1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
summary: Exercise a gadget update with kernel refs on a PC
details: |
Check that it is possible to revert a kernel snap when kernel gadgets
are installed.
# TODO:UC20: once LP: #1907056 is fixed and we have an updated
# pi gadget and pi-kernel snap this test should be
# replaced with a pi-only test. This test is artificial
# and only useful until we have the real PI based environment.
#
# the test is only meaningful on core devices
# XXX: uc20
systems: [ubuntu-core-1*]
environment:
BLOB_DIR: $(pwd)/fake-store-blobdir
# snap-id of 'pc' gadget snap
PC_SNAP_ID: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH
# snap-id of 'pc-kernel' snap
PC_KERNEL_ID: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza
START_REVISION: 1000
# uploading a large snap makes OOM kill snapd
SNAPD_NO_MEMORY_LIMIT: 1
prepare: |
if [ "$TRUST_TEST_KEYS" = "false" ]; then
echo "This test needs test keys to be trusted"
exit
fi
if os.query is-arm; then
echo "Test not supported on arm architecture, skipping..."
exit
fi
snap ack "$TESTSLIB/assertions/testrootorg-store.account-key"
"$TESTSTOOLS"/store-state setup-fake-store "$BLOB_DIR"
readlink /snap/pc/current > pc-revision.txt
readlink /snap/pc-kernel/current > pc-kernel-revision.txt
# create kernel-ref kernel/gadget pair
cp /var/lib/snapd/snaps/pc-kernel_*.snap kernel.snap
unsquashfs -d pc-kernel-snap kernel.snap
# prepare kernel with content
mkdir pc-kernel-snap/some-dir/
touch pc-kernel-snap/some-dir/foo-from-some-dir
touch pc-kernel-snap/some-dir/some-subdir
touch pc-kernel-snap/some-file
cat >> pc-kernel-snap/meta/kernel.yaml<<EOF
assets:
test:
update: true
content:
- some-dir/
- some-file
EOF
snap pack --filename=pc-kernel_x1.snap pc-kernel-snap
# has to be asserted
cat <<EOF > decl-headers.json
{"snap-id": "$PC_KERNEL_ID"}
EOF
cat <<EOF > rev-headers.json
{"snap-id": "$PC_KERNEL_ID", "snap-revision": "$START_REVISION"}
EOF
p=$(fakestore new-snap-declaration --dir "$BLOB_DIR" pc-kernel --snap-decl-json decl-headers.json)
snap ack "$p"
p=$(fakestore new-snap-revision --dir "$BLOB_DIR" pc-kernel_x1.snap --snap-rev-json rev-headers.json)
snap ack "$p"
cp -av pc-kernel_x1.snap "$BLOB_DIR/"
# new gadget
cp /var/lib/snapd/snaps/pc_*.snap gadget.snap
unsquashfs -d pc-snap gadget.snap
# prepare version with kernel ref
cat >> pc-snap/meta/gadget.yaml <<'EOF'
- source: $kernel:test/some-dir/
target: /
- source: $kernel:test/some-file
target: /
EOF
snap pack --filename=pc_x1.snap pc-snap
# has to be asserted
cat <<EOF > decl-headers.json
{"snap-id": "$PC_SNAP_ID"}
EOF
cat <<EOF > rev-headers.json
{"snap-id": "$PC_SNAP_ID", "snap-revision": "$START_REVISION"}
EOF
p=$(fakestore new-snap-declaration --dir "$BLOB_DIR" pc --snap-decl-json decl-headers.json)
snap ack "$p"
p=$(fakestore new-snap-revision --dir "$BLOB_DIR" pc_x1.snap --snap-rev-json rev-headers.json)
snap ack "$p"
cp -av pc_x1.snap "$BLOB_DIR/"
# make sure that the snapd daemon gives us time for comms before
# closing the socket
sed -i '/^Environment=/ s/$/ SNAPD_SHUTDOWN_DELAY=1/' /etc/systemd/system/snapd.service.d/local.conf
systemctl restart snapd
restore: |
if [ "$TRUST_TEST_KEYS" = "false" ]; then
echo "This test needs test keys to be trusted"
exit
fi
if os.query is-arm; then
echo "Test not supported on arm architecture, skipping..."
exit
fi
"$TESTSTOOLS"/store-state teardown-fake-store "$BLOB_DIR"
# XXX: ideally we would restore the kernel/gadget here but the kernel
# restore requires a reboot :/
# remove SNAPD_SHUTDOWN_DELAY again
sed -i 's/SNAPD_SHUTDOWN_DELAY=1//g' /etc/systemd/system/snapd.service.d/local.conf
systemctl restart snapd
execute: |
if [ "$TRUST_TEST_KEYS" = "false" ]; then
echo "This test needs test keys to be trusted"
exit
fi
if os.query is-arm; then
echo "Test not supported on arm architecture, skipping..."
exit
fi
if [ "$SPREAD_REBOOT" = 0 ]; then
# first install the gadget that knows about the kernel
# (but no edition bump so this will install fine)
snap install pc_x1.snap
REBOOT
fi
if [ "$SPREAD_REBOOT" = 1 ]; then
# wait for change to complete
snap watch --last=install\?
# now install the kernel that has the kernel assets
snap install pc-kernel_x1.snap
REBOOT
fi
if [ "$SPREAD_REBOOT" = 2 ]; then
# wait for change to complete
snap watch --last=install\?
# now we should have the kernel gadgets installed
bootdir=/boot/efi
test -e "$bootdir"/foo-from-some-dir
test -e "$bootdir"/some-subdir
test -e "$bootdir"/some-file
# at this point we cannot revert because the new gadget
# has "$kernel:refs" so and the new kernel has "kernel.yaml".
# - If we revert the gadget snapd will complain because the old
# gadget does not have any of the new pc "$kernel:refs"
# - If we revert the kernel snapd will complain because the
# new gadget has "$kernel:refs" but the old kernel does not
# provide them
# So to revert this hack is needed
mount -o bind /snap/pc/"$(cat pc-revision.txt)"/meta/gadget.yaml /snap/pc/current/meta/gadget.yaml
snap revert pc-kernel --revision="$(cat pc-kernel-revision.txt)"
REBOOT
fi
if [ "$SPREAD_REBOOT" = 3 ]; then
# Nothing to do/check here. Just waiting for the revert to
# finish. This reboot is only needed so that the system is
# fully restored to the original state.
snap watch --last=revert\?
snap revert pc --revision="$(cat pc-revision.txt)"
fi
|
