Documentation ¶
Overview ¶
Package assertstate implements the manager and state aspects responsible for the enforcement of assertions in the system and manages the system-wide assertion database.
Index ¶
- func Add(s *state.State, a asserts.Assertion) error
- func AddBatch(s *state.State, batch *asserts.Batch, opts *asserts.CommitOptions) error
- func AutoAliases(s *state.State, info *snap.Info) (map[string]string, error)
- func AutoRefreshAssertions(s *state.State, userID int) error
- func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)
- func DB(s *state.State) asserts.RODatabase
- func DeleteValidationSet(st *state.State, accountID, name string)
- func EnforcedValidationSets(st *state.State) (*snapasserts.ValidationSets, error)
- func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error
- func Publisher(s *state.State, snapID string) (*asserts.Account, error)
- func RefreshSnapDeclarations(s *state.State, userID int) error
- func RefreshValidationSetAssertions(s *state.State, userID int) error
- func ReplaceDB(state *state.State, db *asserts.Database)
- func SnapDeclaration(s *state.State, snapID string) (*asserts.SnapDeclaration, error)
- func Store(s *state.State, store string) (*asserts.Store, error)
- func TemporaryDB(st *state.State) *asserts.Database
- func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)
- func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, ...) (validated []*snap.Info, err error)
- func ValidationSetAssertionForEnforce(st *state.State, accountID, name string, sequence int, userID int, ...) (vs *asserts.ValidationSet, err error)
- func ValidationSetAssertionForMonitor(st *state.State, accountID, name string, sequence int, pinned bool, userID int, ...) (as *asserts.ValidationSet, local bool, err error)
- func ValidationSetKey(accountID, name string) string
- func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)
- type AssertManager
- type ResolveOptions
- type ValidationSetMode
- type ValidationSetTracking
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AutoAliases ¶
AutoAliases returns the explicit automatic aliases alias=>app mapping for the given installed snap.
func AutoRefreshAssertions ¶
AutoRefreshAssertions tries to refresh all assertions
func BaseDeclaration ¶
func BaseDeclaration(s *state.State) (*asserts.BaseDeclaration, error)
BaseDeclaration returns the base-declaration assertion with policies governing all snaps.
func DB ¶
func DB(s *state.State) asserts.RODatabase
DB returns a read-only view of system assertion database.
func DeleteValidationSet ¶
DeleteValidationSet deletes a validation set for the given accoundID and name. It is not an error to delete a non-existing one.
func EnforcedValidationSets ¶
func EnforcedValidationSets(st *state.State) (*snapasserts.ValidationSets, error)
EnforcedValidationSets returns ValidationSets object with all currently tracked validation sets that are in enforcing mode.
func GetValidationSet ¶
func GetValidationSet(st *state.State, accountID, name string, tr *ValidationSetTracking) error
GetValidationSet retrieves the ValidationSetTracking for the given account and name.
func Publisher ¶
Publisher returns the account assertion for publisher of the given snap-id if it is present in the system assertion database.
func RefreshSnapDeclarations ¶
RefreshSnapDeclarations refetches all the current snap declarations and their prerequisites.
func RefreshValidationSetAssertions ¶
RefreshValidationSetAssertions tries to refresh all validation set assertions.
func SnapDeclaration ¶
SnapDeclaration returns the snap-declaration for the given snap-id if it is present in the system assertion database.
func Store ¶
Store returns the store assertion with the given name/id if it is present in the system assertion database.
func TemporaryDB ¶
TemporaryDB returns a temporary database stacked on top of the assertions database. Writing to it will not affect the assertions database.
func UpdateValidationSet ¶
func UpdateValidationSet(st *state.State, tr *ValidationSetTracking)
UpdateValidationSet updates ValidationSetTracking. The method assumes valid tr fields.
func ValidateRefreshes ¶
func ValidateRefreshes(s *state.State, snapInfos []*snap.Info, ignoreValidation map[string]bool, userID int, deviceCtx snapstate.DeviceContext) (validated []*snap.Info, err error)
ValidateRefreshes validates the refresh candidate revisions represented by the snapInfos, looking for the needed refresh control validation assertions, it returns a validated subset in validated and a summary error if not all candidates validated. ignoreValidation is a set of snap-instance-names that should not be gated.
func ValidationSetAssertionForEnforce ¶
func ValidationSetAssertionForEnforce(st *state.State, accountID, name string, sequence int, userID int, snaps []*snapasserts.InstalledSnap) (vs *asserts.ValidationSet, err error)
ValidationSetAssertionForEnforce tries to fetch the validation set assertion with the given accountID/name/sequence (sequence is optional) using pool and checks if it's not in conflict with existing validation sets in enforcing mode (all currently tracked validation set assertions get refreshed), and if they are valid for installed snaps.
func ValidationSetAssertionForMonitor ¶
func ValidationSetAssertionForMonitor(st *state.State, accountID, name string, sequence int, pinned bool, userID int, opts *ResolveOptions) (as *asserts.ValidationSet, local bool, err error)
ValidationSetAssertionForMonitor tries to fetch or refresh the validation set assertion with accountID/name/sequence (sequence is optional) using pool. If assertion cannot be fetched but exists locally and opts.AllowLocalFallback is set then the local one is returned
func ValidationSetKey ¶
ValidationSetKey formats the given account id and name into a validation set key.
func ValidationSets ¶
func ValidationSets(st *state.State) (map[string]*ValidationSetTracking, error)
ValidationSets retrieves all ValidationSetTracking data.
Types ¶
type AssertManager ¶
type AssertManager struct{}
AssertManager is responsible for the enforcement of assertions in system states. It manipulates the observed system state to ensure nothing in it violates existing assertions, or misses required ones.
func Manager ¶
func Manager(s *state.State, runner *state.TaskRunner) (*AssertManager, error)
Manager returns a new assertion manager.
func (*AssertManager) Ensure ¶
func (m *AssertManager) Ensure() error
Ensure implements StateManager.Ensure.
type ResolveOptions ¶
type ResolveOptions struct {
AllowLocalFallback bool
}
ResolveOptions carries extra options for ValidationSetAssertionForMonitor.
type ValidationSetMode ¶
type ValidationSetMode int
ValidationSetMode reflects the mode of respective validation set, which is either monitoring or enforcing.
const ( Monitor ValidationSetMode = iota Enforce )
type ValidationSetTracking ¶
type ValidationSetTracking struct { AccountID string `json:"account-id"` Name string `json:"name"` Mode ValidationSetMode `json:"mode"` // PinnedAt is an optional pinned sequence point, or 0 if not pinned. PinnedAt int `json:"pinned-at,omitempty"` // Current is the current sequence point. Current int `json:"current,omitempty"` // LocalOnly indicates that the assertion was only available locally at the // time it was applied for monitor mode. This tells bulk refresh logic not // to error out on such assertion if it's not in the store. // This flag makes sense only in monitor mode and if pinned. LocalOnly bool `json:"local-only,omitempty"` }
ValidationSetTracking holds tracking parameters for associated validation set.