Skip to content

Commit

Permalink
multiple: remove dm-verity support from snap pack
Browse files Browse the repository at this point in the history
Under the new design, generating dm-verity data via `snap pack` is
not needed as support for integrity data was simplified and there is
no extra logic or separate header anymore.
  • Loading branch information
sespiros committed Dec 17, 2024
1 parent d916b68 commit a64d219
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 159 deletions.
17 changes: 4 additions & 13 deletions cmd/snap/cmd_pack.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,10 @@ import (
)

type packCmd struct {
CheckSkeleton bool `long:"check-skeleton"`
AppendVerity bool `long:"append-integrity-data" hidden:"yes"`
Filename string `long:"filename"`
Compression string `long:"compression"`
Positional struct {
CheckSkeleton bool `long:"check-skeleton"`
Filename string `long:"filename"`
Compression string `long:"compression"`
Positional struct {
SnapDir string `positional-arg-name:"<snap-dir>"`
TargetDir string `positional-arg-name:"<target-dir>"`
} `positional-args:"yes"`
Expand All @@ -63,11 +62,6 @@ valid snap metadata and raises an error otherwise. Application commands listed
in snap metadata file, but appearing with incorrect permission bits result in an
error. Commands that are missing from snap-dir are listed in diagnostic
messages.`,

/*
When used with --append-integrity-data, pack will append dm-verity data at the end
of the snap to be used with snapd's snap integrity verification mechanism.
*/
)

func init() {
Expand All @@ -83,8 +77,6 @@ func init() {
"filename": i18n.G("Output to this filename"),
// TRANSLATORS: This should not start with a lowercase letter.
"compression": i18n.G("Compression to use (e.g. xz or lzo)"),
// TRANSLATORS: This should not start with a lowercase letter.
"append-integrity-data": i18n.G("Generate and append dm-verity data"),
}, nil)
cmd.extra = func(cmd *flags.Command) {
// TRANSLATORS: this describes the default filename for a snap, e.g. core_16-2.35.2_amd64.snap
Expand Down Expand Up @@ -120,7 +112,6 @@ func (x *packCmd) Execute([]string) error {
TargetDir: x.Positional.TargetDir,
SnapName: x.Filename,
Compression: x.Compression,
Integrity: x.AppendVerity,
})
if err != nil {
// TRANSLATORS: the %q is the snap-dir (the first positional
Expand Down
45 changes: 0 additions & 45 deletions cmd/snap/cmd_pack_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,12 @@ package main_test
import (
"fmt"
"os"
"path"
"path/filepath"

"gopkg.in/check.v1"

snaprun "github.com/snapcore/snapd/cmd/snap"
"github.com/snapcore/snapd/logger"
"github.com/snapcore/snapd/testutil"
)

const packSnapYaml = `name: hello
Expand Down Expand Up @@ -156,49 +154,6 @@ func (s *SnapSuite) TestPackPacksASnapWithCompressionUnhappy(c *check.C) {
}
}

func (s *SnapSuite) TestPackPacksASnapWithIntegrityHappy(c *check.C) {
snapDir := makeSnapDirForPack(c, "name: hello\nversion: 1.0")

// mock the verity-setup command, what it does is make a copy of the snap
// and then returns pre-calculated output
vscmd := testutil.MockCommand(c, "veritysetup", fmt.Sprintf(`
case "$1" in
--version)
echo "veritysetup 2.2.6"
exit 0
;;
format)
cp %[1]s/hello_1.0_all.snap %[1]s/hello_1.0_all.snap.verity
echo "VERITY header information for %[1]s/hello_1.0_all.snap.verity"
echo "UUID: 8f6dcdd2-9426-49d8-9879-a5c87fc78c15"
echo "Hash type: 1"
echo "Data blocks: 1"
echo "Data block size: 4096"
echo "Hash block size: 4096"
echo "Hash algorithm: sha256"
echo "Salt: 06d01a87b298b6855b6a3a1b32450deba4550417cbec2bb21a38d6dda24a1b53"
echo "Root hash: 306398e250a950ea1cbfceda608ee4585f053323251b08b7ed3f004740e91ba5"
;;
esac
`, snapDir))
defer vscmd.Restore()

_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"pack", "--append-integrity-data", snapDir, snapDir})
c.Assert(err, check.IsNil)

snapOriginal := path.Join(snapDir, "hello_1.0_all.snap")
snapVerity := snapOriginal + ".verity"
c.Assert(vscmd.Calls(), check.HasLen, 2)
c.Check(vscmd.Calls()[0], check.DeepEquals, []string{"veritysetup", "--version"})
c.Check(vscmd.Calls()[1], check.DeepEquals, []string{"veritysetup", "format", snapOriginal, snapVerity})

matches, err := filepath.Glob(snapDir + "/hello*.snap")
c.Assert(err, check.IsNil)
c.Assert(matches, check.HasLen, 1)
err = os.Remove(matches[0])
c.Assert(err, check.IsNil)
}

func (s *SnapSuite) TestPackComponentHappy(c *check.C) {
const compYaml = `component: snap+comp
version: 12a
Expand Down
10 changes: 0 additions & 10 deletions snap/pack/pack.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ import (
"github.com/snapcore/snapd/kernel"
"github.com/snapcore/snapd/logger"
"github.com/snapcore/snapd/snap"
"github.com/snapcore/snapd/snap/integrity"
"github.com/snapcore/snapd/snap/snapdir"
"github.com/snapcore/snapd/snap/squashfs"
)
Expand Down Expand Up @@ -192,8 +191,6 @@ type Options struct {
SnapName string
// Compression method to use
Compression string
// Integrity requests appending integrity data to the snap when set
Integrity bool
}

var Defaults *Options = nil
Expand Down Expand Up @@ -283,13 +280,6 @@ func mksquashfs(sourceDir, fName, snapType string, opts *Options) error {
return err
}

if opts.Integrity {
err := integrity.GenerateAndAppend(fName)
if err != nil {
return err
}
}

return nil
}

Expand Down
91 changes: 0 additions & 91 deletions snap/pack/pack_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,11 @@ package pack_test

import (
"bytes"
"encoding/json"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
"regexp"
"strconv"
"strings"
"testing"

Expand All @@ -39,7 +36,6 @@ import (
// for SanitizePlugsSlots
_ "github.com/snapcore/snapd/interfaces/builtin"
"github.com/snapcore/snapd/snap"
"github.com/snapcore/snapd/snap/integrity"
"github.com/snapcore/snapd/snap/pack"
"github.com/snapcore/snapd/snap/squashfs"
"github.com/snapcore/snapd/testutil"
Expand Down Expand Up @@ -585,90 +581,3 @@ func (s *packSuite) TestPackWithCompressionUnhappy(c *C) {
c.Assert(snapfile, Equals, "")
}
}

func (s *packSuite) TestPackWithIntegrity(c *C) {
sourceDir := makeExampleSnapSourceDir(c, "{name: hello, version: 0}")
targetDir := c.MkDir()

// 8192 is the hash size that is created when running 'veritysetup format'
// on a minimally sized snap. there is not an easy way to calculate this
// value dynamically.
const verityHashSize = 8192

// mock the verity-setup command, what it does is make a copy of the snap
// and then returns pre-calculated output
vscmd := testutil.MockCommand(c, "veritysetup", fmt.Sprintf(`
case "$1" in
--version)
echo "veritysetup 2.2.6"
exit 0
;;
format)
truncate -s %[1]d %[2]s/hello_0_all.snap.verity
echo "VERITY header information for %[2]s/hello_0_all.snap.verity"
echo "UUID: 606d10a2-24d8-4c6b-90cf-68207aa7c850"
echo "Hash type: 1"
echo "Data blocks: 4"
echo "Data block size: 4096"
echo "Hash block size: 4096"
echo "Hash algorithm: sha256"
echo "Salt: eba61f2091bb6122226aef83b0d6c1623f095fc1fda5712d652a8b34a02024ea"
echo "Root hash: 3fbfef5f1f0214d727d03eebc4723b8ef5a34740fd8f1359783cff1ef9c3f334"
;;
esac
`, verityHashSize, targetDir))
defer vscmd.Restore()

snapPath, err := pack.Pack(sourceDir, &pack.Options{
TargetDir: targetDir,
Integrity: true,
})
c.Assert(err, IsNil)
c.Check(snapPath, testutil.FilePresent)
c.Assert(vscmd.Calls(), HasLen, 2)
c.Check(vscmd.Calls()[0], DeepEquals, []string{"veritysetup", "--version"})
c.Check(vscmd.Calls()[1], DeepEquals, []string{"veritysetup", "format", snapPath, snapPath + ".verity"})

magic := []byte{'s', 'n', 'a', 'p', 'e', 'x', 't'}

snapFile, err := os.Open(snapPath)
c.Assert(err, IsNil)
defer snapFile.Close()

fi, err := snapFile.Stat()
c.Assert(err, IsNil)

integrityStartOffset := squashfs.MinimumSnapSize
if fi.Size() > int64(65536) {
// on openSUSE, the squashfs image is padded up to 64k,
// including the integrator data, the overall size is > 64k
integrityStartOffset = 65536
}

// example snap has a size of 16384 (4 blocks)
_, err = snapFile.Seek(integrityStartOffset, io.SeekStart)
c.Assert(err, IsNil)

integrityHdr := make([]byte, integrity.HeaderSize)
_, err = snapFile.Read(integrityHdr)
c.Assert(err, IsNil)

c.Assert(bytes.HasPrefix(integrityHdr, magic), Equals, true)

var hdr interface{}
integrityHdr = bytes.Trim(integrityHdr, "\x00")
err = json.Unmarshal(integrityHdr[len(magic):], &hdr)
c.Check(err, IsNil)

integrityDataHeader, ok := hdr.(map[string]interface{})
c.Assert(ok, Equals, true)
hdrSizeStr, ok := integrityDataHeader["size"].(string)
c.Assert(ok, Equals, true)
hdrSize, err := strconv.ParseUint(hdrSizeStr, 10, 64)
c.Assert(err, IsNil)
c.Check(hdrSize, Equals, uint64(integrity.HeaderSize+verityHashSize))

fi, err = snapFile.Stat()
c.Assert(err, IsNil)
c.Check(fi.Size(), Equals, int64(integrityStartOffset+(integrity.HeaderSize+verityHashSize)))
}

0 comments on commit a64d219

Please sign in to comment.