登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 1

mysnapcore / mysnapd

forked from tupelo-shen / mysnapd 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
snapasserts.go 10.32 KB
一键复制 编辑 原始数据 按行查看 历史
tupelo-shen 提交于 2022-11-07 17:55 . fix: aspects & asserts commit
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
// -*- Mode: Go; indent-tabs-mode: t -*-



/*

 * Copyright (C) 2022 Canonical Ltd

 *

 * This program is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 3 as

 * published by the Free Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see <http://www.gnu.org/licenses/>.

 *

 */



// Package snapasserts offers helpers to handle snap related assertions and their checking for installation.

package snapasserts



import (

	"fmt"



	"gitee.com/mysnapcore/mysnapd/asserts"

	"gitee.com/mysnapcore/mysnapd/release"

	"gitee.com/mysnapcore/mysnapd/snap"

	"gitee.com/mysnapcore/mysnapd/snap/snapfile"

)



type Finder interface {

	// Find an assertion based on arbitrary headers.  Provided

	// headers must contain the primary key for the assertion

	// type.  It returns a asserts.NotFoundError if the assertion

	// cannot be found.

	Find(assertionType *asserts.AssertionType, headers map[string]string) (asserts.Assertion, error)

	// FindMany finds assertions based on arbitrary headers.

	// It returns a NotFoundError if no assertion can be found.

	FindMany(assertionType *asserts.AssertionType, headers map[string]string) ([]asserts.Assertion, error)

}



func findSnapDeclaration(snapID, name string, db Finder) (*asserts.SnapDeclaration, error) {

	a, err := db.Find(asserts.SnapDeclarationType, map[string]string{

		"series":  release.Series,

		"snap-id": snapID,

	})

	if err != nil {

		return nil, fmt.Errorf("internal error: cannot find snap declaration for %q: %s", name, snapID)

	}

	snapDecl := a.(*asserts.SnapDeclaration)



	if snapDecl.SnapName() == "" {

		return nil, fmt.Errorf("cannot install snap %q with a revoked snap declaration", name)

	}



	return snapDecl, nil

}



// CrossCheck tries to cross check the instance name, hash digest, provenance

// and size of a snap plus its metadata in a SideInfo with the relevant

// snap assertions in a database that should have been populated with

// them.

// The optional model assertion must be passed to have full cross

// checks in the case of delegated authority snap-revisions before

// installing a snap.

// It returns the corresponding cross-checked snap-revision.

// Ultimately the provided provenance (if not default) must be checked

// with the provenance in the snap metadata by the caller as well, if

// the provided provenance was not read safely from there already.

func CrossCheck(instanceName, snapSHA3_384, provenance string, snapSize uint64, si *snap.SideInfo, model *asserts.Model, db Finder) (snapRev *asserts.SnapRevision, err error) {

	// get relevant assertions and do cross checks

	headers := map[string]string{

		"snap-sha3-384": snapSHA3_384,

	}

	if provenance != "" {

		headers["provenance"] = provenance

	}

	a, err := db.Find(asserts.SnapRevisionType, headers)

	if err != nil {

		provInf := ""

		if provenance != "" {

			provInf = fmt.Sprintf(" provenance: %s", provenance)

		}

		return nil, fmt.Errorf("internal error: cannot find pre-populated snap-revision assertion for %q: %s%s", instanceName, snapSHA3_384, provInf)

	}

	snapRev = a.(*asserts.SnapRevision)



	if snapRev.SnapSize() != snapSize {

		return nil, fmt.Errorf("snap %q file does not have expected size according to signatures (download is broken or tampered): %d != %d", instanceName, snapSize, snapRev.SnapSize())

	}



	snapID := si.SnapID



	if snapRev.SnapID() != snapID || snapRev.SnapRevision() != si.Revision.N {

		return nil, fmt.Errorf("snap %q does not have expected ID or revision according to assertions (metadata is broken or tampered): %s / %s != %d / %s", instanceName, si.Revision, snapID, snapRev.SnapRevision(), snapRev.SnapID())

	}



	snapDecl, err := findSnapDeclaration(snapID, instanceName, db)

	if err != nil {

		return nil, err

	}



	if snapDecl.SnapName() != snap.InstanceSnap(instanceName) {

		return nil, fmt.Errorf("cannot install %q, snap %q is undergoing a rename to %q", instanceName, snap.InstanceSnap(instanceName), snapDecl.SnapName())

	}



	if _, err := CrossCheckProvenance(instanceName, snapRev, snapDecl, model, db); err != nil {

		return nil, err

	}



	return snapRev, nil

}



// CrossCheckProvenance tries to cross check the given snap-revision

// if it has a non default provenance with the revision-authority

// constraints of the given snap-declaration including any device

// scope constraints using model (and implied store).

// It also returns the provenance if it is different from the default.

// Ultimately if not default the provenance must also be checked

// with the provenance in the snap metadata by the caller.

func CrossCheckProvenance(instanceName string, snapRev *asserts.SnapRevision, snapDecl *asserts.SnapDeclaration, model *asserts.Model, db Finder) (signedProvenance string, err error) {

	if snapRev.Provenance() == "global-upload" {

		// nothing to check

		return "", nil

	}

	var store *asserts.Store

	if model != nil && model.Store() != "" {

		a, err := db.Find(asserts.StoreType, map[string]string{

			"store": model.Store(),

		})

		if err != nil && !asserts.IsNotFound(err) {

			return "", err

		}

		if a != nil {

			store = a.(*asserts.Store)

		}

	}

	ras := snapDecl.RevisionAuthority(snapRev.Provenance())

	matchingRevAuthority := false

	for _, ra := range ras {

		if err := ra.Check(snapRev, model, store); err == nil {

			matchingRevAuthority = true

			break

		}

	}

	if !matchingRevAuthority {

		return "", fmt.Errorf("snap %q revision assertion with provenance %q is not signed by an authority authorized on this device: %s", instanceName, snapRev.Provenance(), snapRev.AuthorityID())

	}

	return snapRev.Provenance(), nil

}



// CheckProvenanceWithVerifiedRevision checks that the given snap has

// the same provenance as of the provided snap-revision.

// It is intended to be called safely on snaps for which a matching

// and authorized snap-revision has been already found and cross-checked.

// Its purpose is to check that a blob has not been re-signed under an

// inappropriate provenance.

func CheckProvenanceWithVerifiedRevision(snapPath string, verifiedRev *asserts.SnapRevision) error {

	snapf, err := snapfile.Open(snapPath)

	if err != nil {

		return err

	}

	info, err := snap.ReadInfoFromSnapFile(snapf, nil)

	if err != nil {

		return err

	}

	if verifiedRev.Provenance() != info.Provenance() {

		return fmt.Errorf("snap %q has been signed under provenance %q different from the metadata one: %q", snapPath, verifiedRev.Provenance(), info.Provenance())

	}

	return nil

}



// DeriveSideInfo tries to construct a SideInfo for the given snap

// using its digest to find the relevant snap assertions with the

// information in the given database. It will fail with an

// asserts.NotFoundError if it cannot find them.

// model is used to cross check that the found snap-revision is applicable

// on the device.

func DeriveSideInfo(snapPath string, model *asserts.Model, db Finder) (*snap.SideInfo, error) {

	snapSHA3_384, snapSize, err := asserts.SnapFileSHA3_384(snapPath)

	if err != nil {

		return nil, err

	}



	return DeriveSideInfoFromDigestAndSize(snapPath, snapSHA3_384, snapSize, model, db)

}



// DeriveSideInfoFromDigestAndSize tries to construct a SideInfo

// using digest and size as provided for the snap to find the relevant

// snap assertions with the information in the given database. It will

// fail with an asserts.NotFoundError if it cannot find them.

// model is used to cross check that the found snap-revision is applicable

// on the device.

func DeriveSideInfoFromDigestAndSize(snapPath string, snapSHA3_384 string, snapSize uint64, model *asserts.Model, db Finder) (*snap.SideInfo, error) {

	// get relevant assertions and reconstruct metadata

	headers := map[string]string{

		"snap-sha3-384": snapSHA3_384,

	}

	a, err := db.Find(asserts.SnapRevisionType, headers)

	if err != nil && !asserts.IsNotFound(err) {

		return nil, err

	}

	if a == nil {

		// non-default provenance?

		cands, err := db.FindMany(asserts.SnapRevisionType, headers)

		if err != nil {

			return nil, err

		}

		if len(cands) != 1 {

			return nil, fmt.Errorf("safely handling snaps with different provenance but same hash not yet supported")

		}

		a = cands[0]

	}



	snapRev := a.(*asserts.SnapRevision)



	if snapRev.SnapSize() != snapSize {

		return nil, fmt.Errorf("snap %q does not have expected size according to signatures (broken or tampered): %d != %d", snapPath, snapSize, snapRev.SnapSize())

	}



	snapID := snapRev.SnapID()



	snapDecl, err := findSnapDeclaration(snapID, snapPath, db)

	if err != nil {

		return nil, err

	}



	if _, err = CrossCheckProvenance(snapDecl.SnapName(), snapRev, snapDecl, model, db); err != nil {

		return nil, err

	}



	if err := CheckProvenanceWithVerifiedRevision(snapPath, snapRev); err != nil {

		return nil, err

	}



	return SideInfoFromSnapAssertions(snapDecl, snapRev), nil

}



// SideInfoFromSnapAssertions returns a *snap.SideInfo reflecting the given snap assertions.

func SideInfoFromSnapAssertions(snapDecl *asserts.SnapDeclaration, snapRev *asserts.SnapRevision) *snap.SideInfo {

	return &snap.SideInfo{

		RealName: snapDecl.SnapName(),

		SnapID:   snapDecl.SnapID(),

		Revision: snap.R(snapRev.SnapRevision()),

	}

}



// FetchSnapAssertions fetches the assertions matching the snap file digest and optional provenance using the given fetcher.

func FetchSnapAssertions(f asserts.Fetcher, snapSHA3_384, provenance string) error {

	// for now starting from the snap-revision will get us all other relevant assertions

	ref := &asserts.Ref{

		Type:       asserts.SnapRevisionType,

		PrimaryKey: []string{snapSHA3_384},

	}

	if provenance != "" {

		ref.PrimaryKey = append(ref.PrimaryKey, provenance)

	}



	return f.Fetch(ref)

}



// FetchSnapDeclaration fetches the snap declaration and its prerequisites for the given snap id using the given fetcher.

func FetchSnapDeclaration(f asserts.Fetcher, snapID string) error {

	ref := &asserts.Ref{

		Type:       asserts.SnapDeclarationType,

		PrimaryKey: []string{release.Series, snapID},

	}



	return f.Fetch(ref)

}



// FetchStore fetches the store assertion and its prerequisites for the given store id using the given fetcher.

func FetchStore(f asserts.Fetcher, storeID string) error {

	ref := &asserts.Ref{

		Type:       asserts.StoreType,

		PrimaryKey: []string{storeID},

	}



	return f.Fetch(ref)

}
Go
1
https://gitee.com/mysnapcore/mysnapd.git
git@gitee.com:mysnapcore/mysnapd.git
mysnapcore
mysnapd
mysnapd
v0.1.0
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
53164aa7 5694891 3bd8fe86 5694891