snapd icon indicating copy to clipboard operation
snapd copied to clipboard
verified publisher icon snapcore

snap, snap/pack: disallow pack and install of snapd, base and os with specific configure hooks

Open ernestl opened this issue 2 years ago • 2 comments

It is currently possible to pack and install snapd, base and core snaps with default-configure and configure hooks, but those hooks are ignored during installation and option setting. My proposal is to extend the snap validation check (covers packing and installation) to prevent these unintended snap/hook combinations and possible silent failure.

Spec: Implements part of draft spec Prohibit user-defined configuration hooks for specific essential snaps

Approach: Extend snap/validate.go hook check that was introduced in https://github.com/snapcore/snapd/pull/13097 as follows:

  • Do not allow default-configure hook for snapd, base or os
  • Do not allow configure hook for snapd, base
  • Allow configure hook for os to prevent new errors for core or ubuntu-core with existing configure hook

Key covered paths: Snap Pack, Firstboot, Store Install, Sideload Install

JIRA: https://warthogs.atlassian.net/browse/SNAPDENG-7297 This PR builds on https://github.com/snapcore/snapd/pull/13097

ernestl avatar Aug 24 '23 13:08 ernestl

Thu Feb 20 07:47:21 UTC 2025 The following results are from: https://github.com/canonical/snapd/actions/runs/13412751831

Failures:

Executing:

  • google:ubuntu-20.04-64:tests/main/preseed-core20

github-actions[bot] avatar Jan 22 '25 15:01 github-actions[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Please upload report for BASE (master@2cbce28). Learn more about missing BASE report. Report is 245 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master   #13117   +/-   ##
=========================================
  Coverage          ?   77.86%           
=========================================
  Files             ?     1167           
  Lines             ?   156856           
  Branches          ?        0           
=========================================
  Hits              ?   122130           
  Misses            ?    27139           
  Partials          ?     7587
Flag Coverage Δ
unittests 77.86% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jan 24 '25 13:01 codecov[bot]