the key is valid forever.

type AccountKeyRequest 

type AccountKeyRequest struct {
	// contains filtered or unexported fields
}

AccountKeyRequest holds an account-key-request assertion, which is a self-signed request to prove that the requester holds the private key and wishes to create an account-key assertion for it.

func (*AccountKeyRequest) AccountID 

func (akr *AccountKeyRequest) AccountID() string

AccountID returns the account-id of this account-key-request.

func (*AccountKeyRequest) At 

func (ab *AccountKeyRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*AccountKeyRequest) AuthorityID 

func (ab *AccountKeyRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKeyRequest) Body 

func (ab *AccountKeyRequest) Body() []byte

Body returns the body of the assertion.

func (*AccountKeyRequest) Format 

func (ab *AccountKeyRequest) Format() int

Format returns the assertion format iteration.

func (*AccountKeyRequest) Header 

func (ab *AccountKeyRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKeyRequest) HeaderString 

func (ab *AccountKeyRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKeyRequest) Headers 

func (ab *AccountKeyRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKeyRequest) Name 

func (akr *AccountKeyRequest) Name() string

Name returns the name of the account key.

func (*AccountKeyRequest) Prerequisites 

func (akr *AccountKeyRequest) Prerequisites() []*Ref

Prerequisites returns references to this account-key-request's prerequisite assertions.

func (*AccountKeyRequest) PublicKeyID 

func (akr *AccountKeyRequest) PublicKeyID() string

PublicKeyID returns the underlying public key ID of the requested account key.

func (*AccountKeyRequest) Ref 

func (ab *AccountKeyRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKeyRequest) Revision 

func (ab *AccountKeyRequest) Revision() int

Revision returns the assertion revision.

func (*AccountKeyRequest) SignKeyID 

func (ab *AccountKeyRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKeyRequest) Signature 

func (ab *AccountKeyRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKeyRequest) Since 

func (akr *AccountKeyRequest) Since() time.Time

Since returns the time when the requested account key starts being valid.

func (*AccountKeyRequest) SupportedFormat 

func (ab *AccountKeyRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKeyRequest) Type 

func (ab *AccountKeyRequest) Type() *AssertionType

Type returns the assertion type.

func (*AccountKeyRequest) Until 

func (akr *AccountKeyRequest) Until() time.Time

Until returns the time when the requested account key stops being valid. A zero time means the key is valid forever.

type Assertion 

type Assertion interface {
	// Type returns the type of this assertion
	Type() *AssertionType
	// Format returns the format iteration of this assertion
	Format() int
	// SupportedFormat returns whether the assertion uses a supported
	// format iteration. If false the assertion might have been only
	// partially parsed.
	SupportedFormat() bool
	// Revision returns the revision of this assertion
	Revision() int
	// AuthorityID returns the authority that signed this assertion
	AuthorityID() string

	// Header retrieves the header with name
	Header(name string) interface{}

	// Headers returns the complete headers
	Headers() map[string]interface{}

	// HeaderString retrieves the string value of header with name or ""
	HeaderString(name string) string

	// Body returns the body of this assertion
	Body() []byte

	// Signature returns the signed content and its unprocessed signature
	Signature() (content, signature []byte)

	// SignKeyID returns the key id for the key that signed this assertion.
	SignKeyID() string

	// Prerequisites returns references to the prerequisite assertions for the validity of this one.
	Prerequisites() []*Ref

	// Ref returns a reference representing this assertion.
	Ref() *Ref

	// At returns an AtRevision referencing this assertion at its revision.
	At() *AtRevision
}

Assertion represents an assertion through its general elements.

func Assemble 

func Assemble(headers map[string]interface{}, body, content, signature []byte) (Assertion, error)

Assemble assembles an assertion from its components.

func Decode 

func Decode(serializedAssertion []byte) (Assertion, error)

Decode parses a serialized assertion.

The expected serialisation format looks like: 

HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE

where: 

HEADER is a set of header entries separated by "\n"
BODY can be arbitrary text,
SIGNATURE is the signature

Both BODY and HEADER must be UTF8.

A header entry for a single line value (no '\n' in it) looks like: 

NAME ": " SIMPLEVALUE

The format supports multiline text values (with '\n's in them) and lists or maps, possibly nested, with string scalars in them.

For those a header entry looks like: 

NAME ":\n" MULTI(baseindent)

where MULTI can be

* (baseindent + 4)-space indented value (multiline text)

* entries of a list each of the form: 

" "*baseindent "  -"  ( " " SIMPLEVALUE | "\n" MULTI )

* entries of map each of the form: 

" "*baseindent "  " NAME ":"  ( " " SIMPLEVALUE | "\n" MULTI )

baseindent starts at 0 and then grows with nesting matching the previous level introduction (e.g. the " "*baseindent " -" bit) length minus 1.

In general the following headers are mandatory: 

type
authority-id (except for on the wire/self-signed assertions like serial-request)

Further for a given assertion type all the primary key headers must be non empty and must not contain '/'.

The following headers expect string representing integer values and if omitted otherwise are assumed to be 0: 

revision (a positive int)
body-length (expected to be equal to the length of BODY)
format (a positive int for the format iteration of the type used)

Times are expected to be in the RFC3339 format: "2006-01-02T15:04:05Z07:00".

func SignWithoutAuthority 

func SignWithoutAuthority(assertType *AssertionType, headers map[string]interface{}, body []byte, privKey PrivateKey) (Assertion, error)

SignWithoutAuthority assembles an assertion without a set authority with the provided information and signs it with the given private key.

type AssertionType 

type AssertionType struct {
	// Name of the type.
	Name string
	// PrimaryKey holds the names of the headers that constitute the
	// unique primary key for this assertion type.
	PrimaryKey []string
	// contains filtered or unexported fields
}

AssertionType describes a known assertion type with its name and metadata.

func Type 

func Type(name string) *AssertionType

Type returns the AssertionType with name or nil

func (*AssertionType) MaxSupportedFormat 

func (at *AssertionType) MaxSupportedFormat() int

MaxSupportedFormat returns the maximum supported format iteration for the type.

func (*AssertionType) SequenceForming 

func (at *AssertionType) SequenceForming() bool

SequencingForming returns true if the assertion type has a positive integer >= 1 as the last component (preferably called "sequence") of its primary key over which the assertions of the type form sequences, usually without gaps, one sequence per sequence key (the primary key prefix omitting the sequence number). See SequenceMember.

type AtRevision 

type AtRevision struct {
	Ref
	Revision int
}

AtRevision represents an assertion at a given revision, possibly not known (RevisionNotKnown).

func (*AtRevision) String 

func (at *AtRevision) String() string

type AtSequence 

type AtSequence struct {
	Type        *AssertionType
	SequenceKey []string
	Sequence    int
	Pinned      bool
	Revision    int
}

AtSequence references a sequence forming assertion at a given sequence point, possibly <=0 (meaning not specified) and revision, possibly not known (RevisionNotKnown). Setting Pinned = true means pinning at the given sequence point (which must be set, i.e. > 0). Pinned sequence forming assertion will be updated to the latest revision at the specified sequence point.

func (*AtSequence) Resolve 

func (at *AtSequence) Resolve(find func(assertType *AssertionType, headers map[string]string) (Assertion, error)) (Assertion, error)

Resolve resolves the sequence with known sequence number using the given find function.

func (*AtSequence) String 

func (at *AtSequence) String() string

func (*AtSequence) Unique 

func (at *AtSequence) Unique() string

Unique returns a unique string representing the sequence by its sequence key that can be used as a key in maps.

type AttrMatchContext 

type AttrMatchContext interface {
	PlugAttr(arg string) (interface{}, error)
	SlotAttr(arg string) (interface{}, error)
}

AttrMatchContext has contextual helpers for evaluating attribute constraints.

type Attrer 

type Attrer interface {
	Lookup(path string) (interface{}, bool)
}

Attrer reflects part of the Attrer interface (see interfaces.Attrer).

type AttributeConstraints 

type AttributeConstraints struct {
	// contains filtered or unexported fields
}

AttributeConstraints implements a set of constraints on the attributes of a slot or plug.

func (*AttributeConstraints) Check 

func (c *AttributeConstraints) Check(attrer Attrer, ctx AttrMatchContext) error

Check checks whether attrs don't match the constraints.

type Backstore 

type Backstore interface {
	// Put stores an assertion.
	// It is responsible for checking that assert is newer than a
	// previously stored revision with the same primary key headers.
	Put(assertType *AssertionType, assert Assertion) error
	// Get returns the assertion with the given unique key for its
	// primary key headers.  If none is present it returns a
	// NotFoundError, usually with omitted Headers.
	Get(assertType *AssertionType, key []string, maxFormat int) (Assertion, error)
	// Search returns assertions matching the given headers.
	// It invokes foundCb for each found assertion.
	Search(assertType *AssertionType, headers map[string]string, foundCb func(Assertion), maxFormat int) error
	// SequenceMemberAfter returns for a sequence-forming assertType the
	// first assertion in the sequence under the given sequenceKey
	// with sequence number larger than after. If after==-1 it
	// returns the assertion with largest sequence number. If none
	// exists it returns a NotFoundError, usually with omitted
	// Headers. If assertType is not sequence-forming it can
	// panic.
	SequenceMemberAfter(assertType *AssertionType, sequenceKey []string, after, maxFormat int) (SequenceMember, error)
}

A Backstore stores assertions. It can store and retrieve assertions by type under unique primary key headers (whose names are available from assertType.PrimaryKey). Plus it supports searching by headers. Lookups can be limited to a maximum allowed format.

func NewMemoryBackstore 

func NewMemoryBackstore() Backstore

NewMemoryBackstore creates a memory backed assertions backstore.

func OpenFSBackstore 

func OpenFSBackstore(path string) (Backstore, error)

OpenFSBackstore opens a filesystem backed assertions backstore under path.

type BaseDeclaration 

type BaseDeclaration struct {
	// contains filtered or unexported fields
}

BaseDeclaration holds a base-declaration assertion, declaring the policies (to start with interface ones) applying to all snaps of a series.

func BuiltinBaseDeclaration 

func BuiltinBaseDeclaration() *BaseDeclaration

BuiltinBaseDeclaration exposes the initialized builtin base-declaration assertion. This is used by overlord/assertstate, other code should use assertstate.BaseDeclaration.

func (*BaseDeclaration) At 

func (ab *BaseDeclaration) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*BaseDeclaration) AuthorityID 

func (ab *BaseDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*BaseDeclaration) Body 

func (ab *BaseDeclaration) Body() []byte

Body returns the body of the assertion.

func (*BaseDeclaration) Format 

func (ab *BaseDeclaration) Format() int

Format returns the assertion format iteration.

func (*BaseDeclaration) Header 

func (ab *BaseDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*BaseDeclaration) HeaderString 

func (ab *BaseDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*BaseDeclaration) Headers 

func (ab *BaseDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*BaseDeclaration) PlugRule 

func (basedcl *BaseDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) Prerequisites 

func (ab *BaseDeclaration) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*BaseDeclaration) Ref 

func (ab *BaseDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*BaseDeclaration) Revision 

func (ab *BaseDeclaration) Revision() int

Revision returns the assertion revision.

func (*BaseDeclaration) Series 

func (basedcl *BaseDeclaration) Series() string

Series returns the series whose snaps are governed by the declaration.

func (*BaseDeclaration) SignKeyID 

func (ab *BaseDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*BaseDeclaration) Signature 

func (ab *BaseDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*BaseDeclaration) SlotRule 

func (basedcl *BaseDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) SupportedFormat 

func (ab *BaseDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*BaseDeclaration) Timestamp 

func (basedcl *BaseDeclaration) Timestamp() time.Time

Timestamp returns the time when the base-declaration was issued.

func (*BaseDeclaration) Type 

func (ab *BaseDeclaration) Type() *AssertionType

Type returns the assertion type.

type Batch 

type Batch struct {
	// contains filtered or unexported fields
}

Batch allows to accumulate a set of assertions possibly out of prerequisite order and then add them in one go to an assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func NewBatch 

func NewBatch(unsupported func(u *Ref, err error) error) *Batch

NewBatch creates a new Batch to accumulate assertions to add in one go to an assertion database. unsupported can be used to ignore/log assertions with unsupported formats, default behavior is to error on them.

func (*Batch) Add 

func (b *Batch) Add(a Assertion) error

Add one assertion to the batch.

func (*Batch) AddStream 

func (b *Batch) AddStream(r io.Reader) ([]*Ref, error)

AddStream adds a stream of assertions to the batch. Returns references to the assertions effectively added.

func (*Batch) CommitTo 

func (b *Batch) CommitTo(db *Database, opts *CommitOptions) error

CommitTo adds the batch of assertions to the given assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func (*Batch) CommitToAndObserve 

func (b *Batch) CommitToAndObserve(db *Database, observe func(Assertion), opts *CommitOptions) error

CommitToAndObserve adds the batch of assertions to the given assertion database while invoking observe for each one after they are added. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option. For convenience observe can be nil in which case is ignored.

func (*Batch) Fetch 

func (b *Batch) Fetch(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), fetching func(Fetcher) error) error

Fetch adds to the batch by invoking fetching to drive an internal Fetcher that was built with trustedDB and retrieve.

type Checker 

type Checker func(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTimeEarliest, checkTimeLatest time.Time) error

A Checker defines a check on an assertion considering aspects such as the signing key, and consistency with other assertions in the database.

type CommitOptions 

type CommitOptions struct {
	// Precheck indicates whether to do a full consistency check
	// before starting adding the batch.
	Precheck bool
}

type Database 

type Database struct {
	// contains filtered or unexported fields
}

Database holds assertions and can be used to sign or check further assertions.

func OpenDatabase 

func OpenDatabase(cfg *DatabaseConfig) (*Database, error)

OpenDatabase opens the assertion database based on the configuration.

func (*Database) Add 

func (db *Database) Add(assert Assertion) error

Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.

func (*Database) Check 

func (db *Database) Check(assert Assertion) error

Check tests whether the assertion is properly signed and consistent with all the stored knowledge.

func (*Database) Find 

func (db *Database) Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)

Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindMany 

func (db *Database) FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindMany finds assertions based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindManyPredefined 

func (db *Database) FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindManyPrefined finds assertions in the predefined sets (trusted or not) based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindMaxFormat 

func (db *Database) FindMaxFormat(assertionType *AssertionType, headers map[string]string, maxFormat int) (Assertion, error)

FindMaxFormat finds an assertion like Find but such that its format is <= maxFormat by passing maxFormat along to the backend. It returns a NotFoundError if such an assertion cannot be found.

func (*Database) FindPredefined 

func (db *Database) FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindPredefined finds an assertion in the predefined sets (trusted or not) based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindSequence 

func (db *Database) FindSequence(assertType *AssertionType, sequenceHeaders map[string]string, after, maxFormat int) (SequenceMember, error)

FindSequence finds an assertion for the given headers and after for a sequence-forming type. The provided headers must contain a sequence key, i.e. a prefix of the primary key for the assertion type except for the sequence number header. The assertion is the first in the sequence under the sequence key with sequence number > after. If after is -1 it returns instead the assertion with the largest sequence number. It will constraint itself to assertions with format <= maxFormat unless maxFormat is -1. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindTrusted 

func (db *Database) FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindTrusted finds an assertion in the trusted set based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) ImportKey 

func (db *Database) ImportKey(privKey PrivateKey) error

ImportKey stores the given private/public key pair.

func (*Database) IsTrustedAccount 

func (db *Database) IsTrustedAccount(accountID string) bool

IsTrustedAccount returns whether the account is part of the trusted set.

func (*Database) PublicKey 

func (db *Database) PublicKey(keyID string) (PublicKey, error)

PublicKey returns the public key part of the key pair that has the given key id.

func (*Database) SetEarliestTime 

func (db *Database) SetEarliestTime(earliest time.Time)

SetEarliestTime affects how key expiration is checked. Instead of considering current system time, only assume that current time is >= earliest. If earliest is zero reset to considering current system time.

func (*Database) Sign 

func (db *Database) Sign(assertType *AssertionType, headers map[string]interface{}, body []byte, keyID string) (Assertion, error)

Sign assembles an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided key id.

func (*Database) WithStackedBackstore 

func (db *Database) WithStackedBackstore(backstore Backstore) *Database

WithStackedBackstore returns a new database that adds to the given backstore only but finds in backstore and the base database backstores and cross-checks against all of them. This is useful to cross-check a set of assertions without adding them to the database.

type DatabaseConfig 

type DatabaseConfig struct {
	// trusted set of assertions (account and account-key supported),
	// used to establish root keys and trusted authorities
	Trusted []Assertion
	// predefined assertions but that do not establish foundational trust
	OtherPredefined []Assertion
	// backstore for assertions, left unset storing assertions will error
	Backstore Backstore
	// manager/backstore for keypairs, defaults to in-memory implementation
	KeypairManager KeypairManager
	// assertion checkers used by Database.Check, left unset DefaultCheckers will be used which is recommended
	Checkers []Checker
}

DatabaseConfig for an assertion database.

type Decoder 

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder parses a stream of assertions bundled by separating them with double newlines.

func NewDecoder 

func NewDecoder(r io.Reader) *Decoder

NewDecoder returns a Decoder to parse the stream of assertions from the reader.

func NewDecoderWithTypeMaxBodySize 

func NewDecoderWithTypeMaxBodySize(r io.Reader, typeMaxBodySize map[*AssertionType]int) *Decoder

NewDecoderWithTypeMaxBodySize returns a Decoder to parse the stream of assertions from the reader enforcing optional per type max body sizes or the default one as fallback.

func (*Decoder) Decode 

func (d *Decoder) Decode() (Assertion, error)

Decode parses the next assertion from the stream. It returns the error io.EOF at the end of a well-formed stream.

type DeviceScopeConstraint 

type DeviceScopeConstraint struct {
	Store []string
	Brand []string
	// Model is a list of precise "<brand>/<model>" constraints
	Model []string
}

DeviceScopeConstraint specifies a constraints based on which brand store, brand or model the device belongs to.

type DeviceSessionRequest 

type DeviceSessionRequest struct {
	// contains filtered or unexported fields
}

DeviceSessionRequest holds a device-session-request assertion, which is a request wrapping a store-provided nonce to start a session by a device signed with its key.

func (*DeviceSessionRequest) At 

func (ab *DeviceSessionRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*DeviceSessionRequest) AuthorityID 

func (ab *DeviceSessionRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*DeviceSessionRequest) Body 

func (ab *DeviceSessionRequest) Body() []byte

Body returns the body of the assertion.

func (*DeviceSessionRequest) BrandID 

func (req *DeviceSessionRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*DeviceSessionRequest) Format 

func (ab *DeviceSessionRequest) Format() int

Format returns the assertion format iteration.

func (*DeviceSessionRequest) Header 

func (ab *DeviceSessionRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*DeviceSessionRequest) HeaderString 

func (ab *DeviceSessionRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*DeviceSessionRequest) Headers 

func (ab *DeviceSessionRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*DeviceSessionRequest) Model 

func (req *DeviceSessionRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*DeviceSessionRequest) Nonce 

func (req *DeviceSessionRequest) Nonce() string

Nonce returns the nonce obtained from store and to be presented when requesting a device session.

func (*DeviceSessionRequest) Prerequisites 

func (ab *DeviceSessionRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*DeviceSessionRequest) Ref 

func (ab *DeviceSessionRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*DeviceSessionRequest) Revision 

func (ab *DeviceSessionRequest) Revision() int

Revision returns the assertion revision.

func (*DeviceSessionRequest) Serial 

func (req *DeviceSessionRequest) Serial() string

Serial returns the serial identifier of the device making the request, together with brand id and model it forms the unique identifier of the device.

func (*DeviceSessionRequest) SignKeyID 

func (ab *DeviceSessionRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*DeviceSessionRequest) Signature 

func (ab *DeviceSessionRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*DeviceSessionRequest) SupportedFormat 

func (ab *DeviceSessionRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*DeviceSessionRequest) Timestamp 

func (req *DeviceSessionRequest) Timestamp() time.Time

Timestamp returns the time when the device-session-request was created.

func (*DeviceSessionRequest) Type 

func (ab *DeviceSessionRequest) Type() *AssertionType

Type returns the assertion type.

type Encoder 

type Encoder struct {
	// contains filtered or unexported fields
}

Encoder emits a stream of assertions bundled by separating them with double newlines.

func NewEncoder 

func NewEncoder(w io.Writer) *Encoder

NewEncoder returns a Encoder to emit a stream of assertions to a writer.

func (*Encoder) Encode 

func (enc *Encoder) Encode(assert Assertion) error

Encode emits the assertion into the stream with the required separator. Errors here are always about writing given that Encode() itself cannot error.

func (*Encoder) WriteContentSignature 

func (enc *Encoder) WriteContentSignature(content, signature []byte) error

WriteContentSignature writes the content and signature of an assertion into the stream with all the required separators.

func (*Encoder) WriteEncoded 

func (enc *Encoder) WriteEncoded(encoded []byte) error

WriteEncoded writes the encoded assertion into the stream with the required separator.

type ExternalKeyInfo 

type ExternalKeyInfo struct {
	Name string
	ID   string
}

type ExternalKeypairManager 

type ExternalKeypairManager struct {
	// contains filtered or unexported fields
}

ExternalKeypairManager is key pair manager implemented via an external program interface. TODO: points to interface docs

func NewExternalKeypairManager 

func NewExternalKeypairManager(keyMgrPath string) (*ExternalKeypairManager, error)

NewExternalKeypairManager creates a new ExternalKeypairManager using the program at keyMgrPath.

func (*ExternalKeypairManager) Delete 

func (em *ExternalKeypairManager) Delete(keyName string) error

func (*ExternalKeypairManager) Export 

func (em *ExternalKeypairManager) Export(keyName string) ([]byte, error)

func (*ExternalKeypairManager) Generate 

func (em *ExternalKeypairManager) Generate(keyName string) error

func (*ExternalKeypairManager) Get 

func (em *ExternalKeypairManager) Get(keyID string) (PrivateKey, error)

func (*ExternalKeypairManager) GetByName 

func (em *ExternalKeypairManager) GetByName(keyName string) (PrivateKey, error)

func (*ExternalKeypairManager) List 

func (em *ExternalKeypairManager) List() ([]ExternalKeyInfo, error)

func (*ExternalKeypairManager) Put 

func (em *ExternalKeypairManager) Put(privKey PrivateKey) error

type ExternalUnsupportedOpError 

type ExternalUnsupportedOpError struct {
	// contains filtered or unexported fields
}

ExternalUnsupportedOpError represents the error situation of operations that are not supported/mediated via ExternalKeypairManager.

func (*ExternalUnsupportedOpError) Error 

func (euoe *ExternalUnsupportedOpError) Error() string

type Fetcher 

type Fetcher interface {
	// Fetch retrieves the assertion indicated by ref then its prerequisites
	// recursively, along the way saving prerequisites before dependent assertions.
	Fetch(*Ref) error
	// Save retrieves the prerequisites of the assertion recursively,
	// along the way saving them, and finally saves the assertion.
	Save(Assertion) error
}

A Fetcher helps fetching assertions and their prerequisites.

func NewFetcher 

func NewFetcher(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), save func(Assertion) error) Fetcher

NewFetcher creates a Fetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve, and then will pass them to save, saving prerequisites before dependent assertions.

type GPGKeypairManager 

type GPGKeypairManager struct{}

A key pair manager backed by a local GnuPG setup.

func NewGPGKeypairManager 

func NewGPGKeypairManager() *GPGKeypairManager

NewGPGKeypairManager creates a new key pair manager backed by a local GnuPG setup. Importing keys through the keypair manager interface is not suppored. Main purpose is allowing signing using keys from a GPG setup.

func (*GPGKeypairManager) Delete 

func (gkm *GPGKeypairManager) Delete(name string) error

Delete removes the named key pair from GnuPG's storage.

func (*GPGKeypairManager) Export 

func (gkm *GPGKeypairManager) Export(name string) ([]byte, error)

Export returns the encoded text of the named public key.

func (*GPGKeypairManager) Generate 

func (gkm *GPGKeypairManager) Generate(passphrase string, name string) error

Generate creates a new key with the given passphrase and name.

func (*GPGKeypairManager) Get 

func (gkm *GPGKeypairManager) Get(keyID string) (PrivateKey, error)

func (*GPGKeypairManager) GetByName 

func (gkm *GPGKeypairManager) GetByName(name string) (PrivateKey, error)

GetByName looks up a private key by name and returns it.

func (*GPGKeypairManager) List 

func (gkm *GPGKeypairManager) List() (res []ExternalKeyInfo, err error)

func (*GPGKeypairManager) Put 

func (gkm *GPGKeypairManager) Put(privKey PrivateKey) error

func (*GPGKeypairManager) Walk 

func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint string, uid string) error) error

Walk iterates over all the RSA private keys in the local GPG setup calling the provided callback until this returns an error

type Grouping 

type Grouping string

A Grouping identifies opaquely a grouping of assertions. Pool uses it to label the intersection between a set of groups.

type KeypairManager 

type KeypairManager interface {
	// Put stores the given private/public key pair,
	// making sure it can be later retrieved by its unique key id with Get.
	// Trying to store a key with an already present key id should
	// result in an error.
	Put(privKey PrivateKey) error
	// Get returns the private/public key pair with the given key id.
	Get(keyID string) (PrivateKey, error)
}

A KeypairManager is a manager and backstore for private/public key pairs.

func NewMemoryKeypairManager 

func NewMemoryKeypairManager() KeypairManager

NewMemoryKeypairManager creates a new key pair manager with a memory backstore.

func OpenFSKeypairManager 

func OpenFSKeypairManager(path string) (KeypairManager, error)

OpenFSKeypairManager opens a filesystem backed assertions backstore under path.

type Model 

type Model struct {
	// contains filtered or unexported fields
}

Model holds a model assertion, which is a statement by a brand about the properties of a device model.

func (*Model) Architecture 

func (mod *Model) Architecture() string

Architecture returns the architecture the model is based on.

func (*Model) At 

func (ab *Model) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Model) AuthorityID 

func (ab *Model) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Model) Base 

func (mod *Model) Base() string

Base returns the base snap the model uses.

func (*Model) BaseSnap 

func (mod *Model) BaseSnap() *ModelSnap

BaseSnap returns the details of the base snap the model uses.

func (*Model) Body 

func (ab *Model) Body() []byte

Body returns the body of the assertion.

func (*Model) BrandID 

func (mod *Model) BrandID() string

BrandID returns the brand identifier. Same as the authority id.

func (*Model) Classic 

func (mod *Model) Classic() bool

Classic returns whether the model is a classic system.

func (*Model) DisplayName 

func (mod *Model) DisplayName() string

DisplayName returns the human-friendly name of the model or falls back to Model if this was not set.

func (*Model) EssentialSnaps 

func (mod *Model) EssentialSnaps() []*ModelSnap

EssentialSnaps returns all essential snaps explicitly mentioned by the model. They are always returned according to this order with some skipped if not mentioned: snapd, kernel, boot base, gadget.

func (*Model) Format 

func (ab *Model) Format() int

Format returns the assertion format iteration.

func (*Model) Gadget 

func (mod *Model) Gadget() string

Gadget returns the gadget snap the model uses.

func (*Model) GadgetSnap 

func (mod *Model) GadgetSnap() *ModelSnap

GadgetSnap returns the details of the gadget snap the model uses.

func (*Model) GadgetTrack 

func (mod *Model) GadgetTrack() string

GadgetTrack returns the gadget track the model uses. XXX this should go away

func (*Model) Grade 

func (mod *Model) Grade() ModelGrade

Grade returns the stability grade of the model. Will be ModelGradeUnset for Core 16/18 models.

func (*Model) Header 

func (ab *Model) Header(name string) interface{}

Header returns the value of an header by name.

func (*Model) HeaderString 

func (ab *Model) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Model) Headers 

func (ab *Model) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Model) Kernel 

func (mod *Model) Kernel() string

Kernel returns the kernel snap the model uses. XXX this should go away

func (*Model) KernelSnap 

func (mod *Model) KernelSnap() *ModelSnap

KernelSnap returns the details of the kernel snap the model uses.

func (*Model) KernelTrack 

func (mod *Model) KernelTrack() string

KernelTrack returns the kernel track the model uses. XXX this should go away

func (*Model) Model 

func (mod *Model) Model() string

Model returns the model name identifier.

func (*Model) Prerequisites 

func (ab *Model) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Model) Ref 

func (ab *Model) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Model) RequiredNoEssentialSnaps 

func (mod *Model) RequiredNoEssentialSnaps() []naming.SnapRef

RequiredNoEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, excluding the essential snaps (gadget, kernel, boot base, snapd).

func (*Model) RequiredWithEssentialSnaps 

func (mod *Model) RequiredWithEssentialSnaps() []naming.SnapRef

RequiredWithEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, including any essential snaps (gadget, kernel, boot base, snapd).

func (*Model) Revision 

func (ab *Model) Revision() int

Revision returns the assertion revision.

func (*Model) SerialAuthority 

func (mod *Model) SerialAuthority() []string

SerialAuthority returns the authority ids that are accepted as signers for serial assertions for this model. It always includes the brand of the model.

func (*Model) Series 

func (mod *Model) Series() string

Series returns the series of the core software the model uses.

func (*Model) SignKeyID 

func (ab *Model) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Model) Signature 

func (ab *Model) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Model) SnapsWithoutEssential 

func (mod *Model) SnapsWithoutEssential() []*ModelSnap

SnapsWithoutEssential returns all the snaps listed by the model without any of the essential snaps (as returned by EssentialSnaps). They are returned in the order of mention by the model.

func (*Model) StorageSafety 

func (mod *Model) StorageSafety() StorageSafety

StorageSafety returns the storage safety for the model. Will be StorageSafetyUnset for Core 16/18 models.

func (*Model) Store 

func (mod *Model) Store() string

Store returns the snap store the model uses.

func (*Model) SupportedFormat 

func (ab *Model) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Model) SystemUserAuthority 

func (mod *Model) SystemUserAuthority() []string

SystemUserAuthority returns the authority ids that are accepted as signers of system-user assertions for this model. Empty list means any, otherwise it always includes the brand of the model.

func (*Model) Timestamp 

func (mod *Model) Timestamp() time.Time

Timestamp returns the time when the model assertion was issued.

func (*Model) Type 

func (ab *Model) Type() *AssertionType

Type returns the assertion type.

type ModelGrade 

type ModelGrade string

ModelGrade characterizes the security of the model which then controls related policy. 

const (
	ModelGradeUnset ModelGrade = "unset"
	// ModelSecured implies mandatory full disk encryption and secure boot.
	ModelSecured ModelGrade = "secured"
	// ModelSigned implies all seed snaps are signed and mentioned
	// in the model, i.e. no unasserted or extra snaps.
	ModelSigned ModelGrade = "signed"
	// ModelDangerous allows unasserted snaps and extra snaps.
	ModelDangerous ModelGrade = "dangerous"
)

func (ModelGrade) Code 

func (mg ModelGrade) Code() uint32

Code returns a bit representation of the grade, for example for measuring it in a full disk encryption implementation.

type ModelSnap 

type ModelSnap struct {
	Name   string
	SnapID string
	// SnapType is one of: app|base|gadget|kernel|core, default is app
	SnapType string
	// Modes in which the snap must be made available
	Modes []string
	// DefaultChannel is the initial tracking channel,
	// default is latest/stable in an extended model
	DefaultChannel string
	// PinnedTrack is a pinned track for the snap, if set DefaultChannel
	// cannot be set at the same time (Core 18 models feature)
	PinnedTrack string
	// Presence is one of: required|optional
	Presence string
}

ModelSnap holds the details about a snap specified by a model assertion.

func (*ModelSnap) ID 

func (s *ModelSnap) ID() string

ID implements naming.SnapRef.

func (*ModelSnap) SnapName 

func (s *ModelSnap) SnapName() string

SnapName implements naming.SnapRef.

type NameConstraints 

type NameConstraints struct {
	// contains filtered or unexported fields
}

NameConstraints implements a set of constraints on the names of slots or plugs. See https://forum.snapcraft.io/t/plug-slot-rules-plug-names-slot-names-constraints/12439

func (*NameConstraints) Check 

func (nc *NameConstraints) Check(whichName, name string, special map[string]string) error

Check checks whether name doesn't match the constraints.

type NotFoundError 

type NotFoundError struct {
	Type    *AssertionType
	Headers map[string]string
}

NotFoundError is returned when an assertion can not be found.

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

type OnClassicConstraint 

type OnClassicConstraint struct {
	Classic   bool
	SystemIDs []string
}

OnClassicConstraint specifies a constraint based whether the system is classic and optional specific distros' sets.

type PlugConnectionConstraints 

type PlugConnectionConstraints struct {
	SlotSnapTypes    []string
	SlotSnapIDs      []string
	SlotPublisherIDs []string

	PlugNames *NameConstraints
	SlotNames *NameConstraints

	PlugAttributes *AttributeConstraints
	SlotAttributes *AttributeConstraints

	// SlotsPerPlug defaults to 1 for auto-connection, can be * (any)
	SlotsPerPlug SideArityConstraint
	// PlugsPerSlot is always * (any) (for now)
	PlugsPerSlot SideArityConstraint

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

PlugConnectionConstraints specfies a set of constraints on an interface plug for a snap relevant to its connection or auto-connection.

type PlugInstallationConstraints 

type PlugInstallationConstraints struct {
	PlugSnapTypes []string

	PlugNames *NameConstraints

	PlugAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

PlugInstallationConstraints specifies a set of constraints on an interface plug relevant to the installation of snap.

type PlugRule 

type PlugRule struct {
	Interface string

	AllowInstallation []*PlugInstallationConstraints
	DenyInstallation  []*PlugInstallationConstraints

	AllowConnection []*PlugConnectionConstraints
	DenyConnection  []*PlugConnectionConstraints

	AllowAutoConnection []*PlugConnectionConstraints
	DenyAutoConnection  []*PlugConnectionConstraints
}

PlugRule holds the rule of what is allowed, wrt installation and connection, for a plug of a specific interface for a snap.

type Pool 

type Pool struct {
	// contains filtered or unexported fields
}

A pool helps holding and tracking a set of assertions and their prerequisites as they need to be updated or resolved. The assertions can be organized in groups. Failure can be tracked isolated to groups, conversely any error related to a single group alone will stop any work to resolve it. Independent assertions should not be grouped. Assertions and prerequisites that are part of more than one group are tracked properly only once.

Typical usage involves specifying the initial assertions needing to be resolved or updated using AddUnresolved and AddToUpdate. AddUnresolvedSequence and AddSequenceToUpdate exist parallel to AddUnresolved/AddToUpdate to handle sequence-forming assertions, which cannot be used with the latter. At this point ToResolve can be called to get them organized in groupings ready for fetching. Fetched assertions can then be provided with Add or AddBatch. Because these can have prerequisites calling ToResolve and fetching needs to be repeated until ToResolve's result is empty. Between any two ToResolve invocations but after any Add or AddBatch AddUnresolved/AddToUpdate can also be used again. 

              V
              |
/-> AddUnresolved, AddToUpdate
|             |
|             V
|------> ToResolve -> empty? done
|             |
|             V
\ __________ Add

If errors prevent from fulfilling assertions from a ToResolve, AddError and AddGroupingError can be used to report the errors so that they can be associated with groups.

All the resolved assertions in a Pool from groups not in error can be committed to a destination database with CommitTo.

func NewPool 

func NewPool(groundDB RODatabase, n int) *Pool

NewPool creates a new Pool, groundDB is used to resolve trusted and predefined assertions and to provide the current revision for assertions to update and their prerequisites. Up to n groups can be used to organize the assertions.

func (*Pool) Add 

func (p *Pool) Add(a Assertion, grouping Grouping) (ok bool, err error)

Add adds the given assertion associated with the given grouping to the Pool as resolved in all the groups requiring it. Any not already resolved prerequisites of the assertion will be implicitly added as unresolved and required by all of those groups. The grouping will usually have been associated with the assertion in a ToResolve's result. Otherwise the union of all groups requiring the assertion plus the groups in grouping will be considered. The latter is mostly relevant in scenarios where the server is pushing assertions. If an error is returned it refers to an immediate or local error. Errors related to the assertions are associated with the relevant groups and can be retrieved with Err, in which case ok is set to false.

func (*Pool) AddBatch 

func (p *Pool) AddBatch(b *Batch, grouping Grouping) (ok bool, err error)

AddBatch adds all the assertions in the Batch to the Pool, associated with the given grouping and as resolved in all the groups requiring them. It is equivalent to using Add on each of them. If an error is returned it refers to an immediate or local error. Errors related to the assertions are associated with the relevant groups and can be retrieved with Err, in which case ok set to false.

func (*Pool) AddError 

func (p *Pool) AddError(e error, ref *Ref) error

AddError associates error e with the unresolved assertion. The error will be propagated to all the affected groups at the next ToResolve.

func (*Pool) AddGroupingError 

func (p *Pool) AddGroupingError(e error, grouping Grouping) error

AddGroupingError puts all the groups of grouping in error, with error e.

func (*Pool) AddSequenceError 

func (p *Pool) AddSequenceError(e error, atSeq *AtSequence) error

AddSequenceError associates error e with the unresolved sequence-forming assertion. The error will be propagated to all the affected groups at the next ToResolve.

func (*Pool) AddSequenceToUpdate 

func (p *Pool) AddSequenceToUpdate(toUpdate *AtSequence, group string) error

AddSequenceToUpdate adds the assertion referenced by toUpdate and all its prerequisites to the Pool as unresolved and as required by the given group. It is assumed that the assertion is currently in the ground database of the Pool, otherwise this will error. The current revisions of the assertion and its prerequisites will be recorded and only higher revisions will then resolve them, otherwise if ultimately unresolved they will be assumed to still be at their current ones. If toUpdate is pinned, then it will be resolved to the highest revision with same sequence point (toUpdate.Sequence).

func (*Pool) AddToUpdate 

func (p *Pool) AddToUpdate(toUpdate *Ref, group string) error

AddToUpdate adds the assertion referenced by toUpdate and all its prerequisites to the Pool as unresolved and as required by the given group. It is assumed that the assertion is currently in the ground database of the Pool, otherwise this will error. The current revisions of the assertion and its prerequisites will be recorded and only higher revisions will then resolve them, otherwise if ultimately unresolved they will be assumed to still be at their current ones.

func (*Pool) AddUnresolved 

func (p *Pool) AddUnresolved(unresolved *AtRevision, group string) error

AddUnresolved adds the assertion referenced by unresolved AtRevision to the Pool as unresolved and as required by the given group. Usually unresolved.Revision will have been set to RevisionNotKnown.

func (*Pool) AddUnresolvedSequence 

func (p *Pool) AddUnresolvedSequence(unresolved *AtSequence, group string) error

AddUnresolvedSequence adds the assertion referenced by unresolved AtSequence to the Pool as unresolved and as required by the given group. Usually unresolved.Revision will have been set to RevisionNotKnown. Given sequence can only be added once to the Pool.

func (*Pool) Backstore 

func (p *Pool) Backstore() Backstore

Backstore returns the memory backstore of this pool.

func (*Pool) ClearGroups 

func (p *Pool) ClearGroups() error

ClearGroups clears the pool in terms of information associated with groups while preserving information about already resolved or unchanged assertions. It is useful for reusing a pool once the maximum of usable groups that was set with NewPool has been exhausted. Group errors must be queried before calling it otherwise they are lost. It is an error to call it when there are still pending unresolved assertions in the pool.

func (*Pool) CommitTo 

func (p *Pool) CommitTo(db *Database) error

CommitTo adds the assertions from groups without errors to the given assertion database. Commit errors can be retrieved via Err per group. An error is returned directly only if CommitTo is called with possible pending unresolved assertions.

func (*Pool) Err 

func (p *Pool) Err(group string) error

Err returns the error for group if group is in error, nil otherwise.

func (*Pool) Errors 

func (p *Pool) Errors() map[string]error

Errors returns a mapping of groups in error to their errors.

func (*Pool) Singleton 

func (p *Pool) Singleton(group string) (Grouping, error)

Singleton returns a grouping containing only the given group. It is useful mainly for tests and to drive Add are AddBatch when the server is pushing assertions (instead of the usual pull scenario).

func (*Pool) ToResolve 

func (p *Pool) ToResolve() (map[Grouping][]*AtRevision, map[Grouping][]*AtSequence, error)

ToResolve returns all the currently unresolved assertions in the Pool, organized in opaque groupings based on which set of groups requires each of them. At the next ToResolve any unresolved assertion with not known revision that was not added via Add or AddBatch will result in all groups requiring it being in error with ErrUnresolved. Conversely, the remaining unresolved assertions originally added via AddToUpdate will be assumed to still be at their current revisions.

type Presence 

type Presence string

Presence represents a presence constraint. 

const (
	PresenceRequired Presence = "required"
	PresenceOptional Presence = "optional"
	PresenceInvalid  Presence = "invalid"
)

type PrivateKey 

type PrivateKey interface {
	// PublicKey returns the public part of the pair.
	PublicKey() PublicKey
	// contains filtered or unexported methods
}

PrivateKey is a cryptographic private/public key pair.

func GenerateKey 

func GenerateKey() (PrivateKey, error)

GenerateKey generates a private/public key pair.

func RSAPrivateKey 

func RSAPrivateKey(privk *rsa.PrivateKey) PrivateKey

RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.

type PublicKey 

type PublicKey interface {
	// ID returns the id of the key used for lookup.
	ID() string
	// contains filtered or unexported methods
}

PublicKey is the public part of a cryptographic private/public key pair.

func DecodePublicKey 

func DecodePublicKey(pubKey []byte) (PublicKey, error)

DecodePublicKey deserializes a public key.

func RSAPublicKey 

func RSAPublicKey(pubKey *rsa.PublicKey) PublicKey

RSAPublicKey returns a database useable public key out of rsa.PublicKey.

type RODatabase 

type RODatabase interface {
	// IsTrustedAccount returns whether the account is part of the trusted set.
	IsTrustedAccount(accountID string) bool
	// Find an assertion based on arbitrary headers.
	// Provided headers must contain the primary key for the assertion type.
	// It returns a NotFoundError if the assertion cannot be found.
	Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindPredefined finds an assertion in the predefined sets
	// (trusted or not) based on arbitrary headers.  Provided
	// headers must contain the primary key for the assertion
	// type.  It returns a NotFoundError if the assertion cannot
	// be found.
	FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindTrusted finds an assertion in the trusted set based on
	// arbitrary headers.  Provided headers must contain the
	// primary key for the assertion type.  It returns a
	// NotFoundError if the assertion cannot be found.
	FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindMany finds assertions based on arbitrary headers.
	// It returns a NotFoundError if no assertion can be found.
	FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
	// FindManyPredefined finds assertions in the predefined sets
	// (trusted or not) based on arbitrary headers.  It returns a
	// NotFoundError if no assertion can be found.
	FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
	// FindSequence finds an assertion for the given headers and after for
	// a sequence-forming type.
	// The provided headers must contain a sequence key, i.e. a prefix of
	// the primary key for the assertion type except for the sequence
	// number header.
	// The assertion is the first in the sequence under the sequence key
	// with sequence number > after.
	// If after is -1 it returns instead the assertion with the largest
	// sequence number.
	// It will constraint itself to assertions with format <= maxFormat
	// unless maxFormat is -1.
	// It returns a NotFoundError if the assertion cannot be found.
	FindSequence(assertType *AssertionType, sequenceHeaders map[string]string, after, maxFormat int) (SequenceMember, error)
	// Check tests whether the assertion is properly signed and consistent with all the stored knowledge.
	Check(assert Assertion) error
}

A RODatabase exposes read-only access to an assertion database.

type Ref 

type Ref struct {
	Type       *AssertionType
	PrimaryKey []string
}

Ref expresses a reference to an assertion.

func (*Ref) Resolve 

func (ref *Ref) Resolve(find func(assertType *AssertionType, headers map[string]string) (Assertion, error)) (Assertion, error)

Resolve resolves the reference using the given find function.

func (*Ref) String 

func (ref *Ref) String() string

func (*Ref) Unique 

func (ref *Ref) Unique() string

Unique returns a unique string representing the reference that can be used as a key in maps.

type Repair 

type Repair struct {
	// contains filtered or unexported fields
}

Repair holds an repair assertion which allows running repair code to fixup broken systems. It can be limited by series and models, as well as by bases and modes.

func (*Repair) Architectures 

func (r *Repair) Architectures() []string

Architectures returns the architectures that this assertions applies to.

func (*Repair) At 

func (ab *Repair) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Repair) AuthorityID 

func (ab *Repair) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Repair) Bases 

func (r *Repair) Bases() []string

Bases returns the bases that this assertion is valid for. It is either a list of valid base snaps that Ubuntu Core systems can have or it is the empty list. The empty list effectively means all Ubuntu Core systems while "core" means Ubuntu Core 16, "core18" means Ubuntu Core 18, etc.

func (*Repair) Body 

func (ab *Repair) Body() []byte

Body returns the body of the assertion.

func (*Repair) BrandID 

func (r *Repair) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*Repair) Disabled 

func (r *Repair) Disabled() bool

Disabled returns true if the repair has been disabled.

func (*Repair) Format 

func (ab *Repair) Format() int

Format returns the assertion format iteration.

func (*Repair) Header 

func (ab *Repair) Header(name string) interface{}

Header returns the value of an header by name.

func (*Repair) HeaderString 

func (ab *Repair) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Repair) Headers 

func (ab *Repair) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Repair) Models 

func (r *Repair) Models() []string

Models returns the models that this assertion is valid for. It is a list of "brand-id/model-name" strings.

func (*Repair) Modes 

func (r *Repair) Modes() []string

Modes returns the modes that this assertion is valid for. It is either a list of "run", "recover", or "install", or it is the empty list. The empty list is interpreted to mean only "run" mode.

func (*Repair) Prerequisites 

func (ab *Repair) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Repair) Ref 

func (ab *Repair) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Repair) RepairID 

func (r *Repair) RepairID() int

RepairID returns the sequential id of the repair. There should be a public place to look up details about the repair by brand-id and repair-id. (e.g. the snapcraft forum).

func (*Repair) Revision 

func (ab *Repair) Revision() int

Revision returns the assertion revision.

func (*Repair) Sequence 

func (r *Repair) Sequence() int

Sequence implements SequenceMember, it returns the same as RepairID.

func (*Repair) Series 

func (r *Repair) Series() []string

Series returns the series that this assertion is valid for.

func (*Repair) SignKeyID 

func (ab *Repair) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Repair) Signature 

func (ab *Repair) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Repair) Summary 

func (r *Repair) Summary() string

Summary returns the mandatory summary description of the repair.

func (*Repair) SupportedFormat 

func (ab *Repair) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Repair) Timestamp 

func (r *Repair) Timestamp() time.Time

Timestamp returns the time when the repair was issued.

func (*Repair) Type 

func (ab *Repair) Type() *AssertionType

Type returns the assertion type.

type RevisionError 

type RevisionError struct {
	Used, Current int
}

RevisionError indicates a revision improperly used for an operation.

func (*RevisionError) Error 

func (e *RevisionError) Error() string

type SequenceMember 

type SequenceMember interface {
	Assertion

	// Sequence returns the sequence number of this assertion.
	Sequence() int
}

SequenceMember is implemented by assertions of sequence forming types.

type Serial 

type Serial struct {
	// contains filtered or unexported fields
}

Serial holds a serial assertion, which is a statement binding a device identity with the device public key.

func (*Serial) At 

func (ab *Serial) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Serial) AuthorityID 

func (ab *Serial) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Serial) Body 

func (ab *Serial) Body() []byte

Body returns the body of the assertion.

func (*Serial) BrandID 

func (ser *Serial) BrandID() string

BrandID returns the brand identifier of the device.

func (*Serial) DeviceKey 

func (ser *Serial) DeviceKey() PublicKey

DeviceKey returns the public key of the device.

func (*Serial) Format 

func (ab *Serial) Format() int

Format returns the assertion format iteration.

func (*Serial) Header 

func (ab *Serial) Header(name string) interface{}

Header returns the value of an header by name.

func (*Serial) HeaderString 

func (ab *Serial) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Serial) Headers 

func (ab *Serial) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Serial) Model 

func (ser *Serial) Model() string

Model returns the model name identifier of the device.

func (*Serial) Prerequisites 

func (ab *Serial) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Serial) Ref 

func (ab *Serial) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Serial) Revision 

func (ab *Serial) Revision() int

Revision returns the assertion revision.

func (*Serial) Serial 

func (ser *Serial) Serial() string

Serial returns the serial identifier of the device, together with brand id and model they form the unique identifier of the device.

func (*Serial) SignKeyID 

func (ab *Serial) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Serial) Signature 

func (ab *Serial) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Serial) SupportedFormat 

func (ab *Serial) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Serial) Timestamp 

func (ser *Serial) Timestamp() time.Time

Timestamp returns the time when the serial assertion was issued.

func (*Serial) Type 

func (ab *Serial) Type() *AssertionType

Type returns the assertion type.

type SerialRequest 

type SerialRequest struct {
	// contains filtered or unexported fields
}

SerialRequest holds a serial-request assertion, which is a self-signed request to obtain a full device identity bound to the device public key.

func (*SerialRequest) At 

func (ab *SerialRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SerialRequest) AuthorityID 

func (ab *SerialRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SerialRequest) Body 

func (ab *SerialRequest) Body() []byte

Body returns the body of the assertion.

func (*SerialRequest) BrandID 

func (sreq *SerialRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*SerialRequest) DeviceKey 

func (sreq *SerialRequest) DeviceKey() PublicKey

DeviceKey returns the public key of the device making the request.

func (*SerialRequest) Format 

func (ab *SerialRequest) Format() int

Format returns the assertion format iteration.

func (*SerialRequest) Header 

func (ab *SerialRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*SerialRequest) HeaderString 

func (ab *SerialRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SerialRequest) Headers 

func (ab *SerialRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SerialRequest) Model 

func (sreq *SerialRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*SerialRequest) Prerequisites 

func (ab *SerialRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SerialRequest) Ref 

func (ab *SerialRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SerialRequest) RequestID 

func (sreq *SerialRequest) RequestID() string

RequestID returns the id for the request, obtained from and to be presented to the serial signing service.

func (*SerialRequest) Revision 

func (ab *SerialRequest) Revision() int

Revision returns the assertion revision.

func (*SerialRequest) Serial 

func (sreq *SerialRequest) Serial() string

Serial returns the optional proposed serial identifier for the device, the service taking the request might use it or ignore it.

func (*SerialRequest) SignKeyID 

func (ab *SerialRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SerialRequest) Signature 

func (ab *SerialRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SerialRequest) SupportedFormat 

func (ab *SerialRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SerialRequest) Type 

func (ab *SerialRequest) Type() *AssertionType

Type returns the assertion type.

type SideArityConstraint 

type SideArityConstraint struct {
	// N can be:
	// =>1
	// 0 means default and is used only internally during rule
	// compilation or on deny- rules where these constraints are
	// not applicable
	// -1 represents *, that means any (number of)
	N int
}

SideArityConstraint specifies a constraint for the overall arity of the set of connected slots for a given plug or the set of connected plugs for a given slot. It is used to express parsed slots-per-plug and plugs-per-slot constraints. See https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-plugs/12438

func (SideArityConstraint) Any 

func (ac SideArityConstraint) Any() bool

Any returns whether this represents the * (any number of) constraint.

type SlotConnectionConstraints 

type SlotConnectionConstraints struct {
	PlugSnapTypes    []string
	PlugSnapIDs      []string
	PlugPublisherIDs []string

	SlotNames *NameConstraints
	PlugNames *NameConstraints

	SlotAttributes *AttributeConstraints
	PlugAttributes *AttributeConstraints

	// SlotsPerPlug defaults to 1 for auto-connection, can be * (any)
	SlotsPerPlug SideArityConstraint
	// PlugsPerSlot is always * (any) (for now)
	PlugsPerSlot SideArityConstraint

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

SlotConnectionConstraints specfies a set of constraints on an interface slot for a snap relevant to its connection or auto-connection.

type SlotInstallationConstraints 

type SlotInstallationConstraints struct {
	SlotSnapTypes []string

	SlotNames *NameConstraints

	SlotAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

SlotInstallationConstraints specifies a set of constraints on an interface slot relevant to the installation of snap.

type SlotRule 

type SlotRule struct {
	Interface string

	AllowInstallation []*SlotInstallationConstraints
	DenyInstallation  []*SlotInstallationConstraints

	AllowConnection []*SlotConnectionConstraints
	DenyConnection  []*SlotConnectionConstraints

	AllowAutoConnection []*SlotConnectionConstraints
	DenyAutoConnection  []*SlotConnectionConstraints
}

SlotRule holds the rule of what is allowed, wrt installation and connection, for a slot of a specific interface for a snap.

type SnapBuild 

type SnapBuild struct {
	// contains filtered or unexported fields
}

SnapBuild holds a snap-build assertion, asserting the properties of a snap at the time it was built by the developer.

func (*SnapBuild) At 

func (ab *SnapBuild) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapBuild) AuthorityID 

func (ab *SnapBuild) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapBuild) Body 

func (ab *SnapBuild) Body() []byte

Body returns the body of the assertion.

func (*SnapBuild) Format 

func (ab *SnapBuild) Format() int

Format returns the assertion format iteration.

func (*SnapBuild) Grade 

func (snapbld *SnapBuild) Grade() string

Grade returns the grade of the snap: devel|stable

func (*SnapBuild) Header 

func (ab *SnapBuild) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapBuild) HeaderString 

func (ab *SnapBuild) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapBuild) Headers 

func (ab *SnapBuild) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapBuild) Prerequisites 

func (ab *SnapBuild) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SnapBuild) Ref 

func (ab *SnapBuild) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapBuild) Revision 

func (ab *SnapBuild) Revision() int

Revision returns the assertion revision.

func (*SnapBuild) SignKeyID 

func (ab *SnapBuild) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapBuild) Signature 

func (ab *SnapBuild) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapBuild) SnapID 

func (snapbld *SnapBuild) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapBuild) SnapSHA3_384 

func (snapbld *SnapBuild) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapBuild) SnapSize 

func (snapbld *SnapBuild) SnapSize() uint64

SnapSize returns the size of the snap.

func (*SnapBuild) SupportedFormat 

func (ab *SnapBuild) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapBuild) Timestamp 

func (snapbld *SnapBuild) Timestamp() time.Time

Timestamp returns the time when the snap-build assertion was created.

func (*SnapBuild) Type 

func (ab *SnapBuild) Type() *AssertionType

Type returns the assertion type.

type SnapDeclaration 

type SnapDeclaration struct {
	// contains filtered or unexported fields
}

SnapDeclaration holds a snap-declaration assertion, declaring a snap binding its identifying snap-id to a name, asserting its publisher and its other properties.

func (*SnapDeclaration) Aliases 

func (snapdcl *SnapDeclaration) Aliases() map[string]string

Aliases returns the optional explicit aliases granted to this snap.

func (*SnapDeclaration) At 

func (ab *SnapDeclaration) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapDeclaration) AuthorityID 

func (ab *SnapDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeclaration) AutoAliases 

func (snapdcl *SnapDeclaration) AutoAliases() []string

AutoAliases returns the optional auto-aliases granted to this snap. XXX: deprecated, will go away

func (*SnapDeclaration) Body 

func (ab *SnapDeclaration) Body() []byte

Body returns the body of the assertion.

func (*SnapDeclaration) Format 

func (ab *SnapDeclaration) Format() int

Format returns the assertion format iteration.

func (*SnapDeclaration) Header 

func (ab *SnapDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeclaration) HeaderString 

func (ab *SnapDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeclaration) Headers 

func (ab *SnapDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeclaration) PlugRule 

func (snapdcl *SnapDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) Prerequisites 

func (snapdcl *SnapDeclaration) Prerequisites() []*Ref

Prerequisites returns references to this snap-declaration's prerequisite assertions.

func (*SnapDeclaration) PublisherID 

func (snapdcl *SnapDeclaration) PublisherID() string

PublisherID returns the identifier of the publisher of the declared snap.

func (*SnapDeclaration) Ref 

func (ab *SnapDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeclaration) RefreshControl 

func (snapdcl *SnapDeclaration) RefreshControl() []string

RefreshControl returns the ids of snaps whose updates are controlled by this declaration.

func (*SnapDeclaration) Revision 

func (ab *SnapDeclaration) Revision() int

Revision returns the assertion revision.

func (*SnapDeclaration) Series 

func (snapdcl *SnapDeclaration) Series() string

Series returns the series for which the snap is being declared.

func (*SnapDeclaration) SignKeyID 

func (ab *SnapDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeclaration) Signature 

func (ab *SnapDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeclaration) SlotRule 

func (snapdcl *SnapDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) SnapID 

func (snapdcl *SnapDeclaration) SnapID() string

SnapID returns the snap id of the declared snap.

func (*SnapDeclaration) SnapName 

func (snapdcl *SnapDeclaration) SnapName() string

SnapName returns the declared snap name.

func (*SnapDeclaration) SupportedFormat 

func (ab *SnapDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeclaration) Timestamp 

func (snapdcl *SnapDeclaration) Timestamp() time.Time

Timestamp returns the time when the snap-declaration was issued.

func (*SnapDeclaration) Type 

func (ab *SnapDeclaration) Type() *AssertionType

Type returns the assertion type.

type SnapDeveloper 

type SnapDeveloper struct {
	// contains filtered or unexported fields
}

SnapDeveloper holds a snap-developer assertion, defining the developers who can collaborate on a snap while it's owned by a specific publisher.

The primary key (snap-id, publisher-id) allows a snap to have many snap-developer assertions, e.g. to allow a future publisher's collaborations to be defined before the snap is transferred. However only the snap-developer for the current publisher (the snap-declaration publisher-id) is relevant to a device.

func (*SnapDeveloper) At 

func (ab *SnapDeveloper) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapDeveloper) AuthorityID 

func (ab *SnapDeveloper) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeveloper) Body 

func (ab *SnapDeveloper) Body() []byte

Body returns the body of the assertion.

func (*SnapDeveloper) Format 

func (ab *SnapDeveloper) Format() int

Format returns the assertion format iteration.

func (*SnapDeveloper) Header 

func (ab *SnapDeveloper) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeveloper) HeaderString 

func (ab *SnapDeveloper) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeveloper) Headers 

func (ab *SnapDeveloper) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeveloper) Prerequisites 

func (snapdev *SnapDeveloper) Prerequisites() []*Ref

Prerequisites returns references to this snap-developer's prerequisite assertions.

func (*SnapDeveloper) PublisherID 

func (snapdev *SnapDeveloper) PublisherID() string

PublisherID returns the publisher's account id.

func (*SnapDeveloper) Ref 

func (ab *SnapDeveloper) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeveloper) Revision 

func (ab *SnapDeveloper) Revision() int

Revision returns the assertion revision.

func (*SnapDeveloper) SignKeyID 

func (ab *SnapDeveloper) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeveloper) Signature 

func (ab *SnapDeveloper) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeveloper) SnapID 

func (snapdev *SnapDeveloper) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapDeveloper) SupportedFormat 

func (ab *SnapDeveloper) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeveloper) Type 

func (ab *SnapDeveloper) Type() *AssertionType

Type returns the assertion type.

type SnapRevision 

type SnapRevision struct {
	// contains filtered or unexported fields
}

SnapRevision holds a snap-revision assertion, which is a statement by the store acknowledging the receipt of a build of a snap and labeling it with a snap revision.

func (*SnapRevision) At 

func (ab *SnapRevision) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapRevision) AuthorityID 

func (ab *SnapRevision) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapRevision) Body 

func (ab *SnapRevision) Body() []byte

Body returns the body of the assertion.

func (*SnapRevision) DeveloperID 

func (snaprev *SnapRevision) DeveloperID() string

DeveloperID returns the id of the developer that submitted this build of the snap.

func (*SnapRevision) Format 

func (ab *SnapRevision) Format() int

Format returns the assertion format iteration.

func (*SnapRevision) Header 

func (ab *SnapRevision) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapRevision) HeaderString 

func (ab *SnapRevision) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapRevision) Headers 

func (ab *SnapRevision) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapRevision) Prerequisites 

func (snaprev *SnapRevision) Prerequisites() []*Ref

Prerequisites returns references to this snap-revision's prerequisite assertions.

func (*SnapRevision) Ref 

func (ab *SnapRevision) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapRevision) Revision 

func (ab *SnapRevision) Revision() int

Revision returns the assertion revision.

func (*SnapRevision) SignKeyID 

func (ab *SnapRevision) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapRevision) Signature 

func (ab *SnapRevision) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapRevision) SnapID 

func (snaprev *SnapRevision) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapRevision) SnapRevision 

func (snaprev *SnapRevision) SnapRevision() int

SnapRevision returns the revision assigned to this build of the snap.

func (*SnapRevision) SnapSHA3_384 

func (snaprev *SnapRevision) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapRevision) SnapSize 

func (snaprev *SnapRevision) SnapSize() uint64

SnapSize returns the size in bytes of the snap submitted to the store.

func (*SnapRevision) SupportedFormat 

func (ab *SnapRevision) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapRevision) Timestamp 

func (snaprev *SnapRevision) Timestamp() time.Time

Timestamp returns the time when the snap-revision was issued.

func (*SnapRevision) Type 

func (ab *SnapRevision) Type() *AssertionType

Type returns the assertion type.

type StorageSafety 

type StorageSafety string

StorageSafety characterizes the requested storage safety of the model which then controls what encryption is used 

const (
	StorageSafetyUnset StorageSafety = "unset"
	// StorageSafetyEncrypted implies mandatory full disk encryption.
	StorageSafetyEncrypted StorageSafety = "encrypted"
	// StorageSafetyPreferEncrypted implies full disk
	// encryption when the system supports it.
	StorageSafetyPreferEncrypted StorageSafety = "prefer-encrypted"
	// StorageSafetyPreferUnencrypted implies no full disk
	// encryption by default even if the system supports
	// encryption.
	StorageSafetyPreferUnencrypted StorageSafety = "prefer-unencrypted"
)

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store holds a store assertion, defining the configuration needed to connect a device to the store or relative to a non-default store.

func (*Store) At 

func (ab *Store) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Store) AuthorityID 

func (ab *Store) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Store) Body 

func (ab *Store) Body() []byte

Body returns the body of the assertion.

func (*Store) Format 

func (ab *Store) Format() int

Format returns the assertion format iteration.

func (*Store) FriendlyStores 

func (store *Store) FriendlyStores() []string

FriendlyStores returns stores holding snaps that are also exposed through this one.

func (*Store) Header 

func (ab *Store) Header(name string) interface{}

Header returns the value of an header by name.

func (*Store) HeaderString 

func (ab *Store) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Store) Headers 

func (ab *Store) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Store) Location 

func (store *Store) Location() string

Location returns a summary of the store's location/purpose.

func (*Store) OperatorID 

func (store *Store) OperatorID() string

OperatorID returns the account id of the store's operator.

func (*Store) Prerequisites 

func (store *Store) Prerequisites() []*Ref

Prerequisites returns references to this store's prerequisite assertions.

func (*Store) Ref 

func (ab *Store) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Store) Revision 

func (ab *Store) Revision() int

Revision returns the assertion revision.

func (*Store) SignKeyID 

func (ab *Store) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Store) Signature 

func (ab *Store) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Store) Store 

func (store *Store) Store() string

Store returns the identifying name of the operator's store.

func (*Store) SupportedFormat 

func (ab *Store) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Store) Timestamp 

func (store *Store) Timestamp() time.Time

Timestamp returns the time when the store assertion was issued.

func (*Store) Type 

func (ab *Store) Type() *AssertionType

Type returns the assertion type.

func (*Store) URL 

func (store *Store) URL() *url.URL

URL returns the URL of the store's API.

type SystemUser 

type SystemUser struct {
	// contains filtered or unexported fields
}

SystemUser holds a system-user assertion which allows creating local system users.

func (*SystemUser) At 

func (ab *SystemUser) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SystemUser) AuthorityID 

func (ab *SystemUser) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SystemUser) Body 

func (ab *SystemUser) Body() []byte

Body returns the body of the assertion.

func (*SystemUser) BrandID 

func (su *SystemUser) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*SystemUser) Email 

func (su *SystemUser) Email() string

Email returns the email address that this assertion is valid for.

func (*SystemUser) ForcePasswordChange 

func (su *SystemUser) ForcePasswordChange() bool

ForcePasswordChange returns true if the user needs to change the password after the first login.

func (*SystemUser) Format 

func (ab *SystemUser) Format() int

Format returns the assertion format iteration.

func (*SystemUser) Header 

func (ab *SystemUser) Header(name string) interface{}

Header returns the value of an header by name.

func (*SystemUser) HeaderString 

func (ab *SystemUser) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SystemUser) Headers 

func (ab *SystemUser) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SystemUser) Models 

func (su *SystemUser) Models() []string

Models returns the models that this assertion is valid for.

func (*SystemUser) Name 

func (su *SystemUser) Name() string

Name returns the full name of the user (e.g. Random Guy).

func (*SystemUser) Password 

func (su *SystemUser) Password() string

Password returns the crypt(3) compatible password for the user. Note that only ID: $6$ or stronger is supported (sha512crypt).

func (*SystemUser) Prerequisites 

func (ab *SystemUser) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SystemUser) Ref 

func (ab *SystemUser) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SystemUser) Revision 

func (ab *SystemUser) Revision() int

Revision returns the assertion revision.

func (*SystemUser) SSHKeys 

func (su *SystemUser) SSHKeys() []string

SSHKeys returns the ssh keys for the user.

func (*SystemUser) Serials 

func (su *SystemUser) Serials() []string

Serials returns the serials that this assertion is valid for.

func (*SystemUser) Series 

func (su *SystemUser) Series() []string

Series returns the series that this assertion is valid for.

func (*SystemUser) SignKeyID 

func (ab *SystemUser) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SystemUser) Signature 

func (ab *SystemUser) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SystemUser) Since 

func (su *SystemUser) Since() time.Time

Since returns the time since the assertion is valid.

func (*SystemUser) SupportedFormat 

func (ab *SystemUser) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SystemUser) Type 

func (ab *SystemUser) Type() *AssertionType

Type returns the assertion type.

func (*SystemUser) Until 

func (su *SystemUser) Until() time.Time

Until returns the time until the assertion is valid.

func (*SystemUser) Username 

func (su *SystemUser) Username() string

Username returns the system user name that should be created (e.g. "foo").

func (*SystemUser) ValidAt 

func (su *SystemUser) ValidAt(when time.Time) bool

ValidAt returns whether the system-user is valid at 'when' time.

type UnsupportedFormatError 

type UnsupportedFormatError struct {
	Ref    *Ref
	Format int
	// Update marks there was already a current revision of the assertion and it has been kept.
	Update bool
}

UnsupportedFormatError indicates an assertion with a format iteration not yet supported by the present version of asserts.

func (*UnsupportedFormatError) Error 

func (e *UnsupportedFormatError) Error() string

type Validation 

type Validation struct {
	// contains filtered or unexported fields
}

Validation holds a validation assertion, describing that a combination of (snap-id, approved-snap-id, approved-revision) has been validated for the series, meaning updating to that revision of approved-snap-id has been approved by the owner of the gating snap with snap-id.

func (*Validation) ApprovedSnapID 

func (validation *Validation) ApprovedSnapID() string

ApprovedSnapID returns the ID of the gated snap.

func (*Validation) ApprovedSnapRevision 

func (validation *Validation) ApprovedSnapRevision() int

ApprovedSnapRevision returns the approved revision of the gated snap.

func (*Validation) At 

func (ab *Validation) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Validation) AuthorityID 

func (ab *Validation) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Validation) Body 

func (ab *Validation) Body() []byte

Body returns the body of the assertion.

func (*Validation) Format 

func (ab *Validation) Format() int

Format returns the assertion format iteration.

func (*Validation) Header 

func (ab *Validation) Header(name string) interface{}

Header returns the value of an header by name.

func (*Validation) HeaderString 

func (ab *Validation) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Validation) Headers 

func (ab *Validation) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Validation) Prerequisites 

func (validation *Validation) Prerequisites() []*Ref

Prerequisites returns references to this validation's prerequisite assertions.

func (*Validation) Ref 

func (ab *Validation) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Validation) Revision 

func (ab *Validation) Revision() int

Revision returns the assertion revision.

func (*Validation) Revoked 

func (validation *Validation) Revoked() bool

Revoked returns true if the validation has been revoked.

func (*Validation) Series 

func (validation *Validation) Series() string

Series returns the series for which the validation holds.

func (*Validation) SignKeyID 

func (ab *Validation) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Validation) Signature 

func (ab *Validation) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Validation) SnapID 

func (validation *Validation) SnapID() string

SnapID returns the ID of the gating snap.

func (*Validation) SupportedFormat 

func (ab *Validation) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Validation) Timestamp 

func (validation *Validation) Timestamp() time.Time

Timestamp returns the time when the validation was issued.

func (*Validation) Type 

func (ab *Validation) Type() *AssertionType

Type returns the assertion type.

type ValidationSet 

type ValidationSet struct {
	// contains filtered or unexported fields
}

ValidationSet holds a validation-set assertion, which is a statement by an account about a set snaps and possibly revisions for which an extrinsic/implied property is valid (e.g. they work well together). validation-sets are organized in sequences under a name.

func (*ValidationSet) AccountID 

func (vs *ValidationSet) AccountID() string

AccountID returns the identifier of the account that signed this assertion.

func (*ValidationSet) At 

func (ab *ValidationSet) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*ValidationSet) AuthorityID 

func (ab *ValidationSet) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*ValidationSet) Body 

func (ab *ValidationSet) Body() []byte

Body returns the body of the assertion.

func (*ValidationSet) Format 

func (ab *ValidationSet) Format() int

Format returns the assertion format iteration.

func (*ValidationSet) Header 

func (ab *ValidationSet) Header(name string) interface{}

Header returns the value of an header by name.

func (*ValidationSet) HeaderString 

func (ab *ValidationSet) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*ValidationSet) Headers 

func (ab *ValidationSet) Headers() map[string]interface{}

Headers returns the complete headers.

func (*ValidationSet) Name 

func (vs *ValidationSet) Name() string

Name returns the name under which the validation-set is organized.

func (*ValidationSet) Prerequisites 

func (ab *ValidationSet) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*ValidationSet) Ref 

func (ab *ValidationSet) Ref() *Ref

Ref returns a reference representing this assertion.

func (*ValidationSet) Revision 

func (ab *ValidationSet) Revision() int

Revision returns the assertion revision.

func (*ValidationSet) Sequence 

func (vs *ValidationSet) Sequence() int

Sequence returns the sequential number of the validation-set in its named sequence.

func (*ValidationSet) Series 

func (vs *ValidationSet) Series() string

Series returns the series for which the snap in the set are declared.

func (*ValidationSet) SignKeyID 

func (ab *ValidationSet) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*ValidationSet) Signature 

func (ab *ValidationSet) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*ValidationSet) Snaps 

func (vs *ValidationSet) Snaps() []*ValidationSetSnap

Snaps returns the constrained snaps by the validation-set.

func (*ValidationSet) SupportedFormat 

func (ab *ValidationSet) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*ValidationSet) Timestamp 

func (vs *ValidationSet) Timestamp() time.Time

Timestamp returns the time when the validation-set was issued.

func (*ValidationSet) Type 

func (ab *ValidationSet) Type() *AssertionType

Type returns the assertion type.

type ValidationSetSnap 

type ValidationSetSnap struct {
	Name   string
	SnapID string

	Presence Presence

	Revision int
}

ValidationSetSnap holds the details about a snap constrained by a validation-set assertion.

func (*ValidationSetSnap) ID 

func (s *ValidationSetSnap) ID() string

ID implements naming.SnapRef.

func (*ValidationSetSnap) SnapName 

func (s *ValidationSetSnap) SnapName() string

SnapName implements naming.SnapRef.

Source Files

View all Source files

Directories

Path Synopsis
Package assertstest provides helpers for testing code that involves assertions.
 Package assertstest provides helpers for testing code that involves assertions.
Package signtool offers tooling to sign assertions.
 Package signtool offers tooling to sign assertions.
Package snapasserts offers helpers to handle snap related assertions and their checking for installation.
 Package snapasserts offers helpers to handle snap related assertions and their checking for installation.
Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
 Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
Package systestkeys defines trusted assertions and keys to use in tests.
 Package systestkeys defines trusted assertions and keys to use in tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.