asserts

package
v0.0.0-...-677ed08 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2016 License: GPL-3.0 Imports: 28 Imported by: 0

Documentation

Overview

Package asserts implements snappy assertions and a database abstraction for managing and holding them.

Index

Constants

View Source 
const (
	MaxBodySize      = 2 * 1024 * 1024
	MaxHeadersSize   = 128 * 1024
	MaxSignatureSize = 128 * 1024
)

Maximum assertion component sizes.

View Source 
const MediaType = "application/x.ubuntu.assertion"

MediaType is the media type for encoded assertions on the wire.

Variables

View Source 
var (
	AccountType         = &AssertionType{"account", []string{"account-id"}, assembleAccount, 0}
	AccountKeyType      = &AssertionType{"account-key", []string{"public-key-sha3-384"}, assembleAccountKey, 0}
	ModelType           = &AssertionType{"model", []string{"series", "brand-id", "model"}, assembleModel, 0}
	SerialType          = &AssertionType{"serial", []string{"brand-id", "model", "serial"}, assembleSerial, 0}
	SnapDeclarationType = &AssertionType{"snap-declaration", []string{"series", "snap-id"}, assembleSnapDeclaration, 0}
	SnapBuildType       = &AssertionType{"snap-build", []string{"snap-sha3-384"}, assembleSnapBuild, 0}
	SnapRevisionType    = &AssertionType{"snap-revision", []string{"snap-sha3-384"}, assembleSnapRevision, 0}
	SystemUserType      = &AssertionType{"system-user", []string{"brand-id", "email"}, assembleSystemUser, 0}
	ValidationType      = &AssertionType{"validation", []string{"series", "snap-id", "approved-snap-id", "approved-snap-revision"}, assembleValidation, 0}
)

Understood assertion types.

View Source 
var (
	DeviceSessionRequestType = &AssertionType{"device-session-request", []string{"brand-id", "model", "serial"}, assembleDeviceSessionRequest, noAuthority}
	SerialProofType          = &AssertionType{"serial-proof", nil, assembleSerialProof, noAuthority}
	SerialRequestType        = &AssertionType{"serial-request", nil, assembleSerialRequest, noAuthority}
	AccountKeyRequestType    = &AssertionType{"account-key-request", []string{"public-key-sha3-384"}, assembleAccountKeyRequest, noAuthority}
)

Assertion types without a definite authority set (on the wire and/or self-signed).

View Source 
var DefaultCheckers = []Checker{
	CheckSigningKeyIsNotExpired,
	CheckSignature,
	CheckTimestampVsSigningKeyValidity,
	CheckCrossConsistency,
}

DefaultCheckers lists the default and recommended assertion checkers used by Database if none are specified in the DatabaseConfig.Checkers.

View Source 
var (
	ErrNotFound = errors.New("assertion not found")
)

Well-known errors

Functions

func CheckCrossConsistency 

func CheckCrossConsistency(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckCrossConsistency verifies that the assertion is consistent with the other statements in the database.

func CheckSignature 

func CheckSignature(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSignature checks that the signature is valid.

func CheckSigningKeyIsNotExpired 

func CheckSigningKeyIsNotExpired(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSigningKeyIsNotExpired checks that the signing key is not expired.

func CheckTimestampVsSigningKeyValidity 

func CheckTimestampVsSigningKeyValidity(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckTimestampVsSigningKeyValidity verifies that the timestamp of the assertion is within the signing key validity.

func Encode 

func Encode(assert Assertion) []byte

Encode serializes an assertion.

func EncodeDigest 

func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)

EncodeDigest encodes the digest from hash algorithm to be put in an assertion header.

func EncodePublicKey 

func EncodePublicKey(pubKey PublicKey) ([]byte, error)

EncodePublicKey serializes a public key, typically for embedding in an assertion.

func IsValidAccountKeyName 

func IsValidAccountKeyName(name string) bool

func SignatureCheck 

func SignatureCheck(assert Assertion, pubKey PublicKey) error

SignatureCheck checks the signature of the assertion against the given public key. Useful for assertions with no authority.

func SnapFileSHA3_384 

func SnapFileSHA3_384(snapPath string) (digest string, size uint64, err error)

SnapFileSHA3_384 computes the SHA3-384 digest of the given snap file. It also returns its size.

Types

type Account 

type Account struct {
	// contains filtered or unexported fields
}

Account holds an account assertion, which ties a name for an account to its identifier and provides the authority's confidence in the name's validity.

func (*Account) AccountID 

func (acc *Account) AccountID() string

AccountID returns the account-id of the account.

func (*Account) AuthorityID 

func (ab *Account) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Account) Body 

func (ab *Account) Body() []byte

Body returns the body of the assertion.

func (*Account) DisplayName 

func (acc *Account) DisplayName() string

DisplayName returns the human-friendly name for the account.

func (*Account) Header 

func (ab *Account) Header(name string) interface{}

Header returns the value of an header by name.

func (*Account) HeaderString 

func (ab *Account) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Account) Headers 

func (ab *Account) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Account) IsCertified 

func (acc *Account) IsCertified() bool

IsCertified returns true if the authority has confidence in the account's name.

func (*Account) Prerequisites 

func (ab *Account) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Account) Ref 

func (ab *Account) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Account) Revision 

func (ab *Account) Revision() int

Revision returns the assertion revision.

func (*Account) SignKeyID 

func (ab *Account) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Account) Signature 

func (ab *Account) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Account) Timestamp 

func (acc *Account) Timestamp() time.Time

Timestamp returns the time when the account was issued.

func (*Account) Type 

func (ab *Account) Type() *AssertionType

Type returns the assertion type.

func (*Account) Username 

func (acc *Account) Username() string

Username returns the user name for the account.

type AccountKey 

type AccountKey struct {
	// contains filtered or unexported fields
}

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

func (*AccountKey) AccountID 

func (ak *AccountKey) AccountID() string

AccountID returns the account-id of this account-key.

func (*AccountKey) AuthorityID 

func (ab *AccountKey) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKey) Body 

func (ab *AccountKey) Body() []byte

Body returns the body of the assertion.

func (*AccountKey) Header 

func (ab *AccountKey) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKey) HeaderString 

func (ab *AccountKey) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKey) Headers 

func (ab *AccountKey) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKey) Name 

func (ak *AccountKey) Name() string

Name returns the name of the account key.

func (*AccountKey) Prerequisites 

func (ak *AccountKey) Prerequisites() []*Ref

Prerequisites returns references to this account-key's prerequisite assertions.

func (*AccountKey) PublicKeyID 

func (ak *AccountKey) PublicKeyID() string

PublicKeyID returns the key id used for lookup of the account key.

func (*AccountKey) Ref 

func (ab *AccountKey) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKey) Revision 

func (ab *AccountKey) Revision() int

Revision returns the assertion revision.

func (*AccountKey) SignKeyID 

func (ab *AccountKey) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKey) Signature 

func (ab *AccountKey) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKey) Since 

func (ak *AccountKey) Since() time.Time

Since returns the time when the account key starts being valid.

func (*AccountKey) Type 

func (ab *AccountKey) Type() *AssertionType

Type returns the assertion type.

func (*AccountKey) Until 

func (ak *AccountKey) Until() time.Time

Until returns the time when the account key stops being valid. A zero time means the key is valid forever.

type AccountKeyRequest 

type AccountKeyRequest struct {
	// contains filtered or unexported fields
}

AccountKeyRequest holds an account-key-request assertion, which is a self-signed request to prove that the requester holds the private key and wishes to create an account-key assertion for it.

func (*AccountKeyRequest) AccountID 

func (akr *AccountKeyRequest) AccountID() string

AccountID returns the account-id of this account-key-request.

func (*AccountKeyRequest) AuthorityID 

func (ab *AccountKeyRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKeyRequest) Body 

func (ab *AccountKeyRequest) Body() []byte

Body returns the body of the assertion.

func (*AccountKeyRequest) Header 

func (ab *AccountKeyRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKeyRequest) HeaderString 

func (ab *AccountKeyRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKeyRequest) Headers 

func (ab *AccountKeyRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKeyRequest) Name 

func (akr *AccountKeyRequest) Name() string

Name returns the name of the account key.

func (*AccountKeyRequest) Prerequisites 

func (akr *AccountKeyRequest) Prerequisites() []*Ref

Prerequisites returns references to this account-key-request's prerequisite assertions.

func (*AccountKeyRequest) PublicKeyID 

func (akr *AccountKeyRequest) PublicKeyID() string

PublicKeyID returns the underlying public key ID of the requested account key.

func (*AccountKeyRequest) Ref 

func (ab *AccountKeyRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKeyRequest) Revision 

func (ab *AccountKeyRequest) Revision() int

Revision returns the assertion revision.

func (*AccountKeyRequest) SignKeyID 

func (ab *AccountKeyRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKeyRequest) Signature 

func (ab *AccountKeyRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKeyRequest) Since 

func (akr *AccountKeyRequest) Since() time.Time

Since returns the time when the requested account key starts being valid.

func (*AccountKeyRequest) Type 

func (ab *AccountKeyRequest) Type() *AssertionType

Type returns the assertion type.

func (*AccountKeyRequest) Until 

func (akr *AccountKeyRequest) Until() time.Time

Until returns the time when the requested account key stops being valid. A zero time means the key is valid forever.

type Assertion 

type Assertion interface {
	// Type returns the type of this assertion
	Type() *AssertionType
	// Revision returns the revision of this assertion
	Revision() int
	// AuthorityID returns the authority that signed this assertion
	AuthorityID() string

	// Header retrieves the header with name
	Header(name string) interface{}

	// Headers returns the complete headers
	Headers() map[string]interface{}

	// HeaderString retrieves the string value of header with name or ""
	HeaderString(name string) string

	// Body returns the body of this assertion
	Body() []byte

	// Signature returns the signed content and its unprocessed signature
	Signature() (content, signature []byte)

	// SignKeyID returns the key id for the key that signed this assertion.
	SignKeyID() string

	// Prerequisites returns references to the prerequisite assertions for the validity of this one.
	Prerequisites() []*Ref

	// Ref returns a reference representing this assertion.
	Ref() *Ref
}

Assertion represents an assertion through its general elements.

func Assemble 

func Assemble(headers map[string]interface{}, body, content, signature []byte) (Assertion, error)

Assemble assembles an assertion from its components.

func Decode 

func Decode(serializedAssertion []byte) (Assertion, error)

Decode parses a serialized assertion.

The expected serialisation format looks like: 

HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE

where: 

HEADER is a set of header entries separated by "\n"
BODY can be arbitrary,
SIGNATURE is the signature

A header entry for a single line value (no '\n' in it) looks like: 

NAME ": " SIMPLEVALUE

The format supports multiline text values (with '\n's in them) and lists possibly nested with string scalars in them.

For those a header entry looks like: 

NAME ":\n" MULTI(baseindent)

where MULTI can be

* (baseindent + 4)-space indented value (multiline text) * entries of a list each of the form: 

" "*baseindent "  -"  ( " " SIMPLEVALUE | "\n" MULTI )

baseindent starts at 0 and then grows with nesting matching the previous level introduction (the " "*baseindent " -" bit) length minus 1.

In general the following headers are mandatory: 

type
authority-id (except for on the wire/self-signed assertions like serial-request)

Further for a given assertion type all the primary key headers must be non empty and must not contain '/'.

The following headers expect string representing integer values and if omitted otherwise are assumed to be 0: 

revision (a positive int)
body-length (expected to be equal to the length of BODY)

Times are expected to be in the RFC3339 format: "2006-01-02T15:04:05Z07:00".

func SignWithoutAuthority 

func SignWithoutAuthority(assertType *AssertionType, headers map[string]interface{}, body []byte, privKey PrivateKey) (Assertion, error)

SignWithoutAuthority assembles an assertion without a set authority with the provided information and signs it with the given private key.

type AssertionType 

type AssertionType struct {
	// Name of the type.
	Name string
	// PrimaryKey holds the names of the headers that constitute the
	// unique primary key for this assertion type.
	PrimaryKey []string
	// contains filtered or unexported fields
}

AssertionType describes a known assertion type with its name and metadata.

func Type 

func Type(name string) *AssertionType

Type returns the AssertionType with name or nil

type Backstore 

type Backstore interface {
	// Put stores an assertion.
	// It is responsible for checking that assert is newer than a
	// previously stored revision with the same primary key headers.
	Put(assertType *AssertionType, assert Assertion) error
	// Get returns the assertion with the given unique key for its primary key headers.
	// If none is present it returns ErrNotFound.
	Get(assertType *AssertionType, key []string) (Assertion, error)
	// Search returns assertions matching the given headers.
	// It invokes foundCb for each found assertion.
	Search(assertType *AssertionType, headers map[string]string, foundCb func(Assertion)) error
}

A Backstore stores assertions. It can store and retrieve assertions by type under unique primary key headers (whose names are available from assertType.PrimaryKey). Plus it supports searching by headers.

func NewMemoryBackstore 

func NewMemoryBackstore() Backstore

NewMemoryBackstore creates a memory backed assertions backstore.

func OpenFSBackstore 

func OpenFSBackstore(path string) (Backstore, error)

OpenFSBackstore opens a filesystem backed assertions backstore under path.

type Checker 

type Checker func(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

A Checker defines a check on an assertion considering aspects such as the signing key, and consistency with other assertions in the database.

type Database 

type Database struct {
	// contains filtered or unexported fields
}

Database holds assertions and can be used to sign or check further assertions.

func OpenDatabase 

func OpenDatabase(cfg *DatabaseConfig) (*Database, error)

OpenDatabase opens the assertion database based on the configuration.

func (*Database) Add 

func (db *Database) Add(assert Assertion) error

Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.

func (*Database) Check 

func (db *Database) Check(assert Assertion) error

Check tests whether the assertion is properly signed and consistent with all the stored knowledge.

func (*Database) Find 

func (db *Database) Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)

Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns ErrNotFound if the assertion cannot be found.

func (*Database) FindMany 

func (db *Database) FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindMany finds assertions based on arbitrary headers. It returns ErrNotFound if no assertion can be found.

func (*Database) FindTrusted 

func (db *Database) FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindTrusted finds an assertion in the trusted set based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns ErrNotFound if the assertion cannot be found.

func (*Database) ImportKey 

func (db *Database) ImportKey(privKey PrivateKey) error

ImportKey stores the given private/public key pair.

func (*Database) IsTrustedAccount 

func (db *Database) IsTrustedAccount(accountID string) bool

IsTrustedAccount returns whether the account is part of the trusted set.

func (*Database) PublicKey 

func (db *Database) PublicKey(keyID string) (PublicKey, error)

PublicKey returns the public key part of the key pair that has the given key id.

func (*Database) Sign 

func (db *Database) Sign(assertType *AssertionType, headers map[string]interface{}, body []byte, keyID string) (Assertion, error)

Sign assembles an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided key id.

type DatabaseConfig 

type DatabaseConfig struct {
	// trusted set of assertions (account and account-key supported)
	Trusted []Assertion
	// backstore for assertions, left unset storing assertions will error
	Backstore Backstore
	// manager/backstore for keypairs, defaults to in-memory implementation
	KeypairManager KeypairManager
	// assertion checkers used by Database.Check, left unset DefaultCheckers will be used which is recommended
	Checkers []Checker
}

DatabaseConfig for an assertion database.

type Decoder 

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder parses a stream of assertions bundled by separating them with double newlines.

func NewDecoder 

func NewDecoder(r io.Reader) *Decoder

NewDecoder returns a Decoder to parse the stream of assertions from the reader.

func (*Decoder) Decode 

func (d *Decoder) Decode() (Assertion, error)

Decode parses the next assertion from the stream. It returns the error io.EOF at the end of a well-formed stream.

type DeviceSessionRequest 

type DeviceSessionRequest struct {
	// contains filtered or unexported fields
}

DeviceSessionRequest holds a device-session-request assertion, which is a request wrapping a store-provided nonce to start a session by a device signed with its key.

func (*DeviceSessionRequest) AuthorityID 

func (ab *DeviceSessionRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*DeviceSessionRequest) Body 

func (ab *DeviceSessionRequest) Body() []byte

Body returns the body of the assertion.

func (*DeviceSessionRequest) BrandID 

func (req *DeviceSessionRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*DeviceSessionRequest) Header 

func (ab *DeviceSessionRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*DeviceSessionRequest) HeaderString 

func (ab *DeviceSessionRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*DeviceSessionRequest) Headers 

func (ab *DeviceSessionRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*DeviceSessionRequest) Model 

func (req *DeviceSessionRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*DeviceSessionRequest) Nonce 

func (req *DeviceSessionRequest) Nonce() string

Nonce returns the nonce obtained from store and to be presented when requesting a device session.

func (*DeviceSessionRequest) Prerequisites 

func (ab *DeviceSessionRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*DeviceSessionRequest) Ref 

func (ab *DeviceSessionRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*DeviceSessionRequest) Revision 

func (ab *DeviceSessionRequest) Revision() int

Revision returns the assertion revision.

func (*DeviceSessionRequest) Serial 

func (req *DeviceSessionRequest) Serial() string

Serial returns the serial identifier of the device making the request, together with brand id and model it forms the unique identifier of the device.

func (*DeviceSessionRequest) SignKeyID 

func (ab *DeviceSessionRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*DeviceSessionRequest) Signature 

func (ab *DeviceSessionRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*DeviceSessionRequest) Timestamp 

func (req *DeviceSessionRequest) Timestamp() time.Time

Timestamp returns the time when the device-session-request was created.

func (*DeviceSessionRequest) Type 

func (ab *DeviceSessionRequest) Type() *AssertionType

Type returns the assertion type.

type Encoder 

type Encoder struct {
	// contains filtered or unexported fields
}

Encoder emits a stream of assertions bundled by separating them with double newlines.

func NewEncoder 

func NewEncoder(w io.Writer) *Encoder

NewEncoder returns a Encoder to emit a stream of assertions to a writer.

func (*Encoder) Encode 

func (enc *Encoder) Encode(assert Assertion) error

Encode emits the assertion into the stream with the required separator. Errors here are always about writing given that Encode() itself cannot error.

type Fetcher 

type Fetcher interface {
	// Fetch retrieves the assertion indicated by ref then its prerequisites
	// recursively, along the way saving prerequisites before dependent assertions.
	Fetch(*Ref) error
	// Save retrieves the prerequisites of the assertion recursively,
	// along the way saving them, and finally saves the assertion.
	Save(Assertion) error
}

A Fetcher helps fetching assertions and their prerequisites.

func NewFetcher 

func NewFetcher(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), save func(Assertion) error) Fetcher

NewFetcher creates a Fetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve, and then will pass them to save, saving prerequisites before dependent assertions.

type GPGKeypairManager 

type GPGKeypairManager struct{}

A key pair manager backed by a local GnuPG setup.

func NewGPGKeypairManager 

func NewGPGKeypairManager() *GPGKeypairManager

NewGPGKeypairManager creates a new key pair manager backed by a local GnuPG setup. Importing keys through the keypair manager interface is not suppored. Main purpose is allowing signing using keys from a GPG setup.

func (*GPGKeypairManager) Delete 

func (gkm *GPGKeypairManager) Delete(name string) error

Delete removes the named key pair from GnuPG's storage.

func (*GPGKeypairManager) Export 

func (gkm *GPGKeypairManager) Export(name string) ([]byte, error)

Export returns the encoded text of the named public key.

func (*GPGKeypairManager) Generate 

func (gkm *GPGKeypairManager) Generate(passphrase string, name string) error

Generate creates a new key with the given passphrase and name.

func (*GPGKeypairManager) Get 

func (gkm *GPGKeypairManager) Get(keyID string) (PrivateKey, error)

func (*GPGKeypairManager) GetByName 

func (gkm *GPGKeypairManager) GetByName(name string) (PrivateKey, error)

GetByName looks up a private key by name and returns it.

func (*GPGKeypairManager) Put 

func (gkm *GPGKeypairManager) Put(privKey PrivateKey) error

func (*GPGKeypairManager) Walk 

func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint string, uid string) error) error

Walk iterates over all the RSA private keys in the local GPG setup calling the provided callback until this returns an error

type KeypairManager 

type KeypairManager interface {
	// Put stores the given private/public key pair,
	// making sure it can be later retrieved by its unique key id with Get.
	// Trying to store a key with an already present key id should
	// result in an error.
	Put(privKey PrivateKey) error
	// Get returns the private/public key pair with the given key id.
	Get(keyID string) (PrivateKey, error)
}

A KeypairManager is a manager and backstore for private/public key pairs.

func NewMemoryKeypairManager 

func NewMemoryKeypairManager() KeypairManager

NewMemoryKeypairManager creates a new key pair manager with a memory backstore.

func OpenFSKeypairManager 

func OpenFSKeypairManager(path string) (KeypairManager, error)

OpenFSKeypairManager opens a filesystem backed assertions backstore under path.

type Model 

type Model struct {
	// contains filtered or unexported fields
}

Model holds a model assertion, which is a statement by a brand about the properties of a device model.

func (*Model) Architecture 

func (mod *Model) Architecture() string

Architecture returns the archicteture the model is based on.

func (*Model) AuthorityID 

func (ab *Model) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Model) Body 

func (ab *Model) Body() []byte

Body returns the body of the assertion.

func (*Model) BrandID 

func (mod *Model) BrandID() string

BrandID returns the brand identifier. Same as the authority id.

func (*Model) Gadget 

func (mod *Model) Gadget() string

Gadget returns the gadget snap the model uses.

func (*Model) Header 

func (ab *Model) Header(name string) interface{}

Header returns the value of an header by name.

func (*Model) HeaderString 

func (ab *Model) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Model) Headers 

func (ab *Model) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Model) Kernel 

func (mod *Model) Kernel() string

Kernel returns the kernel snap the model uses.

func (*Model) Model 

func (mod *Model) Model() string

Model returns the model name identifier.

func (*Model) Prerequisites 

func (ab *Model) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Model) Ref 

func (ab *Model) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Model) RequiredSnaps 

func (mod *Model) RequiredSnaps() []string

RequiredSnaps returns the snaps that must be installed at all times and cannot be removed for this model.

func (*Model) Revision 

func (ab *Model) Revision() int

Revision returns the assertion revision.

func (*Model) Series 

func (mod *Model) Series() string

Series returns the series of the core software the model uses.

func (*Model) SignKeyID 

func (ab *Model) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Model) Signature 

func (ab *Model) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Model) Store 

func (mod *Model) Store() string

Store returns the snap store the model uses.

func (*Model) Timestamp 

func (mod *Model) Timestamp() time.Time

Timestamp returns the time when the model assertion was issued.

func (*Model) Type 

func (ab *Model) Type() *AssertionType

Type returns the assertion type.

type PrivateKey 

type PrivateKey interface {
	// PublicKey returns the public part of the pair.
	PublicKey() PublicKey
	// contains filtered or unexported methods
}

PrivateKey is a cryptographic private/public key pair.

func GenerateKey 

func GenerateKey() (PrivateKey, error)

GenerateKey generates a private/public key pair.

func RSAPrivateKey 

func RSAPrivateKey(privk *rsa.PrivateKey) PrivateKey

RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.

type PublicKey 

type PublicKey interface {
	// ID returns the id of the key used for lookup.
	ID() string
	// contains filtered or unexported methods
}

PublicKey is the public part of a cryptographic private/public key pair.

func DecodePublicKey 

func DecodePublicKey(pubKey []byte) (PublicKey, error)

DecodePublicKey deserializes a public key.

func RSAPublicKey 

func RSAPublicKey(pubKey *rsa.PublicKey) PublicKey

RSAPublicKey returns a database useable public key out of rsa.PublicKey.

type RODatabase 

type RODatabase interface {
	// IsTrustedAccount returns whether the account is part of the trusted set.
	IsTrustedAccount(accountID string) bool
	// Find an assertion based on arbitrary headers.
	// Provided headers must contain the primary key for the assertion type.
	// It returns ErrNotFound if the assertion cannot be found.
	Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindTrusted finds an assertion in the trusted set based on arbitrary headers.
	// Provided headers must contain the primary key for the assertion type.
	// It returns ErrNotFound if the assertion cannot be found.
	FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)
	// FindMany finds assertions based on arbitrary headers.
	// It returns ErrNotFound if no assertion can be found.
	FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
	// Check tests whether the assertion is properly signed and consistent with all the stored knowledge.
	Check(assert Assertion) error
}

A RODatabase exposes read-only access to an assertion database.

type Ref 

type Ref struct {
	Type       *AssertionType
	PrimaryKey []string
}

Ref expresses a reference to an assertion.

func (*Ref) Resolve 

func (ref *Ref) Resolve(find func(assertType *AssertionType, headers map[string]string) (Assertion, error)) (Assertion, error)

Resolve resolves the reference using the given find function.

func (*Ref) String 

func (ref *Ref) String() string

func (*Ref) Unique 

func (ref *Ref) Unique() string

Unique returns a unique string representing the reference that can be used as a key in maps.

type RevisionError 

type RevisionError struct {
	Used, Current int
}

RevisionError indicates a revision improperly used for an operation.

func (*RevisionError) Error 

func (e *RevisionError) Error() string

type Serial 

type Serial struct {
	// contains filtered or unexported fields
}

Serial holds a serial assertion, which is a statement binding a device identity with the device public key.

func (*Serial) AuthorityID 

func (ab *Serial) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Serial) Body 

func (ab *Serial) Body() []byte

Body returns the body of the assertion.

func (*Serial) BrandID 

func (ser *Serial) BrandID() string

BrandID returns the brand identifier of the device.

func (*Serial) DeviceKey 

func (ser *Serial) DeviceKey() PublicKey

DeviceKey returns the public key of the device.

func (*Serial) Header 

func (ab *Serial) Header(name string) interface{}

Header returns the value of an header by name.

func (*Serial) HeaderString 

func (ab *Serial) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Serial) Headers 

func (ab *Serial) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Serial) Model 

func (ser *Serial) Model() string

Model returns the model name identifier of the device.

func (*Serial) Prerequisites 

func (ab *Serial) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Serial) Ref 

func (ab *Serial) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Serial) Revision 

func (ab *Serial) Revision() int

Revision returns the assertion revision.

func (*Serial) Serial 

func (ser *Serial) Serial() string

Serial returns the serial identifier of the device, together with brand id and model they form the unique identifier of the device.

func (*Serial) SignKeyID 

func (ab *Serial) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Serial) Signature 

func (ab *Serial) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Serial) Timestamp 

func (ser *Serial) Timestamp() time.Time

Timestamp returns the time when the serial assertion was issued.

func (*Serial) Type 

func (ab *Serial) Type() *AssertionType

Type returns the assertion type.

type SerialProof 

type SerialProof struct {
	// contains filtered or unexported fields
}

SerialProof is deprecated.

func (*SerialProof) AuthorityID 

func (ab *SerialProof) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SerialProof) Body 

func (ab *SerialProof) Body() []byte

Body returns the body of the assertion.

func (*SerialProof) Header 

func (ab *SerialProof) Header(name string) interface{}

Header returns the value of an header by name.

func (*SerialProof) HeaderString 

func (ab *SerialProof) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SerialProof) Headers 

func (ab *SerialProof) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SerialProof) Nonce 

func (sproof *SerialProof) Nonce() string

Nonce returns the nonce obtained from store and to be presented when requesting a device session.

func (*SerialProof) Prerequisites 

func (ab *SerialProof) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SerialProof) Ref 

func (ab *SerialProof) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SerialProof) Revision 

func (ab *SerialProof) Revision() int

Revision returns the assertion revision.

func (*SerialProof) SignKeyID 

func (ab *SerialProof) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SerialProof) Signature 

func (ab *SerialProof) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SerialProof) Type 

func (ab *SerialProof) Type() *AssertionType

Type returns the assertion type.

type SerialRequest 

type SerialRequest struct {
	// contains filtered or unexported fields
}

SerialRequest holds a serial-request assertion, which is a self-signed request to obtain a full device identity bound to the device public key.

func (*SerialRequest) AuthorityID 

func (ab *SerialRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SerialRequest) Body 

func (ab *SerialRequest) Body() []byte

Body returns the body of the assertion.

func (*SerialRequest) BrandID 

func (sreq *SerialRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*SerialRequest) DeviceKey 

func (sreq *SerialRequest) DeviceKey() PublicKey

DeviceKey returns the public key of the device making the request.

func (*SerialRequest) Header 

func (ab *SerialRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*SerialRequest) HeaderString 

func (ab *SerialRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SerialRequest) Headers 

func (ab *SerialRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SerialRequest) Model 

func (sreq *SerialRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*SerialRequest) Prerequisites 

func (ab *SerialRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SerialRequest) Ref 

func (ab *SerialRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SerialRequest) RequestID 

func (sreq *SerialRequest) RequestID() string

RequestID returns the id for the request, obtained from and to be presented to the serial signing service.

func (*SerialRequest) Revision 

func (ab *SerialRequest) Revision() int

Revision returns the assertion revision.

func (*SerialRequest) SignKeyID 

func (ab *SerialRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SerialRequest) Signature 

func (ab *SerialRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SerialRequest) Type 

func (ab *SerialRequest) Type() *AssertionType

Type returns the assertion type.

type SnapBuild 

type SnapBuild struct {
	// contains filtered or unexported fields
}

SnapBuild holds a snap-build assertion, asserting the properties of a snap at the time it was built by the developer.

func (*SnapBuild) AuthorityID 

func (ab *SnapBuild) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapBuild) Body 

func (ab *SnapBuild) Body() []byte

Body returns the body of the assertion.

func (*SnapBuild) Grade 

func (snapbld *SnapBuild) Grade() string

Grade returns the grade of the snap: devel|stable

func (*SnapBuild) Header 

func (ab *SnapBuild) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapBuild) HeaderString 

func (ab *SnapBuild) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapBuild) Headers 

func (ab *SnapBuild) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapBuild) Prerequisites 

func (ab *SnapBuild) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SnapBuild) Ref 

func (ab *SnapBuild) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapBuild) Revision 

func (ab *SnapBuild) Revision() int

Revision returns the assertion revision.

func (*SnapBuild) SignKeyID 

func (ab *SnapBuild) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapBuild) Signature 

func (ab *SnapBuild) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapBuild) SnapID 

func (snapbld *SnapBuild) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapBuild) SnapSHA3_384 

func (snapbld *SnapBuild) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapBuild) SnapSize 

func (snapbld *SnapBuild) SnapSize() uint64

SnapSize returns the size of the snap.

func (*SnapBuild) Timestamp 

func (snapbld *SnapBuild) Timestamp() time.Time

Timestamp returns the time when the snap-build assertion was created.

func (*SnapBuild) Type 

func (ab *SnapBuild) Type() *AssertionType

Type returns the assertion type.

type SnapDeclaration 

type SnapDeclaration struct {
	// contains filtered or unexported fields
}

SnapDeclaration holds a snap-declaration assertion, declaring a snap binding its identifying snap-id to a name, asserting its publisher and its other properties.

func (*SnapDeclaration) AuthorityID 

func (ab *SnapDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeclaration) Body 

func (ab *SnapDeclaration) Body() []byte

Body returns the body of the assertion.

func (*SnapDeclaration) Header 

func (ab *SnapDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeclaration) HeaderString 

func (ab *SnapDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeclaration) Headers 

func (ab *SnapDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeclaration) Prerequisites 

func (snapdcl *SnapDeclaration) Prerequisites() []*Ref

Prerequisites returns references to this snap-declaration's prerequisite assertions.

func (*SnapDeclaration) PublisherID 

func (snapdcl *SnapDeclaration) PublisherID() string

PublisherID returns the identifier of the publisher of the declared snap.

func (*SnapDeclaration) Ref 

func (ab *SnapDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeclaration) RefreshControl 

func (snapdcl *SnapDeclaration) RefreshControl() []string

RefreshControl returns the ids of snaps whose updates are controlled by this declaration.

func (*SnapDeclaration) Revision 

func (ab *SnapDeclaration) Revision() int

Revision returns the assertion revision.

func (*SnapDeclaration) Series 

func (snapdcl *SnapDeclaration) Series() string

Series returns the series for which the snap is being declared.

func (*SnapDeclaration) SignKeyID 

func (ab *SnapDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeclaration) Signature 

func (ab *SnapDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeclaration) SnapID 

func (snapdcl *SnapDeclaration) SnapID() string

SnapID returns the snap id of the declared snap.

func (*SnapDeclaration) SnapName 

func (snapdcl *SnapDeclaration) SnapName() string

SnapName returns the declared snap name.

func (*SnapDeclaration) Timestamp 

func (snapdcl *SnapDeclaration) Timestamp() time.Time

Timestamp returns the time when the snap-declaration was issued.

func (*SnapDeclaration) Type 

func (ab *SnapDeclaration) Type() *AssertionType

Type returns the assertion type.

type SnapRevision 

type SnapRevision struct {
	// contains filtered or unexported fields
}

SnapRevision holds a snap-revision assertion, which is a statement by the store acknowledging the receipt of a build of a snap and labeling it with a snap revision.

func (*SnapRevision) AuthorityID 

func (ab *SnapRevision) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapRevision) Body 

func (ab *SnapRevision) Body() []byte

Body returns the body of the assertion.

func (*SnapRevision) DeveloperID 

func (snaprev *SnapRevision) DeveloperID() string

DeveloperID returns the id of the developer that submitted this build of the snap.

func (*SnapRevision) Header 

func (ab *SnapRevision) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapRevision) HeaderString 

func (ab *SnapRevision) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapRevision) Headers 

func (ab *SnapRevision) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapRevision) Prerequisites 

func (snaprev *SnapRevision) Prerequisites() []*Ref

Prerequisites returns references to this snap-revision's prerequisite assertions.

func (*SnapRevision) Ref 

func (ab *SnapRevision) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapRevision) Revision 

func (ab *SnapRevision) Revision() int

Revision returns the assertion revision.

func (*SnapRevision) SignKeyID 

func (ab *SnapRevision) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapRevision) Signature 

func (ab *SnapRevision) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapRevision) SnapID 

func (snaprev *SnapRevision) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapRevision) SnapRevision 

func (snaprev *SnapRevision) SnapRevision() int

SnapRevision returns the revision assigned to this build of the snap.

func (*SnapRevision) SnapSHA3_384 

func (snaprev *SnapRevision) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapRevision) SnapSize 

func (snaprev *SnapRevision) SnapSize() uint64

SnapSize returns the size in bytes of the snap submitted to the store.

func (*SnapRevision) Timestamp 

func (snaprev *SnapRevision) Timestamp() time.Time

Timestamp returns the time when the snap-revision was issued.

func (*SnapRevision) Type 

func (ab *SnapRevision) Type() *AssertionType

Type returns the assertion type.

type SystemUser 

type SystemUser struct {
	// contains filtered or unexported fields
}

SystemUser holds a system-user assertion which allows creating local system users.

func (*SystemUser) AuthorityID 

func (ab *SystemUser) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SystemUser) Body 

func (ab *SystemUser) Body() []byte

Body returns the body of the assertion.

func (*SystemUser) BrandID 

func (su *SystemUser) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*SystemUser) Email 

func (su *SystemUser) Email() string

Email returns the email address that this assertion is valid for.

func (*SystemUser) Header 

func (ab *SystemUser) Header(name string) interface{}

Header returns the value of an header by name.

func (*SystemUser) HeaderString 

func (ab *SystemUser) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SystemUser) Headers 

func (ab *SystemUser) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SystemUser) Models 

func (su *SystemUser) Models() []string

Models returns the models that this assertion is valid for.

func (*SystemUser) Name 

func (su *SystemUser) Name() string

Name returns the full name of the user (e.g. Random Guy).

func (*SystemUser) Password 

func (su *SystemUser) Password() string

Password returns the crypt(3) compatible password for the user. Note that only ID: $6$ or stronger is supported (sha512crypt).

func (*SystemUser) Prerequisites 

func (ab *SystemUser) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SystemUser) Ref 

func (ab *SystemUser) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SystemUser) Revision 

func (ab *SystemUser) Revision() int

Revision returns the assertion revision.

func (*SystemUser) SSHKeys 

func (su *SystemUser) SSHKeys() []string

SSHKeys returns the ssh keys for the user.

func (*SystemUser) Series 

func (su *SystemUser) Series() []string

Series returns the series that this assertion is valid for.

func (*SystemUser) SignKeyID 

func (ab *SystemUser) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SystemUser) Signature 

func (ab *SystemUser) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SystemUser) Since 

func (su *SystemUser) Since() time.Time

Since returns the time since the assertion is valid.

func (*SystemUser) Type 

func (ab *SystemUser) Type() *AssertionType

Type returns the assertion type.

func (*SystemUser) Until 

func (su *SystemUser) Until() time.Time

Until returns the time until the assertion is valid.

func (*SystemUser) Username 

func (su *SystemUser) Username() string

Username returns the system user name that should be created (e.g. "foo").

func (*SystemUser) ValidAt 

func (su *SystemUser) ValidAt(when time.Time) bool

ValidAt returns whether the system-user is valid at 'when' time.

type Validation 

type Validation struct {
	// contains filtered or unexported fields
}

Validation holds a validation assertion, describing that a combination of (snap-id, approved-snap-id, approved-revision) has been validated for the series, meaning updating to that revision of approved-snap-id has been approved by the owner of the gating snap with snap-id.

func (*Validation) ApprovedSnapID 

func (validation *Validation) ApprovedSnapID() string

ApprovedSnapID returns the ID of the gated snap.

func (*Validation) ApprovedSnapRevision 

func (validation *Validation) ApprovedSnapRevision() int

ApprovedSnapRevision returns the approved revision of the gated snap.

func (*Validation) AuthorityID 

func (ab *Validation) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Validation) Body 

func (ab *Validation) Body() []byte

Body returns the body of the assertion.

func (*Validation) Header 

func (ab *Validation) Header(name string) interface{}

Header returns the value of an header by name.

func (*Validation) HeaderString 

func (ab *Validation) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Validation) Headers 

func (ab *Validation) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Validation) Prerequisites 

func (validation *Validation) Prerequisites() []*Ref

Prerequisites returns references to this validation's prerequisite assertions.

func (*Validation) Ref 

func (ab *Validation) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Validation) Revision 

func (ab *Validation) Revision() int

Revision returns the assertion revision.

func (*Validation) Revoked 

func (validation *Validation) Revoked() bool

Revoked returns true if the validation has been revoked.

func (*Validation) Series 

func (validation *Validation) Series() string

Series returns the series for which the validation holds.

func (*Validation) SignKeyID 

func (ab *Validation) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Validation) Signature 

func (ab *Validation) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Validation) SnapID 

func (validation *Validation) SnapID() string

SnapID returns the ID of the gating snap.

func (*Validation) Timestamp 

func (validation *Validation) Timestamp() time.Time

Timestamp returns the time when the validation was issued.

func (*Validation) Type 

func (ab *Validation) Type() *AssertionType

Type returns the assertion type.

Source Files

View all Source files

Directories

Path Synopsis
Package assertstest provides helpers for testing code that involves assertions.
 Package assertstest provides helpers for testing code that involves assertions.
Package signtool offers tooling to sign assertions.
 Package signtool offers tooling to sign assertions.
Package snapasserts offers helpers to handle snap assertions and their checking for installation.
 Package snapasserts offers helpers to handle snap assertions and their checking for installation.
Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
 Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
Package systestkeys defines trusted assertions and keys to use in tests.
 Package systestkeys defines trusted assertions and keys to use in tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.