assertstate

package
v0.0.0-...-55a61f8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 17, 2021 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Package assertstate implements the manager and state aspects responsible for the enforcement of assertions in the system and manages the system-wide assertion database.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Add

func Add(s *state.State, a asserts.Assertion) error

Add the given assertion to the system assertion database.

func AddBatch

func AddBatch(s *state.State, batch *asserts.Batch, opts *asserts.CommitOptions) error

AddBatch adds the given assertion batch to the system assertion database.

func AutoAliases

func AutoAliases(s *state.State, info *snap.Info) (map[string]string, error)

AutoAliases returns the explicit automatic aliases alias=>app mapping for the given installed snap.

func AutoRefreshAssertions

func AutoRefreshAssertions(s *state.State, userID int) error

AutoRefreshAssertions tries to refresh all assertions

func BaseDeclaration

func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)

BaseDeclaration returns the base-declaration assertion with policies governing all snaps.

func DB

DB returns a read-only view of system assertion database.

func DeleteValidationSet

func DeleteValidationSet(st *state.State, accountID, name string)

DeleteValidationSet deletes a validation set for the given accoundID and name. It is not an error to delete a non-existing one.

func EnforcedValidationSets

func EnforcedValidationSets(st *state.State) (*snapasserts.ValidationSets, error)

EnforcedValidationSets returns ValidationSets object with all currently tracked validation sets that are in enforcing mode.

func GetValidationSet

func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error

GetValidationSet retrieves the ValidationSetTracking for the given account and name.

func Publisher

func Publisher(s *state.State, snapID string) (*asserts.Account, error)

Publisher returns the account assertion for publisher of the given snap-id if it is present in the system assertion database.

func RefreshSnapDeclarations

func RefreshSnapDeclarations(s *state.State, userID int) error

RefreshSnapDeclarations refetches all the current snap declarations and their prerequisites.

func RefreshValidationSetAssertions

func RefreshValidationSetAssertions(s *state.State, userID int) error

RefreshValidationSetAssertions tries to refresh all validation set assertions.

func ReplaceDB

func ReplaceDB(state *state.State, db *asserts.Database)

ReplaceDB replaces the assertion database used by the manager.

func SnapDeclaration

func SnapDeclaration(s *state.State, snapID string) (*asserts.SnapDeclaration, error)

SnapDeclaration returns the snap-declaration for the given snap-id if it is present in the system assertion database.

func Store

func Store(s *state.State, store string) (*asserts.Store, error)

Store returns the store assertion with the given name/id if it is present in the system assertion database.

func TemporaryDB

func TemporaryDB(st *state.State) *asserts.Database

TemporaryDB returns a temporary database stacked on top of the assertions database. Writing to it will not affect the assertions database.

func UpdateValidationSet

func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)

UpdateValidationSet updates ValidationSetTracking. The method assumes valid tr fields.

func ValidateRefreshes

func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, userID int, deviceCtx snapstate.DeviceContext) (validated []*snap.Info, err error)

ValidateRefreshes validates the refresh candidate revisions represented by the snapInfos, looking for the needed refresh control validation assertions, it returns a validated subset in validated and a summary error if not all candidates validated. ignoreValidation is a set of snap-instance-names that should not be gated.

func ValidationSetAssertionForEnforce

func ValidationSetAssertionForEnforce(st *state.State, accountID, name string, sequence int, userID int, snaps []*snapasserts.InstalledSnap) (vs *asserts.ValidationSet, err error)

ValidationSetAssertionForEnforce tries to fetch the validation set assertion with the given accountID/name/sequence (sequence is optional) using pool and checks if it's not in conflict with existing validation sets in enforcing mode (all currently tracked validation set assertions get refreshed), and if they are valid for installed snaps.

func ValidationSetAssertionForMonitor

func ValidationSetAssertionForMonitor(st *state.State, accountID, name string, sequence int, pinned bool, userID int, opts *ResolveOptions) (as *asserts.ValidationSet, local bool, err error)

ValidationSetAssertionForMonitor tries to fetch or refresh the validation set assertion with accountID/name/sequence (sequence is optional) using pool. If assertion cannot be fetched but exists locally and opts.AllowLocalFallback is set then the local one is returned

func ValidationSetKey

func ValidationSetKey(accountID, name string) string

ValidationSetKey formats the given account id and name into a validation set key.

func ValidationSets

func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)

ValidationSets retrieves all ValidationSetTracking data.

Types

type AssertManager

type AssertManager struct{}

AssertManager is responsible for the enforcement of assertions in system states. It manipulates the observed system state to ensure nothing in it violates existing assertions, or misses required ones.

func Manager

func Manager(s *state.State, runner *state.TaskRunner) (*AssertManager, error)

Manager returns a new assertion manager.

func (*AssertManager) Ensure

func (m *AssertManager) Ensure() error

Ensure implements StateManager.Ensure.

type ResolveOptions

type ResolveOptions struct {
	AllowLocalFallback bool
}

ResolveOptions carries extra options for ValidationSetAssertionForMonitor.

type ValidationSetMode

type ValidationSetMode int

ValidationSetMode reflects the mode of respective validation set, which is either monitoring or enforcing.

const (
	Monitor ValidationSetMode = iota
	Enforce
)

type ValidationSetTracking

type ValidationSetTracking struct {
	AccountID string            `json:"account-id"`
	Name      string            `json:"name"`
	Mode      ValidationSetMode `json:"mode"`

	// PinnedAt is an optional pinned sequence point, or 0 if not pinned.
	PinnedAt int `json:"pinned-at,omitempty"`

	// Current is the current sequence point.
	Current int `json:"current,omitempty"`

	// LocalOnly indicates that the assertion was only available locally at the
	// time it was applied for monitor mode. This tells bulk refresh logic not
	// to error out on such assertion if it's not in the store.
	// This flag makes sense only in monitor mode and if pinned.
	LocalOnly bool `json:"local-only,omitempty"`
}

ValidationSetTracking holds tracking parameters for associated validation set.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL