[Bug 1548988] Re: please add -fstime patch for snap v2 checks in review tools

Brian Murray brian at ubuntu.com
Thu Feb 25 18:26:40 UTC 2016 

Hello Jamie, or anyone else affected,

Accepted squashfs-tools into trusty-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/squashfs-
tools/1:4.2+20130409-2ubuntu0.14.04.1 in a few hours, and then in the
-proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: squashfs-tools (Ubuntu Trusty)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to squashfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1548988

Title:
  please add -fstime patch for snap v2 checks in review tools

Status in squashfs-tools package in Ubuntu:
  Fix Released
Status in squashfs-tools source package in Trusty:
  Fix Committed

Bug description:
  [Impact]
  From xenial:

  squashfs-tools (1:4.3-3ubuntu1) xenial; urgency=medium

    * debian/patches/0005-add-fstime.patch: add -fstime to unsquashfs to
      extract the fs superblock information and -fstime to mksquashfs to set
      the fs superblock time on create. This is needed to support Ubuntu
      Store unpack and repack checks for snappy v2 snaps.

  This patch needs to be SRU'd to trusty so that Canonical machines for
  the Ubuntu Store can properly verify snap v2 packages and so that
  people running trusty can verify snap v2 packages locally.

  [Test Case]
  Attached is sru-tests.tar.gz that has tests to both show the bug is fixed and some tests for regressions.

  $ schroot -c trusty-amd64 -u root
  # apt-get install squashfs-tools
  # su <your username>
  $ tar -zxvf ./sru-tests.tar.gz
  $ cd sru-tests
  $ ./test-regression.sh
  ...
  All tests pass

  $ ./test-fixes-1548988.sh 
  Could not determine fstime

  but with the fix:
  $ ./test-fixes-1548988.sh 
  Parallel unsquashfs: Using 4 processors
  ...
  ./snappy-v2_0.1_all.snap: 2704f7c4815713ce75fe6ca83e7782f6e595763f5ec9003dc08a20f358ed90c0c56b571fcd348021ec51386608f2524f82f9d29d073a47b590dacf017bc9da0b
  /tmp/tmp.LrTJ7UHXnE/repack.snap: 2704f7c4815713ce75fe6ca83e7782f6e595763f5ec9003dc08a20f358ed90c0c56b571fcd348021ec51386608f2524f82f9d29d073a47b590dacf017bc9da0b

  SUCCESS: match

  
  If you also want to see if it works with the review tools, can check out the review tools and then run them on a v2 snap. Eg:

  $ schroot -c trusty-amd64 -u root
  # apt-get install click-reviewers-tools squashfs-tools bzr python3-yaml python3-lxml
  # su <your username>
  $ bzr branch lp:click-reviewers-tools
  $ cd click-reviewers-tools
  $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap # from sru-tests

  Warnings
  --------
   - security-snap-v2:squashfs_supports_fstime
   could not determine fstime of squashfs
  /tmp/snappy-v2_0.1_all.snap: FAIL

  With updated squashfs-tools:
  $ PYTHONPATH=./ ./bin/click-review /tmp/snappy-v2_0.1_all.snap
  /tmp/snappy-v2_0.1_all.snap: pass

  or:
  $ PYTHONPATH=./ ./bin/click-review -v /tmp/snappy-v2_0.1_all.snap
  ...
   - security-snap-v2:squashfs_repack_checksum
   OK
  /tmp/snappy-v2_0.1_all.snap: pass

  
  [Regression Potential]
  The chance of regression is very small because the code that is being added is for non-default options and is only run if specifying the new -fstime option to mksquashfs and unsquashfs. Furthermore this patch exists in xenial with no bugs against it since the upload.

  [Other Info]
  In addition to the above, I compared build logs between unpatched and patched and no new warnings or issues were found.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1548988/+subscriptions

More information about the foundations-bugs mailing list