Package assertstest provides helpers for testing code that involves assertions.

info produces information about assertions to include in /usr/lib/snapd/info.

Package signtool offers tooling to sign assertions.

Package snapasserts offers helpers to handle snap related assertions and their checking for installation.

Package sysdb supports the system-wide assertion database with ways to open it and to manage the trusted set of assertions founding it.

Package systestkeys defines trusted assertions and keys to use in tests.

Assemble assembles an assertion from its components.

BuiltinBaseDeclaration exposes the initialized builtin base-declaration assertion.

CheckCrossConsistency verifies that the assertion is consistent with the other statements in the database.

CheckSignature checks that the signature is valid.

CheckSigningKeyIsNotExpired checks that the signing key is not expired.

CheckTimestampVsSigningKeyValidity verifies that the timestamp of the assertion is within the signing key validity.

Decode parses a serialized assertion.

DecodePublicKey deserializes a public key.

Encode serializes an assertion.

EncodeDigest encodes the digest from hash algorithm to be put in an assertion header.

EncodePublicKey serializes a public key, typically for embedding in an assertion.

GenerateKey generates a private/public key pair.

HeadersFromPrimaryKey constructs a headers mapping from the primaryKey values and the assertion type, it errors if primaryKey does not cover all the non-optional primary key headers or provides too many values.

HeadersFromSequenceKey constructs a headers mapping from the sequenceKey values and the sequence forming assertion type, it errors if sequenceKey has the wrong length; the length must be one less than the primary key of the given assertion type.

InitBuiltinBaseDeclaration initializes the builtin base-declaration based on headers (or resets it if headers is nil).

IsKeyNotFound returns true when the error indicates that a given key was not found.

IsUnaccceptedUpdate returns whether the error indicates that an assertion revision was already present and has been kept because the update was not accepted.

IsValidSystemLabel checks whether the string is a valid UC20 seed system label.

MaxSupportedFormats returns a mapping between assertion type names and corresponding max supported format if it is >= min.

NewBatch creates a new Batch to accumulate assertions to add in one go to an assertion database.

NewDecoder returns a Decoder to parse the stream of assertions from the reader.

NewDecoderWithTypeMaxBodySize returns a Decoder to parse the stream of assertions from the reader enforcing optional per type max body sizes or the default one as fallback.

NewEncoder returns a Encoder to emit a stream of assertions to a writer.

NewExternalKeypairManager creates a new ExternalKeypairManager using the program at keyMgrPath.

NewFetcher creates a Fetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve, and then will pass them to save, saving prerequisites before dependent assertions.

NewGPGKeypairManager creates a new key pair manager backed by a local GnuPG setup.

NewMemoryBackstore creates a memory backed assertions backstore.

NewMemoryKeypairManager creates a new key pair manager with a memory backstore.

NewPool creates a new Pool, groundDB is used to resolve trusted and predefined assertions and to provide the current revision for assertions to update and their prerequisites.

NewSequenceFormingFetcher creates a SequenceFormingFetcher which will use trustedDB to determine trusted assertions, will fetch assertions following prerequisites using retrieve and sequence-forming assertions using retrieveSeq, and then will pass them to save, saving prerequisites before dependent assertions.

OpenDatabase opens the assertion database based on the configuration.

OpenFSBackstore opens a filesystem backed assertions backstore under path.

OpenFSKeypairManager opens a filesystem backed assertions backstore under path.

PrimaryKeyFromHeaders extracts the tuple of values from headers corresponding to a primary key under the assertion type, it errors if there are missing primary key headers unless they are optional in which case it fills in their default values.

ReducePrimaryKey produces a primary key prefix by omitting any suffix of optional primary key headers default values.

RSAPrivateKey returns a PrivateKey for database use out of a rsa.PrivateKey.

RSAPublicKey returns a database useable public key out of rsa.PublicKey.

SignatureCheck checks the signature of the assertion against the given public key.

SignWithoutAuthority assembles an assertion without a set authority with the provided information and signs it with the given private key.

SnapFileSHA3_384 computes the SHA3-384 digest of the given snap file.

SuggestFormat returns a minimum format that supports the features that would be used by an assertion with the given components.

Type returns the AssertionType with name or nil.

TypeNames returns a sorted list of known assertion type names.

Maximum assertion component sizes.

Maximum assertion component sizes.

Maximum assertion component sizes.

MediaType is the media type for encoded assertions on the wire.

ModelDangerous allows unasserted snaps and extra snaps.

ModelSecured implies mandatory full disk encryption and secure boot.

ModelSigned implies all seed snaps are signed and mentioned in the model, i.e.

StorageSafetyEncrypted implies mandatory full disk encryption.

StorageSafetyPreferEncrypted implies full disk encryption when the system supports it.

StorageSafetyPreferUnencrypted implies no full disk encryption by default even if the system supports encryption.

Assertion types without a definite authority set (on the wire and/or self-signed).

Understood assertion types.

Understood assertion types.

Understood assertion types.

Assertion types without a definite authority set (on the wire and/or self-signed).

Understood assertion types.

DefaultCheckers lists the default and recommended assertion checkers used by Database if none are specified in the DatabaseConfig.Checkers.

Assertion types without a definite authority set (on the wire and/or self-signed).

MetaHeaders is a list of headers in assertions which are about the assertion itself.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Assertion types without a definite authority set (on the wire and/or self-signed).

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Understood assertion types.

Account holds an account assertion, which ties a name for an account to its identifier and provides the authority's confidence in the name's validity.

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

AccountKeyRequest holds an account-key-request assertion, which is a self-signed request to prove that the requester holds the private key and wishes to create an account-key assertion for it.

AssertionType describes a known assertion type with its name and metadata.

AtRevision represents an assertion at a given revision, possibly not known (RevisionNotKnown).

AtSequence references a sequence forming assertion at a given sequence point, possibly <=0 (meaning not specified) and revision, possibly not known (RevisionNotKnown).

AttributeConstraints implements a set of constraints on the attributes of a slot or plug.

BaseDeclaration holds a base-declaration assertion, declaring the policies (to start with interface ones) applying to all snaps of a series.

Batch allows to accumulate a set of assertions possibly out of prerequisite order and then add them in one go to an assertion database.

ConfdbControl holds a confdb-control assertion, which holds lists of views delegated by the device to operators.

ConfdbSchema holds a confdb-schema assertion, which is a definition by an account of access views and a storage schema for a set of related configuration options under the purview of the account.

Database holds assertions and can be used to sign or check further assertions.

DatabaseConfig for an assertion database.

Decoder parses a stream of assertions bundled by separating them with double newlines.

DeviceScopeConstraint specifies a constraint based on which brand store, brand or model the device belongs to.

DeviceSessionRequest holds a device-session-request assertion, which is a request wrapping a store-provided nonce to start a session by a device signed with its key.

Encoder emits a stream of assertions bundled by separating them with double newlines.

ExternalKeypairManager is key pair manager implemented via an external program interface.

ExternalUnsupportedOpError represents the error situation of operations that are not supported/mediated via ExternalKeypairManager.

A key pair manager backed by a local GnuPG setup.

Model holds a model assertion, which is a statement by a brand about the properties of a device model.

ModelComponent holds details for components specified by a model assertion.

ModelSnap holds the details about a snap specified by a model assertion.

ModelValidationSet represents a reference to a validation set assertion.

NameConstraints implements a set of constraints on the names of slots or plugs.

NotFoundError is returned when an assertion can not be found.

OnClassicConstraint specifies a constraint based whether the system is classic and optional specific distros' sets.

OnCoreDesktopConstraint specifies a constraint based whether the system is core desktop.

PlugConnectionConstraints specfies a set of constraints on an interface plug for a snap relevant to its connection or auto-connection.

PlugInstallationConstraints specifies a set of constraints on an interface plug relevant to the installation of snap.

PlugRule holds the rule of what is allowed, wrt installation and connection, for a plug of a specific interface for a snap.

A pool helps holding and tracking a set of assertions and their prerequisites as they need to be updated or resolved.

Preseed holds preseed assertion, which is a statement about system-label, model, set of snaps and preseed artifact used for preseeding of UC20 system.

PreseedSnap holds the details about a snap constrained by a preseed assertion.

Ref expresses a reference to an assertion.

Repair holds an repair assertion which allows running repair code to fixup broken systems.

RevisionAuthority holds information about an account that can sign revisions for a given snap.

RevisionError indicates a revision improperly used for an operation.

Serial holds a serial assertion, which is a statement binding a device identity with the device public key.

SerialRequest holds a serial-request assertion, which is a self-signed request to obtain a full device identity bound to the device public key.

SideArityConstraint specifies a constraint for the overall arity of the set of connected slots for a given plug or the set of connected plugs for a given slot.

SlotConnectionConstraints specfies a set of constraints on an interface slot for a snap relevant to its connection or auto-connection.

SlotInstallationConstraints specifies a set of constraints on an interface slot relevant to the installation of snap.

SlotRule holds the rule of what is allowed, wrt installation and connection, for a slot of a specific interface for a snap.

SnapBuild holds a snap-build assertion, asserting the properties of a snap at the time it was built by the developer.

SnapDeclaration holds a snap-declaration assertion, declaring a snap binding its identifying snap-id to a name, asserting its publisher and its other properties.

SnapDeveloper holds a snap-developer assertion, defining the developers who can collaborate on a snap while it's owned by a specific publisher.

SnapIntegrityData holds information about integrity data of a specific type included in a snap's revision.

SnapResourcePair holds a snap-resource-pair assertion, which is a statement by the store acknowledging that it received indication that the given snap resource revision can work with the given snap revision.

SnapResourceRevision holds a snap-resource-revision assertion, which is a statement by the store acknowledging the receipt of data for a resource of a snap and labeling it with a resource revision.

SnapRevision holds a snap-revision assertion, which is a statement by the store acknowledging the receipt of a build of a snap and labeling it with a snap revision.

Store holds a store assertion, defining the configuration needed to connect a device to the store or relative to a non-default store.

SystemUser holds a system-user assertion which allows creating local system users.

UnsupportedFormatError indicates an assertion with a format iteration not yet supported by the present version of asserts.

Validation holds a validation assertion, describing that a combination of (snap-id, approved-snap-id, approved-revision) has been validated for the series, meaning updating to that revision of approved-snap-id has been approved by the owner of the gating snap with snap-id.

ValidationSet holds a validation-set assertion, which is a statement by an account about a set snaps and possibly revisions for which an extrinsic/implied property is valid (e.g.

ValidationSetSnap holds the details about a snap constrained by a validation-set assertion.

Assertion represents an assertion through its general elements.

Attrer reflects part of the Attrer interface (see interfaces.Attrer).

AttrMatchContext has contextual helpers for evaluating attribute constraints.

A Backstore stores assertions.

A Fetcher helps fetching assertions and their prerequisites.

A KeypairManager is a manager and backstore for private/public key pairs.

PrivateKey is a cryptographic private/public key pair.

PublicKey is the public part of a cryptographic private/public key pair.

A RODatabase exposes read-only access to an assertion database.

SequenceFormingFetcher is a Fetcher with special support for fetching sequence-forming assertions through FetchSequence.

SequenceMember is implemented by assertions of sequence forming types.

A Checker defines a check on an assertion considering aspects such as the signing key, and consistency with other assertions in the database.

A Grouping identifies opaquely a grouping of assertions.

ModelGrade characterizes the security of the model which then controls related policy.

Presence represents a presence constraint.

StorageSafety characterizes the requested storage safety of the model which then controls what encryption is used.