Affected by GO-2024-2468 and 4 other vulnerabilities

GO-2024-2468: snapd Race Condition vulnerability in github.com/snapcore/snapd

GO-2024-2906: CVE-2024-5138 in github.com/snapcore/snapd

GO-2024-3007: snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

GO-2024-3008: snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd

GO-2024-3009: snapd failed to properly check the destination of symbolic links when extracting a snap in github.com/snapcore/snapd

image

package

v0.0.0-...-f0aaebc Latest Latest Go to latest Published: Nov 11, 2024 License: GPL-3.0 Imports: 28 Imported by: 16

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/snapcore/snapd

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func FetchAndCheckComponentAssertions(comp CompInfoPath, info *snap.Info, model *asserts.Model, f asserts.Fetcher, ...) error
func FetchAndCheckSnapAssertions(snapPath string, info *snap.Info, comps []CompInfoPath, model *asserts.Model, ...) (*asserts.SnapDeclaration, error)
func MockTrusted(mockTrusted []asserts.Assertion) (restore func())
func Prepare(opts *Options) error
type CompInfoPath
type Customizations
type Options

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	Stdout io.Writer = os.Stdout
	Stderr io.Writer = os.Stderr
)

Functions ¶

func FetchAndCheckComponentAssertions ¶

func FetchAndCheckComponentAssertions(comp CompInfoPath, info *snap.Info, model *asserts.Model, f asserts.Fetcher, db asserts.RODatabase) error

FetchAndCheckSnapAssertions fetches and cross checks the snap assertions matching the given component file using the provided asserts.Fetcher and assertion database. The optional model assertion must be passed for full cross checks.

func FetchAndCheckSnapAssertions ¶

func FetchAndCheckSnapAssertions(snapPath string, info *snap.Info, comps []CompInfoPath, model *asserts.Model, f asserts.Fetcher, db asserts.RODatabase) (*asserts.SnapDeclaration, error)

FetchAndCheckSnapAssertions fetches and cross checks the snap assertions matching the given snap file and wanted components using the provided asserts.Fetcher and assertion database. The optional model assertion must be passed for full cross checks.

func MockTrusted ¶

func MockTrusted(mockTrusted []asserts.Assertion) (restore func())

func Prepare ¶

func Prepare(opts *Options) error

Types ¶

type CompInfoPath ¶

type CompInfoPath struct {
	Info *snap.ComponentInfo
	Path string
}

CompInfoPath contains information for a component file that we need to get its assertions.

type Customizations ¶

type Customizations struct {
	// ConsoleConf can be set to "disabled" to disable console-conf
	// forcefully (UC16/18 only ATM).
	ConsoleConf string `json:"console-conf"`
	// CloudInitUserData can optionally point to cloud init user-data
	// (UC16/18 only)
	CloudInitUserData string `json:"cloud-init-user-data"`
	// BootFlags can be set to a list of boot flags
	// to set in the recovery bootloader (UC20 only).
	// Currently only the "factory" hint flag is supported.
	BootFlags []string `json:"boot-flags"`
	// Validation controls whether validations should be taken
	// into account by the store to select snap revisions.
	// It can be set to "enforce" or "ignore".
	Validation string `json:"validation"`
}

Customizatons defines possible image customizations. Not all of them applies to all kind of systems.

type Options ¶

type Options struct {
	ModelFile string
	Classic   bool

	// Preseed requests the image to be preseeded (only for UC20)
	Preseed bool
	// PreseedSignKey is the name of the key to use for signing preseed
	// assertion (empty means the default key).
	PreseedSignKey string

	// AppArmor kernel features directory to bind-mount when preseeding.
	// If empty then the features from /sys/kernel/security/apparmor will be used.
	// (only for UC20)
	AppArmorKernelFeaturesDir string

	// SysfsOverlay is the optional sysfs overlay to be used for
	// preseeding.
	// Directories from /sys/class/* and /sys/devices/platform
	// will be bind-mounted to the chroot when preseeding.
	SysfsOverlay string

	Channel string

	// TODO: use OptionsSnap directly here?
	Snaps        []string
	Components   []string
	SnapChannels map[string]string

	// SeedManifest is a pre-provided seed manifest, to allow for
	// creating reproducible seeds. If provided, the snap revisions and
	// validation-sets specified in the seed manifest will be used to
	// (re-)create the image seed.
	SeedManifest *seedwriter.Manifest
	// SeedManifestPath if set, specifies the file path where the
	// seed.manifest file should be written.
	SeedManifestPath string

	// WideCohortKey can be used to supply a cohort covering all
	// the snaps in the image, there is no generally suppported API
	// to create such a cohort key.
	WideCohortKey string

	PrepareDir string

	// Architecture to use if none is specified by the model,
	// useful only for classic mode. If set must match the model otherwise.
	Architecture string

	Customizations Customizations
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
preseed Package preseed provides functions for preseeding of classic and UC20 systems.	Package preseed provides functions for preseeding of classic and UC20 systems.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL