snapd: github.com/snapcore/snapd/asserts Index | Files | Directories

package asserts

import "github.com/snapcore/snapd/asserts"

Package asserts implements snappy assertions and a database abstraction for managing and holding them.

Index

Package Files

account.go account_key.go asserts.go batch.go crypto.go database.go digest.go fetcher.go findwildcard.go fsbackstore.go fsentryutils.go fskeypairmgr.go gpgkeypairmgr.go header_checks.go headers.go ifacedecls.go membackstore.go memkeypairmgr.go model.go pool.go repair.go serial_asserts.go snap_asserts.go store_asserts.go system_user.go validation_set.go

Constants

const (
    MaxBodySize      = 2 * 1024 * 1024
    MaxHeadersSize   = 128 * 1024
    MaxSignatureSize = 128 * 1024
)

Maximum assertion component sizes.

const MediaType = "application/x.ubuntu.assertion"

MediaType is the media type for encoded assertions on the wire.

const RevisionNotKnown = -1

Variables

var (
    AccountType         = &AssertionType{"account", []string{"account-id"}, assembleAccount, 0}
    AccountKeyType      = &AssertionType{"account-key", []string{"public-key-sha3-384"}, assembleAccountKey, 0}
    RepairType          = &AssertionType{"repair", []string{"brand-id", "repair-id"}, assembleRepair, sequenceForming}
    ModelType           = &AssertionType{"model", []string{"series", "brand-id", "model"}, assembleModel, 0}
    SerialType          = &AssertionType{"serial", []string{"brand-id", "model", "serial"}, assembleSerial, 0}
    BaseDeclarationType = &AssertionType{"base-declaration", []string{"series"}, assembleBaseDeclaration, 0}
    SnapDeclarationType = &AssertionType{"snap-declaration", []string{"series", "snap-id"}, assembleSnapDeclaration, 0}
    SnapBuildType       = &AssertionType{"snap-build", []string{"snap-sha3-384"}, assembleSnapBuild, 0}
    SnapRevisionType    = &AssertionType{"snap-revision", []string{"snap-sha3-384"}, assembleSnapRevision, 0}
    SnapDeveloperType   = &AssertionType{"snap-developer", []string{"snap-id", "publisher-id"}, assembleSnapDeveloper, 0}
    SystemUserType      = &AssertionType{"system-user", []string{"brand-id", "email"}, assembleSystemUser, 0}
    ValidationType      = &AssertionType{"validation", []string{"series", "snap-id", "approved-snap-id", "approved-snap-revision"}, assembleValidation, 0}
    ValidationSetType   = &AssertionType{"validation-set", []string{"series", "account-id", "name", "sequence"}, assembleValidationSet, sequenceForming}
    StoreType           = &AssertionType{"store", []string{"store"}, assembleStore, 0}
)

Understood assertion types.

var (
    DeviceSessionRequestType = &AssertionType{"device-session-request", []string{"brand-id", "model", "serial"}, assembleDeviceSessionRequest, noAuthority}
    SerialRequestType        = &AssertionType{"serial-request", nil, assembleSerialRequest, noAuthority}
    AccountKeyRequestType    = &AssertionType{"account-key-request", []string{"public-key-sha3-384"}, assembleAccountKeyRequest, noAuthority}
)

Assertion types without a definite authority set (on the wire and/or self-signed).

var (
    AlwaysMatchAttributes = &AttributeConstraints{matcher: fixedAttrMatcher{nil}}
    NeverMatchAttributes  = &AttributeConstraints{matcher: fixedAttrMatcher{errors.New("not allowed")}}
)
var (
    ErrUnresolved       = errors.New("unresolved assertion")
    ErrUnknownPoolGroup = errors.New("unknown pool group")
)
var DefaultCheckers = []Checker{
    CheckSigningKeyIsNotExpired,
    CheckSignature,
    CheckTimestampVsSigningKeyValidity,
    CheckCrossConsistency,
}

DefaultCheckers lists the default and recommended assertion checkers used by Database if none are specified in the DatabaseConfig.Checkers.

var MetaHeaders = [...]string{
    "type",
    "format",
    "authority-id",
    "revision",
    "body-length",
    "sign-key-sha3-384",
}

MetaHeaders is a list of headers in assertions which are about the assertion itself.

func CheckCrossConsistency Uses

func CheckCrossConsistency(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckCrossConsistency verifies that the assertion is consistent with the other statements in the database.

func CheckSignature Uses

func CheckSignature(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSignature checks that the signature is valid.

func CheckSigningKeyIsNotExpired Uses

func CheckSigningKeyIsNotExpired(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckSigningKeyIsNotExpired checks that the signing key is not expired.

func CheckTimestampVsSigningKeyValidity Uses

func CheckTimestampVsSigningKeyValidity(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

CheckTimestampVsSigningKeyValidity verifies that the timestamp of the assertion is within the signing key validity.

func Encode Uses

func Encode(assert Assertion) []byte

Encode serializes an assertion.

func EncodeDigest Uses

func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)

EncodeDigest encodes the digest from hash algorithm to be put in an assertion header.

func EncodePublicKey Uses

func EncodePublicKey(pubKey PublicKey) ([]byte, error)

EncodePublicKey serializes a public key, typically for embedding in an assertion.

func HeadersFromPrimaryKey Uses

func HeadersFromPrimaryKey(assertType *AssertionType, primaryKey []string) (headers map[string]string, err error)

HeadersFromPrimaryKey constructs a headers mapping from the primaryKey values and the assertion type, it errors if primaryKey has the wrong length.

func InitBuiltinBaseDeclaration Uses

func InitBuiltinBaseDeclaration(headers []byte) error

InitBuiltinBaseDeclaration initializes the builtin base-declaration based on headers (or resets it if headers is nil).

func IsNotFound Uses

func IsNotFound(err error) bool

IsNotFound returns whether err is an assertion not found error.

func IsUnaccceptedUpdate Uses

func IsUnaccceptedUpdate(err error) bool

IsUnaccceptedUpdate returns whether the error indicates that an assertion revision was already present and has been kept because the update was not accepted.

func IsValidAccountKeyName Uses

func IsValidAccountKeyName(name string) bool

func MaxSupportedFormats Uses

func MaxSupportedFormats(min int) (maxFormats map[string]int)

MaxSupportedFormats returns a mapping between assertion type names and corresponding max supported format if it is >= min. Typical usage passes 1 or 0 for min.

func MockMaxSupportedFormat Uses

func MockMaxSupportedFormat(assertType *AssertionType, maxFormat int) (restore func())

func PrimaryKeyFromHeaders Uses

func PrimaryKeyFromHeaders(assertType *AssertionType, headers map[string]string) (primaryKey []string, err error)

PrimaryKeyFromHeaders extracts the tuple of values from headers corresponding to a primary key under the assertion type, it errors if there are missing primary key headers.

func SignatureCheck Uses

func SignatureCheck(assert Assertion, pubKey PublicKey) error

SignatureCheck checks the signature of the assertion against the given public key. Useful for assertions with no authority.

func SnapFileSHA3_384 Uses

func SnapFileSHA3_384(snapPath string) (digest string, size uint64, err error)

SnapFileSHA3_384 computes the SHA3-384 digest of the given snap file. It also returns its size.

func SuggestFormat Uses

func SuggestFormat(assertType *AssertionType, headers map[string]interface{}, body []byte) (formatnum int, err error)

SuggestFormat returns a minimum format that supports the features that would be used by an assertion with the given components.

func TypeNames Uses

func TypeNames() []string

TypeNames returns a sorted list of known assertion type names.

type Account Uses

type Account struct {
    // contains filtered or unexported fields
}

Account holds an account assertion, which ties a name for an account to its identifier and provides the authority's confidence in the name's validity.

func (*Account) AccountID Uses

func (acc *Account) AccountID() string

AccountID returns the account-id of the account.

func (*Account) At Uses

func (ab *Account) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Account) AuthorityID Uses

func (ab *Account) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Account) Body Uses

func (ab *Account) Body() []byte

Body returns the body of the assertion.

func (*Account) DisplayName Uses

func (acc *Account) DisplayName() string

DisplayName returns the human-friendly name for the account.

func (*Account) Format Uses

func (ab *Account) Format() int

Format returns the assertion format iteration.

func (*Account) Header Uses

func (ab *Account) Header(name string) interface{}

Header returns the value of an header by name.

func (*Account) HeaderString Uses

func (ab *Account) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Account) Headers Uses

func (ab *Account) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Account) Prerequisites Uses

func (ab *Account) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Account) Ref Uses

func (ab *Account) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Account) Revision Uses

func (ab *Account) Revision() int

Revision returns the assertion revision.

func (*Account) SignKeyID Uses

func (ab *Account) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Account) Signature Uses

func (ab *Account) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Account) SupportedFormat Uses

func (ab *Account) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Account) Timestamp Uses

func (acc *Account) Timestamp() time.Time

Timestamp returns the time when the account was issued.

func (*Account) Type Uses

func (ab *Account) Type() *AssertionType

Type returns the assertion type.

func (*Account) Username Uses

func (acc *Account) Username() string

Username returns the user name for the account.

func (*Account) Validation Uses

func (acc *Account) Validation() string

Validation returns the level of confidence of the authority in the account's identity, expected to be "unproven" or "verified", and for forward compatibility any value != "unproven" can be considered at least "verified".

type AccountKey Uses

type AccountKey struct {
    // contains filtered or unexported fields
}

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

func (*AccountKey) AccountID Uses

func (ak *AccountKey) AccountID() string

AccountID returns the account-id of this account-key.

func (*AccountKey) At Uses

func (ab *AccountKey) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*AccountKey) AuthorityID Uses

func (ab *AccountKey) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKey) Body Uses

func (ab *AccountKey) Body() []byte

Body returns the body of the assertion.

func (*AccountKey) Format Uses

func (ab *AccountKey) Format() int

Format returns the assertion format iteration.

func (*AccountKey) Header Uses

func (ab *AccountKey) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKey) HeaderString Uses

func (ab *AccountKey) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKey) Headers Uses

func (ab *AccountKey) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKey) Name Uses

func (ak *AccountKey) Name() string

Name returns the name of the account key.

func (*AccountKey) Prerequisites Uses

func (ak *AccountKey) Prerequisites() []*Ref

Prerequisites returns references to this account-key's prerequisite assertions.

func (*AccountKey) PublicKeyID Uses

func (ak *AccountKey) PublicKeyID() string

PublicKeyID returns the key id used for lookup of the account key.

func (*AccountKey) Ref Uses

func (ab *AccountKey) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKey) Revision Uses

func (ab *AccountKey) Revision() int

Revision returns the assertion revision.

func (*AccountKey) SignKeyID Uses

func (ab *AccountKey) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKey) Signature Uses

func (ab *AccountKey) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKey) Since Uses

func (ak *AccountKey) Since() time.Time

Since returns the time when the account key starts being valid.

func (*AccountKey) SupportedFormat Uses

func (ab *AccountKey) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKey) Type Uses

func (ab *AccountKey) Type() *AssertionType

Type returns the assertion type.

func (*AccountKey) Until Uses

func (ak *AccountKey) Until() time.Time

Until returns the time when the account key stops being valid. A zero time means the key is valid forever.

type AccountKeyRequest Uses

type AccountKeyRequest struct {
    // contains filtered or unexported fields
}

AccountKeyRequest holds an account-key-request assertion, which is a self-signed request to prove that the requester holds the private key and wishes to create an account-key assertion for it.

func (*AccountKeyRequest) AccountID Uses

func (akr *AccountKeyRequest) AccountID() string

AccountID returns the account-id of this account-key-request.

func (*AccountKeyRequest) At Uses

func (ab *AccountKeyRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*AccountKeyRequest) AuthorityID Uses

func (ab *AccountKeyRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKeyRequest) Body Uses

func (ab *AccountKeyRequest) Body() []byte

Body returns the body of the assertion.

func (*AccountKeyRequest) Format Uses

func (ab *AccountKeyRequest) Format() int

Format returns the assertion format iteration.

func (*AccountKeyRequest) Header Uses

func (ab *AccountKeyRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*AccountKeyRequest) HeaderString Uses

func (ab *AccountKeyRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*AccountKeyRequest) Headers Uses

func (ab *AccountKeyRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*AccountKeyRequest) Name Uses

func (akr *AccountKeyRequest) Name() string

Name returns the name of the account key.

func (*AccountKeyRequest) Prerequisites Uses

func (akr *AccountKeyRequest) Prerequisites() []*Ref

Prerequisites returns references to this account-key-request's prerequisite assertions.

func (*AccountKeyRequest) PublicKeyID Uses

func (akr *AccountKeyRequest) PublicKeyID() string

PublicKeyID returns the underlying public key ID of the requested account key.

func (*AccountKeyRequest) Ref Uses

func (ab *AccountKeyRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*AccountKeyRequest) Revision Uses

func (ab *AccountKeyRequest) Revision() int

Revision returns the assertion revision.

func (*AccountKeyRequest) SignKeyID Uses

func (ab *AccountKeyRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*AccountKeyRequest) Signature Uses

func (ab *AccountKeyRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKeyRequest) Since Uses

func (akr *AccountKeyRequest) Since() time.Time

Since returns the time when the requested account key starts being valid.

func (*AccountKeyRequest) SupportedFormat Uses

func (ab *AccountKeyRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*AccountKeyRequest) Type Uses

func (ab *AccountKeyRequest) Type() *AssertionType

Type returns the assertion type.

func (*AccountKeyRequest) Until Uses

func (akr *AccountKeyRequest) Until() time.Time

Until returns the time when the requested account key stops being valid. A zero time means the key is valid forever.

type Assertion Uses

type Assertion interface {
    // Type returns the type of this assertion
    Type() *AssertionType
    // Format returns the format iteration of this assertion
    Format() int
    // SupportedFormat returns whether the assertion uses a supported
    // format iteration. If false the assertion might have been only
    // partially parsed.
    SupportedFormat() bool
    // Revision returns the revision of this assertion
    Revision() int
    // AuthorityID returns the authority that signed this assertion
    AuthorityID() string

    // Header retrieves the header with name
    Header(name string) interface{}

    // Headers returns the complete headers
    Headers() map[string]interface{}

    // HeaderString retrieves the string value of header with name or ""
    HeaderString(name string) string

    // Body returns the body of this assertion
    Body() []byte

    // Signature returns the signed content and its unprocessed signature
    Signature() (content, signature []byte)

    // SignKeyID returns the key id for the key that signed this assertion.
    SignKeyID() string

    // Prerequisites returns references to the prerequisite assertions for the validity of this one.
    Prerequisites() []*Ref

    // Ref returns a reference representing this assertion.
    Ref() *Ref

    // At returns an AtRevision referencing this assertion at its revision.
    At() *AtRevision
}

Assertion represents an assertion through its general elements.

func Assemble Uses

func Assemble(headers map[string]interface{}, body, content, signature []byte) (Assertion, error)

Assemble assembles an assertion from its components.

func Decode Uses

func Decode(serializedAssertion []byte) (Assertion, error)

Decode parses a serialized assertion.

The expected serialisation format looks like:

HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE

where:

HEADER is a set of header entries separated by "\n"
BODY can be arbitrary text,
SIGNATURE is the signature

Both BODY and HEADER must be UTF8.

A header entry for a single line value (no '\n' in it) looks like:

NAME ": " SIMPLEVALUE

The format supports multiline text values (with '\n's in them) and lists or maps, possibly nested, with string scalars in them.

For those a header entry looks like:

NAME ":\n" MULTI(baseindent)

where MULTI can be

* (baseindent + 4)-space indented value (multiline text)

* entries of a list each of the form:

" "*baseindent "  -"  ( " " SIMPLEVALUE | "\n" MULTI )

* entries of map each of the form:

" "*baseindent "  " NAME ":"  ( " " SIMPLEVALUE | "\n" MULTI )

baseindent starts at 0 and then grows with nesting matching the previous level introduction (e.g. the " "*baseindent " -" bit) length minus 1.

In general the following headers are mandatory:

type
authority-id (except for on the wire/self-signed assertions like serial-request)

Further for a given assertion type all the primary key headers must be non empty and must not contain '/'.

The following headers expect string representing integer values and if omitted otherwise are assumed to be 0:

revision (a positive int)
body-length (expected to be equal to the length of BODY)
format (a positive int for the format iteration of the type used)

Times are expected to be in the RFC3339 format: "2006-01-02T15:04:05Z07:00".

func SignWithoutAuthority Uses

func SignWithoutAuthority(assertType *AssertionType, headers map[string]interface{}, body []byte, privKey PrivateKey) (Assertion, error)

SignWithoutAuthority assembles an assertion without a set authority with the provided information and signs it with the given private key.

type AssertionType Uses

type AssertionType struct {
    // Name of the type.
    Name string
    // PrimaryKey holds the names of the headers that constitute the
    // unique primary key for this assertion type.
    PrimaryKey []string
    // contains filtered or unexported fields
}

AssertionType describes a known assertion type with its name and metadata.

func Type Uses

func Type(name string) *AssertionType

Type returns the AssertionType with name or nil

func (*AssertionType) MaxSupportedFormat Uses

func (at *AssertionType) MaxSupportedFormat() int

MaxSupportedFormat returns the maximum supported format iteration for the type.

func (*AssertionType) SequenceForming Uses

func (at *AssertionType) SequenceForming() bool

SequencingForming returns true if the assertion type has a positive integer >= 1 as the last component (preferably called "sequence") of its primary key over which the assertions of the type form sequences, usually without gaps, one sequence per sequence key (the primary key prefix omitting the sequence number). See SequenceMember.

type AtRevision Uses

type AtRevision struct {
    Ref
    Revision int
}

AtRevision represents an assertion at a given revision, possibly not known (RevisionNotKnown).

func (*AtRevision) String Uses

func (at *AtRevision) String() string

type AttrMatchContext Uses

type AttrMatchContext interface {
    PlugAttr(arg string) (interface{}, error)
    SlotAttr(arg string) (interface{}, error)
}

AttrMatchContext has contextual helpers for evaluating attribute constraints.

type Attrer Uses

type Attrer interface {
    Lookup(path string) (interface{}, bool)
}

Attrer reflects part of the Attrer interface (see interfaces.Attrer).

type AttributeConstraints Uses

type AttributeConstraints struct {
    // contains filtered or unexported fields
}

AttributeConstraints implements a set of constraints on the attributes of a slot or plug.

func (*AttributeConstraints) Check Uses

func (c *AttributeConstraints) Check(attrer Attrer, ctx AttrMatchContext) error

Check checks whether attrs don't match the constraints.

type Backstore Uses

type Backstore interface {
    // Put stores an assertion.
    // It is responsible for checking that assert is newer than a
    // previously stored revision with the same primary key headers.
    Put(assertType *AssertionType, assert Assertion) error
    // Get returns the assertion with the given unique key for its
    // primary key headers.  If none is present it returns a
    // NotFoundError, usually with omitted Headers.
    Get(assertType *AssertionType, key []string, maxFormat int) (Assertion, error)
    // Search returns assertions matching the given headers.
    // It invokes foundCb for each found assertion.
    Search(assertType *AssertionType, headers map[string]string, foundCb func(Assertion), maxFormat int) error
    // SequenceMemberAfter returns for a sequence-forming assertType the
    // first assertion in the sequence under the given sequenceKey
    // with sequence number larger than after. If after==-1 it
    // returns the assertion with largest sequence number. If none
    // exists it returns a NotFoundError, usually with omitted
    // Headers. If assertType is not sequence-forming it can
    // panic.
    SequenceMemberAfter(assertType *AssertionType, sequenceKey []string, after, maxFormat int) (SequenceMember, error)
}

A Backstore stores assertions. It can store and retrieve assertions by type under unique primary key headers (whose names are available from assertType.PrimaryKey). Plus it supports searching by headers. Lookups can be limited to a maximum allowed format.

func NewMemoryBackstore Uses

func NewMemoryBackstore() Backstore

NewMemoryBackstore creates a memory backed assertions backstore.

func OpenFSBackstore Uses

func OpenFSBackstore(path string) (Backstore, error)

OpenFSBackstore opens a filesystem backed assertions backstore under path.

type BaseDeclaration Uses

type BaseDeclaration struct {
    // contains filtered or unexported fields
}

BaseDeclaration holds a base-declaration assertion, declaring the policies (to start with interface ones) applying to all snaps of a series.

func BuiltinBaseDeclaration Uses

func BuiltinBaseDeclaration() *BaseDeclaration

BuiltinBaseDeclaration exposes the initialized builtin base-declaration assertion. This is used by overlord/assertstate, other code should use assertstate.BaseDeclaration.

func (*BaseDeclaration) At Uses

func (ab *BaseDeclaration) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*BaseDeclaration) AuthorityID Uses

func (ab *BaseDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*BaseDeclaration) Body Uses

func (ab *BaseDeclaration) Body() []byte

Body returns the body of the assertion.

func (*BaseDeclaration) Format Uses

func (ab *BaseDeclaration) Format() int

Format returns the assertion format iteration.

func (*BaseDeclaration) Header Uses

func (ab *BaseDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*BaseDeclaration) HeaderString Uses

func (ab *BaseDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*BaseDeclaration) Headers Uses

func (ab *BaseDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*BaseDeclaration) PlugRule Uses

func (basedcl *BaseDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) Prerequisites Uses

func (ab *BaseDeclaration) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*BaseDeclaration) Ref Uses

func (ab *BaseDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*BaseDeclaration) Revision Uses

func (ab *BaseDeclaration) Revision() int

Revision returns the assertion revision.

func (*BaseDeclaration) Series Uses

func (basedcl *BaseDeclaration) Series() string

Series returns the series whose snaps are governed by the declaration.

func (*BaseDeclaration) SignKeyID Uses

func (ab *BaseDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*BaseDeclaration) Signature Uses

func (ab *BaseDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*BaseDeclaration) SlotRule Uses

func (basedcl *BaseDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*BaseDeclaration) SupportedFormat Uses

func (ab *BaseDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*BaseDeclaration) Timestamp Uses

func (basedcl *BaseDeclaration) Timestamp() time.Time

Timestamp returns the time when the base-declaration was issued.

func (*BaseDeclaration) Type Uses

func (ab *BaseDeclaration) Type() *AssertionType

Type returns the assertion type.

type Batch Uses

type Batch struct {
    // contains filtered or unexported fields
}

Batch allows to accumulate a set of assertions possibly out of prerequisite order and then add them in one go to an assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func NewBatch Uses

func NewBatch(unsupported func(u *Ref, err error) error) *Batch

NewBatch creates a new Batch to accumulate assertions to add in one go to an assertion database. unsupported can be used to ignore/log assertions with unsupported formats, default behavior is to error on them.

func (*Batch) Add Uses

func (b *Batch) Add(a Assertion) error

Add one assertion to the batch.

func (*Batch) AddStream Uses

func (b *Batch) AddStream(r io.Reader) ([]*Ref, error)

AddStream adds a stream of assertions to the batch. Returns references to the assertions effectively added.

func (*Batch) CommitTo Uses

func (b *Batch) CommitTo(db *Database, opts *CommitOptions) error

CommitTo adds the batch of assertions to the given assertion database. Nothing will be committed if there are missing prerequisites, for a full consistency check beforehand there is the Precheck option.

func (*Batch) Fetch Uses

func (b *Batch) Fetch(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), fetching func(Fetcher) error) error

Fetch adds to the batch by invoking fetching to drive an internal Fetcher that was built with trustedDB and retrieve.

type Checker Uses

type Checker func(assert Assertion, signingKey *AccountKey, roDB RODatabase, checkTime time.Time) error

A Checker defines a check on an assertion considering aspects such as the signing key, and consistency with other assertions in the database.

type CommitOptions Uses

type CommitOptions struct {
    // Precheck indicates whether to do a full consistency check
    // before starting adding the batch.
    Precheck bool
}

type Database Uses

type Database struct {
    // contains filtered or unexported fields
}

Database holds assertions and can be used to sign or check further assertions.

func OpenDatabase Uses

func OpenDatabase(cfg *DatabaseConfig) (*Database, error)

OpenDatabase opens the assertion database based on the configuration.

func (*Database) Add Uses

func (db *Database) Add(assert Assertion) error

Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.

func (*Database) Check Uses

func (db *Database) Check(assert Assertion) error

Check tests whether the assertion is properly signed and consistent with all the stored knowledge.

func (*Database) Find Uses

func (db *Database) Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)

Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindMany Uses

func (db *Database) FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindMany finds assertions based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindManyPredefined Uses

func (db *Database) FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)

FindManyPrefined finds assertions in the predefined sets (trusted or not) based on arbitrary headers. It returns a NotFoundError if no assertion can be found.

func (*Database) FindMaxFormat Uses

func (db *Database) FindMaxFormat(assertionType *AssertionType, headers map[string]string, maxFormat int) (Assertion, error)

FindMaxFormat finds an assertion like Find but such that its format is <= maxFormat by passing maxFormat along to the backend. It returns a NotFoundError if such an assertion cannot be found.

func (*Database) FindPredefined Uses

func (db *Database) FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindPredefined finds an assertion in the predefined sets (trusted or not) based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindSequence Uses

func (db *Database) FindSequence(assertType *AssertionType, sequenceHeaders map[string]string, after, maxFormat int) (SequenceMember, error)

FindSequence finds an assertion for the given headers and after for a sequence-forming type. The provided headers must contain a sequence key, i.e. a prefix of the primary key for the assertion type except for the sequence number header. The assertion is the first in the sequence under the sequence key with sequence number > after. If after is -1 it returns instead the assertion with the largest sequence number. It will constraint itself to assertions with format <= maxFormat unless maxFormat is -1. It returns a NotFoundError if the assertion cannot be found.

func (*Database) FindTrusted Uses

func (db *Database) FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)

FindTrusted finds an assertion in the trusted set based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns a NotFoundError if the assertion cannot be found.

func (*Database) ImportKey Uses

func (db *Database) ImportKey(privKey PrivateKey) error

ImportKey stores the given private/public key pair.

func (*Database) IsTrustedAccount Uses

func (db *Database) IsTrustedAccount(accountID string) bool

IsTrustedAccount returns whether the account is part of the trusted set.

func (*Database) PublicKey Uses

func (db *Database) PublicKey(keyID string) (PublicKey, error)

PublicKey returns the public key part of the key pair that has the given key id.

func (*Database) Sign Uses

func (db *Database) Sign(assertType *AssertionType, headers map[string]interface{}, body []byte, keyID string) (Assertion, error)

Sign assembles an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided key id.

func (*Database) WithStackedBackstore Uses

func (db *Database) WithStackedBackstore(backstore Backstore) *Database

WithStackedBackstore returns a new database that adds to the given backstore only but finds in backstore and the base database backstores and cross-checks against all of them. This is useful to cross-check a set of assertions without adding them to the database.

type DatabaseConfig Uses

type DatabaseConfig struct {
    // trusted set of assertions (account and account-key supported),
    // used to establish root keys and trusted authorities
    Trusted []Assertion
    // predefined assertions but that do not establish foundational trust
    OtherPredefined []Assertion
    // backstore for assertions, left unset storing assertions will error
    Backstore Backstore
    // manager/backstore for keypairs, defaults to in-memory implementation
    KeypairManager KeypairManager
    // assertion checkers used by Database.Check, left unset DefaultCheckers will be used which is recommended
    Checkers []Checker
}

DatabaseConfig for an assertion database.

type Decoder Uses

type Decoder struct {
    // contains filtered or unexported fields
}

Decoder parses a stream of assertions bundled by separating them with double newlines.

func NewDecoder Uses

func NewDecoder(r io.Reader) *Decoder

NewDecoder returns a Decoder to parse the stream of assertions from the reader.

func NewDecoderWithTypeMaxBodySize Uses

func NewDecoderWithTypeMaxBodySize(r io.Reader, typeMaxBodySize map[*AssertionType]int) *Decoder

NewDecoderWithTypeMaxBodySize returns a Decoder to parse the stream of assertions from the reader enforcing optional per type max body sizes or the default one as fallback.

func (*Decoder) Decode Uses

func (d *Decoder) Decode() (Assertion, error)

Decode parses the next assertion from the stream. It returns the error io.EOF at the end of a well-formed stream.

type DeviceScopeConstraint Uses

type DeviceScopeConstraint struct {
    Store []string
    Brand []string
    // Model is a list of precise "<brand>/<model>" constraints
    Model []string
}

DeviceScopeConstraint specifies a constraints based on which brand store, brand or model the device belongs to.

type DeviceSessionRequest Uses

type DeviceSessionRequest struct {
    // contains filtered or unexported fields
}

DeviceSessionRequest holds a device-session-request assertion, which is a request wrapping a store-provided nonce to start a session by a device signed with its key.

func (*DeviceSessionRequest) At Uses

func (ab *DeviceSessionRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*DeviceSessionRequest) AuthorityID Uses

func (ab *DeviceSessionRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*DeviceSessionRequest) Body Uses

func (ab *DeviceSessionRequest) Body() []byte

Body returns the body of the assertion.

func (*DeviceSessionRequest) BrandID Uses

func (req *DeviceSessionRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*DeviceSessionRequest) Format Uses

func (ab *DeviceSessionRequest) Format() int

Format returns the assertion format iteration.

func (*DeviceSessionRequest) Header Uses

func (ab *DeviceSessionRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*DeviceSessionRequest) HeaderString Uses

func (ab *DeviceSessionRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*DeviceSessionRequest) Headers Uses

func (ab *DeviceSessionRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*DeviceSessionRequest) Model Uses

func (req *DeviceSessionRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*DeviceSessionRequest) Nonce Uses

func (req *DeviceSessionRequest) Nonce() string

Nonce returns the nonce obtained from store and to be presented when requesting a device session.

func (*DeviceSessionRequest) Prerequisites Uses

func (ab *DeviceSessionRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*DeviceSessionRequest) Ref Uses

func (ab *DeviceSessionRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*DeviceSessionRequest) Revision Uses

func (ab *DeviceSessionRequest) Revision() int

Revision returns the assertion revision.

func (*DeviceSessionRequest) Serial Uses

func (req *DeviceSessionRequest) Serial() string

Serial returns the serial identifier of the device making the request, together with brand id and model it forms the unique identifier of the device.

func (*DeviceSessionRequest) SignKeyID Uses

func (ab *DeviceSessionRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*DeviceSessionRequest) Signature Uses

func (ab *DeviceSessionRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*DeviceSessionRequest) SupportedFormat Uses

func (ab *DeviceSessionRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*DeviceSessionRequest) Timestamp Uses

func (req *DeviceSessionRequest) Timestamp() time.Time

Timestamp returns the time when the device-session-request was created.

func (*DeviceSessionRequest) Type Uses

func (ab *DeviceSessionRequest) Type() *AssertionType

Type returns the assertion type.

type Encoder Uses

type Encoder struct {
    // contains filtered or unexported fields
}

Encoder emits a stream of assertions bundled by separating them with double newlines.

func NewEncoder Uses

func NewEncoder(w io.Writer) *Encoder

NewEncoder returns a Encoder to emit a stream of assertions to a writer.

func (*Encoder) Encode Uses

func (enc *Encoder) Encode(assert Assertion) error

Encode emits the assertion into the stream with the required separator. Errors here are always about writing given that Encode() itself cannot error.

func (*Encoder) WriteContentSignature Uses

func (enc *Encoder) WriteContentSignature(content, signature []byte) error

WriteContentSignature writes the content and signature of an assertion into the stream with all the required separators.

func (*Encoder) WriteEncoded Uses

func (enc *Encoder) WriteEncoded(encoded []byte) error

WriteEncoded writes the encoded assertion into the stream with the required separator.

type Fetcher Uses

type Fetcher interface {
    // Fetch retrieves the assertion indicated by ref then its prerequisites
    // recursively, along the way saving prerequisites before dependent assertions.
    Fetch(*Ref) error
    // Save retrieves the prerequisites of the assertion recursively,
    // along the way saving them, and finally saves the assertion.
    Save(Assertion) error
}

A Fetcher helps fetching assertions and their prerequisites.

func NewFetcher Uses

func NewFetcher(trustedDB RODatabase, retrieve func(*Ref) (Assertion, error), save func(Assertion) error) Fetcher

NewFetcher creates a Fetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve, and then will pass them to save, saving prerequisites before dependent assertions.

type GPGKeypairManager Uses

type GPGKeypairManager struct{}

A key pair manager backed by a local GnuPG setup.

func NewGPGKeypairManager Uses

func NewGPGKeypairManager() *GPGKeypairManager

NewGPGKeypairManager creates a new key pair manager backed by a local GnuPG setup. Importing keys through the keypair manager interface is not suppored. Main purpose is allowing signing using keys from a GPG setup.

func (*GPGKeypairManager) Delete Uses

func (gkm *GPGKeypairManager) Delete(name string) error

Delete removes the named key pair from GnuPG's storage.

func (*GPGKeypairManager) Export Uses

func (gkm *GPGKeypairManager) Export(name string) ([]byte, error)

Export returns the encoded text of the named public key.

func (*GPGKeypairManager) Generate Uses

func (gkm *GPGKeypairManager) Generate(passphrase string, name string) error

Generate creates a new key with the given passphrase and name.

func (*GPGKeypairManager) Get Uses

func (gkm *GPGKeypairManager) Get(keyID string) (PrivateKey, error)

func (*GPGKeypairManager) GetByName Uses

func (gkm *GPGKeypairManager) GetByName(name string) (PrivateKey, error)

GetByName looks up a private key by name and returns it.

func (*GPGKeypairManager) Put Uses

func (gkm *GPGKeypairManager) Put(privKey PrivateKey) error

func (*GPGKeypairManager) Walk Uses

func (gkm *GPGKeypairManager) Walk(consider func(privk PrivateKey, fingerprint string, uid string) error) error

Walk iterates over all the RSA private keys in the local GPG setup calling the provided callback until this returns an error

type Grouping Uses

type Grouping string

A Grouping identifies opaquely a grouping of assertions. Pool uses it to label the interesection between a set of groups.

type KeypairManager Uses

type KeypairManager interface {
    // Put stores the given private/public key pair,
    // making sure it can be later retrieved by its unique key id with Get.
    // Trying to store a key with an already present key id should
    // result in an error.
    Put(privKey PrivateKey) error
    // Get returns the private/public key pair with the given key id.
    Get(keyID string) (PrivateKey, error)
}

A KeypairManager is a manager and backstore for private/public key pairs.

func NewMemoryKeypairManager Uses

func NewMemoryKeypairManager() KeypairManager

NewMemoryKeypairManager creates a new key pair manager with a memory backstore.

func OpenFSKeypairManager Uses

func OpenFSKeypairManager(path string) (KeypairManager, error)

OpenFSKeypairManager opens a filesystem backed assertions backstore under path.

type Model Uses

type Model struct {
    // contains filtered or unexported fields
}

Model holds a model assertion, which is a statement by a brand about the properties of a device model.

func (*Model) Architecture Uses

func (mod *Model) Architecture() string

Architecture returns the architecture the model is based on.

func (*Model) At Uses

func (ab *Model) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Model) AuthorityID Uses

func (ab *Model) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Model) Base Uses

func (mod *Model) Base() string

Base returns the base snap the model uses.

func (*Model) BaseSnap Uses

func (mod *Model) BaseSnap() *ModelSnap

BaseSnap returns the details of the base snap the model uses.

func (*Model) Body Uses

func (ab *Model) Body() []byte

Body returns the body of the assertion.

func (*Model) BrandID Uses

func (mod *Model) BrandID() string

BrandID returns the brand identifier. Same as the authority id.

func (*Model) Classic Uses

func (mod *Model) Classic() bool

Classic returns whether the model is a classic system.

func (*Model) DisplayName Uses

func (mod *Model) DisplayName() string

DisplayName returns the human-friendly name of the model or falls back to Model if this was not set.

func (*Model) EssentialSnaps Uses

func (mod *Model) EssentialSnaps() []*ModelSnap

EssentialSnaps returns all essential snaps explicitly mentioned by the model. They are always returned according to this order with some skipped if not mentioned: snapd, kernel, boot base, gadget.

func (*Model) Format Uses

func (ab *Model) Format() int

Format returns the assertion format iteration.

func (*Model) Gadget Uses

func (mod *Model) Gadget() string

Gadget returns the gadget snap the model uses.

func (*Model) GadgetSnap Uses

func (mod *Model) GadgetSnap() *ModelSnap

GadgetSnap returns the details of the gadget snap the model uses.

func (*Model) GadgetTrack Uses

func (mod *Model) GadgetTrack() string

GadgetTrack returns the gadget track the model uses. XXX this should go away

func (*Model) Grade Uses

func (mod *Model) Grade() ModelGrade

Grade returns the stability grade of the model. Will be ModelGradeUnset for Core 16/18 models.

func (*Model) Header Uses

func (ab *Model) Header(name string) interface{}

Header returns the value of an header by name.

func (*Model) HeaderString Uses

func (ab *Model) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Model) Headers Uses

func (ab *Model) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Model) Kernel Uses

func (mod *Model) Kernel() string

Kernel returns the kernel snap the model uses. XXX this should go away

func (*Model) KernelSnap Uses

func (mod *Model) KernelSnap() *ModelSnap

KernelSnap returns the details of the kernel snap the model uses.

func (*Model) KernelTrack Uses

func (mod *Model) KernelTrack() string

KernelTrack returns the kernel track the model uses. XXX this should go away

func (*Model) Model Uses

func (mod *Model) Model() string

Model returns the model name identifier.

func (*Model) Prerequisites Uses

func (ab *Model) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Model) Ref Uses

func (ab *Model) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Model) RequiredNoEssentialSnaps Uses

func (mod *Model) RequiredNoEssentialSnaps() []naming.SnapRef

RequiredNoEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, excluding the essential snaps (gadget, kernel, boot base, snapd).

func (*Model) RequiredWithEssentialSnaps Uses

func (mod *Model) RequiredWithEssentialSnaps() []naming.SnapRef

RequiredWithEssentialSnaps returns the snaps that must be installed at all times and cannot be removed for this model, including any essential snaps (gadget, kernel, boot base, snapd).

func (*Model) Revision Uses

func (ab *Model) Revision() int

Revision returns the assertion revision.

func (*Model) SerialAuthority Uses

func (mod *Model) SerialAuthority() []string

SerialAuthority returns the authority ids that are accepted as signers for serial assertions for this model. It always includes the brand of the model.

func (*Model) Series Uses

func (mod *Model) Series() string

Series returns the series of the core software the model uses.

func (*Model) SignKeyID Uses

func (ab *Model) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Model) Signature Uses

func (ab *Model) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Model) SnapsWithoutEssential Uses

func (mod *Model) SnapsWithoutEssential() []*ModelSnap

SnapsWithoutEssential returns all the snaps listed by the model without any of the essential snaps (as returned by EssentialSnaps). They are returned in the order of mention by the model.

func (*Model) StorageSafety Uses

func (mod *Model) StorageSafety() StorageSafety

StorageSafety returns the storage safety for the model. Will be StorageSafetyUnset for Core 16/18 models.

func (*Model) Store Uses

func (mod *Model) Store() string

Store returns the snap store the model uses.

func (*Model) SupportedFormat Uses

func (ab *Model) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Model) SystemUserAuthority Uses

func (mod *Model) SystemUserAuthority() []string

SystemUserAuthority returns the authority ids that are accepted as signers of system-user assertions for this model. Empty list means any, otherwise it always includes the brand of the model.

func (*Model) Timestamp Uses

func (mod *Model) Timestamp() time.Time

Timestamp returns the time when the model assertion was issued.

func (*Model) Type Uses

func (ab *Model) Type() *AssertionType

Type returns the assertion type.

type ModelGrade Uses

type ModelGrade string

ModelGrade characterizes the security of the model which then controls related policy.

const (
    ModelGradeUnset ModelGrade = "unset"
    // ModelSecured implies mandatory full disk encryption and secure boot.
    ModelSecured ModelGrade = "secured"
    // ModelSigned implies all seed snaps are signed and mentioned
    // in the model, i.e. no unasserted or extra snaps.
    ModelSigned ModelGrade = "signed"
    // ModelDangerous allows unasserted snaps and extra snaps.
    ModelDangerous ModelGrade = "dangerous"
)

func (ModelGrade) Code Uses

func (mg ModelGrade) Code() uint32

Code returns a bit representation of the grade, for example for measuring it in a full disk encryption implementation.

type ModelSnap Uses

type ModelSnap struct {
    Name   string
    SnapID string
    // SnapType is one of: app|base|gadget|kernel|core, default is app
    SnapType string
    // Modes in which the snap must be made available
    Modes []string
    // DefaultChannel is the initial tracking channel,
    // default is latest/stable in an extended model
    DefaultChannel string
    // PinnedTrack is a pinned track for the snap, if set DefaultChannel
    // cannot be set at the same time (Core 18 models feature)
    PinnedTrack string
    // Presence is one of: required|optional
    Presence string
}

ModelSnap holds the details about a snap specified by a model assertion.

func (*ModelSnap) ID Uses

func (s *ModelSnap) ID() string

ID implements naming.SnapRef.

func (*ModelSnap) SnapName Uses

func (s *ModelSnap) SnapName() string

SnapName implements naming.SnapRef.

type NameConstraints Uses

type NameConstraints struct {
    // contains filtered or unexported fields
}

NameConstraints implements a set of constraints on the names of slots or plugs. See https://forum.snapcraft.io/t/plug-slot-rules-plug-names-slot-names-constraints/12439

func (*NameConstraints) Check Uses

func (nc *NameConstraints) Check(whichName, name string, special map[string]string) error

Check checks whether name doesn't match the constraints.

type NotFoundError Uses

type NotFoundError struct {
    Type    *AssertionType
    Headers map[string]string
}

NotFoundError is returned when an assertion can not be found.

func (*NotFoundError) Error Uses

func (e *NotFoundError) Error() string

type OnClassicConstraint Uses

type OnClassicConstraint struct {
    Classic   bool
    SystemIDs []string
}

OnClassicConstraint specifies a constraint based whether the system is classic and optional specific distros' sets.

type PlugConnectionConstraints Uses

type PlugConnectionConstraints struct {
    SlotSnapTypes    []string
    SlotSnapIDs      []string
    SlotPublisherIDs []string

    PlugNames *NameConstraints
    SlotNames *NameConstraints

    PlugAttributes *AttributeConstraints
    SlotAttributes *AttributeConstraints

    // SlotsPerPlug defaults to 1 for auto-connection, can be * (any)
    SlotsPerPlug SideArityConstraint
    // PlugsPerSlot is always * (any) (for now)
    PlugsPerSlot SideArityConstraint

    OnClassic *OnClassicConstraint

    DeviceScope *DeviceScopeConstraint
}

PlugConnectionConstraints specfies a set of constraints on an interface plug for a snap relevant to its connection or auto-connection.

type PlugInstallationConstraints Uses

type PlugInstallationConstraints struct {
    PlugSnapTypes []string

    PlugNames *NameConstraints

    PlugAttributes *AttributeConstraints

    OnClassic *OnClassicConstraint

    DeviceScope *DeviceScopeConstraint
}

PlugInstallationConstraints specifies a set of constraints on an interface plug relevant to the installation of snap.

type PlugRule Uses

type PlugRule struct {
    Interface string

    AllowInstallation []*PlugInstallationConstraints
    DenyInstallation  []*PlugInstallationConstraints

    AllowConnection []*PlugConnectionConstraints
    DenyConnection  []*PlugConnectionConstraints

    AllowAutoConnection []*PlugConnectionConstraints
    DenyAutoConnection  []*PlugConnectionConstraints
}

PlugRule holds the rule of what is allowed, wrt installation and connection, for a plug of a specific interface for a snap.

type Pool Uses

type Pool struct {
    // contains filtered or unexported fields
}

A pool helps holding and tracking a set of assertions and their prerequisites as they need to be updated or resolved. The assertions can be organized in groups. Failure can be tracked isolated to groups, conversely any error related to a single group alone will stop any work to resolve it. Independent assertions should not be grouped. Assertions and prerequisites that are part of more than one group are tracked properly only once.

Typical usage involves specifying the initial assertions needing to be resolved or updated using AddUnresolved and AddToUpdate. At this point ToResolve can be called to get them organized in groupings ready for fetching. Fetched assertions can then be provided with Add or AddBatch. Because these can have prerequisites calling ToResolve and fetching needs to be repeated until ToResolve's result is empty. Between any two ToResolve invocations but after any Add or AddBatch AddUnresolved/AddToUpdate can also be used again.

              V
              |
/-> AddUnresolved, AddToUpdate
|             |
|             V
|------> ToResolve -> empty? done
|             |
|             V
\ __________ Add

If errors prevent from fulfilling assertions from a ToResolve, AddError and AddGroupingError can be used to report the errors so that they can be associated with groups.

All the resolved assertions in a Pool from groups not in error can be committed to a destination database with CommitTo.

func NewPool Uses

func NewPool(groundDB RODatabase, n int) *Pool

NewPool creates a new Pool, groundDB is used to resolve trusted and predefined assertions and to provide the current revision for assertions to update and their prerequisites. Up to n groups can be used to organize the assertions.

func (*Pool) Add Uses

func (p *Pool) Add(a Assertion, grouping Grouping) (ok bool, err error)

Add adds the given assertion associated with the given grouping to the Pool as resolved in all the groups requiring it. Any not already resolved prerequisites of the assertion will be implicitly added as unresolved and required by all of those groups. The grouping will usually have been associated with the assertion in a ToResolve's result. Otherwise the union of all groups requiring the assertion plus the groups in grouping will be considered. The latter is mostly relevant in scenarios where the server is pushing assertions. If an error is returned it refers to an immediate or local error. Errors related to the assertions are associated with the relevant groups and can be retrieved with Err, in which case ok is set to false.

func (*Pool) AddBatch Uses

func (p *Pool) AddBatch(b *Batch, grouping Grouping) (ok bool, err error)

AddBatch adds all the assertions in the Batch to the Pool, associated with the given grouping and as resolved in all the groups requiring them. It is equivalent to using Add on each of them. If an error is returned it refers to an immediate or local error. Errors related to the assertions are associated with the relevant groups and can be retrieved with Err, in which case ok set to false.

func (*Pool) AddError Uses

func (p *Pool) AddError(e error, ref *Ref) error

AddError associates error e with the unresolved assertion. The error will be propagated to all the affected groups at the next ToResolve.

func (*Pool) AddGroupingError Uses

func (p *Pool) AddGroupingError(e error, grouping Grouping) error

AddGroupingError puts all the groups of grouping in error, with error e.

func (*Pool) AddToUpdate Uses

func (p *Pool) AddToUpdate(toUpdate *Ref, group string) error

AddToUpdate adds the assertion referenced by toUpdate and all its prerequisites to the Pool as unresolved and as required by the given group. It is assumed that the assertion is currently in the ground database of the Pool, otherwise this will error. The current revisions of the assertion and its prerequisites will be recorded and only higher revisions will then resolve them, otherwise if ultimately unresolved they will be assumed to still be at their current ones.

func (*Pool) AddUnresolved Uses

func (p *Pool) AddUnresolved(unresolved *AtRevision, group string) error

AddUnresolved adds the assertion referenced by unresolved AtRevision to the Pool as unresolved and as required by the given group. Usually unresolved.Revision will have been set to RevisionNotKnown.

func (*Pool) ClearGroups Uses

func (p *Pool) ClearGroups() error

ClearGroups clears the pool in terms of information associated with groups while preserving information about already resolved or unchanged assertions. It is useful for reusing a pool once the maximum of usable groups that was set with NewPool has been exhausted. Group errors must be queried before calling it otherwise they are lost. It is an error to call it when there are still pending unresolved assertions in the pool.

func (*Pool) CommitTo Uses

func (p *Pool) CommitTo(db *Database) error

CommitTo adds the assertions from groups without errors to the given assertion database. Commit errors can be retrieved via Err per group. An error is returned directly only if CommitTo is called with possible pending unresolved assertions.

func (*Pool) Err Uses

func (p *Pool) Err(group string) error

Err returns the error for group if group is in error, nil otherwise.

func (*Pool) Errors Uses

func (p *Pool) Errors() map[string]error

Errors returns a mapping of groups in error to their errors.

func (*Pool) Singleton Uses

func (p *Pool) Singleton(group string) (Grouping, error)

Singleton returns a grouping containing only the given group. It is useful mainly for tests and to drive Add are AddBatch when the server is pushing assertions (instead of the usual pull scenario).

func (*Pool) ToResolve Uses

func (p *Pool) ToResolve() (map[Grouping][]*AtRevision, error)

ToResolve returns all the currently unresolved assertions in the Pool, organized in opaque groupings based on which set of groups requires each of them. At the next ToResolve any unresolved assertion with not known revision that was not added via Add or AddBatch will result in all groups requiring it being in error with ErrUnresolved. Conversely, the remaining unresolved assertions originally added via AddToUpdate will be assumed to still be at their current revisions.

type Presence Uses

type Presence string

Presence represents a presence constraint.

const (
    PresenceRequired Presence = "required"
    PresenceOptional Presence = "optional"
    PresenceInvalid  Presence = "invalid"
)

type PrivateKey Uses

type PrivateKey interface {
    // PublicKey returns the public part of the pair.
    PublicKey() PublicKey
    // contains filtered or unexported methods
}

PrivateKey is a cryptographic private/public key pair.

func GenerateKey Uses

func GenerateKey() (PrivateKey, error)

GenerateKey generates a private/public key pair.

func RSAPrivateKey Uses

func RSAPrivateKey(privk *rsa.PrivateKey) PrivateKey

RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.

type PublicKey Uses

type PublicKey interface {
    // ID returns the id of the key used for lookup.
    ID() string
    // contains filtered or unexported methods
}

PublicKey is the public part of a cryptographic private/public key pair.

func DecodePublicKey Uses

func DecodePublicKey(pubKey []byte) (PublicKey, error)

DecodePublicKey deserializes a public key.

func RSAPublicKey Uses

func RSAPublicKey(pubKey *rsa.PublicKey) PublicKey

RSAPublicKey returns a database useable public key out of rsa.PublicKey.

type RODatabase Uses

type RODatabase interface {
    // IsTrustedAccount returns whether the account is part of the trusted set.
    IsTrustedAccount(accountID string) bool
    // Find an assertion based on arbitrary headers.
    // Provided headers must contain the primary key for the assertion type.
    // It returns a NotFoundError if the assertion cannot be found.
    Find(assertionType *AssertionType, headers map[string]string) (Assertion, error)
    // FindPredefined finds an assertion in the predefined sets
    // (trusted or not) based on arbitrary headers.  Provided
    // headers must contain the primary key for the assertion
    // type.  It returns a NotFoundError if the assertion cannot
    // be found.
    FindPredefined(assertionType *AssertionType, headers map[string]string) (Assertion, error)
    // FindTrusted finds an assertion in the trusted set based on
    // arbitrary headers.  Provided headers must contain the
    // primary key for the assertion type.  It returns a
    // NotFoundError if the assertion cannot be found.
    FindTrusted(assertionType *AssertionType, headers map[string]string) (Assertion, error)
    // FindMany finds assertions based on arbitrary headers.
    // It returns a NotFoundError if no assertion can be found.
    FindMany(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
    // FindManyPredefined finds assertions in the predefined sets
    // (trusted or not) based on arbitrary headers.  It returns a
    // NotFoundError if no assertion can be found.
    FindManyPredefined(assertionType *AssertionType, headers map[string]string) ([]Assertion, error)
    // Check tests whether the assertion is properly signed and consistent with all the stored knowledge.
    Check(assert Assertion) error
}

A RODatabase exposes read-only access to an assertion database.

type Ref Uses

type Ref struct {
    Type       *AssertionType
    PrimaryKey []string
}

Ref expresses a reference to an assertion.

func (*Ref) Resolve Uses

func (ref *Ref) Resolve(find func(assertType *AssertionType, headers map[string]string) (Assertion, error)) (Assertion, error)

Resolve resolves the reference using the given find function.

func (*Ref) String Uses

func (ref *Ref) String() string

func (*Ref) Unique Uses

func (ref *Ref) Unique() string

Unique returns a unique string representing the reference that can be used as a key in maps.

type Repair Uses

type Repair struct {
    // contains filtered or unexported fields
}

Repair holds an repair assertion which allows running repair code to fixup broken systems. It can be limited by series and models.

func (*Repair) Architectures Uses

func (r *Repair) Architectures() []string

Architectures returns the architectures that this assertions applies to.

func (*Repair) At Uses

func (ab *Repair) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Repair) AuthorityID Uses

func (ab *Repair) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Repair) Body Uses

func (ab *Repair) Body() []byte

Body returns the body of the assertion.

func (*Repair) BrandID Uses

func (r *Repair) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*Repair) Disabled Uses

func (r *Repair) Disabled() bool

Disabled returns true if the repair has been disabled.

func (*Repair) Format Uses

func (ab *Repair) Format() int

Format returns the assertion format iteration.

func (*Repair) Header Uses

func (ab *Repair) Header(name string) interface{}

Header returns the value of an header by name.

func (*Repair) HeaderString Uses

func (ab *Repair) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Repair) Headers Uses

func (ab *Repair) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Repair) Models Uses

func (r *Repair) Models() []string

Models returns the models that this assertion is valid for. It is a list of "brand-id/model-name" strings.

func (*Repair) Prerequisites Uses

func (ab *Repair) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Repair) Ref Uses

func (ab *Repair) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Repair) RepairID Uses

func (r *Repair) RepairID() int

RepairID returns the sequential id of the repair. There should be a public place to look up details about the repair by brand-id and repair-id. (e.g. the snapcraft forum).

func (*Repair) Revision Uses

func (ab *Repair) Revision() int

Revision returns the assertion revision.

func (*Repair) Sequence Uses

func (r *Repair) Sequence() int

Sequence implements SequenceMember, it returns the same as RepairID.

func (*Repair) Series Uses

func (r *Repair) Series() []string

Series returns the series that this assertion is valid for.

func (*Repair) SignKeyID Uses

func (ab *Repair) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Repair) Signature Uses

func (ab *Repair) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Repair) Summary Uses

func (r *Repair) Summary() string

Summary returns the mandatory summary description of the repair.

func (*Repair) SupportedFormat Uses

func (ab *Repair) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Repair) Timestamp Uses

func (r *Repair) Timestamp() time.Time

Timestamp returns the time when the repair was issued.

func (*Repair) Type Uses

func (ab *Repair) Type() *AssertionType

Type returns the assertion type.

type RevisionError Uses

type RevisionError struct {
    Used, Current int
}

RevisionError indicates a revision improperly used for an operation.

func (*RevisionError) Error Uses

func (e *RevisionError) Error() string

type SequenceMember Uses

type SequenceMember interface {
    Assertion

    // Sequence returns the sequence number of this assertion.
    Sequence() int
}

SequenceMember is implemented by assertions of sequence forming types.

type Serial Uses

type Serial struct {
    // contains filtered or unexported fields
}

Serial holds a serial assertion, which is a statement binding a device identity with the device public key.

func (*Serial) At Uses

func (ab *Serial) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Serial) AuthorityID Uses

func (ab *Serial) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Serial) Body Uses

func (ab *Serial) Body() []byte

Body returns the body of the assertion.

func (*Serial) BrandID Uses

func (ser *Serial) BrandID() string

BrandID returns the brand identifier of the device.

func (*Serial) DeviceKey Uses

func (ser *Serial) DeviceKey() PublicKey

DeviceKey returns the public key of the device.

func (*Serial) Format Uses

func (ab *Serial) Format() int

Format returns the assertion format iteration.

func (*Serial) Header Uses

func (ab *Serial) Header(name string) interface{}

Header returns the value of an header by name.

func (*Serial) HeaderString Uses

func (ab *Serial) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Serial) Headers Uses

func (ab *Serial) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Serial) Model Uses

func (ser *Serial) Model() string

Model returns the model name identifier of the device.

func (*Serial) Prerequisites Uses

func (ab *Serial) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*Serial) Ref Uses

func (ab *Serial) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Serial) Revision Uses

func (ab *Serial) Revision() int

Revision returns the assertion revision.

func (*Serial) Serial Uses

func (ser *Serial) Serial() string

Serial returns the serial identifier of the device, together with brand id and model they form the unique identifier of the device.

func (*Serial) SignKeyID Uses

func (ab *Serial) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Serial) Signature Uses

func (ab *Serial) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Serial) SupportedFormat Uses

func (ab *Serial) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Serial) Timestamp Uses

func (ser *Serial) Timestamp() time.Time

Timestamp returns the time when the serial assertion was issued.

func (*Serial) Type Uses

func (ab *Serial) Type() *AssertionType

Type returns the assertion type.

type SerialRequest Uses

type SerialRequest struct {
    // contains filtered or unexported fields
}

SerialRequest holds a serial-request assertion, which is a self-signed request to obtain a full device identity bound to the device public key.

func (*SerialRequest) At Uses

func (ab *SerialRequest) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SerialRequest) AuthorityID Uses

func (ab *SerialRequest) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SerialRequest) Body Uses

func (ab *SerialRequest) Body() []byte

Body returns the body of the assertion.

func (*SerialRequest) BrandID Uses

func (sreq *SerialRequest) BrandID() string

BrandID returns the brand identifier of the device making the request.

func (*SerialRequest) DeviceKey Uses

func (sreq *SerialRequest) DeviceKey() PublicKey

DeviceKey returns the public key of the device making the request.

func (*SerialRequest) Format Uses

func (ab *SerialRequest) Format() int

Format returns the assertion format iteration.

func (*SerialRequest) Header Uses

func (ab *SerialRequest) Header(name string) interface{}

Header returns the value of an header by name.

func (*SerialRequest) HeaderString Uses

func (ab *SerialRequest) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SerialRequest) Headers Uses

func (ab *SerialRequest) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SerialRequest) Model Uses

func (sreq *SerialRequest) Model() string

Model returns the model name identifier of the device making the request.

func (*SerialRequest) Prerequisites Uses

func (ab *SerialRequest) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SerialRequest) Ref Uses

func (ab *SerialRequest) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SerialRequest) RequestID Uses

func (sreq *SerialRequest) RequestID() string

RequestID returns the id for the request, obtained from and to be presented to the serial signing service.

func (*SerialRequest) Revision Uses

func (ab *SerialRequest) Revision() int

Revision returns the assertion revision.

func (*SerialRequest) Serial Uses

func (sreq *SerialRequest) Serial() string

Serial returns the optional proposed serial identifier for the device, the service taking the request might use it or ignore it.

func (*SerialRequest) SignKeyID Uses

func (ab *SerialRequest) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SerialRequest) Signature Uses

func (ab *SerialRequest) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SerialRequest) SupportedFormat Uses

func (ab *SerialRequest) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SerialRequest) Type Uses

func (ab *SerialRequest) Type() *AssertionType

Type returns the assertion type.

type SideArityConstraint Uses

type SideArityConstraint struct {
    // N can be:
    // =>1
    // 0 means default and is used only internally during rule
    // compilation or on deny- rules where these constraints are
    // not applicable
    // -1 represents *, that means any (number of)
    N int
}

SideArityConstraint specifies a constraint for the overall arity of the set of connected slots for a given plug or the set of connected plugs for a given slot. It is used to express parsed slots-per-plug and plugs-per-slot constraints. See https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-plugs/12438

func (SideArityConstraint) Any Uses

func (ac SideArityConstraint) Any() bool

Any returns whether this represents the * (any number of) constraint.

type SlotConnectionConstraints Uses

type SlotConnectionConstraints struct {
    PlugSnapTypes    []string
    PlugSnapIDs      []string
    PlugPublisherIDs []string

    SlotNames *NameConstraints
    PlugNames *NameConstraints

    SlotAttributes *AttributeConstraints
    PlugAttributes *AttributeConstraints

    // SlotsPerPlug defaults to 1 for auto-connection, can be * (any)
    SlotsPerPlug SideArityConstraint
    // PlugsPerSlot is always * (any) (for now)
    PlugsPerSlot SideArityConstraint

    OnClassic *OnClassicConstraint

    DeviceScope *DeviceScopeConstraint
}

SlotConnectionConstraints specfies a set of constraints on an interface slot for a snap relevant to its connection or auto-connection.

type SlotInstallationConstraints Uses

type SlotInstallationConstraints struct {
    SlotSnapTypes []string

    SlotNames *NameConstraints

    SlotAttributes *AttributeConstraints

    OnClassic *OnClassicConstraint

    DeviceScope *DeviceScopeConstraint
}

SlotInstallationConstraints specifies a set of constraints on an interface slot relevant to the installation of snap.

type SlotRule Uses

type SlotRule struct {
    Interface string

    AllowInstallation []*SlotInstallationConstraints
    DenyInstallation  []*SlotInstallationConstraints

    AllowConnection []*SlotConnectionConstraints
    DenyConnection  []*SlotConnectionConstraints

    AllowAutoConnection []*SlotConnectionConstraints
    DenyAutoConnection  []*SlotConnectionConstraints
}

SlotRule holds the rule of what is allowed, wrt installation and connection, for a slot of a specific interface for a snap.

type SnapBuild Uses

type SnapBuild struct {
    // contains filtered or unexported fields
}

SnapBuild holds a snap-build assertion, asserting the properties of a snap at the time it was built by the developer.

func (*SnapBuild) At Uses

func (ab *SnapBuild) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapBuild) AuthorityID Uses

func (ab *SnapBuild) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapBuild) Body Uses

func (ab *SnapBuild) Body() []byte

Body returns the body of the assertion.

func (*SnapBuild) Format Uses

func (ab *SnapBuild) Format() int

Format returns the assertion format iteration.

func (*SnapBuild) Grade Uses

func (snapbld *SnapBuild) Grade() string

Grade returns the grade of the snap: devel|stable

func (*SnapBuild) Header Uses

func (ab *SnapBuild) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapBuild) HeaderString Uses

func (ab *SnapBuild) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapBuild) Headers Uses

func (ab *SnapBuild) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapBuild) Prerequisites Uses

func (ab *SnapBuild) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SnapBuild) Ref Uses

func (ab *SnapBuild) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapBuild) Revision Uses

func (ab *SnapBuild) Revision() int

Revision returns the assertion revision.

func (*SnapBuild) SignKeyID Uses

func (ab *SnapBuild) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapBuild) Signature Uses

func (ab *SnapBuild) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapBuild) SnapID Uses

func (snapbld *SnapBuild) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapBuild) SnapSHA3_384 Uses

func (snapbld *SnapBuild) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapBuild) SnapSize Uses

func (snapbld *SnapBuild) SnapSize() uint64

SnapSize returns the size of the snap.

func (*SnapBuild) SupportedFormat Uses

func (ab *SnapBuild) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapBuild) Timestamp Uses

func (snapbld *SnapBuild) Timestamp() time.Time

Timestamp returns the time when the snap-build assertion was created.

func (*SnapBuild) Type Uses

func (ab *SnapBuild) Type() *AssertionType

Type returns the assertion type.

type SnapDeclaration Uses

type SnapDeclaration struct {
    // contains filtered or unexported fields
}

SnapDeclaration holds a snap-declaration assertion, declaring a snap binding its identifying snap-id to a name, asserting its publisher and its other properties.

func (*SnapDeclaration) Aliases Uses

func (snapdcl *SnapDeclaration) Aliases() map[string]string

Aliases returns the optional explicit aliases granted to this snap.

func (*SnapDeclaration) At Uses

func (ab *SnapDeclaration) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapDeclaration) AuthorityID Uses

func (ab *SnapDeclaration) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeclaration) AutoAliases Uses

func (snapdcl *SnapDeclaration) AutoAliases() []string

AutoAliases returns the optional auto-aliases granted to this snap. XXX: deprecated, will go away

func (*SnapDeclaration) Body Uses

func (ab *SnapDeclaration) Body() []byte

Body returns the body of the assertion.

func (*SnapDeclaration) Format Uses

func (ab *SnapDeclaration) Format() int

Format returns the assertion format iteration.

func (*SnapDeclaration) Header Uses

func (ab *SnapDeclaration) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeclaration) HeaderString Uses

func (ab *SnapDeclaration) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeclaration) Headers Uses

func (ab *SnapDeclaration) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeclaration) PlugRule Uses

func (snapdcl *SnapDeclaration) PlugRule(interfaceName string) *PlugRule

PlugRule returns the plug-side rule about the given interface if one was included in the plugs stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) Prerequisites Uses

func (snapdcl *SnapDeclaration) Prerequisites() []*Ref

Prerequisites returns references to this snap-declaration's prerequisite assertions.

func (*SnapDeclaration) PublisherID Uses

func (snapdcl *SnapDeclaration) PublisherID() string

PublisherID returns the identifier of the publisher of the declared snap.

func (*SnapDeclaration) Ref Uses

func (ab *SnapDeclaration) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeclaration) RefreshControl Uses

func (snapdcl *SnapDeclaration) RefreshControl() []string

RefreshControl returns the ids of snaps whose updates are controlled by this declaration.

func (*SnapDeclaration) Revision Uses

func (ab *SnapDeclaration) Revision() int

Revision returns the assertion revision.

func (*SnapDeclaration) Series Uses

func (snapdcl *SnapDeclaration) Series() string

Series returns the series for which the snap is being declared.

func (*SnapDeclaration) SignKeyID Uses

func (ab *SnapDeclaration) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeclaration) Signature Uses

func (ab *SnapDeclaration) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeclaration) SlotRule Uses

func (snapdcl *SnapDeclaration) SlotRule(interfaceName string) *SlotRule

SlotRule returns the slot-side rule about the given interface if one was included in the slots stanza of the declaration, otherwise it returns nil.

func (*SnapDeclaration) SnapID Uses

func (snapdcl *SnapDeclaration) SnapID() string

SnapID returns the snap id of the declared snap.

func (*SnapDeclaration) SnapName Uses

func (snapdcl *SnapDeclaration) SnapName() string

SnapName returns the declared snap name.

func (*SnapDeclaration) SupportedFormat Uses

func (ab *SnapDeclaration) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeclaration) Timestamp Uses

func (snapdcl *SnapDeclaration) Timestamp() time.Time

Timestamp returns the time when the snap-declaration was issued.

func (*SnapDeclaration) Type Uses

func (ab *SnapDeclaration) Type() *AssertionType

Type returns the assertion type.

type SnapDeveloper Uses

type SnapDeveloper struct {
    // contains filtered or unexported fields
}

SnapDeveloper holds a snap-developer assertion, defining the developers who can collaborate on a snap while it's owned by a specific publisher.

The primary key (snap-id, publisher-id) allows a snap to have many snap-developer assertions, e.g. to allow a future publisher's collaborations to be defined before the snap is transferred. However only the snap-developer for the current publisher (the snap-declaration publisher-id) is relevant to a device.

func (*SnapDeveloper) At Uses

func (ab *SnapDeveloper) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapDeveloper) AuthorityID Uses

func (ab *SnapDeveloper) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapDeveloper) Body Uses

func (ab *SnapDeveloper) Body() []byte

Body returns the body of the assertion.

func (*SnapDeveloper) Format Uses

func (ab *SnapDeveloper) Format() int

Format returns the assertion format iteration.

func (*SnapDeveloper) Header Uses

func (ab *SnapDeveloper) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapDeveloper) HeaderString Uses

func (ab *SnapDeveloper) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapDeveloper) Headers Uses

func (ab *SnapDeveloper) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapDeveloper) Prerequisites Uses

func (snapdev *SnapDeveloper) Prerequisites() []*Ref

Prerequisites returns references to this snap-developer's prerequisite assertions.

func (*SnapDeveloper) PublisherID Uses

func (snapdev *SnapDeveloper) PublisherID() string

PublisherID returns the publisher's account id.

func (*SnapDeveloper) Ref Uses

func (ab *SnapDeveloper) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapDeveloper) Revision Uses

func (ab *SnapDeveloper) Revision() int

Revision returns the assertion revision.

func (*SnapDeveloper) SignKeyID Uses

func (ab *SnapDeveloper) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapDeveloper) Signature Uses

func (ab *SnapDeveloper) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapDeveloper) SnapID Uses

func (snapdev *SnapDeveloper) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapDeveloper) SupportedFormat Uses

func (ab *SnapDeveloper) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapDeveloper) Type Uses

func (ab *SnapDeveloper) Type() *AssertionType

Type returns the assertion type.

type SnapRevision Uses

type SnapRevision struct {
    // contains filtered or unexported fields
}

SnapRevision holds a snap-revision assertion, which is a statement by the store acknowledging the receipt of a build of a snap and labeling it with a snap revision.

func (*SnapRevision) At Uses

func (ab *SnapRevision) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SnapRevision) AuthorityID Uses

func (ab *SnapRevision) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapRevision) Body Uses

func (ab *SnapRevision) Body() []byte

Body returns the body of the assertion.

func (*SnapRevision) DeveloperID Uses

func (snaprev *SnapRevision) DeveloperID() string

DeveloperID returns the id of the developer that submitted this build of the snap.

func (*SnapRevision) Format Uses

func (ab *SnapRevision) Format() int

Format returns the assertion format iteration.

func (*SnapRevision) Header Uses

func (ab *SnapRevision) Header(name string) interface{}

Header returns the value of an header by name.

func (*SnapRevision) HeaderString Uses

func (ab *SnapRevision) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SnapRevision) Headers Uses

func (ab *SnapRevision) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SnapRevision) Prerequisites Uses

func (snaprev *SnapRevision) Prerequisites() []*Ref

Prerequisites returns references to this snap-revision's prerequisite assertions.

func (*SnapRevision) Ref Uses

func (ab *SnapRevision) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SnapRevision) Revision Uses

func (ab *SnapRevision) Revision() int

Revision returns the assertion revision.

func (*SnapRevision) SignKeyID Uses

func (ab *SnapRevision) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SnapRevision) Signature Uses

func (ab *SnapRevision) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapRevision) SnapID Uses

func (snaprev *SnapRevision) SnapID() string

SnapID returns the snap id of the snap.

func (*SnapRevision) SnapRevision Uses

func (snaprev *SnapRevision) SnapRevision() int

SnapRevision returns the revision assigned to this build of the snap.

func (*SnapRevision) SnapSHA3_384 Uses

func (snaprev *SnapRevision) SnapSHA3_384() string

SnapSHA3_384 returns the SHA3-384 digest of the snap.

func (*SnapRevision) SnapSize Uses

func (snaprev *SnapRevision) SnapSize() uint64

SnapSize returns the size in bytes of the snap submitted to the store.

func (*SnapRevision) SupportedFormat Uses

func (ab *SnapRevision) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SnapRevision) Timestamp Uses

func (snaprev *SnapRevision) Timestamp() time.Time

Timestamp returns the time when the snap-revision was issued.

func (*SnapRevision) Type Uses

func (ab *SnapRevision) Type() *AssertionType

Type returns the assertion type.

type StorageSafety Uses

type StorageSafety string

StorageSafety characterizes the requested storage safety of the model which then controls what encryption is used

const (
    StorageSafetyUnset StorageSafety = "unset"
    // StorageSafetyEncrypted implies mandatory full disk encryption.
    StorageSafetyEncrypted StorageSafety = "encrypted"
    // StorageSafetyPreferEncrypted implies full disk
    // encryption when the system supports it.
    StorageSafetyPreferEncrypted StorageSafety = "prefer-encrypted"
    // StorageSafetyPreferUnencrypted implies no full disk
    // encryption by default even if the system supports
    // encryption.
    StorageSafetyPreferUnencrypted StorageSafety = "prefer-unencrypted"
)

type Store Uses

type Store struct {
    // contains filtered or unexported fields
}

Store holds a store assertion, defining the configuration needed to connect a device to the store or relative to a non-default store.

func (*Store) At Uses

func (ab *Store) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Store) AuthorityID Uses

func (ab *Store) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Store) Body Uses

func (ab *Store) Body() []byte

Body returns the body of the assertion.

func (*Store) Format Uses

func (ab *Store) Format() int

Format returns the assertion format iteration.

func (*Store) FriendlyStores Uses

func (store *Store) FriendlyStores() []string

FriendlyStores returns stores holding snaps that are also exposed through this one.

func (*Store) Header Uses

func (ab *Store) Header(name string) interface{}

Header returns the value of an header by name.

func (*Store) HeaderString Uses

func (ab *Store) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Store) Headers Uses

func (ab *Store) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Store) Location Uses

func (store *Store) Location() string

Location returns a summary of the store's location/purpose.

func (*Store) OperatorID Uses

func (store *Store) OperatorID() string

OperatorID returns the account id of the store's operator.

func (*Store) Prerequisites Uses

func (store *Store) Prerequisites() []*Ref

Prerequisites returns references to this store's prerequisite assertions.

func (*Store) Ref Uses

func (ab *Store) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Store) Revision Uses

func (ab *Store) Revision() int

Revision returns the assertion revision.

func (*Store) SignKeyID Uses

func (ab *Store) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Store) Signature Uses

func (ab *Store) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Store) Store Uses

func (store *Store) Store() string

Store returns the identifying name of the operator's store.

func (*Store) SupportedFormat Uses

func (ab *Store) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Store) Timestamp Uses

func (store *Store) Timestamp() time.Time

Timestamp returns the time when the store assertion was issued.

func (*Store) Type Uses

func (ab *Store) Type() *AssertionType

Type returns the assertion type.

func (*Store) URL Uses

func (store *Store) URL() *url.URL

URL returns the URL of the store's API.

type SystemUser Uses

type SystemUser struct {
    // contains filtered or unexported fields
}

SystemUser holds a system-user assertion which allows creating local system users.

func (*SystemUser) At Uses

func (ab *SystemUser) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*SystemUser) AuthorityID Uses

func (ab *SystemUser) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SystemUser) Body Uses

func (ab *SystemUser) Body() []byte

Body returns the body of the assertion.

func (*SystemUser) BrandID Uses

func (su *SystemUser) BrandID() string

BrandID returns the brand identifier that signed this assertion.

func (*SystemUser) Email Uses

func (su *SystemUser) Email() string

Email returns the email address that this assertion is valid for.

func (*SystemUser) ForcePasswordChange Uses

func (su *SystemUser) ForcePasswordChange() bool

ForcePasswordChange returns true if the user needs to change the password after the first login.

func (*SystemUser) Format Uses

func (ab *SystemUser) Format() int

Format returns the assertion format iteration.

func (*SystemUser) Header Uses

func (ab *SystemUser) Header(name string) interface{}

Header returns the value of an header by name.

func (*SystemUser) HeaderString Uses

func (ab *SystemUser) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*SystemUser) Headers Uses

func (ab *SystemUser) Headers() map[string]interface{}

Headers returns the complete headers.

func (*SystemUser) Models Uses

func (su *SystemUser) Models() []string

Models returns the models that this assertion is valid for.

func (*SystemUser) Name Uses

func (su *SystemUser) Name() string

Name returns the full name of the user (e.g. Random Guy).

func (*SystemUser) Password Uses

func (su *SystemUser) Password() string

Password returns the crypt(3) compatible password for the user. Note that only ID: $6$ or stronger is supported (sha512crypt).

func (*SystemUser) Prerequisites Uses

func (ab *SystemUser) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*SystemUser) Ref Uses

func (ab *SystemUser) Ref() *Ref

Ref returns a reference representing this assertion.

func (*SystemUser) Revision Uses

func (ab *SystemUser) Revision() int

Revision returns the assertion revision.

func (*SystemUser) SSHKeys Uses

func (su *SystemUser) SSHKeys() []string

SSHKeys returns the ssh keys for the user.

func (*SystemUser) Serials Uses

func (su *SystemUser) Serials() []string

Serials returns the serials that this assertion is valid for.

func (*SystemUser) Series Uses

func (su *SystemUser) Series() []string

Series returns the series that this assertion is valid for.

func (*SystemUser) SignKeyID Uses

func (ab *SystemUser) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*SystemUser) Signature Uses

func (ab *SystemUser) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SystemUser) Since Uses

func (su *SystemUser) Since() time.Time

Since returns the time since the assertion is valid.

func (*SystemUser) SupportedFormat Uses

func (ab *SystemUser) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*SystemUser) Type Uses

func (ab *SystemUser) Type() *AssertionType

Type returns the assertion type.

func (*SystemUser) Until Uses

func (su *SystemUser) Until() time.Time

Until returns the time until the assertion is valid.

func (*SystemUser) Username Uses

func (su *SystemUser) Username() string

Username returns the system user name that should be created (e.g. "foo").

func (*SystemUser) ValidAt Uses

func (su *SystemUser) ValidAt(when time.Time) bool

ValidAt returns whether the system-user is valid at 'when' time.

type UnsupportedFormatError Uses

type UnsupportedFormatError struct {
    Ref    *Ref
    Format int
    // Update marks there was already a current revision of the assertion and it has been kept.
    Update bool
}

UnsupportedFormatError indicates an assertion with a format iteration not yet supported by the present version of asserts.

func (*UnsupportedFormatError) Error Uses

func (e *UnsupportedFormatError) Error() string

type Validation Uses

type Validation struct {
    // contains filtered or unexported fields
}

Validation holds a validation assertion, describing that a combination of (snap-id, approved-snap-id, approved-revision) has been validated for the series, meaning updating to that revision of approved-snap-id has been approved by the owner of the gating snap with snap-id.

func (*Validation) ApprovedSnapID Uses

func (validation *Validation) ApprovedSnapID() string

ApprovedSnapID returns the ID of the gated snap.

func (*Validation) ApprovedSnapRevision Uses

func (validation *Validation) ApprovedSnapRevision() int

ApprovedSnapRevision returns the approved revision of the gated snap.

func (*Validation) At Uses

func (ab *Validation) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*Validation) AuthorityID Uses

func (ab *Validation) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*Validation) Body Uses

func (ab *Validation) Body() []byte

Body returns the body of the assertion.

func (*Validation) Format Uses

func (ab *Validation) Format() int

Format returns the assertion format iteration.

func (*Validation) Header Uses

func (ab *Validation) Header(name string) interface{}

Header returns the value of an header by name.

func (*Validation) HeaderString Uses

func (ab *Validation) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*Validation) Headers Uses

func (ab *Validation) Headers() map[string]interface{}

Headers returns the complete headers.

func (*Validation) Prerequisites Uses

func (validation *Validation) Prerequisites() []*Ref

Prerequisites returns references to this validation's prerequisite assertions.

func (*Validation) Ref Uses

func (ab *Validation) Ref() *Ref

Ref returns a reference representing this assertion.

func (*Validation) Revision Uses

func (ab *Validation) Revision() int

Revision returns the assertion revision.

func (*Validation) Revoked Uses

func (validation *Validation) Revoked() bool

Revoked returns true if the validation has been revoked.

func (*Validation) Series Uses

func (validation *Validation) Series() string

Series returns the series for which the validation holds.

func (*Validation) SignKeyID Uses

func (ab *Validation) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*Validation) Signature Uses

func (ab *Validation) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*Validation) SnapID Uses

func (validation *Validation) SnapID() string

SnapID returns the ID of the gating snap.

func (*Validation) SupportedFormat Uses

func (ab *Validation) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*Validation) Timestamp Uses

func (validation *Validation) Timestamp() time.Time

Timestamp returns the time when the validation was issued.

func (*Validation) Type Uses

func (ab *Validation) Type() *AssertionType

Type returns the assertion type.

type ValidationSet Uses

type ValidationSet struct {
    // contains filtered or unexported fields
}

ValidationSet holds a validation-set assertion, which is a statement by an account about a set snaps and possibly revisions for which an extrinsic/implied property is valid (e.g. they work well together). validation-sets are organized in sequences under a name.

func (*ValidationSet) AccountID Uses

func (vs *ValidationSet) AccountID() string

AccountID returns the identifier of the account that signed this assertion.

func (*ValidationSet) At Uses

func (ab *ValidationSet) At() *AtRevision

At returns an AtRevision referencing this assertion at its revision.

func (*ValidationSet) AuthorityID Uses

func (ab *ValidationSet) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*ValidationSet) Body Uses

func (ab *ValidationSet) Body() []byte

Body returns the body of the assertion.

func (*ValidationSet) Format Uses

func (ab *ValidationSet) Format() int

Format returns the assertion format iteration.

func (*ValidationSet) Header Uses

func (ab *ValidationSet) Header(name string) interface{}

Header returns the value of an header by name.

func (*ValidationSet) HeaderString Uses

func (ab *ValidationSet) HeaderString(name string) string

HeaderString retrieves the string value of header with name or ""

func (*ValidationSet) Headers Uses

func (ab *ValidationSet) Headers() map[string]interface{}

Headers returns the complete headers.

func (*ValidationSet) Name Uses

func (vs *ValidationSet) Name() string

Name returns the name under which the validation-set is organized.

func (*ValidationSet) Prerequisites Uses

func (ab *ValidationSet) Prerequisites() []*Ref

Prerequisites returns references to the prerequisite assertions for the validity of this one.

func (*ValidationSet) Ref Uses

func (ab *ValidationSet) Ref() *Ref

Ref returns a reference representing this assertion.

func (*ValidationSet) Revision Uses

func (ab *ValidationSet) Revision() int

Revision returns the assertion revision.

func (*ValidationSet) Sequence Uses

func (vs *ValidationSet) Sequence() int

Sequence returns the sequential number of the validation-set in its named sequence.

func (*ValidationSet) Series Uses

func (vs *ValidationSet) Series() string

Series returns the series for which the snap in the set are declared.

func (*ValidationSet) SignKeyID Uses

func (ab *ValidationSet) SignKeyID() string

SignKeyID returns the key id for the key that signed this assertion.

func (*ValidationSet) Signature Uses

func (ab *ValidationSet) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*ValidationSet) Snaps Uses

func (vs *ValidationSet) Snaps() []*ValidationSetSnap

Snaps returns the constrained snaps by the validation-set.

func (*ValidationSet) SupportedFormat Uses

func (ab *ValidationSet) SupportedFormat() bool

SupportedFormat returns whether the assertion uses a supported format iteration. If false the assertion might have been only partially parsed.

func (*ValidationSet) Timestamp Uses

func (vs *ValidationSet) Timestamp() time.Time

Timestamp returns the time when the validation-set was issued.

func (*ValidationSet) Type Uses

func (ab *ValidationSet) Type() *AssertionType

Type returns the assertion type.

type ValidationSetSnap Uses

type ValidationSetSnap struct {
    Name   string
    SnapID string

    Presence Presence

    Revision int
}

ValidationSetSnap holds the details about a snap constrained by a validation-set assertion.

func (*ValidationSetSnap) ID Uses

func (s *ValidationSetSnap) ID() string

ID implements naming.SnapRef.

func (*ValidationSetSnap) SnapName Uses

func (s *ValidationSetSnap) SnapName() string

SnapName implements naming.SnapRef.

Directories

PathSynopsis
assertstestPackage assertstest provides helpers for testing code that involves assertions.
internal
signtoolPackage signtool offers tooling to sign assertions.
snapassertsPackage snapasserts offers helpers to handle snap related assertions and their checking for installation.
sysdbPackage sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.
systestkeysPackage systestkeys defines trusted assertions and keys to use in tests.

Package asserts imports 34 packages (graph) and is imported by 389 packages. Updated 2020-11-28. Refresh now. Tools for package owners.