asserts

package
v2.42.5-go-mod+incompa... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2020 License: GPL-3.0 Imports: 32 Imported by: 0

Documentation

Overview

Package asserts implements snappy assertions and a database abstraction for managing and holding them.

Index

Constants

View Source 
const (
	MaxBodySize      = 2 * 1024 * 1024
	MaxHeadersSize   = 128 * 1024
	MaxSignatureSize = 128 * 1024
)

Maximum assertion component sizes.

View Source 
const MediaType = "application/x.ubuntu.assertion"

MediaType is the media type for encoded assertions on the wire.

Variables

View Source 
var (
	AccountType         = &AssertionType{"account", []string{"account-id"}, assembleAccount, 0}
	AccountKeyType      = &AssertionType{"account-key", []string{"public-key-sha3-384"}, assembleAccountKey, 0}
	RepairType          = &AssertionType{"repair", []string{"brand-id", "repair-id"}, assembleRepair, 0}
	ModelType           = &AssertionType{"model", []string{"series", "brand-id", "model"}, assembleModel, 0}
	SerialType          = &AssertionType{"serial", []string{"brand-id", "model", "serial"}, assembleSerial, 0}
	BaseDeclarationType = &AssertionType{"base-declaration", []string{"series"}, assembleBaseDeclaration, 0}
	SnapDeclarationType = &AssertionType{"snap-declaration", []string{"series", "snap-id"}, assembleSnapDeclaration, 0}
	SnapBuildType       = &AssertionType{"snap-build", []string{"snap-sha3-384"}, assembleSnapBuild, 0}
	SnapRevisionType    = &AssertionType{"snap-revision", []string{"snap-sha3-384"}, assembleSnapRevision, 0}
	SnapDeveloperType   = &AssertionType{"snap-developer", []string{"snap-id", "publisher-id"}, assembleSnapDeveloper, 0}
	SystemUserType      = &AssertionType{"system-user", []string{"brand-id", "email"}, assembleSystemUser, 0}
	ValidationType      = &AssertionType{"validation", []string{"series", "snap-id", "approved-snap-id", "approved-snap-revision"}, assembleValidation, 0}
	StoreType           = &AssertionType{"store", []string{"store"}, assembleStore, 0}
)

Understood assertion types.

View Source 
var (
	DeviceSessionRequestType = &AssertionType{"device-session-request", []string{"brand-id", "model", "serial"}, assembleDeviceSessionRequest, noAuthority}
	SerialRequestType        = &AssertionType{"serial-request", nil, assembleSerialRequest, noAuthority}
	AccountKeyRequestType    = &AssertionType{"account-key-request", []string{"public-key-sha3-384"}, assembleAccountKeyRequest, noAuthority}
)

Assertion types without a definite authority set (on the wire and/or self-signed).

View Source 
var (
	AlwaysMatchAttributes = &AttributeConstraints{matcher: fixedAttrMatcher{nil}}
	NeverMatchAttributes  = &AttributeConstraints{matcher: fixedAttrMatcher{errors.New("not allowed")}}
)
View Source 
var DefaultCheckers = []Checker{
	CheckSigningKeyIsNotExpired,
	CheckSignature,
	CheckTimestampVsSigningKeyValidity,
	CheckCrossConsistency,
}

DefaultCheckers lists the default and recommended assertion checkers used by Database if none are specified in the DatabaseConfig.Checkers.

View Source 
var MetaHeaders = [...]string{
	"type",
	"format",
	"authority-id",
	"revision",
	"body-length",
	"sign-key-sha3-384",
}

MetaHeaders is a list of headers in assertions which are about the assertion itself.

Functions

func CheckCrossConsistency 

func CheckCrossConsistency(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckCrossConsistency verifies that the assertion is consistent with the other statements in the database.

func CheckSignature 

func CheckSignature(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSignature checks that the signature is valid.

func CheckSigningKeyIsNotExpired 

func CheckSigningKeyIsNotExpired(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSigningKeyIsNotExpired checks that the signing key is not expired.

func CheckTimestampVsSigningKeyValidity 

func CheckTimestampVsSigningKeyValidity(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckTimestampVsSigningKeyValidity verifies that the timestamp of the assertion is within the signing key validity.

func Encode 

func Encode(assert Assertion) []byte

Encode serializes an assertion.

func EncodeDigest 

func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)

EncodeDigest encodes the digest from hash algorithm to be put in an assertion header.

func EncodePublicKey 

func EncodePublicKey(pubKey PublicKey) ([]byte, error)

EncodePublicKey serializes a public key, typically for embedding in an assertion.

func HeadersFromPrimaryKey 

func HeadersFromPrimaryKey(assertType *AssertionType, primaryKey []string) (headers map[string]string, err error)

HeadersFromPrimaryKey constructs a headers mapping from the primaryKey values and the assertion type, it errors if primaryKey has the wrong length.

func InitBuiltinBaseDeclaration 

func InitBuiltinBaseDeclaration(headers []byte) error

InitBuiltinBaseDeclaration initializes the builtin base-declaration based on headers (or resets it if headers is nil).

func IsNotFound 

func IsNotFound(err error) bool

IsNotFound returns whether err is an assertion not found error.

func IsUnaccceptedUpdate 

func IsUnaccceptedUpdate(err error) bool

IsUnaccceptedUpdate returns whether the error indicates that an assertion revision was already present and has been kept because the update was not accepted.

func IsValidAccountKeyName 

func IsValidAccountKeyName(name string) bool

func MockMaxSupportedFormat 

func MockMaxSupportedFormat(assertType *AssertionType, maxFormat int) (restore func())

func PrimaryKeyFromHeaders 

func PrimaryKeyFromHeaders(assertType *AssertionType, headers map[string]string) (primaryKey []string, err error)

PrimaryKeyFromHeaders extracts the tuple of values from headers corresponding to a primary key under the assertion type, it errors if there are missing primary key headers.

func SignatureCheck 

func SignatureCheck(assert Assertion, pubKey PublicKey) error

SignatureCheck checks the signature of the assertion against the given public key. Useful for assertions with no authority.

func SnapFileSHA3_384 

func SnapFileSHA3_384(snapPath string) (digest string, size uint64, err error)

SnapFileSHA3_384 computes the SHA3-384 digest of the given snap file. It also returns its size.

func SuggestFormat 

func SuggestFormat(assertType *AssertionType, headers map[string]interface{}, body []byte) (formatnum int, err error)

SuggestFormat returns a minimum format that supports the features that would be used by an assertion with the given components.

func TypeNames 

func TypeNames() []string

TypeNames returns a sorted list of known assertion type names.

Types

type Account 

type Account struct {
	// contains filtered or unexported fields
}

Account holds an account assertion, which ties a name for an account to its identifier and provides the authority's confidence in the name's validity.

func (*Account) AccountID 

func (acc *Account) AccountID() string

AccountID returns the account-id of the account.

func (*Account) AuthorityID 

func (ab *Account) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Account) Body 

func (ab *Account) Body() []byte

Body returns the body of the assertion.

func (*Account) DisplayName 

func (acc *Account) DisplayName() string

DisplayName returns the human-friendly name for the account.

func (*Account) Format 

func (ab *Account) Format() int

Format returns the assertion format iteration.

func (*Account) Header 

func (ab *Account) Header(name string) interface{}

Header returns the value of an header by name.

func (*Account) HeaderString 

func (ab *Account) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Account) Headers 

func (ab *Account) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Account) Prerequisites 

func (ab *Account) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Account) Ref 

func (ab *Account) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Account) Revision 

func (ab *Account) Revision() int

Revision returns the assertion revision.

func (*Account) SignKeyID 

func (ab *Account) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Account) Signature 

func (ab *Account) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Account) SupportedFormat 

func (ab *Account) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Account) Timestamp 

func (acc *Account) Timestamp() time.Time

Timestamp returns the time when the account was issued.

func (*Account) Type 

func (ab *Account) Type() *AssertionType

Type returns the assertion type.

func (*Account) Username 

func (acc *Account) Username() string

Username returns the user name for the account.

func (*Account) Validation 

func (acc *Account) Validation() string

Validation returns the level of confidence of the authority in the account's identity, expected to be "unproven" or "verified", and for forward compatibility any value != "unproven" can be considered at least "verified".

type AccountKey 

type AccountKey struct {
	// contains filtered or unexported fields
}

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

func (*AccountKey) AccountID 

func (ak *AccountKey) AccountID() string

AccountID returns the account-id of this account-key.

func (*AccountKey) AuthorityID 

func (ab *AccountKey) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKey) Body 

func (ab *AccountKey) Body() []byte

Body returns the body of the assertion.

func (*AccountKey) Format 

func (ab *AccountKey) Format() int

Format returns the assertion format iteration.

func (*AccountKey) Header 

func (ab *AccountKey) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKey) HeaderString 

func (ab *AccountKey) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKey) Headers 

func (ab *AccountKey) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKey) Name 

func (ak *AccountKey) Name() string

Name returns the name of the account key.

func (*AccountKey) Prerequisites 

func (ak *AccountKey) Prerequisites() []*Ref

Prerequisites returns references to this account-key's prerequisite assertions.

func (*AccountKey) PublicKeyID 

func (ak *AccountKey) PublicKeyID() string

PublicKeyID returns the key id used for lookup of the account key.

func (*AccountKey) Ref 

func (ab *AccountKey) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKey) Revision 

func (ab *AccountKey) Revision() int

Revision returns the assertion revision.

func (*AccountKey) SignKeyID 

func (ab *AccountKey) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKey) Signature 

func (ab *AccountKey) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKey) Since 

func (ak *AccountKey) Since() time.Time

Since returns the time when the account key starts being valid.

func (*AccountKey) SupportedFormat 

func (ab *AccountKey) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKey) Type 

func (ab *AccountKey) Type() *AssertionType

Type returns the assertion type.

func (*AccountKey) Until 

func (ak *AccountKey) Until() time.Time

Until returns the time when the account key stops being valid. A zero time means the key is valid forever.

type AccountKeyRequest 

type AccountKeyRequest struct {
	// contains filtered or unexported fields
}

AccountKeyRequest holds an account-key-request assertion, which is a self-signed request to prove that the requester holds the private key and wishes to create an account-key assertion for it.

func (*AccountKeyRequest) AccountID 

func (akr *AccountKeyRequest) AccountID() string

AccountID returns the account-id of this account-key-request.

func (*AccountKeyRequest) AuthorityID 

func (ab *AccountKeyRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKeyRequest) Body 

func (ab *AccountKeyRequest) Body() []byte

Body returns the body of the assertion.

func (*AccountKeyRequest) Format 

func (ab *AccountKeyRequest) Format() int

Format returns the assertion format iteration.

func (*AccountKeyRequest) Header 

func (ab *AccountKeyRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKeyRequest) HeaderString 

func (ab *AccountKeyRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKeyRequest) Headers 

func (ab *AccountKeyRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKeyRequest) Name 

func (akr *AccountKeyRequest) Name() string

Name returns the name of the account key.

func (*AccountKeyRequest) Prerequisites 

func (akr *AccountKeyRequest) Prerequisites() []*Ref

Prerequisites returns references to this account-key-request's prerequisite assertions.

func (*AccountKeyRequest) PublicKeyID 

func (akr *AccountKeyRequest) PublicKeyID() string

PublicKeyID returns the underlying public key ID of the requested account key.

func (*AccountKeyRequest) Ref 

func (ab *AccountKeyRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKeyRequest) Revision 

func (ab *AccountKeyRequest) Revision() int

Revision returns the assertion revision.

func (*AccountKeyRequest) SignKeyID 

func (ab *AccountKeyRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKeyRequest) Signature 

func (ab *AccountKeyRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKeyRequest) Since 

func (akr *AccountKeyRequest) Since() time.Time

Since returns the time when the requested account key starts being valid.

func (*AccountKeyRequest) SupportedFormat 

func (ab *AccountKeyRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKeyRequest) Type 

func (ab *AccountKeyRequest) Type() *AssertionType

Type returns the assertion type.

func (*AccountKeyRequest) Until 

func (akr *AccountKeyRequest) Until() time.Time

Until returns the time when the requested account key stops being valid. A zero time means the key is valid forever.

type Assertion 

type Assertion interface {
	// Type returns the type of this assertion
	Type() *AssertionType
	// Format returns the format iteration of this assertion
	Format() int
	// SupportedFormat returns whether the assertion uses a supported
	// format iteration. If false the assertion might have been only
	// partially parsed.
	SupportedFormat() bool
	// Revision returns the revision of this assertion
	Revision() int
	// AuthorityID returns the authority that signed this assertion
	AuthorityID() string

	// Header retrieves the header with name
	Header(name string) interface{}

	// Headers returns the complete headers
	Headers() map[string]interface{}

	// HeaderString retrieves the string value of header with name or ""
	HeaderString(name string) string

	// Body returns the body of this assertion
	Body() []byte

	// Signature returns the signed content and its unprocessed signature
	Signature() (content, signature []byte)

	// SignKeyID returns the key id for the key that signed this assertion.
	SignKeyID() string

	// Prerequisites returns references to the prerequisite assertions for the validity of this one.
	Prerequisites() []*Ref

	// Ref returns a reference representing this assertion.
	Ref() *Ref
}

Assertion represents an assertion through its general elements.

func Assemble 

func Assemble(headers map[string]interface{}, body, content, signature []byte) (Assertion, error)

Assemble assembles an assertion from its components.

func Decode 

func Decode(serializedAssertion []byte) (Assertion, error)

Decode parses a serialized assertion.

The expected serialisation format looks like: 

HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE

where: 

HEADER is a set of header entries separated by "\n"
BODY can be arbitrary text,
SIGNATURE is the signature

Both BODY and HEADER must be UTF8.

A header entry for a single line value (no '\n' in it) looks like: 

NAME ": " SIMPLEVALUE

The format supports multiline text values (with '\n's in them) and lists or maps, possibly nested, with string scalars in them.

For those a header entry looks like: 

NAME ":\n" MULTI(baseindent)

where MULTI can be

* (baseindent + 4)-space indented value (multiline text)

* entries of a list each of the form: 

" "*baseindent "  -"  ( " " SIMPLEVALUE | "\n" MULTI )

* entries of map each of the form: 

" "*baseindent "  " NAME ":"  ( " " SIMPLEVALUE | "\n" MULTI )

baseindent starts at 0 and then grows with nesting matching the previous level introduction (e.g. the " "*baseindent " -" bit) length minus 1.

In general the following headers are mandatory: 

type
authority-id (except for on the wire/self-signed assertions like serial-request)

Further for a given assertion type all the primary key headers must be non empty and must not contain '/'.

The following headers expect string representing integer values and if omitted otherwise are assumed to be 0: 

revision (a positive int)
body-length (expected to be equal to the length of BODY)
format (a positive int for the format iteration of the type used)

Times are expected to be in the RFC3339 format: "2006-01-02T15:04:05Z07:00".

func SignWithoutAuthority 

func SignWithoutAuthority(assertType *AssertionType, headers map[string]interface{}, body []byte, privKey PrivateKey) (Assertion, error)

SignWithoutAuthority assembles an assertion without a set authority with the provided information and signs it with the given private key.

type AssertionType 

type AssertionType struct {
	// Name of the type.
	Name string
	// PrimaryKey holds the names of the headers that constitute the
	// unique primary key for this assertion type.
	PrimaryKey []string
	// contains filtered or unexported fields
}

AssertionType describes a known assertion type with its name and metadata.

func Type 

func Type(name string) *AssertionType

Type returns the AssertionType with name or nil

func (*AssertionType) MaxSupportedFormat 

func (at *AssertionType) MaxSupportedFormat() int

MaxSupportedFormat returns the maximum supported format iteration for the type.

type AttrMatchContext 

type AttrMatchContext interface {
	PlugAttr(arg string) (interface{}, error)
	SlotAttr(arg string) (interface{}, error)
}

AttrMatchContext has contextual helpers for evaluating attribute constraints.

type Attrer 

type Attrer interface {
	Lookup(path string) (interface{}, bool)
}

Attrer reflects part of the Attrer interface (see interfaces.Attrer).

type AttributeConstraints 

type AttributeConstraints struct {
	// contains filtered or unexported fields
}

AttributeConstraints implements a set of constraints on the attributes of a slot or plug.

func (*AttributeConstraints) Check 

func (c *AttributeConstraints) Check(attrer Attrer, ctx AttrMatchContext) error

Check checks whether attrs don't match the constraints.

type Backstore 

type Backstore interface {
	// Put stores an assertion.
	// It is responsible for checking that assert is newer than a
	// previously stored revision with the same primary key headers.
	Put(assertType *AssertionType, assert Assertion) error
	// Get returns the assertion with the given unique key for its
	// primary key headers.  If none is present it returns a
	// NotFoundError, usually with omitted Headers.
	Get(assertType *AssertionType, key []string, maxFormat int) (Assertion, error)
	// Search returns assertions matching the given headers.
	// It invokes foundCb for each found assertion.
	Search(assertType *AssertionType, headers map[string]string, foundCb func(Assertion), maxFormat int) error
}

A Backstore stores assertions. It can store and retrieve assertions by type under unique primary key headers (whose names are available from assertType.PrimaryKey). Plus it supports searching by headers. Lookups can be limited to a maximum allowed format.

func NewMemoryBackstore 

func NewMemoryBackstore() Backstore

NewMemoryBackstore creates a memory backed assertions backstore.

func OpenFSBackstore 

func OpenFSBackstore(path string) (Backstore, error)

OpenFSBackstore opens a filesystem backed assertions backstore under path.

type BaseDeclaration 

type BaseDeclaration struct {
	// contains filtered or unexported fields
}

BaseDeclaration holds a base-declaration assertion, declaring the policies (to start with interface ones) applying to all snaps of a series.

func BuiltinBaseDeclaration 

func BuiltinBaseDeclaration() *BaseDeclaration

BuiltinBaseDeclaration exposes the initialized builtin base-declaration assertion. This is used by overlord/assertstate, other code should use assertstate.BaseDeclaration.

func (*BaseDeclaration) AuthorityID 

func (ab *BaseDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*BaseDeclaration) Body 

func (ab *BaseDeclaration) Body() []byte

Body returns the body of the assertion.

func (*BaseDeclaration) Format 

func (ab *BaseDeclaration) Format() int

Format returns the assertion format iteration.

func (*BaseDeclaration) Header 

func (ab *BaseDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*BaseDeclaration) HeaderString 

func (ab *BaseDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*BaseDeclaration) Headers 

func (ab *BaseDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*BaseDeclaration) PlugRule 

func (basedcl *BaseDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) Prerequisites 

func (ab *BaseDeclaration) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*BaseDeclaration) Ref 

func (ab *BaseDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*BaseDeclaration) Revision 

func (ab *BaseDeclaration) Revision() int

Revision returns the assertion revision.

func (*BaseDeclaration) Series 

func (basedcl *BaseDeclaration) Series() string

Series returns the series whose snaps are governed by the declaration.

func (*BaseDeclaration) SignKeyID 

func (ab *BaseDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*BaseDeclaration) Signature 

func (ab *BaseDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*BaseDeclaration) SlotRule 

func (basedcl *BaseDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) SupportedFormat 

func (ab *BaseDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*BaseDeclaration) Timestamp 

func (basedcl *BaseDeclaration) Timestamp() time.Time

Timestamp returns the time when the base-declaration was issued.

func (*BaseDeclaration) Type 

func (ab *BaseDeclaration) Type() *AssertionType

Type returns the assertion type.

type Batch 

type Batch struct {
	// contains filtered or unexported fields
}

Batch allows to accumulate a set of assertions possibly out of prerequisite order and then add them in one go to an assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func NewBatch 

func NewBatch(unsupported func(u *Ref, err error) error) *Batch

NewBatch creates a new Batch to accumulate assertions to add in one go to an assertion database. unsupported can be used to ignore/log assertions with unsupported formats, default behavior is to error on them.

func (*Batch) Add 

func (b *Batch) Add(a Assertion) error

Add one assertion to the batch.

func (*Batch) AddStream 

func (b *Batch) AddStream(r io.Reader) ([]*Ref, error)

AddStream adds a stream of assertions to the batch. Returns references to the assertions effectively added.

func (*Batch) CommitTo 

func (b *Batch) CommitTo(db *Database, opts *CommitOptions) error

CommitTo adds the batch of assertions to the given assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func (*Batch) Fetch 

func (b *Batch) Fetch(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), fetching func(Fetcher) error) error

Fetch adds to the batch by invoking fetching to drive an internal Fetcher that was built with trustedDB and retrieve.

type Checker 

type Checker func(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

A Checker defines a check on an assertion considering aspects such as the signing key, and consistency with other assertions in the database.

type CommitOptions 

type CommitOptions struct {
	// Precheck indicates whether to do a full consistency check
	// before starting adding the batch.
	Precheck bool
}

type Database 

type Database struct {
	// contains filtered or unexported fields
}

Database holds assertions and can be used to sign or check further assertions.

func OpenDatabase 

func OpenDatabase(cfg *DatabaseConfig) (*Database, error)

OpenDatabase opens the assertion database based on the configuration.

func (*Database) Add 

func (db *Database) Add(assert Assertion) error

Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.

func (*Database) Check 

func (db *Database) Check(assert Assertion) error

Check tests whether the assertion is properly signed and consistent with all the stored knowledge.

func (*Database) Find 

func (db *Database) Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)

Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindMany 

func (db *Database) FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindMany finds assertions based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindManyPredefined 

func (db *Database) FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindManyPrefined finds assertions in the predefined sets (trusted or not) based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindMaxFormat 

func (db *Database) FindMaxFormat(assertionType *AssertionType, headers map[string]string, maxFormat int) (Assertion, error)

FindMaxFormat finds an assertion like Find but such that its format is <= maxFormat by passing maxFormat along to the backend. It returns a NotFoundError if such an assertion cannot be found.

func (*Database) FindPredefined 

func (db *Database) FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindPredefined finds an assertion in the predefined sets (trusted or not) based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindTrusted 

func (db *Database) FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindTrusted finds an assertion in the trusted set based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) ImportKey 

func (db *Database) ImportKey(privKey PrivateKey) error

ImportKey stores the given private/public key pair.

func (*Database) IsTrustedAccount 

func (db *Database) IsTrustedAccount(accountID string) bool

IsTrustedAccount returns whether the account is part of the trusted set.

func (*Database) PublicKey 

func (db *Database) PublicKey(keyID string) (PublicKey, error)

PublicKey returns the public key part of the key pair that has the given key id.

func (*Database) Sign 

func (db *Database) Sign(assertType *AssertionType, headers map[string]interface{}, body []byte, keyID string) (Assertion, error)

Sign assembles an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided key id.

func (*Database) WithStackedBackstore 

func (db *Database) WithStackedBackstore(backstore Backstore) *Database

WithStackedBackstore returns a new database that adds to the given backstore only but finds in backstore and the base database backstores and cross-checks against all of them. This is useful to cross-check a set of assertions without adding them to the database.

type DatabaseConfig 

type DatabaseConfig struct {
	// trusted set of assertions (account and account-key supported),
	// used to establish root keys and trusted authorities
	Trusted []Assertion
	// predefined assertions but that do not establish foundational trust
	OtherPredefined []Assertion
	// backstore for assertions, left unset storing assertions will error
	Backstore Backstore
	// manager/backstore for keypairs, defaults to in-memory implementation
	KeypairManager KeypairManager
	// assertion checkers used by Database.Check, left unset DefaultCheckers will be used which is recommended
	Checkers []Checker
}

DatabaseConfig for an assertion database.

type Decoder 

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder parses a stream of assertions bundled by separating them with double newlines.

func NewDecoder 

func NewDecoder(r io.Reader) *Decoder

NewDecoder returns a Decoder to parse the stream of assertions from the reader.

func NewDecoderWithTypeMaxBodySize 

func NewDecoderWithTypeMaxBodySize(r io.Reader, typeMaxBodySize map[*AssertionType]int) *Decoder

NewDecoderWithTypeMaxBodySize returns a Decoder to parse the stream of assertions from the reader enforcing optional per type max body sizes or the default one as fallback.

func (*Decoder) Decode 

func (d *Decoder) Decode() (Assertion, error)

Decode parses the next assertion from the stream. It returns the error io.EOF at the end of a well-formed stream.

type DeviceScopeConstraint 

type DeviceScopeConstraint struct {
	Store []string
	Brand []string
	// Model is a list of precise "<brand>/<model>" constraints
	Model []string
}

DeviceScopeConstraint specifies a constraints based on which brand store, brand or model the device belongs to.

type DeviceSessionRequest 

type DeviceSessionRequest struct {
	// contains filtered or unexported fields
}

DeviceSessionRequest holds a device-session-request assertion, which is a request wrapping a store-provided nonce to start a session by a device signed with its key.

func (*DeviceSessionRequest) AuthorityID 

func (ab *DeviceSessionRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*DeviceSessionRequest) Body 

func (ab *DeviceSessionRequest) Body() []byte

Body returns the body of the assertion.

func (*DeviceSessionRequest) BrandID 

func (req *DeviceSessionRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*DeviceSessionRequest) Format 

func (ab *DeviceSessionRequest) Format() int

Format returns the assertion format iteration.

func (*DeviceSessionRequest) Header 

func (ab *DeviceSessionRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*DeviceSessionRequest) HeaderString 

func (ab *DeviceSessionRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*DeviceSessionRequest) Headers 

func (ab *DeviceSessionRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*DeviceSessionRequest) Model 

func (req *DeviceSessionRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*DeviceSessionRequest) Nonce 

func (req *DeviceSessionRequest) Nonce() string

Nonce returns the nonce obtained from store and to be presented when requesting a device session.

func (*DeviceSessionRequest) Prerequisites 

func (ab *DeviceSessionRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*DeviceSessionRequest) Ref 

func (ab *DeviceSessionRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*DeviceSessionRequest) Revision 

func (ab *DeviceSessionRequest) Revision() int

Revision returns the assertion revision.

func (*DeviceSessionRequest) Serial 

func (req *DeviceSessionRequest) Serial() string

Serial returns the serial identifier of the device making the request, together with brand id and model it forms the unique identifier of the device.

func (*DeviceSessionRequest) SignKeyID 

func (ab *DeviceSessionRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*DeviceSessionRequest) Signature 

func (ab *DeviceSessionRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*DeviceSessionRequest) SupportedFormat 

func (ab *DeviceSessionRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*DeviceSessionRequest) Timestamp 

func (req *DeviceSessionRequest) Timestamp() time.Time

Timestamp returns the time when the device-session-request was created.

func (*DeviceSessionRequest) Type 

func (ab *DeviceSessionRequest) Type() *AssertionType

Type returns the assertion type.

type Encoder 

type Encoder struct {
	// contains filtered or unexported fields
}

Encoder emits a stream of assertions bundled by separating them with double newlines.

func NewEncoder 

func NewEncoder(w io.Writer) *Encoder

NewEncoder returns a Encoder to emit a stream of assertions to a writer.

func (*Encoder) Encode 

func (enc *Encoder) Encode(assert Assertion) error

Encode emits the assertion into the stream with the required separator. Errors here are always about writing given that Encode() itself cannot error.

func (*Encoder) WriteContentSignature 

func (enc *Encoder) WriteContentSignature(content, signature []byte) error

WriteContentSignature writes the content and signature of an assertion into the stream with all the required separators.

func (*Encoder) WriteEncoded 

func (enc *Encoder) WriteEncoded(encoded []byte) error

WriteEncoded writes the encoded assertion into the stream with the required separator.

type Fetcher 

type Fetcher interface {
	// Fetch retrieves the assertion indicated by ref then its prerequisites
	// recursively, along the way saving prerequisites before dependent assertions.
	Fetch(*Ref) error
	// Save retrieves the prerequisites of the assertion recursively,
	// along the way saving them, and finally saves the assertion.
	Save(Assertion) error
}

A Fetcher helps fetching assertions and their prerequisites.

func NewFetcher 

func NewFetcher(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), save func(Assertion) error) Fetcher

NewFetcher creates a Fetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve, and then will pass them to save, saving prerequisites before dependent assertions.

type GPGKeypairManager 

type GPGKeypairManager struct{}

A key pair manager backed by a local GnuPG setup.

func NewGPGKeypairManager 

func NewGPGKeypairManager() *GPGKeypairManager

NewGPGKeypairManager creates a new key pair manager backed by a local GnuPG setup. Importing keys through the keypair manager interface is not suppored. Main purpose is allowing signing using keys from a GPG setup.

func (*GPGKeypairManager) Delete 

func (gkm *GPGKeypairManager) Delete(name string) error

Delete removes the named key pair from GnuPG's storage.

func (*GPGKeypairManager) Export 

func (gkm *GPGKeypairManager) Export(name string) ([]byte, error)

Export returns the encoded text of the named public key.

func (*GPGKeypairManager) Generate 

func (gkm *GPGKeypairManager) Generate(passphrase string, name string) error

Generate creates a new key with the given passphrase and name.

func (*GPGKeypairManager) Get 

func (gkm *GPGKeypairManager) Get(keyID string) (PrivateKey, error)

func (*GPGKeypairManager) GetByName 

func (gkm *GPGKeypairManager) GetByName(name string) (PrivateKey, error)

GetByName looks up a private key by name and returns it.

func (*GPGKeypairManager) Put 

func (gkm *GPGKeypairManager) Put(privKey PrivateKey) error

func (*GPGKeypairManager) Walk 

func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint string, uid string) error) error

Walk iterates over all the RSA private keys in the local GPG setup calling the provided callback until this returns an error

type KeypairManager 

type KeypairManager interface {
	// Put stores the given private/public key pair,
	// making sure it can be later retrieved by its unique key id with Get.
	// Trying to store a key with an already present key id should
	// result in an error.
	Put(privKey PrivateKey) error
	// Get returns the private/public key pair with the given key id.
	Get(keyID string) (PrivateKey, error)
}

A KeypairManager is a manager and backstore for private/public key pairs.

func NewMemoryKeypairManager 

func NewMemoryKeypairManager() KeypairManager

NewMemoryKeypairManager creates a new key pair manager with a memory backstore.

func OpenFSKeypairManager 

func OpenFSKeypairManager(path string) (KeypairManager, error)

OpenFSKeypairManager opens a filesystem backed assertions backstore under path.

type Model 

type Model struct {
	// contains filtered or unexported fields
}

Model holds a model assertion, which is a statement by a brand about the properties of a device model.

func (*Model) AllSnaps 

func (mod *Model) AllSnaps() []*ModelSnap

AllSnaps returns all the snap listed by the model.

func (*Model) Architecture 

func (mod *Model) Architecture() string

Architecture returns the archicteture the model is based on.

func (*Model) AuthorityID 

func (ab *Model) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Model) Base 

func (mod *Model) Base() string

Base returns the base snap the model uses.

func (*Model) BaseSnap 

func (mod *Model) BaseSnap() *ModelSnap

BaseSnap returns the details of the base snap the model uses.

func (*Model) Body 

func (ab *Model) Body() []byte

Body returns the body of the assertion.

func (*Model) BrandID 

func (mod *Model) BrandID() string

BrandID returns the brand identifier. Same as the authority id.

func (*Model) Classic 

func (mod *Model) Classic() bool

Classic returns whether the model is a classic system.

func (*Model) DisplayName 

func (mod *Model) DisplayName() string

DisplayName returns the human-friendly name of the model or falls back to Model if this was not set.

func (*Model) Format 

func (ab *Model) Format() int

Format returns the assertion format iteration.

func (*Model) Gadget 

func (mod *Model) Gadget() string

Gadget returns the gadget snap the model uses.

func (*Model) GadgetSnap 

func (mod *Model) GadgetSnap() *ModelSnap

GadgetSnap returns the details of the gadget snap the model uses.

func (*Model) GadgetTrack 

func (mod *Model) GadgetTrack() string

GadgetTrack returns the gadget track the model uses. XXX this should go away

func (*Model) Header 

func (ab *Model) Header(name string) interface{}

Header returns the value of an header by name.

func (*Model) HeaderString 

func (ab *Model) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Model) Headers 

func (ab *Model) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Model) Kernel 

func (mod *Model) Kernel() string

Kernel returns the kernel snap the model uses. XXX this should go away

func (*Model) KernelSnap 

func (mod *Model) KernelSnap() *ModelSnap

KernelSnap returns the details of the kernel snap the model uses.

func (*Model) KernelTrack 

func (mod *Model) KernelTrack() string

KernelTrack returns the kernel track the model uses. XXX this should go away

func (*Model) Model 

func (mod *Model) Model() string

Model returns the model name identifier.

func (*Model) Prerequisites 

func (ab *Model) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Model) Ref 

func (ab *Model) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Model) RequiredNoEssentialSnaps 

func (mod *Model) RequiredNoEssentialSnaps() []naming.SnapRef

RequiredNoEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, excluding the essential snaps (gadget, kernel, boot base).

func (*Model) RequiredWithEssentialSnaps 

func (mod *Model) RequiredWithEssentialSnaps() []naming.SnapRef

RequiredWithEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, including the essential snaps (gadget, kernel, boot base).

func (*Model) Revision 

func (ab *Model) Revision() int

Revision returns the assertion revision.

func (*Model) Series 

func (mod *Model) Series() string

Series returns the series of the core software the model uses.

func (*Model) SignKeyID 

func (ab *Model) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Model) Signature 

func (ab *Model) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Model) Store 

func (mod *Model) Store() string

Store returns the snap store the model uses.

func (*Model) SupportedFormat 

func (ab *Model) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Model) SystemUserAuthority 

func (mod *Model) SystemUserAuthority() []string

SystemUserAuthority returns the authority ids that are accepted as signers of system-user assertions for this model. Empty list means any.

func (*Model) Timestamp 

func (mod *Model) Timestamp() time.Time

Timestamp returns the time when the model assertion was issued.

func (*Model) Type 

func (ab *Model) Type() *AssertionType

Type returns the assertion type.

type ModelSnap 

type ModelSnap struct {
	Name   string
	SnapID string
	// SnapType is one of: app|base|gadget|kernel|core, default is app
	SnapType string
	// Modes in which the snap must be made available
	Modes []string
	// DefaultChannel is the initial tracking channel, default is stable
	DefaultChannel string
	// Track is a locked track for the snap, if set DefaultChannel
	// cannot be set at the same time
	Track string
	// Presence is one of: required|optional
	Presence string
}

ModelSnap holds the details about a snap specified by a model assertion.

func (*ModelSnap) ID 

func (s *ModelSnap) ID() string

ID implements naming.SnapRef.

func (*ModelSnap) SnapName 

func (s *ModelSnap) SnapName() string

SnapName implements naming.SnapRef.

type NotFoundError 

type NotFoundError struct {
	Type    *AssertionType
	Headers map[string]string
}

NotFoundError is returned when an assertion can not be found.

func (*NotFoundError) Error 

func (e *NotFoundError) Error() string

type OnClassicConstraint 

type OnClassicConstraint struct {
	Classic   bool
	SystemIDs []string
}

OnClassicConstraint specifies a constraint based whether the system is classic and optional specific distros' sets.

type PlugConnectionConstraints 

type PlugConnectionConstraints struct {
	SlotSnapTypes    []string
	SlotSnapIDs      []string
	SlotPublisherIDs []string

	PlugAttributes *AttributeConstraints
	SlotAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

PlugConnectionConstraints specfies a set of constraints on an interface plug for a snap relevant to its connection or auto-connection.

type PlugInstallationConstraints 

type PlugInstallationConstraints struct {
	PlugSnapTypes []string

	PlugAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

PlugInstallationConstraints specifies a set of constraints on an interface plug relevant to the installation of snap.

type PlugRule 

type PlugRule struct {
	Interface string

	AllowInstallation []*PlugInstallationConstraints
	DenyInstallation  []*PlugInstallationConstraints

	AllowConnection []*PlugConnectionConstraints
	DenyConnection  []*PlugConnectionConstraints

	AllowAutoConnection []*PlugConnectionConstraints
	DenyAutoConnection  []*PlugConnectionConstraints
}

PlugRule holds the rule of what is allowed, wrt installation and connection, for a plug of a specific interface for a snap.

type PrivateKey 

type PrivateKey interface {
	// PublicKey returns the public part of the pair.
	PublicKey() PublicKey
	// contains filtered or unexported methods
}

PrivateKey is a cryptographic private/public key pair.

func GenerateKey 

func GenerateKey() (PrivateKey, error)

GenerateKey generates a private/public key pair.

func RSAPrivateKey 

func RSAPrivateKey(privk *rsa.PrivateKey) PrivateKey

RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.

type PublicKey 

type PublicKey interface {
	// ID returns the id of the key used for lookup.
	ID() string
	// contains filtered or unexported methods
}

PublicKey is the public part of a cryptographic private/public key pair.

func DecodePublicKey 

func DecodePublicKey(pubKey []byte) (PublicKey, error)

DecodePublicKey deserializes a public key.

func RSAPublicKey 

func RSAPublicKey(pubKey *rsa.PublicKey) PublicKey

RSAPublicKey returns a database useable public key out of rsa.PublicKey.

type RODatabase 

type RODatabase interface {
	// IsTrustedAccount returns whether the account is part of the trusted set.
	IsTrustedAccount(accountID string) bool
	// Find an assertion based on arbitrary headers.
	// Provided headers must contain the primary key for the assertion type.
	// It returns a NotFoundError if the assertion cannot be found.
	Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindPredefined finds an assertion in the predefined sets
	// (trusted or not) based on arbitrary headers.  Provided
	// headers must contain the primary key for the assertion
	// type.  It returns a NotFoundError if the assertion cannot
	// be found.
	FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindTrusted finds an assertion in the trusted set based on
	// arbitrary headers.  Provided headers must contain the
	// primary key for the assertion type.  It returns a
	// NotFoundError if the assertion cannot be found.
	FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindMany finds assertions based on arbitrary headers.
	// It returns a NotFoundError if no assertion can be found.
	FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
	// FindManyPredefined finds assertions in the predefined sets
	// (trusted or not) based on arbitrary headers.  It returns a
	// NotFoundError if no assertion can be found.
	FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
	// Check tests whether the assertion is properly signed and consistent with all the stored knowledge.
	Check(assert Assertion) error
}

A RODatabase exposes read-only access to an assertion database.

type Ref 

type Ref struct {
	Type       *AssertionType
	PrimaryKey []string
}

Ref expresses a reference to an assertion.

func (*Ref) Resolve 

func (ref *Ref) Resolve(find func(assertType *AssertionType, headers map[string]string) (Assertion, error)) (Assertion, error)

Resolve resolves the reference using the given find function.

func (*Ref) String 

func (ref *Ref) String() string

func (*Ref) Unique 

func (ref *Ref) Unique() string

Unique returns a unique string representing the reference that can be used as a key in maps.

type Repair 

type Repair struct {
	// contains filtered or unexported fields
}

Repair holds an repair assertion which allows running repair code to fixup broken systems. It can be limited by series and models.

func (*Repair) Architectures 

func (r *Repair) Architectures() []string

Architectures returns the architectures that this assertions applies to.

func (*Repair) AuthorityID 

func (ab *Repair) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Repair) Body 

func (ab *Repair) Body() []byte

Body returns the body of the assertion.

func (*Repair) BrandID 

func (r *Repair) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*Repair) Disabled 

func (r *Repair) Disabled() bool

Disabled returns true if the repair has been disabled.

func (*Repair) Format 

func (ab *Repair) Format() int

Format returns the assertion format iteration.

func (*Repair) Header 

func (ab *Repair) Header(name string) interface{}

Header returns the value of an header by name.

func (*Repair) HeaderString 

func (ab *Repair) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Repair) Headers 

func (ab *Repair) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Repair) Models 

func (r *Repair) Models() []string

Models returns the models that this assertion is valid for. It is a list of "brand-id/model-name" strings.

func (*Repair) Prerequisites 

func (ab *Repair) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Repair) Ref 

func (ab *Repair) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Repair) RepairID 

func (r *Repair) RepairID() int

RepairID returns the sequential id of the repair. There should be a public place to look up details about the repair by brand-id and repair-id. (e.g. the snapcraft forum).

func (*Repair) Revision 

func (ab *Repair) Revision() int

Revision returns the assertion revision.

func (*Repair) Series 

func (r *Repair) Series() []string

Series returns the series that this assertion is valid for.

func (*Repair) SignKeyID 

func (ab *Repair) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Repair) Signature 

func (ab *Repair) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Repair) Summary 

func (r *Repair) Summary() string

Summary returns the mandatory summary description of the repair.

func (*Repair) SupportedFormat 

func (ab *Repair) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Repair) Timestamp 

func (r *Repair) Timestamp() time.Time

Timestamp returns the time when the repair was issued.

func (*Repair) Type 

func (ab *Repair) Type() *AssertionType

Type returns the assertion type.

type RevisionError 

type RevisionError struct {
	Used, Current int
}

RevisionError indicates a revision improperly used for an operation.

func (*RevisionError) Error 

func (e *RevisionError) Error() string

type Serial 

type Serial struct {
	// contains filtered or unexported fields
}

Serial holds a serial assertion, which is a statement binding a device identity with the device public key.

func (*Serial) AuthorityID 

func (ab *Serial) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Serial) Body 

func (ab *Serial) Body() []byte

Body returns the body of the assertion.

func (*Serial) BrandID 

func (ser *Serial) BrandID() string

BrandID returns the brand identifier of the device.

func (*Serial) DeviceKey 

func (ser *Serial) DeviceKey() PublicKey

DeviceKey returns the public key of the device.

func (*Serial) Format 

func (ab *Serial) Format() int

Format returns the assertion format iteration.

func (*Serial) Header 

func (ab *Serial) Header(name string) interface{}

Header returns the value of an header by name.

func (*Serial) HeaderString 

func (ab *Serial) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Serial) Headers 

func (ab *Serial) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Serial) Model 

func (ser *Serial) Model() string

Model returns the model name identifier of the device.

func (*Serial) Prerequisites 

func (ab *Serial) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Serial) Ref 

func (ab *Serial) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Serial) Revision 

func (ab *Serial) Revision() int

Revision returns the assertion revision.

func (*Serial) Serial 

func (ser *Serial) Serial() string

Serial returns the serial identifier of the device, together with brand id and model they form the unique identifier of the device.

func (*Serial) SignKeyID 

func (ab *Serial) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Serial) Signature 

func (ab *Serial) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Serial) SupportedFormat 

func (ab *Serial) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Serial) Timestamp 

func (ser *Serial) Timestamp() time.Time

Timestamp returns the time when the serial assertion was issued.

func (*Serial) Type 

func (ab *Serial) Type() *AssertionType

Type returns the assertion type.

type SerialRequest 

type SerialRequest struct {
	// contains filtered or unexported fields
}

SerialRequest holds a serial-request assertion, which is a self-signed request to obtain a full device identity bound to the device public key.

func (*SerialRequest) AuthorityID 

func (ab *SerialRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SerialRequest) Body 

func (ab *SerialRequest) Body() []byte

Body returns the body of the assertion.

func (*SerialRequest) BrandID 

func (sreq *SerialRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*SerialRequest) DeviceKey 

func (sreq *SerialRequest) DeviceKey() PublicKey

DeviceKey returns the public key of the device making the request.

func (*SerialRequest) Format 

func (ab *SerialRequest) Format() int

Format returns the assertion format iteration.

func (*SerialRequest) Header 

func (ab *SerialRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*SerialRequest) HeaderString 

func (ab *SerialRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SerialRequest) Headers 

func (ab *SerialRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SerialRequest) Model 

func (sreq *SerialRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*SerialRequest) Prerequisites 

func (ab *SerialRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SerialRequest) Ref 

func (ab *SerialRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SerialRequest) RequestID 

func (sreq *SerialRequest) RequestID() string

RequestID returns the id for the request, obtained from and to be presented to the serial signing service.

func (*SerialRequest) Revision 

func (ab *SerialRequest) Revision() int

Revision returns the assertion revision.

func (*SerialRequest) Serial 

func (sreq *SerialRequest) Serial() string

Serial returns the optional proposed serial identifier for the device, the service taking the request might use it or ignore it.

func (*SerialRequest) SignKeyID 

func (ab *SerialRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SerialRequest) Signature 

func (ab *SerialRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SerialRequest) SupportedFormat 

func (ab *SerialRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SerialRequest) Type 

func (ab *SerialRequest) Type() *AssertionType

Type returns the assertion type.

type SlotConnectionConstraints 

type SlotConnectionConstraints struct {
	PlugSnapTypes    []string
	PlugSnapIDs      []string
	PlugPublisherIDs []string

	SlotAttributes *AttributeConstraints
	PlugAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

SlotConnectionConstraints specfies a set of constraints on an interface slot for a snap relevant to its connection or auto-connection.

type SlotInstallationConstraints 

type SlotInstallationConstraints struct {
	SlotSnapTypes []string

	SlotAttributes *AttributeConstraints

	OnClassic *OnClassicConstraint

	DeviceScope *DeviceScopeConstraint
}

SlotInstallationConstraints specifies a set of constraints on an interface slot relevant to the installation of snap.

type SlotRule 

type SlotRule struct {
	Interface string

	AllowInstallation []*SlotInstallationConstraints
	DenyInstallation  []*SlotInstallationConstraints

	AllowConnection []*SlotConnectionConstraints
	DenyConnection  []*SlotConnectionConstraints

	AllowAutoConnection []*SlotConnectionConstraints
	DenyAutoConnection  []*SlotConnectionConstraints
}

SlotRule holds the rule of what is allowed, wrt installation and connection, for a slot of a specific interface for a snap.

type SnapBuild 

type SnapBuild struct {
	// contains filtered or unexported fields
}

SnapBuild holds a snap-build assertion, asserting the properties of a snap at the time it was built by the developer.

func (*SnapBuild) AuthorityID 

func (ab *SnapBuild) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapBuild) Body 

func (ab *SnapBuild) Body() []byte

Body returns the body of the assertion.

func (*SnapBuild) Format 

func (ab *SnapBuild) Format() int

Format returns the assertion format iteration.

func (*SnapBuild) Grade 

func (snapbld *SnapBuild) Grade() string

Grade returns the grade of the snap: devel|stable

func (*SnapBuild) Header 

func (ab *SnapBuild) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapBuild) HeaderString 

func (ab *SnapBuild) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapBuild) Headers 

func (ab *SnapBuild) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapBuild) Prerequisites 

func (ab *SnapBuild) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SnapBuild) Ref 

func (ab *SnapBuild) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapBuild) Revision 

func (ab *SnapBuild) Revision() int

Revision returns the assertion revision.

func (*SnapBuild) SignKeyID 

func (ab *SnapBuild) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapBuild) Signature 

func (ab *SnapBuild) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapBuild) SnapID 

func (snapbld *SnapBuild) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapBuild) SnapSHA3_384 

func (snapbld *SnapBuild) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapBuild) SnapSize 

func (snapbld *SnapBuild) SnapSize() uint64

SnapSize returns the size of the snap.

func (*SnapBuild) SupportedFormat 

func (ab *SnapBuild) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapBuild) Timestamp 

func (snapbld *SnapBuild) Timestamp() time.Time

Timestamp returns the time when the snap-build assertion was created.

func (*SnapBuild) Type 

func (ab *SnapBuild) Type() *AssertionType

Type returns the assertion type.

type SnapDeclaration 

type SnapDeclaration struct {
	// contains filtered or unexported fields
}

SnapDeclaration holds a snap-declaration assertion, declaring a snap binding its identifying snap-id to a name, asserting its publisher and its other properties.

func (*SnapDeclaration) Aliases 

func (snapdcl *SnapDeclaration) Aliases() map[string]string

Aliases returns the optional explicit aliases granted to this snap.

func (*SnapDeclaration) AuthorityID 

func (ab *SnapDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeclaration) AutoAliases 

func (snapdcl *SnapDeclaration) AutoAliases() []string

AutoAliases returns the optional auto-aliases granted to this snap. XXX: deprecated, will go away

func (*SnapDeclaration) Body 

func (ab *SnapDeclaration) Body() []byte

Body returns the body of the assertion.

func (*SnapDeclaration) Format 

func (ab *SnapDeclaration) Format() int

Format returns the assertion format iteration.

func (*SnapDeclaration) Header 

func (ab *SnapDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeclaration) HeaderString 

func (ab *SnapDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeclaration) Headers 

func (ab *SnapDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeclaration) PlugRule 

func (snapdcl *SnapDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) Prerequisites 

func (snapdcl *SnapDeclaration) Prerequisites() []*Ref

Prerequisites returns references to this snap-declaration's prerequisite assertions.

func (*SnapDeclaration) PublisherID 

func (snapdcl *SnapDeclaration) PublisherID() string

PublisherID returns the identifier of the publisher of the declared snap.

func (*SnapDeclaration) Ref 

func (ab *SnapDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeclaration) RefreshControl 

func (snapdcl *SnapDeclaration) RefreshControl() []string

RefreshControl returns the ids of snaps whose updates are controlled by this declaration.

func (*SnapDeclaration) Revision 

func (ab *SnapDeclaration) Revision() int

Revision returns the assertion revision.

func (*SnapDeclaration) Series 

func (snapdcl *SnapDeclaration) Series() string

Series returns the series for which the snap is being declared.

func (*SnapDeclaration) SignKeyID 

func (ab *SnapDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeclaration) Signature 

func (ab *SnapDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeclaration) SlotRule 

func (snapdcl *SnapDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) SnapID 

func (snapdcl *SnapDeclaration) SnapID() string

SnapID returns the snap id of the declared snap.

func (*SnapDeclaration) SnapName 

func (snapdcl *SnapDeclaration) SnapName() string

SnapName returns the declared snap name.

func (*SnapDeclaration) SupportedFormat 

func (ab *SnapDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeclaration) Timestamp 

func (snapdcl *SnapDeclaration) Timestamp() time.Time

Timestamp returns the time when the snap-declaration was issued.

func (*SnapDeclaration) Type 

func (ab *SnapDeclaration) Type() *AssertionType

Type returns the assertion type.

type SnapDeveloper 

type SnapDeveloper struct {
	// contains filtered or unexported fields
}

SnapDeveloper holds a snap-developer assertion, defining the developers who can collaborate on a snap while it's owned by a specific publisher.

The primary key (snap-id, publisher-id) allows a snap to have many snap-developer assertions, e.g. to allow a future publisher's collaborations to be defined before the snap is transferred. However only the snap-developer for the current publisher (the snap-declaration publisher-id) is relevant to a device.

func (*SnapDeveloper) AuthorityID 

func (ab *SnapDeveloper) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeveloper) Body 

func (ab *SnapDeveloper) Body() []byte

Body returns the body of the assertion.

func (*SnapDeveloper) Format 

func (ab *SnapDeveloper) Format() int

Format returns the assertion format iteration.

func (*SnapDeveloper) Header 

func (ab *SnapDeveloper) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeveloper) HeaderString 

func (ab *SnapDeveloper) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeveloper) Headers 

func (ab *SnapDeveloper) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeveloper) Prerequisites 

func (snapdev *SnapDeveloper) Prerequisites() []*Ref

Prerequisites returns references to this snap-developer's prerequisite assertions.

func (*SnapDeveloper) PublisherID 

func (snapdev *SnapDeveloper) PublisherID() string

PublisherID returns the publisher's account id.

func (*SnapDeveloper) Ref 

func (ab *SnapDeveloper) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeveloper) Revision 

func (ab *SnapDeveloper) Revision() int

Revision returns the assertion revision.

func (*SnapDeveloper) SignKeyID 

func (ab *SnapDeveloper) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeveloper) Signature 

func (ab *SnapDeveloper) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeveloper) SnapID 

func (snapdev *SnapDeveloper) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapDeveloper) SupportedFormat 

func (ab *SnapDeveloper) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeveloper) Type 

func (ab *SnapDeveloper) Type() *AssertionType

Type returns the assertion type.

type SnapRevision 

type SnapRevision struct {
	// contains filtered or unexported fields
}

SnapRevision holds a snap-revision assertion, which is a statement by the store acknowledging the receipt of a build of a snap and labeling it with a snap revision.

func (*SnapRevision) AuthorityID 

func (ab *SnapRevision) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapRevision) Body 

func (ab *SnapRevision) Body() []byte

Body returns the body of the assertion.

func (*SnapRevision) DeveloperID 

func (snaprev *SnapRevision) DeveloperID() string

DeveloperID returns the id of the developer that submitted this build of the snap.

func (*SnapRevision) Format 

func (ab *SnapRevision) Format() int

Format returns the assertion format iteration.

func (*SnapRevision) Header 

func (ab *SnapRevision) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapRevision) HeaderString 

func (ab *SnapRevision) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapRevision) Headers 

func (ab *SnapRevision) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapRevision) Prerequisites 

func (snaprev *SnapRevision) Prerequisites() []*Ref

Prerequisites returns references to this snap-revision's prerequisite assertions.

func (*SnapRevision) Ref 

func (ab *SnapRevision) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapRevision) Revision 

func (ab *SnapRevision) Revision() int

Revision returns the assertion revision.

func (*SnapRevision) SignKeyID 

func (ab *SnapRevision) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapRevision) Signature 

func (ab *SnapRevision) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapRevision) SnapID 

func (snaprev *SnapRevision) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapRevision) SnapRevision 

func (snaprev *SnapRevision) SnapRevision() int

SnapRevision returns the revision assigned to this build of the snap.

func (*SnapRevision) SnapSHA3_384 

func (snaprev *SnapRevision) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapRevision) SnapSize 

func (snaprev *SnapRevision) SnapSize() uint64

SnapSize returns the size in bytes of the snap submitted to the store.

func (*SnapRevision) SupportedFormat 

func (ab *SnapRevision) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapRevision) Timestamp 

func (snaprev *SnapRevision) Timestamp() time.Time

Timestamp returns the time when the snap-revision was issued.

func (*SnapRevision) Type 

func (ab *SnapRevision) Type() *AssertionType

Type returns the assertion type.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store holds a store assertion, defining the configuration needed to connect a device to the store or relative to a non-default store.

func (*Store) AuthorityID 

func (ab *Store) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Store) Body 

func (ab *Store) Body() []byte

Body returns the body of the assertion.

func (*Store) Format 

func (ab *Store) Format() int

Format returns the assertion format iteration.

func (*Store) FriendlyStores 

func (store *Store) FriendlyStores() []string

FriendlyStores returns stores holding snaps that are also exposed through this one.

func (*Store) Header 

func (ab *Store) Header(name string) interface{}

Header returns the value of an header by name.

func (*Store) HeaderString 

func (ab *Store) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Store) Headers 

func (ab *Store) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Store) Location 

func (store *Store) Location() string

Location returns a summary of the store's location/purpose.

func (*Store) OperatorID 

func (store *Store) OperatorID() string

OperatorID returns the account id of the store's operator.

func (*Store) Prerequisites 

func (store *Store) Prerequisites() []*Ref

Prerequisites returns references to this store's prerequisite assertions.

func (*Store) Ref 

func (ab *Store) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Store) Revision 

func (ab *Store) Revision() int

Revision returns the assertion revision.

func (*Store) SignKeyID 

func (ab *Store) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Store) Signature 

func (ab *Store) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Store) Store 

func (store *Store) Store() string

Store returns the identifying name of the operator's store.

func (*Store) SupportedFormat 

func (ab *Store) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Store) Timestamp 

func (store *Store) Timestamp() time.Time

Timestamp returns the time when the store assertion was issued.

func (*Store) Type 

func (ab *Store) Type() *AssertionType

Type returns the assertion type.

func (*Store) URL 

func (store *Store) URL() *url.URL

URL returns the URL of the store's API.

type SystemUser 

type SystemUser struct {
	// contains filtered or unexported fields
}

SystemUser holds a system-user assertion which allows creating local system users.

func (*SystemUser) AuthorityID 

func (ab *SystemUser) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SystemUser) Body 

func (ab *SystemUser) Body() []byte

Body returns the body of the assertion.

func (*SystemUser) BrandID 

func (su *SystemUser) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*SystemUser) Email 

func (su *SystemUser) Email() string

Email returns the email address that this assertion is valid for.

func (*SystemUser) ForcePasswordChange 

func (su *SystemUser) ForcePasswordChange() bool

ForcePasswordChange returns true if the user needs to change the password after the first login.

func (*SystemUser) Format 

func (ab *SystemUser) Format() int

Format returns the assertion format iteration.

func (*SystemUser) Header 

func (ab *SystemUser) Header(name string) interface{}

Header returns the value of an header by name.

func (*SystemUser) HeaderString 

func (ab *SystemUser) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SystemUser) Headers 

func (ab *SystemUser) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SystemUser) Models 

func (su *SystemUser) Models() []string

Models returns the models that this assertion is valid for.

func (*SystemUser) Name 

func (su *SystemUser) Name() string

Name returns the full name of the user (e.g. Random Guy).

func (*SystemUser) Password 

func (su *SystemUser) Password() string

Password returns the crypt(3) compatible password for the user. Note that only ID: $6$ or stronger is supported (sha512crypt).

func (*SystemUser) Prerequisites 

func (ab *SystemUser) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SystemUser) Ref 

func (ab *SystemUser) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SystemUser) Revision 

func (ab *SystemUser) Revision() int

Revision returns the assertion revision.

func (*SystemUser) SSHKeys 

func (su *SystemUser) SSHKeys() []string

SSHKeys returns the ssh keys for the user.

func (*SystemUser) Series 

func (su *SystemUser) Series() []string

Series returns the series that this assertion is valid for.

func (*SystemUser) SignKeyID 

func (ab *SystemUser) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SystemUser) Signature 

func (ab *SystemUser) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SystemUser) Since 

func (su *SystemUser) Since() time.Time

Since returns the time since the assertion is valid.

func (*SystemUser) SupportedFormat 

func (ab *SystemUser) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SystemUser) Type 

func (ab *SystemUser) Type() *AssertionType

Type returns the assertion type.

func (*SystemUser) Until 

func (su *SystemUser) Until() time.Time

Until returns the time until the assertion is valid.

func (*SystemUser) Username 

func (su *SystemUser) Username() string

Username returns the system user name that should be created (e.g. "foo").

func (*SystemUser) ValidAt 

func (su *SystemUser) ValidAt(when time.Time) bool

ValidAt returns whether the system-user is valid at 'when' time.

type UnsupportedFormatError 

type UnsupportedFormatError struct {
	Ref    *Ref
	Format int
	// Update marks there was already a current revision of the assertion and it has been kept.
	Update bool
}

UnsupportedFormatError indicates an assertion with a format iteration not yet supported by the present version of asserts.

func (*UnsupportedFormatError) Error 

func (e *UnsupportedFormatError) Error() string

type Validation 

type Validation struct {
	// contains filtered or unexported fields
}

Validation holds a validation assertion, describing that a combination of (snap-id, approved-snap-id, approved-revision) has been validated for the series, meaning updating to that revision of approved-snap-id has been approved by the owner of the gating snap with snap-id.

func (*Validation) ApprovedSnapID 

func (validation *Validation) ApprovedSnapID() string

ApprovedSnapID returns the ID of the gated snap.

func (*Validation) ApprovedSnapRevision 

func (validation *Validation) ApprovedSnapRevision() int

ApprovedSnapRevision returns the approved revision of the gated snap.

func (*Validation) AuthorityID 

func (ab *Validation) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Validation) Body 

func (ab *Validation) Body() []byte

Body returns the body of the assertion.

func (*Validation) Format 

func (ab *Validation) Format() int

Format returns the assertion format iteration.

func (*Validation) Header 

func (ab *Validation) Header(name string) interface{}

Header returns the value of an header by name.

func (*Validation) HeaderString 

func (ab *Validation) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Validation) Headers 

func (ab *Validation) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Validation) Prerequisites 

func (validation *Validation) Prerequisites() []*Ref

Prerequisites returns references to this validation's prerequisite assertions.

func (*Validation) Ref 

func (ab *Validation) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Validation) Revision 

func (ab *Validation) Revision() int

Revision returns the assertion revision.

func (*Validation) Revoked 

func (validation *Validation) Revoked() bool

Revoked returns true if the validation has been revoked.

func (*Validation) Series 

func (validation *Validation) Series() string

Series returns the series for which the validation holds.

func (*Validation) SignKeyID 

func (ab *Validation) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Validation) Signature 

func (ab *Validation) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Validation) SnapID 

func (validation *Validation) SnapID() string

SnapID returns the ID of the gating snap.

func (*Validation) SupportedFormat 

func (ab *Validation) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Validation) Timestamp 

func (validation *Validation) Timestamp() time.Time

Timestamp returns the time when the validation was issued.

func (*Validation) Type 

func (ab *Validation) Type() *AssertionType

Type returns the assertion type.

Source Files

View all Source files

Directories

Path Synopsis
Package assertstest provides helpers for testing code that involves assertions.
 Package assertstest provides helpers for testing code that involves assertions.
Package signtool offers tooling to sign assertions.
 Package signtool offers tooling to sign assertions.
Package snapasserts offers helpers to handle snap assertions and their checking for installation.
 Package snapasserts offers helpers to handle snap assertions and their checking for installation.
Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
 Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
Package systestkeys defines trusted assertions and keys to use in tests.
 Package systestkeys defines trusted assertions and keys to use in tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.