tests: ubuntu-image 2.0 compatibility fixes

[bboozzoo]

We actually want EXTRA_FUNDAMENTAL to be word split as it may contain multiple
arguments, see a related failure when preparing core 20:

+ mv core20.snap /home/image/core20.snap
+ EXTRA_FUNDAMENTAL='--extra-snaps /home/image/pc-kernel_*.snap --snap /home/image/core20.snap'
+ /snap/bin/ubuntu-image snap -w /home/image /home/image/pc.model --channel edge '--extra-snaps /home/image/pc-kernel_*.snap --snap /home/image/core20.snap' --extra-snaps /home/image/snapd_2.53.2+git628.g35bb479-dirty_amd64.snap --output /home/image/core20-amd64.img
Error: unknown flag `extra-snaps /home/image/pc-kernel_*.snap --snap /home/image/core20.snap'
-----

[codecov-commenter]

Codecov Report

Merging #11073 (355ed0e) into master (b19c7d4) will decrease coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #11073      +/-   ##
==========================================
- Coverage   78.37%   78.35%   -0.02%     
==========================================
  Files         922      923       +1     
  Lines      105128   105335     +207     
==========================================
+ Hits        82389    82537     +148     
- Misses      17609    17659      +50     
- Partials     5130     5139       +9     

Flag	Coverage Δ
unittests	78.35% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
osutil/synctree.go	76.41% <0.00%> (-2.84%)	⬇️
gadget/install/partition.go	79.48% <0.00%> (-1.25%)	⬇️
usersession/client/client.go	81.68% <0.00%> (-0.80%)	⬇️
overlord/ifacestate/helpers.go	76.96% <0.00%> (-0.49%)	⬇️
overlord/overlord.go	80.69% <0.00%> (-0.20%)	⬇️
wrappers/core18.go	0.00% <0.00%> (ø)
usersession/agent/rest_api.go	0.00% <0.00%> (ø)
interfaces/builtin/polkit.go	90.16% <0.00%> (ø)
overlord/snapstate/handlers.go	71.15% <0.00%> (+0.03%)	⬆️
dirs/dirs.go	94.02% <0.00%> (+0.07%)	⬆️
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b19c7d4...355ed0e. Read the comment docs.

[mvo5]

Thank you

[stolowski]

LGTM

[sergiocazzolato]

tx

[anonymouse64]

lgtm, but AIUI we also still want ubuntu-image 1.11 because the new go based one is not working with uc18 at least for some reason

[mardy]

LGTM!

[anonymouse64]

seems some tests are still unhappy, this PR is still using candidate which is 2.0 AIUI

[bboozzoo]

seems some tests are still unhappy, this PR is still using candidate which is 2.0 AIUI

Yes, that's intended, a fix using latest/stable landed in master. This branch reverts back to candidate and add bits for compatibility

[anonymouse64]

ah okay thanks for clarifying I was confused if this branch was meant to fix master or not

[anonymouse64]

We also need to run nested tests with the new ubuntu-image, some of these will fail as discussed, since ubuntu-image will not be built with the fakestore test keys built into it. The suggestion for now was just to rebuild the ubuntu-image snap for these tests in order to inject the keys.

[bboozzoo]

+ /snap/bin/ubuntu-image snap --image-size 10G /home/gopath/src/github.com/snapcore/snapd/tests/lib/assertions/developer1-20-secured.model --output-dir /tmp/work-dir/images --snap /tmp/work-dir/assets/pc-kernel_5.4.0-92.103.1_amd64.snap --snap /home/gopath/src/github.com/snapcore/snapd/tests/nested/manual/core20-grade-signed-above-testkeys-boot/snapd-from-deb.snap --snap /home/gopath/src/github.com/snapcore/snapd/tests/nested/manual/core20-grade-signed-above-testkeys-boot/new-core20.snap --snap /home/gopath/src/github.com/snapcore/snapd/tests/nested/manual/core20-grade-signed-above-testkeys-boot/extra-snaps/pc_20-0.4_amd64.snap
Error: Error preparing image: cannot override channels, add devmode snaps, local snaps, or extra snaps with a model of grade higher than dangerous

this one looks like it's intentional

[bboozzoo]

And someone in the forum had a similar problem? https://forum.snapcraft.io/t/cannot-build-image-error-preparing-image-cannot-override-channels-add-devmode-snaps-local-snaps-or-extra-snaps-with-a-model-of-grade-higher-than-dangerous/27836

[bboozzoo]

FWIW I suspect the problem with ubuntu-image is because it was not built with testkeys, thus assertions signed by testrootorg/developer1 would be rejected.

code has changed

[bboozzoo]

I've pushed patches that build ubuntu-image from Go source with withtestkeys tags, thus skipping the ubuntu-image snap completely, but it should make it possible to build signed/secured model images again. This probably warrants an agreement whether that's the right way to go.

[anonymouse64]

lgtm, only concern I have is following main git branch which is probably as close as we can get to following the "bleeding edge" of ubuntu-image, but I think it's probably fine for now and we can think about a better risk management strategy for ubuntu-image later on (maybe we could download/install the snap from beta/candidate and check what git commit that was built with and use that as our base?)

[anonymouse64]

it would be nice to fetch a specific tag/branch/etc rather than just pulling straight from main, but not sure what is appropriate

[bboozzoo]

There are tags which correspond to ubuntu-image package versions, eg. 2.1+22.04ubuntu2

[anonymouse64]

Yeah I saw those, they are not great in that we would need to keep constantly bumping them I think given the tags are for the development release and it seems unlikely there will be constant SRU's for the package into jammy after it's released given that there is the snap and most people will consume it through the snap I think.

[bboozzoo]

Turns out we cannot universally use ubuntu-image built directly from Go, as it runs mkfs.ext4 -d when creating the image. However, the version of e2fsprogs shipped with 16.04 do not did not support -d 😢 Fortunately, AFAICT we do not need to run the tests that would fail if ubuntu-image does not know about test keys on 16.04, so I'm hoping this next run will be successful and we can finally merge this branch.

[anonymouse64]

is this related to ubuntu-image ?

[bboozzoo]

Yes, for some reason there were byte size changes here (204796 -> 204784, 3 pages?). I suspect this can be caused by a different fs configuration, as looking at /usr/bin/mkswapfile the could should do the right and create 200MB sized file using fallocate and then runs mkswap on that. OTOH swapon --show correctly reports 200M size in both cases.

[anonymouse64]

hmm interesting, but sure makes sense

[anonymouse64]

lgtm, wondering why the swap changes?

[mardy]

LGTM, added a minor question.

[mardy]

maybe we should define (and export) the UBUNTU_IMAGE variable at this point, since we currently define it in two places?

[bboozzoo]

It would have to be a separate helper in one of the scripts, just exporting it here would not make it availble in other shell fragments. OTOH maybe we could pull a trick and symlink to the right one, but that sounds like a followup material anyway.