canonical · Meulengracht · Jan 24, 2025 · Nov 21, 2024 · Nov 21, 2024 · Jan 23, 2025
diff --git a/cmd/snap/cmd_pack.go b/cmd/snap/cmd_pack.go
@@ -36,11 +36,10 @@ import (
 )
 
 type packCmd struct {
-	CheckSkeleton bool   `long:"check-skeleton"`
-	AppendVerity  bool   `long:"append-integrity-data" hidden:"yes"`
-	Filename      string `long:"filename"`
-	Compression   string `long:"compression"`
-	Positional    struct {
+	CheckSkeleton    bool   `long:"check-skeleton"`
+	Filename         string `long:"filename"`
+	Compression      string `long:"compression"`
+	Positional       struct {
 		SnapDir   string `positional-arg-name:"<snap-dir>"`
 		TargetDir string `positional-arg-name:"<target-dir>"`
 	} `positional-args:"yes"`
@@ -63,11 +62,6 @@ valid snap metadata and raises an error otherwise. Application commands listed
 in snap metadata file, but appearing with incorrect permission bits result in an
 error. Commands that are missing from snap-dir are listed in diagnostic
 messages.`,
-
-/*
-When used with --append-integrity-data, pack will append dm-verity data at the end
-of the snap to be used with snapd's snap integrity verification mechanism.
-*/
 )
 
 func init() {
@@ -83,8 +77,6 @@ func init() {
 			"filename": i18n.G("Output to this filename"),
 			// TRANSLATORS: This should not start with a lowercase letter.
 			"compression": i18n.G("Compression to use (e.g. xz or lzo)"),
-			// TRANSLATORS: This should not start with a lowercase letter.
-			"append-integrity-data": i18n.G("Generate and append dm-verity data"),
 		}, nil)
 	cmd.extra = func(cmd *flags.Command) {
 		// TRANSLATORS: this describes the default filename for a snap, e.g. core_16-2.35.2_amd64.snap
@@ -120,7 +112,6 @@ func (x *packCmd) Execute([]string) error {
 		TargetDir:   x.Positional.TargetDir,
 		SnapName:    x.Filename,
 		Compression: x.Compression,
-		Integrity:   x.AppendVerity,
 	})
 	if err != nil {
 		// TRANSLATORS: the %q is the snap-dir (the first positional

diff --git a/cmd/snap/cmd_pack_test.go b/cmd/snap/cmd_pack_test.go
@@ -3,14 +3,12 @@ package main_test
 import (
 	"fmt"
 	"os"
-	"path"
 	"path/filepath"
 
 	"gopkg.in/check.v1"
 
 	snaprun "github.com/snapcore/snapd/cmd/snap"
 	"github.com/snapcore/snapd/logger"
-	"github.com/snapcore/snapd/testutil"
 )
 
 const packSnapYaml = `name: hello
@@ -156,49 +154,6 @@ func (s *SnapSuite) TestPackPacksASnapWithCompressionUnhappy(c *check.C) {
 	}
 }
 
-func (s *SnapSuite) TestPackPacksASnapWithIntegrityHappy(c *check.C) {
-	snapDir := makeSnapDirForPack(c, "name: hello\nversion: 1.0")
-
-	// mock the verity-setup command, what it does is make a copy of the snap
-	// and then returns pre-calculated output
-	vscmd := testutil.MockCommand(c, "veritysetup", fmt.Sprintf(`
-case "$1" in
-	--version)
-		echo "veritysetup 2.2.6"
-		exit 0
-		;;
-	format)
-		cp %[1]s/hello_1.0_all.snap %[1]s/hello_1.0_all.snap.verity
-		echo "VERITY header information for %[1]s/hello_1.0_all.snap.verity"
-		echo "UUID:            	8f6dcdd2-9426-49d8-9879-a5c87fc78c15"
-		echo "Hash type:       	1"
-		echo "Data blocks:     	1"
-		echo "Data block size: 	4096"
-		echo "Hash block size: 	4096"
-		echo "Hash algorithm:  	sha256"
-		echo "Salt:            	06d01a87b298b6855b6a3a1b32450deba4550417cbec2bb21a38d6dda24a1b53"
-		echo "Root hash:      	306398e250a950ea1cbfceda608ee4585f053323251b08b7ed3f004740e91ba5"
-		;;
-esac
-`, snapDir))
-	defer vscmd.Restore()
-
-	_, err := snaprun.Parser(snaprun.Client()).ParseArgs([]string{"pack", "--append-integrity-data", snapDir, snapDir})
-	c.Assert(err, check.IsNil)
-
-	snapOriginal := path.Join(snapDir, "hello_1.0_all.snap")
-	snapVerity := snapOriginal + ".verity"
-	c.Assert(vscmd.Calls(), check.HasLen, 2)
-	c.Check(vscmd.Calls()[0], check.DeepEquals, []string{"veritysetup", "--version"})
-	c.Check(vscmd.Calls()[1], check.DeepEquals, []string{"veritysetup", "format", snapOriginal, snapVerity})
-
-	matches, err := filepath.Glob(snapDir + "/hello*.snap")
-	c.Assert(err, check.IsNil)
-	c.Assert(matches, check.HasLen, 1)
-	err = os.Remove(matches[0])
-	c.Assert(err, check.IsNil)
-}
-
 func (s *SnapSuite) TestPackComponentHappy(c *check.C) {
 	const compYaml = `component: snap+comp
 version: 12a

diff --git a/snap/pack/pack.go b/snap/pack/pack.go
@@ -29,7 +29,6 @@ import (
 	"github.com/snapcore/snapd/kernel"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/snap"
-	"github.com/snapcore/snapd/snap/integrity"
 	"github.com/snapcore/snapd/snap/snapdir"
 	"github.com/snapcore/snapd/snap/squashfs"
 )
@@ -192,8 +191,6 @@ type Options struct {
 	SnapName string
 	// Compression method to use
 	Compression string
-	// Integrity requests appending integrity data to the snap when set
-	Integrity bool
 }
 
 var Defaults *Options = nil
@@ -283,13 +280,6 @@ func mksquashfs(sourceDir, fName, snapType string, opts *Options) error {
 		return err
 	}
 
-	if opts.Integrity {
-		err := integrity.GenerateAndAppend(fName)
-		if err != nil {
-			return err
-		}
-	}
-
 	return nil
 }
 

diff --git a/snap/pack/pack_test.go b/snap/pack/pack_test.go
@@ -21,14 +21,11 @@ package pack_test
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
-	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
-	"strconv"
 	"strings"
 	"testing"
 
@@ -39,7 +36,6 @@ import (
 	// for SanitizePlugsSlots
 	_ "github.com/snapcore/snapd/interfaces/builtin"
 	"github.com/snapcore/snapd/snap"
-	"github.com/snapcore/snapd/snap/integrity"
 	"github.com/snapcore/snapd/snap/pack"
 	"github.com/snapcore/snapd/snap/squashfs"
 	"github.com/snapcore/snapd/testutil"
@@ -585,90 +581,3 @@ func (s *packSuite) TestPackWithCompressionUnhappy(c *C) {
 		c.Assert(snapfile, Equals, "")
 	}
 }
-
-func (s *packSuite) TestPackWithIntegrity(c *C) {
-	sourceDir := makeExampleSnapSourceDir(c, "{name: hello, version: 0}")
-	targetDir := c.MkDir()
-
-	// 8192 is the hash size that is created when running 'veritysetup format'
-	// on a minimally sized snap. there is not an easy way to calculate this
-	// value dynamically.
-	const verityHashSize = 8192
-
-	// mock the verity-setup command, what it does is make a copy of the snap
-	// and then returns pre-calculated output
-	vscmd := testutil.MockCommand(c, "veritysetup", fmt.Sprintf(`
-case "$1" in
-	--version)
-		echo "veritysetup 2.2.6"
-		exit 0
-		;;
-	format)
-		truncate -s %[1]d %[2]s/hello_0_all.snap.verity
-		echo "VERITY header information for %[2]s/hello_0_all.snap.verity"
-		echo "UUID:            	606d10a2-24d8-4c6b-90cf-68207aa7c850"
-		echo "Hash type:       	1"
-		echo "Data blocks:     	4"
-		echo "Data block size: 	4096"
-		echo "Hash block size: 	4096"
-		echo "Hash algorithm:  	sha256"
-		echo "Salt:            	eba61f2091bb6122226aef83b0d6c1623f095fc1fda5712d652a8b34a02024ea"
-		echo "Root hash:      	3fbfef5f1f0214d727d03eebc4723b8ef5a34740fd8f1359783cff1ef9c3f334"
-		;;
-esac
-`, verityHashSize, targetDir))
-	defer vscmd.Restore()
-
-	snapPath, err := pack.Pack(sourceDir, &pack.Options{
-		TargetDir: targetDir,
-		Integrity: true,
-	})
-	c.Assert(err, IsNil)
-	c.Check(snapPath, testutil.FilePresent)
-	c.Assert(vscmd.Calls(), HasLen, 2)
-	c.Check(vscmd.Calls()[0], DeepEquals, []string{"veritysetup", "--version"})
-	c.Check(vscmd.Calls()[1], DeepEquals, []string{"veritysetup", "format", snapPath, snapPath + ".verity"})
-
-	magic := []byte{'s', 'n', 'a', 'p', 'e', 'x', 't'}
-
-	snapFile, err := os.Open(snapPath)
-	c.Assert(err, IsNil)
-	defer snapFile.Close()
-
-	fi, err := snapFile.Stat()
-	c.Assert(err, IsNil)
-
-	integrityStartOffset := squashfs.MinimumSnapSize
-	if fi.Size() > int64(65536) {
-		// on openSUSE, the squashfs image is padded up to 64k,
-		// including the integrator data, the overall size is > 64k
-		integrityStartOffset = 65536
-	}
-
-	// example snap has a size of 16384 (4 blocks)
-	_, err = snapFile.Seek(integrityStartOffset, io.SeekStart)
-	c.Assert(err, IsNil)
-
-	integrityHdr := make([]byte, integrity.HeaderSize)
-	_, err = snapFile.Read(integrityHdr)
-	c.Assert(err, IsNil)
-
-	c.Assert(bytes.HasPrefix(integrityHdr, magic), Equals, true)
-
-	var hdr interface{}
-	integrityHdr = bytes.Trim(integrityHdr, "\x00")
-	err = json.Unmarshal(integrityHdr[len(magic):], &hdr)
-	c.Check(err, IsNil)
-
-	integrityDataHeader, ok := hdr.(map[string]interface{})
-	c.Assert(ok, Equals, true)
-	hdrSizeStr, ok := integrityDataHeader["size"].(string)
-	c.Assert(ok, Equals, true)
-	hdrSize, err := strconv.ParseUint(hdrSizeStr, 10, 64)
-	c.Assert(err, IsNil)
-	c.Check(hdrSize, Equals, uint64(integrity.HeaderSize+verityHashSize))
-
-	fi, err = snapFile.Stat()
-	c.Assert(err, IsNil)
-	c.Check(fi.Size(), Equals, int64(integrityStartOffset+(integrity.HeaderSize+verityHashSize)))
-}