Merge branch 'master' into changelogs-2.63

snapcore · Apr 30, 2024 · 0db053c · 0db053c
2 parents 40efd81 + a4a0fde
commit 0db053c
Show file tree

Hide file tree

Showing 261 changed files with 3,183 additions and 441 deletions.
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -76,16 +76,22 @@ jobs:
         COVERAGE_OUT=.coverage/coverage.txt ./run-checks --unit
         gocover-cobertura < .coverage/coverage.txt > .coverage/coverage.xml
 
+    - name: Install TICS dependencies
+      run: |
+          sudo snap refresh --channel=latest/stable go
+          go install honnef.co/go/tools/cmd/staticcheck@latest
+
     - name: TICS scan
       run: |
         set -x
         export TICSAUTHTOKEN="${{ secrets.TICSAUTHTOKEN }}"
 
-        # Install the TICS
+        # Install and run TICS
         curl --silent --show-error "https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/" > install_tics.sh
         . ./install_tics.sh
 
         TICSQServer -project snapd -tmpdir /tmp/tics -branchdir "${{ github.workspace }}/src/github.com/snapcore/snapd"
+        tar -cvzf tics-logs.tar.gz /tmp/tics
 
     - name: Uploading TICS logs
       uses: actions/upload-artifact@v4

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -658,6 +658,7 @@ jobs:
         - ubuntu-18.04-64
         - ubuntu-20.04-64
         - ubuntu-22.04-64
+        - ubuntu-24.04-64
     steps:
     - name: Cleanup job workspace
       id: cleanup-job-workspace

diff --git a/cmd/snap-confine/seccomp-support.c b/cmd/snap-confine/seccomp-support.c
@@ -148,6 +148,9 @@ static void sc_must_read_filter_from_file(FILE *file, uint32_t len_bytes,
 		die("%s filter may only be empty in unrestricted profiles",
 		    what);
 	}
+	if (len_bytes > MAX_BPF_SIZE) {
+		die("%s filter size too big %u", what, len_bytes);
+	}
 	prog->len = len_bytes / sizeof(struct sock_filter);
 	prog->filter = malloc(len_bytes);
 	if (prog->filter == NULL) {

diff --git a/daemon/api_sideload_n_try.go b/daemon/api_sideload_n_try.go
@@ -392,7 +392,10 @@ func readComponentInfoFromContImpl(tempPath string) (*snap.ComponentInfo, error)
 	if err != nil {
 		return nil, fmt.Errorf("cannot open container: %w", err)
 	}
-	return snap.ReadComponentInfoFromContainer(compf)
+
+	// hook information isn't loaded here, but it shouldn't be needed in this
+	// context
+	return snap.ReadComponentInfoFromContainer(compf, nil)
 }
 
 // readComponentInfo reads ComponentInfo from a snap component file and the

diff --git a/daemon/export_test.go b/daemon/export_test.go
@@ -39,7 +39,10 @@ import (
 	"github.com/snapcore/snapd/testutil"
 )
 
-var CreateQuotaValues = createQuotaValues
+var (
+	CreateQuotaValues = createQuotaValues
+	ParseOptionalTime = parseOptionalTime
+)
 
 func APICommands() []*Command {
 	return api

diff --git a/daemon/request_test.go b/daemon/request_test.go
@@ -0,0 +1,39 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2024 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package daemon_test
+
+import (
+	"time"
+
+	"github.com/snapcore/snapd/daemon"
+	"gopkg.in/check.v1"
+)
+
+type requestSuite struct{}
+
+var _ = check.Suite(&requestSuite{})
+
+func (s *requestSuite) TestParseOptionalTimeHasNanosecondPrecision(c *check.C) {
+	oDateTime := time.Date(2024, time.April, 11, 15, 5, 3, 123456789, time.UTC).Format(time.RFC3339Nano)
+	dateTime, err := daemon.ParseOptionalTime(oDateTime)
+	c.Assert(err, check.IsNil)
+	c.Assert(dateTime, check.NotNil)
+	c.Assert(dateTime.Nanosecond(), check.Equals, 123456789)
+}
diff --git a/dbusutil/netplantest/netplantest.go b/dbusutil/netplantest/netplantest.go
@@ -25,6 +25,7 @@ package netplantest
 
 import (
 	"fmt"
+	"sync"
 
 	"github.com/godbus/dbus"
 
@@ -41,6 +42,7 @@ const (
 
 type NetplanServer struct {
 	conn *dbus.Conn
+	sync.Mutex
 
 	MockNetplanConfigYaml string
 
@@ -110,13 +112,23 @@ func (server *NetplanServer) Stop() error {
 	return server.conn.Close()
 }
 
+func (server *NetplanServer) WithLocked(f func()) {
+	server.Lock()
+	defer server.Unlock()
+
+	f()
+}
+
 // netplanApiV1 implements the original netplan DBus API that is found
 // in netplan 0.98. It can only do a global "Apply".
 type netplanApiV1 struct {
 	server *NetplanServer
 }
 
 func (a netplanApiV1) Apply() (bool, *dbus.Error) {
+	a.server.Lock()
+	defer a.server.Unlock()
+
 	return true, a.server.ConfigApiApplyErr
 }
 
@@ -140,26 +152,41 @@ type netplanConfigApi struct {
 }
 
 func (c netplanConfigApi) Get() (string, *dbus.Error) {
+	c.server.Lock()
+	defer c.server.Unlock()
+
 	c.server.ConfigApiGetCalls++
 	return c.server.MockNetplanConfigYaml, c.server.ConfigApiGetErr
 }
 
 func (c netplanConfigApi) Set(value, originHint string) (bool, *dbus.Error) {
+	c.server.Lock()
+	defer c.server.Unlock()
+
 	c.server.ConfigApiSetCalls = append(c.server.ConfigApiSetCalls, fmt.Sprintf("%s/%s", value, originHint))
 	return c.server.ConfigApiSetRet, c.server.ConfigApiSetErr
 }
 
 func (c netplanConfigApi) Apply() (bool, *dbus.Error) {
+	c.server.Lock()
+	defer c.server.Unlock()
+
 	c.server.ConfigApiApplyCalls++
 	return c.server.ConfigApiApplyRet, c.server.ConfigApiApplyErr
 }
 
 func (c netplanConfigApi) Cancel() (bool, *dbus.Error) {
+	c.server.Lock()
+	defer c.server.Unlock()
+
 	c.server.ConfigApiCancelCalls++
 	return c.server.ConfigApiCancelRet, c.server.ConfigApiCancelErr
 }
 
 func (c netplanConfigApi) Try(timeout int) (bool, *dbus.Error) {
+	c.server.Lock()
+	defer c.server.Unlock()
+
 	c.server.ConfigApiTryCalls++
 	return c.server.ConfigApiTryRet, c.server.ConfigApiTryErr
 }
diff --git a/desktop/notification/notificationtest/gtk.go b/desktop/notification/notificationtest/gtk.go
@@ -114,6 +114,9 @@ func (server *GtkServer) Stop() error {
 // If not nil, all the gtkApi methods will return the provided error
 // in place of performing their usual task.
 func (server *GtkServer) SetError(err *dbus.Error) {
+	server.mu.Lock()
+	defer server.mu.Unlock()
+
 	server.err = err
 }
 
@@ -135,13 +138,13 @@ type gtkApi struct {
 }
 
 func (a gtkApi) AddNotification(desktopID, id string, info map[string]dbus.Variant) *dbus.Error {
+	a.server.mu.Lock()
+	defer a.server.mu.Unlock()
+
 	if a.server.err != nil {
 		return a.server.err
 	}
 
-	a.server.mu.Lock()
-	defer a.server.mu.Unlock()
-
 	notification := &GtkNotification{
 		ID:        id,
 		DesktopID: desktopID,
@@ -152,8 +155,15 @@ func (a gtkApi) AddNotification(desktopID, id string, info map[string]dbus.Varia
 }
 
 func (a gtkApi) RemoveNotification(desktopId, id string) *dbus.Error {
-	if a.server.err != nil {
+	// Close() called below locks the server, so the error check must be
+	// locked separately
+	dErr := func() *dbus.Error {
+		a.server.mu.Lock()
+		defer a.server.mu.Unlock()
 		return a.server.err
+	}()
+	if dErr != nil {
+		return dErr
 	}
 
 	if err := a.server.Close(id); err != nil {

diff --git a/interfaces/system_key_test.go b/interfaces/system_key_test.go
@@ -238,7 +238,7 @@ func (s *systemKeySuite) TestInterfaceSystemKeyMismatchParserMtimeHappy(c *C) {
 }
 
 func (s *systemKeySuite) TestInterfaceSystemKeyMismatchVersions(c *C) {
-	// we calculcate v1
+	// we calculate v1
 	s.AddCleanup(interfaces.MockSystemKey(`
 {
 "version":1,