snapd icon indicating copy to clipboard operation
snapd copied to clipboard
verified publisher icon snapcore

snap/integrity: new API

Open sespiros opened this issue 1 year ago • 6 comments

This is rebased on top of https://github.com/canonical/snapd/pull/14871.

Jira: https://warthogs.atlassian.net/browse/FR-9881

sespiros avatar Dec 17 '24 23:12 sespiros

Tue Mar 4 16:55:51 UTC 2025 The following results are from: https://github.com/canonical/snapd/actions/runs/13261879078

Failures:

Preparing:

  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64

Executing:

  • openstack:debian-sid-64:tests/unit/go:gcc
  • openstack:debian-sid-64:tests/unit/go:clang
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-required-or-optional
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-self-manage
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups:kmsg
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-helper
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups:uinput
  • google:ubuntu-25.04-64:tests/main/cgroup-devices-v2
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-serial-port

Restoring:

  • openstack:debian-sid-64:tests/unit/
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • openstack:opensuse-tumbleweed-64
  • google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced

github-actions[bot] avatar Jan 15 '25 12:01 github-actions[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Please upload report for BASE (master@953a5d8). Learn more about missing BASE report. Report is 350 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #14872   +/-   ##
=========================================
  Coverage          ?   78.15%           
=========================================
  Files             ?     1178           
  Lines             ?   157253           
  Branches          ?        0           
=========================================
  Hits              ?   122897           
  Misses            ?    26737           
  Partials          ?     7619
Flag Coverage Δ
unittests 78.15% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jan 24 '25 14:01 codecov[bot]

  1. change unasserted to unexpected. Wrap these in a new error type. Filter the error type on the calling site to append/prepend context information.
  2. split the verification in a separate function such as VerifyData(integrityData asserts SnapIntegrityData) error

A 3rd approach is to pass the assertion to the function as it is but rename it as LookupVerifyDataAndCrossCheck ?

I'm fine kind of fine with any of approaches, it depends whether we have use cases where we do not want to cross-check, otherwise the last might be the simplest?

pedronis avatar Jan 31 '25 08:01 pedronis

  1. change unasserted to unexpected. Wrap these in a new error type. Filter the error type on the calling site to append/prepend context information.
  2. split the verification in a separate function such as VerifyData(integrityData asserts SnapIntegrityData) error

A 3rd approach is to pass the assertion to the function as it is but rename it as LookupVerifyDataAndCrossCheck ?

I'm fine kind of fine with any of approaches, it depends whether we have use cases where we do not want to cross-check, otherwise the last might be the simplest?

@pedronis I pushed a commit:

  1. stopped exporting veritySuperBlock.Validate() which will now be called as part of ReadSuperBlock(). Now all expected superblock validation errors will be thrown by ReadSuperBlock().

  2. renamed LookupDmVerityData to LookupDmVerityDataAndCrossCheck.

  3. created 2 error types ErrDmVerityDataNotFound and ErrUnexpectedDmVerityData.

    1. If ErrDmVerityDataNotFound, snap-bootstrap will use this to make a decision about whether to generate data (default behavior for install mode).
    2. If ErrUnexpectedDmVerityData, snap-bootstrap will wrap the error with extra context such as "dm-verity data found on disk don't match assertion".
    3. All other errors will be forwarded.

sespiros avatar Feb 04 '25 14:02 sespiros

Hi @sespiros, I see some spread unit test failures relates to your work. image

For this reason, in the interest of time rather moving to 2.69

ernestl avatar Feb 11 '25 10:02 ernestl

Hi @ernestl, it's weird I didn't hit this locally. I pushed a fix and will monitor the spread tests more closely.

Edit: It seems that multiple error wrapping is a feature of Go 1.20 https://github.com/golang/go/issues/53435.

sespiros avatar Feb 11 '25 11:02 sespiros