snap: auto-import assertions from block devices

[mvo5]

This branch adds a new snap auto-import command that is run on boot and also on each adding of a block device.

[niemeyer]

*.assert, per our agreement.

[mvo5]

Thanks, fixed.

[niemeyer]

No, these look fine to me.

[niemeyer]

"Imports assertions from mounted devices"

[mvo5]

Thanks, fixed.

[niemeyer]

"The auto-import command imports assertions found in the auto-import.assert file in mounted devices."

[mvo5]

Thanks, fixed.

[niemeyer]

Can we do something a bit nicer here, such as trying to stat things more than once depending on the resulting error, to account for such delays?

[mvo5]

This gets fixed in #2047 which builds on top of this, the race goes away once we start mounting stuff ourself instread of waiting for it.

[mwhudson]

I've just tested this (by merging this PR into current master and installing that into my ubuntu-core branch) and it doesn't seem to pick up block devices that are present at boot. I did this to make a disk image to attach in qemu:

$ genisoimage -volid cidata -joliet -rock -o assertions.disk auto-import.assert

Then if I invoke kvm like so:

$ kvm -m 512 -redir :8022::22 -serial stdio my_output.img -drive file=assertions.disk

and go through console-conf, ssh in and run snap known system-user there is no output.

Running it by hand works:

$ sudo snap auto-import --mount /dev/sdb
2016/10/03 22:06:35.422477 cmd_auto_import.go:82: imported /tmp/snapd-auto-import-mount-951353834/auto-import.assert

And also if I boot the image without the disk attached and then use qemu monitor to attach the drive, the assertion is processed.

Looking into the logs, I find this:

Oct 03 22:03:26 localhost.localdomain /usr/bin/snap[865]: cmd_auto_import.go:111: error: cannot mount /dev/sdb: mount: mount point /tmp/snapd-auto-import-mount-113968483 does not exist

(and a host of amusing errors like this:

Oct 03 22:03:27 localhost.localdomain /usr/bin/snap[860]: cmd_auto_import.go:111: error: cannot mount /dev/ram13: mount: mount point /tmp/snapd-auto-import-mount-153607810 does not exist
Oct 03 22:03:27 localhost.localdomain /usr/bin/snap[933]: cmd_auto_import.go:111: error: cannot mount /dev/ram5: 
                                                          -----
                                                          mount: wrong fs type, bad option, bad superblock on /dev/ram5,
                                                                 missing codepage or helper program, or other error

                                                                 In some cases useful info is found in syslog - try
                                                                 dmesg | tail or so.
                                                          -----

but that's another sort of problem I guess)

So I guess something about the mount namespace is not set up quite appropriately when the snap.autoimport.service runs?

[mwhudson]

Ah I may have been testing the wrong version of the code (gh was doing a bad job of telling me which PRs were closed). It still fails with master though, like this this time:

Oct 03 22:25:52 localhost.localdomain /usr/bin/snap[679]: cmd_auto_import.go:80: error: cannot import /tmp/snapd-auto-import-mount-638764835/auto-import.assert: cannot assert: cannot communicate with server: Post http://localhost/v2/assertions: dial unix /run/snapd-snap.socket: connect: no such file or directory

which seems reasonably impossible, I'll file a bug rather than commenting on closed PRs I guess...