Affected by GO-2024-2468 and 4 other vulnerabilities

GO-2024-2468: snapd Race Condition vulnerability in github.com/snapcore/snapd

GO-2024-2906: CVE-2024-5138 in github.com/snapcore/snapd

GO-2024-3007: snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

GO-2024-3008: snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd

GO-2024-3009: snapd failed to properly check the destination of symbolic links when extracting a snap in github.com/snapcore/snapd

install

package

v0.0.0-...-f890545 Latest Latest Go to latest Published: Nov 21, 2024 License: GPL-3.0 Imports: 27 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/snapcore/snapd

Documentation ¶

Overview ¶

Package install implements installation logic details for UC20+ systems. It is meant for use by overlord/devicestate and the single-reboot installation code in snap-bootstrap.

Index ¶

func ApplyPreseededData(preseedSeed seed.PreseedCapable, writableDir string) error
func BuildInstallObserver(model *asserts.Model, gadgetDir string, useEncryption bool) (observer gadget.ContentObserver, ...)
func CheckEncryptionSupport(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, ...) (secboot.EncryptionType, error)
func MockSecbootCheckTPMKeySealingSupported(f func(tpmMode secboot.TPMProvisionMode) error) (restore func())
func PrepareEncryptedSystemData(model *asserts.Model, keyForRole map[string]keys.EncryptionKey, ...) error
func PrepareRunSystemData(model *asserts.Model, gadgetDir string, perfTimings timings.Measurer) error
type EncryptionSupportInfo
- func GetEncryptionSupportInfo(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, ...) (EncryptionSupportInfo, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ApplyPreseededData ¶

func ApplyPreseededData(preseedSeed seed.PreseedCapable, writableDir string) error

ApplyPreseededData applies the preseed payload from the given seed, including installing snaps, to the given target system filesystem.

func BuildInstallObserver ¶

func BuildInstallObserver(model *asserts.Model, gadgetDir string, useEncryption bool) (
	observer gadget.ContentObserver, trustedObserver boot.TrustedAssetsInstallObserver, err error)

BuildInstallObserver creates an observer for gadget assets if applicable, otherwise the returned gadget.ContentObserver is nil. The observer if any is also returned as non-nil trustedObserver if encryption is in use.

func CheckEncryptionSupport ¶

func CheckEncryptionSupport(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, gadgetInfo *gadget.Info, runSetupHook fde.RunSetupHookFunc) (secboot.EncryptionType, error)

CheckEncryptionSupport checks the type of encryption support for disks available if any and returns the corresponding secboot.EncryptionType, internally it uses GetEncryptionSupportInfo with the provided parameters.

func MockSecbootCheckTPMKeySealingSupported ¶

func MockSecbootCheckTPMKeySealingSupported(f func(tpmMode secboot.TPMProvisionMode) error) (restore func())

MockSecbootCheckTPMKeySealingSupported mocks secboot.CheckTPMKeySealingSupported usage by the package for testing.

func PrepareEncryptedSystemData ¶

func PrepareEncryptedSystemData(model *asserts.Model, keyForRole map[string]keys.EncryptionKey, trustedInstallObserver boot.TrustedAssetsInstallObserver) error

PrepareEncryptedSystemData executes preparations related to encrypted system data: * provides trustedInstallObserver with the chosen keys * uses trustedInstallObserver to track any trusted assets in ubuntu-seed * save keys and markers for ubuntu-data being able to safely open ubuntu-save It is the responsibility of the caller to call ObserveExistingTrustedRecoveryAssets on trustedInstallObserver.

func PrepareRunSystemData ¶

func PrepareRunSystemData(model *asserts.Model, gadgetDir string, perfTimings timings.Measurer) error

PrepareRunSystemData prepares the run system: * it writes the model to ubuntu-boot * sets up/copies any allowed and relevant cloud init configuration * plus other details

Types ¶

type EncryptionSupportInfo ¶

type EncryptionSupportInfo struct {
	// Disabled is set to true if encryption was forcefully
	// disabled (e.g. via the seed partition), if set the rest
	// of the struct content is not relevant.
	Disabled bool

	// StorageSafety describes the level safety properties
	// requested by the model
	StorageSafety asserts.StorageSafety
	// Available is set to true if encryption is available on this device
	// with the used gadget.
	Available bool

	// Type is set to the EncryptionType that can be used if
	// Available is true.
	Type secboot.EncryptionType

	// UnvailableErr is set if the encryption support availability of
	// the this device and used gadget do not match the
	// storage safety requirements.
	UnavailableErr error
	// UnavailbleWarning describes why encryption support is not
	// available in case it is optional.
	UnavailableWarning string
}

EncryptionSupportInfo describes what encryption is available and needed for the current device.

func GetEncryptionSupportInfo ¶

func GetEncryptionSupportInfo(model *asserts.Model, tpmMode secboot.TPMProvisionMode, kernelInfo *snap.Info, gadgetInfo *gadget.Info, runSetupHook fde.RunSetupHookFunc) (EncryptionSupportInfo, error)

GetEncryptionSupportInfo returns the encryption support information for the given model, TPM provision mode, kernel and gadget information and system hardware. It uses runSetupHook to invoke the kernel fde-setup hook if any is available, leaving the caller to decide how, based on the environment.

Source Files ¶

View all Source files

install.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL