[Bug 1548988] Re: please add -fstime patch for snap v2 checks in review tools

Jamie Strandboge jamie at ubuntu.com
Tue Feb 23 21:22:18 UTC 2016 

Here is a snap that can be used for testing.

** Description changed:

+ [Impact] 
  From xenial:
  
  squashfs-tools (1:4.3-3ubuntu1) xenial; urgency=medium
  
-   * debian/patches/0005-add-fstime.patch: add -fstime to unsquashfs to extract
-     the fs superblock information and -fstime to mksquashfs to set the fs
-     superblock time on create. This is needed to support Ubuntu Store unpack
-     and repack checks for snappy v2 snaps.
+   * debian/patches/0005-add-fstime.patch: add -fstime to unsquashfs to 
+     extract the fs superblock information and -fstime to mksquashfs to set 
+     the fs superblock time on create. This is needed to support Ubuntu 
+     Store unpack and repack checks for snappy v2 snaps.
  
- This patch needs to be SRU'd to trusty so that Canonical machines can
- properly verify snap v2 packages and so that people running trusty can
- verify snap v2 packages locally.
+ This patch needs to be SRU'd to trusty so that Canonical machines for
+ the Ubuntu Store can properly verify snap v2 packages and so that people
+ running trusty can verify snap v2 packages locally.
+ 
+ 
+ [Test Case]
+ The easiest what to test the bug is to check out the review tools and then run them on a v2 snap. Eg:
+ 
+ $ schroot -c trusty-amd64 -u root
+ # apt-get install click-reviewers-tools squashfs-tools bzr python3-yaml python3-lxml
+ # su <your username>
+ $ bzr branch lp:click-reviewers-tools
+ $ cd click-reviewers-tools
+ $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap
+ Warnings
+ --------
+  - security-snap-v2:squashfs_supports_fstime
+ 	could not determine fstime of squashfs
+ /tmp/snappy-v2_0.1_all.snap: FAIL
+ 
+ 
+ With updated squashfs-tools:
+ $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap 
+ /tmp/snappy-v2_0.1_all.snap: pass
+ 
+ or:
+ $ PYTHONPATH=./ ./bin/click-review -v /tmp/snappy-v2_0.1_all.snap
+ ...
+  - security-snap-v2:squashfs_repack_checksum
+ 	OK
+ /tmp/snappy-v2_0.1_all.snap: pass
+ 
+ 
+ I'll add additional instructions for testing squashfs-tools for regressions.
+ 
+ 
+ [Regression Potential] 
+ The chance of regression is very small because the code that is being added is for non-default options and is only run if specifying the new -fstime option to mksquashfs and unsquashfs. Furthermore this patch exists in xenial with no bugs against it since the upload.
+ 
+ 
+ [Other Info]
+ In addition to the above, I compared build logs between unpatched and patched and no new warnings or issues were found.

** Attachment added: "snappy-v2_0.1_all.snap"
   https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1548988/+attachment/4579383/+files/snappy-v2_0.1_all.snap

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to squashfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1548988

Title:
  please add -fstime patch for snap v2 checks in review tools

Status in squashfs-tools package in Ubuntu:
  Fix Released
Status in squashfs-tools source package in Trusty:
  New

Bug description:
  [Impact] 
  From xenial:

  squashfs-tools (1:4.3-3ubuntu1) xenial; urgency=medium

    * debian/patches/0005-add-fstime.patch: add -fstime to unsquashfs to 
      extract the fs superblock information and -fstime to mksquashfs to set 
      the fs superblock time on create. This is needed to support Ubuntu 
      Store unpack and repack checks for snappy v2 snaps.

  This patch needs to be SRU'd to trusty so that Canonical machines for
  the Ubuntu Store can properly verify snap v2 packages and so that
  people running trusty can verify snap v2 packages locally.

  
  [Test Case]
  The easiest what to test the bug is to check out the review tools and then run them on a v2 snap. Eg:

  $ schroot -c trusty-amd64 -u root
  # apt-get install click-reviewers-tools squashfs-tools bzr python3-yaml python3-lxml
  # su <your username>
  $ bzr branch lp:click-reviewers-tools
  $ cd click-reviewers-tools
  $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap
  Warnings
  --------
   - security-snap-v2:squashfs_supports_fstime
  	could not determine fstime of squashfs
  /tmp/snappy-v2_0.1_all.snap: FAIL

  
  With updated squashfs-tools:
  $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap 
  /tmp/snappy-v2_0.1_all.snap: pass

  or:
  $ PYTHONPATH=./ ./bin/click-review -v /tmp/snappy-v2_0.1_all.snap
  ...
   - security-snap-v2:squashfs_repack_checksum
  	OK
  /tmp/snappy-v2_0.1_all.snap: pass

  
  I'll add additional instructions for testing squashfs-tools for regressions.

  
  [Regression Potential] 
  The chance of regression is very small because the code that is being added is for non-default options and is only run if specifying the new -fstime option to mksquashfs and unsquashfs. Furthermore this patch exists in xenial with no bugs against it since the upload.

  
  [Other Info]
  In addition to the above, I compared build logs between unpatched and patched and no new warnings or issues were found.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1548988/+subscriptions

More information about the foundations-bugs mailing list