-
Notifications
You must be signed in to change notification settings - Fork 561
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
many: run component install hooks #13775
base: master
Are you sure you want to change the base?
Conversation
6c5ad3b
to
acc399d
Compare
shellcheck appears to be unhappy:
|
5e4f87d
to
236f2ea
Compare
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #13775 +/- ##
==========================================
- Coverage 78.83% 78.73% -0.11%
==========================================
Files 1043 1044 +1
Lines 134470 135082 +612
==========================================
+ Hits 106012 106357 +345
- Misses 21847 22076 +229
- Partials 6611 6649 +38
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
c43b233
to
429cad9
Compare
035b839
to
c5d6971
Compare
eb91528
to
c9a9f92
Compare
73fa729
to
6cd4807
Compare
6cd4807
to
5b02d1d
Compare
…al snap.ComponentSideInfo that contains the component revision
5b02d1d
to
c3f7fdf
Compare
… interfaces can build a complete label expression, including component hooks
…urrent revision of a component for a snap revision
…resent snap hooks, component hooks, and apps This commit doesn't need to be here, and things will work without it. But things were getting a bit complicated in runSnapConfine with arguments that represented different things based on what we were running.
…ps with components
…er: update snap-confine to be able to handle security tags that come from component hooks An example of a security tag from a component hook would be: "snap.name+comp.hook.install" And one with an instance key: "snap.name_instance+comp.hook.install" Something important to note is how these are encoded as udev tags. Currently, when converting a security tag to a udev tag, we replace all '.' characters in the tag with '_' characters because systemd limits udev tags to having only alphanumeric characters, with the addition of the characters '-' and '_'. Since security tags can now contain '+' characters, those will be encoded as two consecutive '_' characters. For example: "snap.name+comp.hook.install" -> "snap_name__comp_hook_install" "snap.name_instance+comp.hook.install" -> "snap_name_instance__comp_hook_install" This allows the conversion to maintain its reversibility.
… run with connected plug
c3f7fdf
to
1582077
Compare
This PR is the final piece that allows us to run install hooks for components. This change contains the snap-confine changes. The majority of changes in snap-confine deal with parsing security tags that are generated for component hooks.
An example of a security tag from a component hook would be:
snap.name+comp.hook.install
And one with an instance key:
snap.name_instance+comp.hook.install
Something important to note is how these are encoded as udev tags. Currently, when converting a security tag to a udev tag, we replace all
.
characters in the tag with_
characters because systemd limits udev tags to having only alphanumeric characters, with the addition of the characters-
and_
. Since security tags can now contain+
characters, those will be encoded as two consecutive
_
characters.For example:
This allows the conversion to maintain its reversibility.