many: remove dm-verity support from snap pack #14869
Conversation
Under the new design, generating dm-verity data via `snap pack` is not needed as support for integrity data was simplified and there is no extra logic or separate header anymore.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #14869 +/- ##
=========================================
Coverage ? 78.28%
=========================================
Files ? 1156
Lines ? 153498
Branches ? 0
=========================================
Hits ? 120173
Misses ? 25920
Partials ? 7405
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
I didn't remove it in this one since that's the path I still use for the integrity API (see upcoming PRs such as #14872 which changes it almost completely). The snap integrity API (under |
| @@ -283,13 +280,6 @@ func mksquashfs(sourceDir, fName, snapType string, opts *Options) error { | |||
| return err | |||
| } | |||
|
|
|||
| if opts.Integrity { | |||
| err := integrity.GenerateAndAppend(fName) | |||
There was a problem hiding this comment.
shouldn't at least GenerateAndAppend also go away? or is it modified in a follow up?
There was a problem hiding this comment.
It will go away, see https://github.com/canonical/snapd/pull/14872/files#diff-f2b95ee6cb86d0d94e54d356707f39c2e6014beef108da27d124daf04d6eb5daL115
Instead of removing everything under snap/integrity in this one and reintroduce it in the follow-up, I left it as is but I drastically change it in the follow-ups.
pedronis
changed the title
Under the new design, generating dm-verity data via `snap pack` is not needed as support for integrity data was simplified and there is no extra logic or separate header anymore.
Meulengracht
force-pushed
the
snap-integrity-remove-pack
branch
from
a64d219 to
759bc4b
Compare
|
Thu Jan 23 15:52:37 UTC 2025 Failures:Executing:
Restoring:
|
|
@sespiros this spread test need changing or removing: google:ubuntu-24.10-64:tests/main/snap-pack-integrity |
…to snap-integrity-remove-pack * sespiros/snap-integrity-remove-pack: (86 commits) multiple: remove dm-verity support from snap pack asserts: snap integrity assertion (canonical#14870) overlord: cleanup some old edges i/builtin: make auditd-support grant seccomp setpriority (canonical#14940) tests: use quotation marks to support directories with spaces (canonical#14948) t/m/snap-service-install-mode: fix line being longer than expected interfaces/opengl: Enable parsing of nvidia driver information files (canonical#14893) i/b/fwupd: allow access to dell bios recovery (canonical#14920) tests: divide spread into fundamental/non-fundamental (canonical#14785) c/snap-bootstrap: refactor systemd-mount dm-verity/overlayfs options API (canonical#14790) o/snapstate: do not restart again for snapd along the undo path inside undoUnlinkCurrentSnap (canonical#14917) release: 2.67.1 tests: fix missing spread failures in PR comments (canonical#14931) i/prompting{,requestrules}: merge rules which have identical lifespans (canonical#14757) tests: skip apparmor-prompting-integration-tests in armhf (canonical#14919) cmd/snap-bootstrap: mount drivers tree if present (canonical#14522) i/p/patterns: disallow /./ and /../ in path patterns (canonical#14774) osutil/user: look up getent executable in known host directories (canonical#14792) overlord: wait for snapd restart after requesting by undo of 'link-snap' (canonical#14850) interfaces: update template with new syscalls (canonical#14861) ...
|
@pedronis @Meulengracht gh UI is confusing, I assume you merged master in my branch right? Somehow this was forced pushed in my tree, not sure how that happened, I thought only myself could write my tree :D Anyway what I did was fetch/merge my branch, added the new commit on top and pushed my branch. I didn't use |
Correct, i updated your branch due to test changes, so I want them rerun with newest master, same for your other PR |
|
This appears to have broken formatting in diff --git a/cmd/snap/cmd_pack.go b/cmd/snap/cmd_pack.go
index 8b093ad70e..bed9b1afe8 100644
--- a/cmd/snap/cmd_pack.go
+++ b/cmd/snap/cmd_pack.go
@@ -36,11 +36,10 @@ import (
)
type packCmd struct {
- CheckSkeleton bool `long:"check-skeleton"`
- AppendVerity bool `long:"append-integrity-data" hidden:"yes"`
- Filename string `long:"filename"`
- Compression string `long:"compression"`
- Positional struct {
+ CheckSkeleton bool `long:"check-skeleton"`
+ Filename string `long:"filename"`
+ Compression string `long:"compression"`
+ Positional struct {
SnapDir string `positional-arg-name:"<snap-dir>"`
TargetDir string `positional-arg-name:"<target-dir>"`
} `positional-args:"yes"` |
Under the new design, generating dm-verity data via
snap packis not needed as support for integrity data was simplified and there is no extra logic or separate header anymore.Jira: https://warthogs.atlassian.net/browse/FR-9880