Ubuntu system image

Merge lp:~barry/ubuntu-system-image/citrain-2.1 into lp:~ubuntu-managed-branches/ubuntu-system-image/system-image

citrain-2.1
Merge into system-image

Proposed by Barry Warsaw on 2014-02-21

Status:

Merged

Merged at revision:

229

Proposed branch:

lp:~barry/ubuntu-system-image/citrain-2.1

Merge into:

lp:~ubuntu-managed-branches/ubuntu-system-image/system-image

Diff against target:

2123 lines (+901/-146)

65 files modified

MANIFEST.in (+1/-0)
NEWS.rst (+48/-1)
PKG-INFO (+1/-1)
cli-manpage.rst (+1/-1)
dbus-manpage.rst (+1/-1)
debian/changelog (+32/-0)
debian/control (+5/-4)
debian/patches/01_send_ack_on_applyupdate.diff (+0/-16)
debian/patches/lp1284217.patch (+106/-0)
debian/patches/series (+1/-1)
debian/rules (+1/-0)
ini-manpage.rst (+1/-1)
setup.cfg (+2/-2)
setup.py (+1/-1)
system_image.egg-info/PKG-INFO (+1/-1)
system_image.egg-info/SOURCES.txt (+1/-1)
systemimage/api.py (+5/-1)
systemimage/bag.py (+1/-1)
systemimage/bindings.py (+1/-1)
systemimage/candidates.py (+1/-1)
systemimage/channel.py (+1/-1)
systemimage/config.py (+1/-1)
systemimage/dbus.py (+51/-16)
systemimage/device.py (+1/-1)
systemimage/docs/conf.py (+1/-1)
systemimage/download.py (+36/-2)
systemimage/gpg.py (+95/-1)
systemimage/helpers.py (+1/-1)
systemimage/image.py (+1/-1)
systemimage/index.py (+1/-1)
systemimage/keyring.py (+3/-4)
systemimage/logging.py (+29/-8)
systemimage/main.py (+1/-1)
systemimage/reactor.py (+1/-1)
systemimage/reboot.py (+1/-1)
systemimage/scores.py (+1/-1)
systemimage/service.py (+14/-6)
systemimage/settings.py (+1/-1)
systemimage/state.py (+8/-10)
systemimage/testing/controller.py (+17/-8)
systemimage/testing/dbus.py (+8/-2)
systemimage/testing/demo.py (+1/-1)
systemimage/testing/helpers.py (+25/-7)
systemimage/testing/nose.py (+21/-2)
systemimage/tests/data/config_03.ini (+1/-1)
systemimage/tests/data/index_24.json (+36/-0)
systemimage/tests/test_api.py (+1/-1)
systemimage/tests/test_bag.py (+1/-1)
systemimage/tests/test_candidates.py (+1/-1)
systemimage/tests/test_channel.py (+1/-1)
systemimage/tests/test_config.py (+1/-1)
systemimage/tests/test_dbus.py (+98/-8)
systemimage/tests/test_download.py (+1/-1)
systemimage/tests/test_gpg.py (+175/-2)
systemimage/tests/test_helpers.py (+1/-1)
systemimage/tests/test_image.py (+1/-1)
systemimage/tests/test_index.py (+1/-1)
systemimage/tests/test_keyring.py (+20/-5)
systemimage/tests/test_main.py (+25/-1)
systemimage/tests/test_scores.py (+1/-1)
systemimage/tests/test_settings.py (+1/-1)
systemimage/tests/test_state.py (+1/-1)
systemimage/tests/test_winner.py (+1/-1)
systemimage/version.txt (+1/-1)
tox.ini (+1/-1)

To merge this branch:

bzr merge lp:~barry/ubuntu-system-image/citrain-2.1

Related bugs:

Bug #1260768: Fix the ApplyUpdate() D-Bus API	High	Fix Released
Bug #1277589: Better protection against concurrent access	Critical	Fix Released
Bug #1279056: All SignatureErrors should include the checksums and file paths of the offending files	High	Fix Released
Bug #1284217: [updates] Displays a spinner indefinitely when an update download was started externally	Critical	Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Stéphane Graber		2014-02-21	Pending
Review via email: mp+207702@code.launchpad.net

Commit message

New upstream release, along with some packaging changes. See changelog and NEWS.rst for details.

Description of the change

  [ Stéphane Graber ]
  * New upstream release.
  * Set X-Auto-Uploader to no-rewrite-version
  * Set Vcs-Bzr to the new target branch

  [ Barry Warsaw ]
  * New upstream release.
    - LP: #1279056 - Internal improvements to SignatureError for
      better debugging.
    - LP: #1277589 - Better protection against race conditions.
    - LP: #1260768 - Return empty string from ApplyUpdate D-Bus method.
    - Request ubuntu-download-manager to download to a temporary location,
      with atomic rename.
    - More detailed logging.
    - Fixed D-Bus error logging.
    - Added -L flag to nose2 tests for explicitly setting log file path.
    - Added SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS environment variable
      which can be used to give virtualized buildds a fighting chance.
  * d/patches/01_send_ack_on_applyupdate.diff - Removed; applied upstream.
  * d/control: Bump Standards-Version to 3.9.5 with no other changes necessary.

lp:~barry/ubuntu-system-image/citrain-2.1 updated on 2014-02-25

234. By Barry Warsaw on 2014-02-24: * d/control:
- Bump Standards-Version to 3.9.5 with no other changes necessary.
- Add python3-psutil as Depends to system-image-dev.
235. By Barry Warsaw on 2014-02-25: d/rules: Set SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS to 1 to deal with
buildd dbus-daemon SIGHUP timing issues.
236. By Barry Warsaw on 2014-02-25: - LP: #1284217 - Send UpdateAvailableStatus during auto-downloading
from a previous CheckForUpdate, if cached status is available.
* d/patches/01_send_ack_on_applyupdate.diff: Removed; applied upstream.
* d/patches/lp1284217.patch: Added (see above).
237. By Barry Warsaw on 2014-02-25: Update patch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barry Warsaw

Ubuntu CI managed package branches

 === modified file 'MANIFEST.in'
 --- MANIFEST.in	2013-12-13 13:55:51 +0000
 +++ MANIFEST.in	2014-02-25 17:45:25 +0000
@@ -3,4 +3,5 @@
  prune build
  prune dist
  prune .tox
++prune .bzr
  exclude .bzrignore
 === modified file 'NEWS.rst'
 --- NEWS.rst	2013-12-13 13:55:51 +0000
 +++ NEWS.rst	2014-02-25 17:45:25 +0000
@@ -2,7 +2,54 @@
  NEWS for system-image updater
  =============================
--2.0.3 (2013-XX-XX)
++2.1 (2014-02-20)
++================
++ * Internal improvements to SignatureError for better debugging. (LP: #1279056)
++ * Better protection against several possible race conditions during
++   `CheckForUpdate()` (LP: #1277589)
++   - Use a threading.Lock instance as the internal "checking for update"
++     barrier instead of a boolean.  This should eliminate the race window
++     between testing and acquiring the checking lock.
++   - Put an exclusive claim on the `com.canonical.SystemImage` system dbus
++     name, and if we cannot get that claim, exit with an error code 2.  This
++     prevents multiple instances of the D-Bus system service from running at
++     the same time.
++ * Return the empty string from `ApplyUpdate()` D-Bus method.  This restores
++   the original API (patch merged from Ubuntu package, given by Didier
++   Roche).  (LP: #1260768)
++ * Request ubuntu-download-manager to download all files to temporary
++   destinations, then atomically rename them into place.  This avoids
++   clobbering by multiple processes and mimics changes coming in u-d-m.
++ * Provide much more detailed logging.
++   - `Mediator` instances have a helpful `repr` which also includes the id of
++     the `State` object.
++   - More logging during state transitions.
++   - All emitted D-Bus signals are also logged (at debug level).
++ * Added `-L` flag to nose test runner, which can be used to specify an
++   explicit log file path for debugging.
++ * Fixed D-Bus error logging.
++   - Don't initialize the root logger, since this can interfere with
++     python-dbus, which doesn't initialize its loggers correctly.
++   - Only use `.format()` based interpolation for `systemimage` logs.
++ * Give virtualized buildds a fighting chance against D-Bus by
++   - using `org.freedesktop.DBus`s `ReloadConfig()` interface instead of
++     SIGHUP.
++   - add a configurable sleep call after the `ReloadConfig()`.  This defaults
++     to 0 since de-virtualized and local builds do not need them.  Set the
++     environment variable `SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS` to
++     override.
++  * Run the tox test suite for both Python 3.3 and 3.4.
++
++2.0.5 (2014-01-30)
++==================
++ * MANIFEST.in: Make sure the .bzr directory doesn't end up in the
++   sdist tarball.
++
++2.0.4 (2014-01-30)
++==================
++ * No change release to test the new landing process.
++
++2.0.3 (2013-12-11)
  ==================
   * More attempted DEP-8 test failure fixes.
 === modified file 'PKG-INFO'
 --- PKG-INFO	2013-12-13 13:55:51 +0000
 +++ PKG-INFO	2014-02-25 17:45:25 +0000
@@ -1,6 +1,6 @@
  Metadata-Version: 1.0
  Name: system-image
--Version: 2.0.3
++Version: 2.1
  Summary: Ubuntu System Image Based Upgrades
  Home-page: UNKNOWN
  Author: Barry Warsaw
 === modified file 'cli-manpage.rst'
 --- cli-manpage.rst	2013-12-13 13:55:51 +0000
 +++ cli-manpage.rst	2014-02-25 17:45:25 +0000
@@ -8,7 +8,7 @@
  :Author: Barry Warsaw <barry@ubuntu.com>
  :Date: 2013-10-23
--:Copyright: 2013 Canonical Ltd.
++:Copyright: 2013-2014 Canonical Ltd.
  :Version: 2.0
  :Manual section: 1
 === modified file 'dbus-manpage.rst'
 --- dbus-manpage.rst	2013-12-13 13:55:51 +0000
 +++ dbus-manpage.rst	2014-02-25 17:45:25 +0000
@@ -8,7 +8,7 @@
  :Author: Barry Warsaw <barry@ubuntu.com>
  :Date: 2013-07-31
--:Copyright: 2013 Canonical Ltd.
++:Copyright: 2013-2014 Canonical Ltd.
  :Version: 1.0
  :Manual section: 8
 === modified file 'debian/changelog'
 --- debian/changelog	2013-12-13 13:55:51 +0000
 +++ debian/changelog	2014-02-25 17:45:25 +0000
@@ -1,3 +1,35 @@
++system-image (2.1-0ubuntu4) UNRELEASED; urgency=medium
++
++  [ Stéphane Graber ]
++  * New upstream release.
++  * Set X-Auto-Uploader to no-rewrite-version
++  * Set Vcs-Bzr to the new target branch
++
++  [ Barry Warsaw ]
++  * New upstream release.
++    - LP: #1279056 - Internal improvements to SignatureError for
++      better debugging.
++    - LP: #1277589 - Better protection against race conditions.
++    - LP: #1260768 - Return empty string from ApplyUpdate D-Bus method.
++    - LP: #1284217 - Send UpdateAvailableStatus during auto-downloading
++      from a previous CheckForUpdate, if cached status is available.
++    - Request ubuntu-download-manager to download to a temporary location,
++      with atomic rename.
++    - More detailed logging.
++    - Fixed D-Bus error logging.
++    - Added -L flag to nose2 tests for explicitly setting log file path.
++    - Added SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS environment variable
++      which can be used to give virtualized buildds a fighting chance.
++  * d/patches/01_send_ack_on_applyupdate.diff: Removed; applied upstream.
++  * d/patches/lp1284217.patch: Added (see above).
++  * d/control:
++    - Bump Standards-Version to 3.9.5 with no other changes necessary.
++    - Add python3-psutil as Depends to system-image-dev.
++  * d/rules: Set SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS to 1 to deal with
++    buildd dbus-daemon SIGHUP timing issues.
++
++ -- Barry Warsaw <barry@ubuntu.com>  Thu, 20 Feb 2014 18:03:10 -0500
++
  system-image (2.0.3-0ubuntu2) trusty; urgency=low
    * Fix ApplyUpdate() to return an empty string as per spec if the update
 === modified file 'debian/control'
 --- debian/control	2013-12-13 13:55:51 +0000
 +++ debian/control	2014-02-25 17:45:25 +0000
@@ -18,10 +18,11 @@
                 python3-psutil,
                 python3-setuptools,
                 ubuntu-download-manager
--Standards-Version: 3.9.4
++Standards-Version: 3.9.5
  XS-Testsuite: autopkgtest
--Vcs-Bzr: https://code.launchpad.net/~ubuntu-system-image/ubuntu-system-image/client.pkg
--Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-system-image/ubuntu-system-image/client.pkg/files
++Vcs-Bzr: https://code.launchpad.net/~ubuntu-managed-branches/ubuntu-system-image/system-image
++Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-managed-branches/ubuntu-system-image/system-image/files
++X-Auto-Uploader: no-rewrite-version
  Package: system-image-cli
  Architecture: all
@@ -53,7 +54,7 @@
  Package: system-image-dev
  Architecture: all
--Depends: python3-gnupg, ${misc:Depends}, ${python3:Depends}
++Depends: python3-gnupg, python3-psutil, ${misc:Depends}, ${python3:Depends}
  Description: Ubuntu system image updater development
   This is the development bits for the Ubuntu system image updater.
   Install this package if you want to run the tests.
 === removed file 'debian/patches/01_send_ack_on_applyupdate.diff'
 --- debian/patches/01_send_ack_on_applyupdate.diff	2013-12-13 13:55:51 +0000
 +++ debian/patches/01_send_ack_on_applyupdate.diff	1970-01-01 00:00:00 +0000
@@ -1,16 +0,0 @@
--Description: Send ack on apply diff
-- Fix ApplyUpdate() to return an empty string as per spec if the update
-- is successfull (LP: #1260712)
--Author: Didier Roche <didrocks@ubuntu.com>
--Bug-Ubuntu: https://bugs.launchpad.net/bugs/1260712
--
----- system-image-2.0.3.orig/systemimage/dbus.py
--+++ system-image-2.0.3/systemimage/dbus.py
--@@ -233,6 +233,7 @@ class Service(Object):
--     def ApplyUpdate(self):
--         """Apply the update, rebooting the device."""
--         GLib.timeout_add(50, self._apply_update)
--+        return ""
--
--     @method('com.canonical.SystemImage', out_signature='isssa{ss}')
--     def Info(self):
 === added file 'debian/patches/lp1284217.patch'
 --- debian/patches/lp1284217.patch	1970-01-01 00:00:00 +0000
 +++ debian/patches/lp1284217.patch	2014-02-25 17:45:25 +0000
@@ -0,0 +1,106 @@
++Description: Backport of fix for LP: #1284217.  This adds an additional
++  UpdateAvailableStatus signal when a second CheckForUpdate is called while an
++  auto-download is in progress, but only if we have cached status available.
++Origin: http://bazaar.launchpad.net/~ubuntu-system-image/ubuntu-system-image/client/revision/240?start_revid=240
++Bug: http://pad.lv/1284217
++Forwarded: not-needed
++
++=== modified file 'systemimage/dbus.py'
++--- old/systemimage/dbus.py	2014-02-18 22:31:55 +0000
+++++ new/systemimage/dbus.py	2014-02-25 17:27:14 +0000
++@@ -131,7 +131,20 @@
++         # Check-and-acquire the lock.
++         log.info('test and acquire checking lock')
++         if not self._checking.acquire(blocking=False):
++-            # Check is already in progress, so there's nothing more to do.
+++            # Check is already in progress, so there's nothing more to do.  If
+++            # there's status available (i.e. we are in the auto-downloading
+++            # phase of the last CFU), then send the status.
+++            if self._update is not None:
+++                self.UpdateAvailableStatus(
+++                    self._update.is_available,
+++                    self._downloading,
+++                    self._update.version,
+++                    self._update.size,
+++                    self._update.last_update_date,
+++                    # XXX 2013-08-22 - the u/i cannot currently currently
+++                    # handle the array of dictionaries data type.  LP:
+++                    # #1215586 self._update.descriptions,
+++                    "")
++             log.info('checking lock not acquired')
++             return
++         log.info('checking lock acquired')
++
++=== modified file 'systemimage/tests/test_dbus.py'
++--- old/systemimage/tests/test_dbus.py	2014-02-18 20:02:59 +0000
+++++ new/systemimage/tests/test_dbus.py	2014-02-25 17:27:14 +0000
++@@ -23,13 +23,13 @@
++     'TestDBusGetSet',
++     'TestDBusInfo',
++     'TestDBusInfoNoDetails',
++-    'TestDBusLP1277589',
++     'TestDBusMockFailApply',
++     'TestDBusMockFailPause',
++     'TestDBusMockFailResume',
++     'TestDBusMockNoUpdate',
++     'TestDBusMockUpdateAutoSuccess',
++     'TestDBusMockUpdateManualSuccess',
+++    'TestDBusMultipleChecksInFlight',
++     'TestDBusPauseResume',
++     'TestDBusProgress',
++     'TestDBusRegressions',
++@@ -133,6 +133,7 @@
++         self.schedule(self.iface.CheckForUpdate)
++
++     def _do_UpdateAvailableStatus(self, signal, path, *args, **kws):
+++        # We'll keep doing this until we get the UpdateDownloaded signal.
++         self.uas_signals.append(args)
++         self.schedule(self.iface.CheckForUpdate)
++
++@@ -1563,7 +1564,7 @@
++ """)
++
++
++-class TestDBusLP1277589(_LiveTesting):
+++class TestDBusMultipleChecksInFlight(_LiveTesting):
++     def test_multiple_check_for_updates(self):
++         # Log analysis of LP: #1277589 appears to show the following scenario,
++         # reproduced in this test case:
++@@ -1588,18 +1589,23 @@
++         # signal, we'll immediately issue *another* CheckForUpdate, which
++         # should run while the auto-download is working.
++         #
++-        # At the end, we should not get another UpdateAvailableStatus signal,
++-        # but we should get the UpdateDownloaded signal.
+++        # As per LP: #1284217, we will get a second UpdateAvailableStatus
+++        # signal, since the status is available even while the original
+++        # request is being downloaded.
++         reactor = DoubleCheckingReactor(self.iface)
++         reactor.run()
++-        self.assertEqual(len(reactor.uas_signals), 1)
++-        (is_available, downloading, available_version, update_size,
++-         last_update_date,
++-         #descriptions,
++-         error_reason) = reactor.uas_signals[0]
++-        self.assertTrue(is_available)
++-        self.assertTrue(downloading)
++-        self.assertEqual(available_version, '1600')
++-        self.assertEqual(update_size, 314572800)
++-        self.assertEqual(last_update_date, 'Unknown')
++-        self.assertEqual(error_reason, '')
+++        # We need to have received at least 2 signals, but due to timing
+++        # issues it could possibly be more.
+++        self.assertGreater(len(reactor.uas_signals), 1)
+++        # All received signals should have the same information.
+++        for signal in reactor.uas_signals:
+++            (is_available, downloading, available_version, update_size,
+++             last_update_date,
+++             #descriptions,
+++             error_reason) = signal
+++            self.assertTrue(is_available)
+++            self.assertTrue(downloading)
+++            self.assertEqual(available_version, '1600')
+++            self.assertEqual(update_size, 314572800)
+++            self.assertEqual(last_update_date, 'Unknown')
+++            self.assertEqual(error_reason, '')
++
 === modified file 'debian/patches/series'
 --- debian/patches/series	2013-12-13 13:55:51 +0000
 +++ debian/patches/series	2014-02-25 17:45:25 +0000
@@ -1,1 +1,1 @@
--01_send_ack_on_applyupdate.diff
++lp1284217.patch
 === modified file 'debian/rules'
 --- debian/rules	2013-12-13 13:55:51 +0000
 +++ debian/rules	2014-02-25 17:45:25 +0000
@@ -16,6 +16,7 @@
  test-python%:
  	unset http_proxy; unset https_proxy; export HOME=/tmp; \
  	export SYSTEMIMAGE_REACTOR_TIMEOUT=1200; \
++	export SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS=2; \
  	nodot=$(shell echo $* | cut --complement -b 2); \
  	tox -e py$${nodot}
 === modified file 'ini-manpage.rst'
 --- ini-manpage.rst	2013-12-13 13:55:51 +0000
 +++ ini-manpage.rst	2014-02-25 17:45:25 +0000
@@ -9,7 +9,7 @@
  :Author: Barry Warsaw <barry@ubuntu.com>
  :Date: 2013-10-11
--:Copyright: 2013 Canonical Ltd.
++:Copyright: 2013-2014 Canonical Ltd.
  :Version: 1.9
  :Manual section: 5
 === modified file 'setup.cfg'
 --- setup.cfg	2013-12-13 13:55:51 +0000
 +++ setup.cfg	2014-02-25 17:45:25 +0000
@@ -4,7 +4,7 @@
  logging-filter = systemimage
  [egg_info]
++tag_svn_revision = 0
++tag_date = 0
  tag_build =
--tag_date = 0
--tag_svn_revision = 0
 === modified file 'setup.py'
 --- setup.py	2013-12-13 13:55:51 +0000
 +++ setup.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'system_image.egg-info/PKG-INFO'
 --- system_image.egg-info/PKG-INFO	2013-12-13 13:55:51 +0000
 +++ system_image.egg-info/PKG-INFO	2014-02-25 17:45:25 +0000
@@ -1,6 +1,6 @@
  Metadata-Version: 1.0
  Name: system-image
--Version: 2.0.3
++Version: 2.1
  Summary: Ubuntu System Image Based Upgrades
  Home-page: UNKNOWN
  Author: Barry Warsaw
 === modified file 'system_image.egg-info/SOURCES.txt'
 --- system_image.egg-info/SOURCES.txt	2013-12-13 13:55:51 +0000
 +++ system_image.egg-info/SOURCES.txt	2014-02-25 17:45:25 +0000
@@ -7,7 +7,6 @@
  setup.py
  tox.ini
  unittest.cfg
--.bzr/branch/branch.conf
  system_image.egg-info/PKG-INFO
  system_image.egg-info/SOURCES.txt
  system_image.egg-info/dependency_links.txt
@@ -126,6 +125,7 @@
  systemimage/tests/data/index_21.json
  systemimage/tests/data/index_22.json
  systemimage/tests/data/index_23.json
++systemimage/tests/data/index_24.json
  systemimage/tests/data/key.pem
  systemimage/tests/data/master-secring.gpg
  systemimage/tests/data/nasty_cert.pem
 === modified file 'systemimage/api.py'
 --- systemimage/api.py	2013-12-13 13:55:51 +0000
 +++ systemimage/api.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -73,6 +73,10 @@
          self._update = None
          self._callback = callback
++    def __repr__(self):
++        return '<Mediator at 0x{:x} | State at 0x{:x}>'.format(
++            id(self), id(self._state))
++
      def cancel(self):
          self._state.downloader.cancel()
 === modified file 'systemimage/bag.py'
 --- systemimage/bag.py	2013-12-13 13:55:51 +0000
 +++ systemimage/bag.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/bindings.py'
 --- systemimage/bindings.py	2013-12-13 13:55:51 +0000
 +++ systemimage/bindings.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/candidates.py'
 --- systemimage/candidates.py	2013-12-13 13:55:51 +0000
 +++ systemimage/candidates.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/channel.py'
 --- systemimage/channel.py	2013-12-13 13:55:51 +0000
 +++ systemimage/channel.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/config.py'
 --- systemimage/config.py	2013-12-13 13:55:51 +0000
 +++ systemimage/config.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/dbus.py'
 --- systemimage/dbus.py	2013-12-13 13:55:51 +0000
 +++ systemimage/dbus.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -23,6 +23,7 @@
  import os
  import sys
++import logging
  import traceback
  from dbus.service import Object, method, signal
@@ -31,9 +32,11 @@
  from systemimage.config import config
  from systemimage.helpers import last_update_date, version_detail
  from systemimage.settings import Settings
++from threading import Lock
  EMPTYSTRING = ''
++log = logging.getLogger('systemimage')
  class Loop:
@@ -68,7 +71,8 @@
          super().__init__(bus, object_path)
          self._loop = loop
          self._api = Mediator(self._progress_callback)
--        self._checking = False
++        log.info('Mediator created {}', self._api)
++        self._checking = Lock()
          self._update = None
          self._downloading = False
          self._paused = False
@@ -78,17 +82,22 @@
      def _check_for_update(self):
          # Asynchronous method call.
++        log.info('Checking for update')
          self._update = self._api.check_for_update()
          # Do we have an update and can we auto-download it?
          downloading = False
          if self._update.is_available:
              settings = Settings()
              auto = settings.get('auto_download')
++            log.info('Update available; auto-download: {}', auto)
              if auto in ('1', '2'):
                  # XXX When we have access to the download service, we can
                  # check if we're on the wifi (auto == '1').
--                GLib.timeout_add(50, self._download)
++                GLib.timeout_add(50, self._download, self._checking.release)
                  downloading = True
++            else:
++                log.info('release checking lock from _check_for_update()')
++                self._checking.release()
          self.UpdateAvailableStatus(
              self._update.is_available,
              downloading,
@@ -99,7 +108,6 @@
              # array of dictionaries data type.  LP: #1215586
              #self._update.descriptions,
              "")
--        self._checking = False
          # Stop GLib from calling this method again.
          return False
@@ -120,13 +128,17 @@
          whether the update is available or not.
          """
          self._loop.keepalive()
--        if self._checking:
++        # Check-and-acquire the lock.
++        log.info('test and acquire checking lock')
++        if not self._checking.acquire(blocking=False):
              # Check is already in progress, so there's nothing more to do.
++            log.info('checking lock not acquired')
              return
--        self._checking = True
--        # Reset any failure or in-progress state.  Get a new mediator to reset
--        # any of its state.
++        log.info('checking lock acquired')
++        # We've now acquired the lock.  Reset any failure or in-progress
++        # state.  Get a new mediator to reset any of its state.
          self._api = Mediator(self._progress_callback)
++        log.info('Mediator recreated {}', self._api)
          self._failure_count = 0
          self._last_error = ''
          # Arrange for the actual check to happen in a little while, so that
@@ -141,24 +153,28 @@
          eta = 0
          self.UpdateProgress(percentage, eta)
--    def _download(self):
++    def _download(self, release_checking=None):
          if self._downloading and self._paused:
              self._api.resume()
              self._paused = False
++            log.info('Download previously paused')
              return
--        if (self._downloading                        # Already in progress.
--            or self._update is None                  # Not yet checked.
--            or not self._update.is_available         # No update available.
++        if (self._downloading                           # Already in progress.
++            or self._update is None                     # Not yet checked.
++            or not self._update.is_available            # No update available.
              ):
++            log.info('Download already in progress or not available')
              return
          if self._failure_count > 0:
              self._failure_count += 1
              self.UpdateFailed(self._failure_count, self._last_error)
++            log.info('Update failure count: {}', self._failure_count)
              return
          self._downloading = True
++        log.info('Update is downloading')
          try:
--            # Always start by sending a UpdateProgress(0, 0).  This is enough
--            # to get the u/i's attention.
++            # Always start by sending a UpdateProgress(0, 0).  This is
++            # enough to get the u/i's attention.
              self.UpdateProgress(0, 0)
              self._api.download()
          except Exception:
@@ -167,13 +183,20 @@
              # value, but not the traceback.
              self._last_error = EMPTYSTRING.join(
                  traceback.format_exception_only(*sys.exc_info()[:2]))
++            log.info('Update failed: {}', self._last_error)
              self.UpdateFailed(self._failure_count, self._last_error)
          else:
++            log.info('Update downloaded')
              self.UpdateDownloaded()
              self._failure_count = 0
              self._last_error = ''
              self._rebootable = True
          self._downloading = False
++        log.info('release checking lock from _download()')
++        if release_checking is not None:
++            # We were auto-downloading, so we now have to release the checking
++            # lock.  If we were manually downloading, there would be no lock.
++            release_checking()
          # Stop GLib from calling this method again.
          return False
@@ -216,8 +239,6 @@
          return ''
      def _apply_update(self):
--        # This signal may or may not get sent.  We're racing against the
--        # system reboot procedure.
          self._loop.keepalive()
          if not self._rebootable:
              command_file = os.path.join(
@@ -227,12 +248,16 @@
                  self.Rebooting(False)
                  return
          self._api.reboot()
++        # This code may or may not run.  We're racing against the system
++        # reboot procedure.
++        self._rebootable = False
          self.Rebooting(True)
      @method('com.canonical.SystemImage')
      def ApplyUpdate(self):
          """Apply the update, rebooting the device."""
          GLib.timeout_add(50, self._apply_update)
++        return ''
      @method('com.canonical.SystemImage', out_signature='isssa{ss}')
      def Info(self):
@@ -294,31 +319,40 @@
                                #descriptions,
                                error_reason):
          """Signal sent in response to a CheckForUpdate()."""
++        log.debug('EMIT UpdateAvailableStatus({}, {}, {}, {}, {}, {})',
++                  is_available, downloading, available_version, update_size,
++                  last_update_date, repr(error_reason))
          self._loop.keepalive()
      @signal('com.canonical.SystemImage', signature='id')
      def UpdateProgress(self, percentage, eta):
          """Download progress."""
++        log.debug('EMIT UpdateProgress({}, {})', percentage, eta)
          self._loop.keepalive()
      @signal('com.canonical.SystemImage')
      def UpdateDownloaded(self):
          """The update has been successfully downloaded."""
++        log.debug('EMIT UpdateDownloaded()')
          self._loop.keepalive()
      @signal('com.canonical.SystemImage', signature='is')
      def UpdateFailed(self, consecutive_failure_count, last_reason):
          """The update failed for some reason."""
++        log.debug('EMIT UpdateFailed({}, {})',
++                  consecutive_failure_count, repr(last_reason))
          self._loop.keepalive()
      @signal('com.canonical.SystemImage', signature='i')
      def UpdatePaused(self, percentage):
          """The download got paused."""
++        log.debug('EMIT UpdatePaused({})', percentage)
          self._loop.keepalive()
      @signal('com.canonical.SystemImage', signature='ss')
      def SettingChanged(self, key, new_value):
          """A setting value has change."""
++        log.debug('EMIT SettingChanged({}, {})', repr(key), repr(new_value))
          self._loop.keepalive()
      @signal('com.canonical.SystemImage', signature='b')
@@ -326,3 +360,4 @@
          """The system is rebooting."""
          # We don't need to keep the loop alive since we're probably just going
          # to shutdown anyway.
++        log.debug('EMIT Rebooting({})', status)
 === modified file 'systemimage/device.py'
 --- systemimage/device.py	2013-12-13 13:55:51 +0000
 +++ systemimage/device.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/docs/conf.py'
 --- systemimage/docs/conf.py	2013-12-13 13:55:51 +0000
 +++ systemimage/docs/conf.py	2014-02-25 17:45:25 +0000
@@ -41,7 +41,7 @@
  # General information about the project.
  project = u'Image Update Resolver'
--copyright = u'2013, Canonical Ltd.'
++copyright = u'2013-2014, Canonical Ltd.'
  # The version info for the project you're documenting, acts as replacement for
  # |version| and |release|, also used in various other places throughout the
 === modified file 'systemimage/download.py'
 --- systemimage/download.py	2013-12-13 13:55:51 +0000
 +++ systemimage/download.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -22,12 +22,16 @@
+     ]
++import os
  import dbus
  import logging
++import tempfile
++from contextlib import ExitStack
  from io import StringIO
  from pprint import pformat
  from systemimage.config import config
++from systemimage.helpers import safe_remove
  from systemimage.reactor import Reactor
@@ -191,8 +195,25 @@
          for url, dst in downloads:
              print('\t{} -> {}'.format(url, dst), file=fp)
          log.info('{}'.format(fp.getvalue()))
++        # As a workaround for LP: #1277589, ask u-d-m to download the files to
++        # .tmp files, and if they succeed, then atomically move them into
++        # their real location.
++        renames = []
++        requests = []
++        for url, dst in downloads:
++            head, tail = os.path.split(dst)
++            fd, path = tempfile.mkstemp(suffix='.tmp', prefix='', dir=head)
++            os.close(fd)
++            renames.append((path, dst))
++            requests.append((url, path, ''))
++        # mkstemp() creates the file system path, but if the files exist when
++        # the group download is requested, ubuntu-download-manager will
++        # complain and return an error.  So, delete all temporary files now so
++        # udm has a clear path to download to.
++        for path, dst in renames:
++            os.remove(path)
          object_path = iface.createDownloadGroup(
--            [(url, dst, '') for url, dst in downloads],
++            requests,     # The temporary requests.
              '',           # No hashes yet.
              False,        # Don't allow GSM yet.
              # https://bugs.freedesktop.org/show_bug.cgi?id=55594
@@ -220,6 +241,19 @@
              raise Canceled
          if reactor.timed_out:
              raise TimeoutError
++        # Now that everything succeeded, rename the temporary files.  Just to
++        # be extra cautious, set up a context manager to safely remove all
++        # temporary files in case of an error.  If there are no errors, then
++        # there will be nothing to remove.
++        with ExitStack() as resources:
++            for tmp, dst in renames:
++                resources.callback(safe_remove, tmp)
++            for tmp, dst in renames:
++                os.rename(tmp, dst)
++            # We only get here if all the renames succeeded, so there will be
++            # no temporary files to remove, so we can throw away the new
++            # ExitStack, which holds all the removals.
++            resources.pop_all()
      def cancel(self):
          """Cancel any current downloads."""
 === modified file 'systemimage/gpg.py'
 --- systemimage/gpg.py	2013-12-13 13:55:51 +0000
 +++ systemimage/gpg.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -23,6 +23,7 @@
  import os
  import gnupg
++import hashlib
  import tarfile
  from contextlib import ExitStack
@@ -37,10 +38,70 @@
      always returns a boolean.  This exception is used by other functions to
      signal that a .asc file did not match.
      """
++    def __init__(self, signature_path, data_path,
++                 keyrings=None, blacklist=None):
++        super().__init__()
++        self.signature_path = signature_path
++        self.data_path = data_path
++        self.keyrings = ([] if keyrings is None else keyrings)
++        self.blacklist = blacklist
++        # We have to calculate the checksums now, because it's possible that
++        # the files will be temporary/atomic files, deleted when a context
++        # manager exits.  I.e. the files aren't guaranteed to exist after this
++        # constructor runs.
++        #
++        # Also, md5 is fine; this is not a security critical context, we just
++        # want to be able to quickly and easily compare the file on disk
++        # against the file on the server.
++        with open(self.signature_path, 'rb') as fp:
++            self.signature_checksum =  hashlib.md5(fp.read()).hexdigest()
++        with open(self.data_path, 'rb') as fp:
++            self.data_checksum = hashlib.md5(fp.read()).hexdigest()
++        self.keyring_checksums = []
++        for path in self.keyrings:
++            with open(path, 'rb') as fp:
++                checksum = hashlib.md5(fp.read()).hexdigest()
++                self.keyring_checksums.append(checksum)
++        if self.blacklist is None:
++            self.blacklist_checksum = None
++        else:
++            with open(self.blacklist, 'rb') as fp:
++                self.blacklist_checksum = hashlib.md5(fp.read()).hexdigest()
++
++    def __str__(self):
++        if self.blacklist is None:
++            checksum_str = 'no blacklist'
++            path_str = ''
++        else:
++            checksum_str = self.blacklist_checksum
++            path_str = self.blacklist
++        return """
++    sig path : {0.signature_checksum}
++               {0.signature_path}
++    data path: {0.data_checksum}
++               {0.data_path}
++    keyrings : {0.keyring_checksums}
++               {1}
++    blacklist: {2} {3}
++""".format(self, list(self.keyrings), checksum_str, path_str)
++
  class Context:
      def __init__(self, *keyrings, blacklist=None):
++        """Create a GPG signature verification context.
++
++        :param keyrings: The list of keyrings to use for validating the
++            signature on data files.
++        :type keyrings: Sequence of .tar.xz keyring files, which will be
++            unpacked to retrieve the actual .gpg keyring file.
++        :param blacklist: The blacklist keyring, from which fingerprints to
++            explicitly disallow are retrieved.
++        :type blacklist: A .tar.xz keyring file, which will be unpacked to
++            retrieve the actual .gpg keyring file.
++        """
++        self.keyring_paths = keyrings
++        self.blacklist_path = blacklist
          self._ctx = None
          self._stack = ExitStack()
          self._keyrings = []
@@ -112,6 +173,21 @@
          return set(info['keyid'] for info in self._ctx.list_keys())
      def verify(self, signature_path, data_path):
++        """Verify a GPG signature.
++
++        This verifies that the data file signature is valid, given the
++        keyrings and blacklist specified in the constructor.  Specifically, we
++        use GPG to extract the fingerprint in the signature path, and compare
++        it against the fingerprints in the keyrings, subtracting any
++        fingerprints in the blacklist.
++
++        :param signature_path: The file system path to the detached signature
++            file for the data file.
++        :type signature_path: str
++        :param data_path: The file system path to the data file.
++        :type data_path: str
++        :return: bool
++        """
          with open(signature_path, 'rb') as sig_fp:
              verified = self._ctx.verify_file(sig_fp, data_path)
          # If the file is properly signed, we'll be able to get back a set of
@@ -120,3 +196,21 @@
          # loaded-up keyrings.  If so, the signature succeeds.
          return verified.fingerprint in (self.fingerprints -
                                          self._blacklisted_fingerprints)
++
++    def validate(self, signature_path, data_path):
++        """Like .verify() but raises a SignatureError when invalid.
++
++        :param signature_path: The file system path to the detached signature
++            file for the data file.
++        :type signature_path: str
++        :param data_path: The file system path to the data file.
++        :type data_path: str
++        :return: None
++        :raises SignatureError: when the signature cannot be verified.  Note
++            that the exception will contain extra information, namely the
++            keyrings involved in the verification, as well as the blacklist
++            file if there is one.
++        """
++        if not self.verify(signature_path, data_path):
++            raise SignatureError(signature_path, data_path,
++                                 self.keyring_paths, self.blacklist_path)
 === modified file 'systemimage/helpers.py'
 --- systemimage/helpers.py	2013-12-13 13:55:51 +0000
 +++ systemimage/helpers.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/image.py'
 --- systemimage/image.py	2013-12-13 13:55:51 +0000
 +++ systemimage/image.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/index.py'
 --- systemimage/index.py	2013-12-13 13:55:51 +0000
 +++ systemimage/index.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/keyring.py'
 --- systemimage/keyring.py	2013-12-13 13:55:51 +0000
 +++ systemimage/keyring.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -31,7 +31,7 @@
  from datetime import datetime, timezone
  from systemimage.config import config
  from systemimage.download import DBusDownloadManager
--from systemimage.gpg import Context, SignatureError
++from systemimage.gpg import Context
  from systemimage.helpers import makedirs, safe_remove
  from urllib.parse import urljoin
@@ -110,8 +110,7 @@
          stack.callback(os.remove, ascxz_dst)
          signing_keyring = getattr(config.gpg, sigkr.replace('-', '_'))
          with Context(signing_keyring, blacklist=blacklist) as ctx:
--            if not ctx.verify(ascxz_dst, tarxz_dst):
--                raise SignatureError
++            ctx.validate(ascxz_dst, tarxz_dst)
          # The signature is good, so now unpack the tarball, load the json file
          # and verify its contents.
          keyring_gpg = os.path.join(config.tempdir, 'keyring.gpg')
 === modified file 'systemimage/logging.py'
 --- systemimage/logging.py	2013-12-13 13:55:51 +0000
 +++ systemimage/logging.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -36,12 +36,35 @@
  LOGFILE_PERMISSIONS = stat.S_IRUSR | stat.S_IWUSR
++# We want to support {}-style logging for all systemimage child loggers.  One
++# way to do this is with a LogRecord factory, but to play nice with third
++# party loggers which might be using %-style, we have to make sure that we use
++# the default factory for everything else.
++#
++# This actually isn't the best way to do this because it still makes a global
++# change and we don't know how this will interact with other third party
++# loggers.  A marginally better way to do this is to pass class instances to
++# the logging calls.  Those instances would have a __str__() method that does
++# the .format() conversion.  The problem with that is that it's a bit less
++# convenient to make the logging calls because you can't pass strings
++# directly.  One such suggestion at <http://tinyurl.com/pjjwjxq> is to import
++# the class as __ (i.e. double underscore) so your logging calls would look
++# like: log.error(__('Message with {} {}'), foo, bar)
++
  class FormattingLogRecord(logging.LogRecord):
++    def __init__(self, name, *args, **kws):
++        logger_path = name.split('.')
++        self._use_format = (logger_path[0] == 'systemimage')
++        super().__init__(name, *args, **kws)
++
      def getMessage(self):
--        msg = str(self.msg)
--        if self.args:
--            msg = msg.format(*self.args)
--        return msg
++        if self._use_format:
++            msg = str(self.msg)
++            if self.args:
++                msg = msg.format(*self.args)
++            return msg
++        else:
++            return super().getMessage()
  def initialize(*, verbosity=0):
@@ -53,9 +76,7 @@
 : logging.CRITICAL,
          }.get(verbosity, logging.ERROR)
      level = min(level, config.system.loglevel)
--    # We're not going to propagate to the root logger anyway.
--    logging.basicConfig(style='{')
--    # Make sure logging uses {}-style messages.
++    # Make sure our library's logging uses {}-style messages.
      logging.setLogRecordFactory(FormattingLogRecord)
      # Now configure the application level logger based on the ini file.
      log = logging.getLogger('systemimage')
 === modified file 'systemimage/main.py'
 --- systemimage/main.py	2013-12-13 13:55:51 +0000
 +++ systemimage/main.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/reactor.py'
 --- systemimage/reactor.py	2013-12-13 13:55:51 +0000
 +++ systemimage/reactor.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/reboot.py'
 --- systemimage/reboot.py	2013-12-13 13:55:51 +0000
 +++ systemimage/reboot.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/scores.py'
 --- systemimage/scores.py	2013-12-13 13:55:51 +0000
 +++ systemimage/scores.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/service.py'
 --- systemimage/service.py	2013-12-13 13:55:51 +0000
 +++ systemimage/service.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -28,10 +28,9 @@
  from contextlib import ExitStack
  from dbus.mainloop.glib import DBusGMainLoop
--from dbus.service import BusName
  from pkg_resources import resource_string as resource_bytes
  from systemimage.config import config
--from systemimage.dbus import Loop, Service
++from systemimage.dbus import Loop
  from systemimage.helpers import makedirs
  from systemimage.logging import initialize
  from systemimage.main import DEFAULT_CONFIG_FILE
@@ -92,12 +91,20 @@
      initialize(verbosity=args.verbose)
      log = logging.getLogger('systemimage')
--    log.info('SystemImage dbus main loop started [{}/{}]',
--             config.channel, config.device)
      DBusGMainLoop(set_as_default=True)
      system_bus = dbus.SystemBus()
--    bus_name = BusName('com.canonical.SystemImage', system_bus)
++    # Ensure we're the only owner of this bus name.
++    code = system_bus.request_name(
++        'com.canonical.SystemImage',
++        dbus.bus.NAME_FLAG_DO_NOT_QUEUE)
++    if code == dbus.bus.REQUEST_NAME_REPLY_EXISTS:
++        # Another instance already owns this name.  Exit.
++        log.error('Cannot get exclusive ownership of bus name.')
++        sys.exit(2)
++
++    log.info('SystemImage dbus main loop starting [{}/{}]',
++             config.channel, config.device)
      with ExitStack() as stack:
          loop = Loop()
@@ -107,6 +114,7 @@
              config.dbus_service = get_service(
                  testing_mode, system_bus, '/Service', loop)
          else:
++            from systemimage.dbus import Service
              config.dbus_service = Service(system_bus, '/Service', loop)
          try:
              loop.run()
 === modified file 'systemimage/settings.py'
 --- systemimage/settings.py	2013-12-13 13:55:51 +0000
 +++ systemimage/settings.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/state.py'
 --- systemimage/state.py	2013-12-13 13:55:51 +0000
 +++ systemimage/state.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -217,7 +217,7 @@
                       urljoin(config.service.https_base, url)))
              get_keyring('blacklist', url, 'image-master')
          except SignatureError:
--            log.info('No signed blacklist found')
++            log.exception('No signed blacklist found')
              # The blacklist wasn't signed by the system image master.  Maybe
              # there's a new system image master key?  Let's find out.
              self._next.appendleft(self._get_master_key)
@@ -293,14 +293,16 @@
              # SIGNING key.  There may or may not be a blacklist.
              ctx = stack.enter_context(
                  Context(config.gpg.image_signing, blacklist=self.blacklist))
--            if not ctx.verify(asc_path, channels_path):
++            try:
++                ctx.validate(asc_path, channels_path)
++            except SignatureError:
                  # The signature on the channels.json file did not match.
                  # Maybe there's a new image signing key on the server.  If
                  # we've already downloaded a new image signing key, then
                  # there's nothing more to do but raise an exception.
                  # Otherwise, if a new key *is* found, retry the current step.
                  if count > 0:
--                    raise SignatureError(channels_path)
++                    raise
                  self._next.appendleft(self._get_signing_key)
                  log.info('channels.json not properly signed')
                  return
@@ -398,10 +400,7 @@
                  keyrings.append(config.gpg.device_signing)
              ctx = stack.enter_context(
                  Context(*keyrings, blacklist=self.blacklist))
--            if not ctx.verify(asc_path, index_path):
--                log.error('index.json signature failure: {} {}',
--                          index_path, asc_path)
--                raise SignatureError(index_path)
++            ctx.validate(asc_path, index_path)
              # The signature was good.
              with open(index_path, encoding='utf-8') as fp:
                  self.index = Index.from_json(fp.read())
@@ -512,8 +511,7 @@
              # Verify the signatures on all the downloaded files.
              with Context(*keyrings, blacklist=self.blacklist) as ctx:
                  for dst, asc in signatures:
--                    if not ctx.verify(asc, dst):
--                        raise SignatureError(dst)
++                    ctx.validate(asc, dst)
              # Verify the checksums.
              for dst, checksum in checksums:
                  with open(dst, 'rb') as fp:
 === modified file 'systemimage/testing/controller.py'
 --- systemimage/testing/controller.py	2013-12-13 13:55:51 +0000
 +++ systemimage/testing/controller.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -25,8 +25,8 @@
  import pwd
  import sys
  import dbus
++import time
  import psutil
--import signal
  import subprocess
  from contextlib import ExitStack
@@ -38,6 +38,8 @@
  SPACE = ' '
++OVERRIDE = os.environ.get('SYSTEMIMAGE_DBUS_DAEMON_HUP_SLEEP_SECONDS')
++HUP_SLEEP = (0 if OVERRIDE is None else int(OVERRIDE))
  def start_system_image(controller):
@@ -125,7 +127,7 @@
  class Controller:
      """Start and stop D-Bus service under test."""
--    def __init__(self):
++    def __init__(self, logfile=None):
          # Non-public.
          self._stack = ExitStack()
          self._stoppers = []
@@ -148,21 +150,22 @@
          # We need a client.ini file for the subprocess.
          ini_tmpdir = self._stack.enter_context(temporary_directory())
          ini_vardir = self._stack.enter_context(temporary_directory())
++        ini_logfile = (os.path.join(ini_tmpdir, 'client.log')
++                       if logfile is None
++                       else logfile)
          self.ini_path = os.path.join(self.tmpdir, 'client.ini')
          template = resource_bytes(
              'systemimage.tests.data', 'config_03.ini').decode('utf-8')
          with open(self.ini_path, 'w', encoding='utf-8') as fp:
--            print(template.format(tmpdir=ini_tmpdir, vardir=ini_vardir),
++            print(template.format(tmpdir=ini_tmpdir, vardir=ini_vardir,
++                                  logfile=ini_logfile),
                    file=fp)
      def _configure_services(self):
--        # If the daemon is already running, kill all the children and HUP the
--        # daemon to reset dbus activation.
++        # If the dbus-daemon is already running, kill all the children.
          if self.daemon_pid is not None:
              for stopper in self._stoppers:
                  stopper(self)
--            process = psutil.Process(self.daemon_pid)
--            process.send_signal(signal.SIGHUP)
          del self._stoppers[:]
          # Now we have to set up the .service files.  We use the Python
          # executable used to run the tests, executing the entry point as would
@@ -178,6 +181,12 @@
              with open(service_path, 'w', encoding='utf-8') as fp:
                  fp.write(config)
              self._stoppers.append(stopper)
++        # If the dbus-daemon is running, reload its configuration files.
++        if self.daemon_pid is not None:
++            service = dbus.SystemBus().get_object('org.freedesktop.DBus', '/')
++            iface = dbus.Interface(service, 'org.freedesktop.DBus')
++            iface.ReloadConfig()
++            time.sleep(HUP_SLEEP)
      def set_mode(self, *, cert_pem=None, service_mode=''):
          self.mode = service_mode
 === modified file 'systemimage/testing/dbus.py'
 --- systemimage/testing/dbus.py	2013-12-13 13:55:51 +0000
 +++ systemimage/testing/dbus.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -31,6 +31,8 @@
  from systemimage.helpers import makedirs, safe_remove
  from unittest.mock import patch
++from systemimage.testing.helpers import debug
++
  SPACE = ' '
  SIGNAL_DELAY_SECS = 5
@@ -65,7 +67,11 @@
      @method('com.canonical.SystemImage')
      def Reset(self):
          self._api = Mediator()
--        self._checking = False
++        try:
++            self._checking.release()
++        except RuntimeError:
++            # Lock is already released.
++            pass
          self._update = None
          self._downloading = False
          self._rebootable = False
 === modified file 'systemimage/testing/demo.py'
 --- systemimage/testing/demo.py	2013-12-13 13:55:51 +0000
 +++ systemimage/testing/demo.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/testing/helpers.py'
 --- systemimage/testing/helpers.py	2013-12-13 13:55:51 +0000
 +++ systemimage/testing/helpers.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -107,6 +107,12 @@
              # Please shut up.
              pass
++        def handle_one_request(self):
++            try:
++                super().handle_one_request()
++            except ConnectionResetError:
++                super().handle_one_request()
++
          def do_GET(self):
              # If we requested the magic 'user-agent.txt' file, send back the
              # value of the User-Agent header.  Otherwise, vend as normal.
@@ -166,7 +172,16 @@
              for conn in connections:
                  if conn.fileno() != -1:
                      # Disallow sends and receives.
--                    conn.shutdown(SHUT_RDWR)
++                    try:
++                        conn.shutdown(SHUT_RDWR)
++                    except OSError:
++                        # I'm ignoring all OSErrors here, although the only
++                        # one I've seen semi-consistency is ENOTCONN [107]
++                        # "Transport endpoint is not connected".  I don't know
++                        # why this happens, but it tells me that the client
++                        # has already exited.  We're shutting down, so who
++                        # cares?  (Or am I masking a real error?)
++                        pass
                  conn.close()
              server.shutdown()
              thread.join()
@@ -332,7 +347,7 @@
          setup_keyring_txz(keyring + '.gpg', signing_kr, json_data, dst)
--def setup_index(index, todir, keyring):
++def setup_index(index, todir, keyring, write_callback=None):
      for image in get_index(index).images:
          for filerec in image.files:
              path = (filerec.path[1:]
@@ -340,10 +355,13 @@
                      else filerec.path)
              dst = os.path.join(todir, path)
              makedirs(os.path.dirname(dst))
--            contents = EMPTYSTRING.join(
--                os.path.splitext(filerec.path)[0].split('/'))
--            with open(dst, 'w', encoding='utf-8') as fp:
--                fp.write(contents)
++            if write_callback is None:
++                contents = EMPTYSTRING.join(
++                    os.path.splitext(filerec.path)[0].split('/'))
++                with open(dst, 'w', encoding='utf-8') as fp:
++                    fp.write(contents)
++            else:
++                write_callback(dst)
              # Sign with the specified signing key.
              sign(dst, keyring)
 === modified file 'systemimage/testing/nose.py'
 --- systemimage/testing/nose.py	2013-12-13 13:55:51 +0000
 +++ systemimage/testing/nose.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -75,15 +75,24 @@
          super().__init__()
          self.patterns = []
          self.verbosity = 0
++        self.log_file = None
          self.addArgument(self.patterns, 'P', 'pattern',
                           'Add a test matching pattern')
          def bump(ignore):
              self.verbosity += 1
          self.addFlag(bump, 'V', 'Verbosity',
                       'Increase system-image verbosity')
++        def set_log_file(path):
++            self.log_file = path[0]
++        self.addOption(set_log_file, 'L', 'logfile',
++                       'Set the log file for the test run',
++                       nargs=1)
      @configuration
      def startTestRun(self, event):
++        from systemimage.config import config
++        if self.log_file is not None:
++            config.system.logfile = self.log_file
          DBusGMainLoop(set_as_default=True)
          initialize(verbosity=self.verbosity)
          # We need to set up the dbus service controller, since all the tests
@@ -92,7 +101,7 @@
          # individual services, and we can write new dbus configuration files
          # and HUP the dbus-launch to re-read them, but we cannot change bus
          # addresses after the initial one is set.
--        SystemImagePlugin.controller = Controller()
++        SystemImagePlugin.controller = Controller(self.log_file)
          SystemImagePlugin.controller.start()
          atexit.register(SystemImagePlugin.controller.stop)
@@ -123,3 +132,13 @@
          SystemImagePlugin.controller.stop()
          # Let other plugins continue printing.
          return None
++
++    ## def startTest(self, event):
++    ##     from systemimage.testing.helpers import debug
++    ##     with debug() as dlog:
++    ##         dlog('vvvvv', event.test)
++
++    ## def stopTest(self, event):
++    ##     from systemimage.testing.helpers import debug
++    ##     with debug() as dlog:
++    ##         dlog('^^^^^', event.test)
 === modified file 'systemimage/tests/data/config_03.ini'
 --- systemimage/tests/data/config_03.ini	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/data/config_03.ini	2014-02-25 17:45:25 +0000
@@ -14,7 +14,7 @@
  timeout: 1s
  build_file: {tmpdir}/ubuntu-build
  tempdir: {tmpdir}/tmp
--logfile: {tmpdir}/client.log
++logfile: {logfile}
  loglevel: info
  settings_db: {vardir}/settings.db
 === added file 'systemimage/tests/data/index_24.json'
 --- systemimage/tests/data/index_24.json	1970-01-01 00:00:00 +0000
 +++ systemimage/tests/data/index_24.json	2014-02-25 17:45:25 +0000
@@ -0,0 +1,36 @@
++{
++    "global": {
++        "generated_at": "Thu Aug 01 08:01:00 UTC 2013"
++    },
++    "images": [
++        {
++            "description": "Full",
++            "files": [
++                {
++                    "checksum": "5b05b298e974f3b9e40f0a1a8188f50984a4f18fb329e050324296632d3d9dfc",
++                    "order": 3,
++                    "path": "/3/4/5.txt",
++                    "signature": "/3/4/5.txt.asc",
++                    "size": 104857600
++                },
++                {
++                    "checksum": "5b05b298e974f3b9e40f0a1a8188f50984a4f18fb329e050324296632d3d9dfc",
++                    "order": 1,
++                    "path": "/4/5/6.txt",
++                    "signature": "/4/5/6.txt.asc",
++                    "size": 104857600
++                },
++                {
++                    "checksum": "5b05b298e974f3b9e40f0a1a8188f50984a4f18fb329e050324296632d3d9dfc",
++                    "order": 2,
++                    "path": "/5/6/7.txt",
++                    "signature": "/5/6/7.txt.asc",
++                    "size": 104857600
++                }
++            ],
++            "type": "full",
++            "version": 1600,
++            "bootme": true
++        }
++    ]
++}
 === modified file 'systemimage/tests/test_api.py'
 --- systemimage/tests/test_api.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_api.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_bag.py'
 --- systemimage/tests/test_bag.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_bag.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_candidates.py'
 --- systemimage/tests/test_candidates.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_candidates.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_channel.py'
 --- systemimage/tests/test_channel.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_channel.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_config.py'
 --- systemimage/tests/test_config.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_config.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_dbus.py'
 --- systemimage/tests/test_dbus.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_dbus.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -23,6 +23,7 @@
      'TestDBusGetSet',
      'TestDBusInfo',
      'TestDBusInfoNoDetails',
++    'TestDBusLP1277589',
      'TestDBusMockFailApply',
      'TestDBusMockFailPause',
      'TestDBusMockFailResume',
@@ -122,6 +123,23 @@
          self.quit()
++class DoubleCheckingReactor(Reactor):
++    def __init__(self, iface):
++        super().__init__(dbus.SystemBus())
++        self.iface = iface
++        self.uas_signals = []
++        self.react_to('UpdateAvailableStatus')
++        self.react_to('UpdateDownloaded')
++        self.schedule(self.iface.CheckForUpdate)
++
++    def _do_UpdateAvailableStatus(self, signal, path, *args, **kws):
++        self.uas_signals.append(args)
++        self.schedule(self.iface.CheckForUpdate)
++
++    def _do_UpdateDownloaded(self, *args, **kws):
++        self.quit()
++
++
  class _TestBase(unittest.TestCase):
      """Base class for all DBus testing."""
@@ -262,13 +280,14 @@
          safe_remove(self.reboot_log)
          super().tearDown()
--    def _prepare_index(self, index_file):
++    def _prepare_index(self, index_file, write_callback=None):
          serverdir = SystemImagePlugin.controller.serverdir
          index_path = os.path.join(serverdir, 'stable', 'nexus7', 'index.json')
          head, tail = os.path.split(index_path)
          copy(index_file, head, tail)
          sign(index_path, 'device-signing.gpg')
--        setup_index(index_file, serverdir, 'device-signing.gpg')
++        setup_index(index_file, serverdir, 'device-signing.gpg',
++                    write_callback)
      def _touch_build(self, version):
          # Unlike the touch_build() helper, this one uses our own config object
@@ -374,6 +393,23 @@
          self.assertEqual(last_update_date, '2013-01-20 12:01:45')
          # All other values are undefined.
++    def test_check_for_update_twice(self):
++        # Issue two CheckForUpdate calls immediate after each other.
++        self.download_always()
++        reactor = SignalCapturingReactor('UpdateAvailableStatus')
++        def two_calls():
++            self.iface.CheckForUpdate()
++            self.iface.CheckForUpdate()
++        reactor.run(two_calls)
++        self.assertEqual(len(reactor.signals), 1)
++        # There's one boolean argument to the result.
++        (is_available, downloading, available_version, update_size,
++         last_update_date,
++         # descriptions,
++         error_reason) = reactor.signals[0]
++        self.assertTrue(is_available)
++        self.assertTrue(downloading)
++
      @unittest.skip('LP: #1215586')
      def test_get_multilingual_descriptions(self):
          # The descriptions are multilingual.
@@ -1368,7 +1404,9 @@
      def setUp(self):
          super().setUp()
          # We have to hack the files to be rather large so that the download
--        # doesn't complete before we get a chance to pause it.
++        # doesn't complete before we get a chance to pause it.  Of course,
++        # this breaks the signatures because we're changing the file contents
++        # after the .asc files have been written.
          for path in ('3/4/5.txt', '4/5/6.txt', '5/6/7.txt'):
              full_path = os.path.join(
                  SystemImagePlugin.controller.serverdir, path)
@@ -1391,15 +1429,25 @@
          self.assertTrue(reactor.paused)
          # Now let's resume the download.  Because we intentionally corrupted
          # the downloaded files, we'll get an UpdateFailed signal instead of
--        # the successful UpdateDownloaded signal.  We can ignore that.
++        # the successful UpdateDownloaded signal.
          reactor = SignalCapturingReactor('UpdateFailed')
          reactor.run(self.iface.DownloadUpdate, timeout=60)
          self.assertEqual(len(reactor.signals), 1)
--        # We've gotten one error and the first file that failed is 5.txt.
++        # The error message will include lots of details on the SignatureError
++        # that results.  The key thing is that it's 5.txt that is the first
++        # file to fail its signature check.
          failure_count, last_error = reactor.signals[0]
          self.assertEqual(failure_count, 1)
--        # Watch out for the trailing newline.
--        self.assertEqual(os.path.basename(last_error[:-1]), '5.txt')
++        check_next = False
++        for line in last_error.splitlines():
++            line = line.strip()
++            if check_next:
++                self.assertEqual(os.path.basename(line), '5.txt')
++                break
++            if line.startswith('data path:'):
++                check_next = True
++        else:
++            raise AssertionError('Did not find expected error output')
  class TestDBusUseCache(_LiveTesting):
@@ -1513,3 +1561,45 @@
  update 5.txt 5.txt.asc
  unmount system
  """)
++
++
++class TestDBusLP1277589(_LiveTesting):
++    def test_multiple_check_for_updates(self):
++        # Log analysis of LP: #1277589 appears to show the following scenario,
++        # reproduced in this test case:
++        #
++        # * Automatic updates are enabled.
++        # * No image signing or image master keys are present.
++        # * A full update is checked.
++        #   - A new image master key and image signing key is downloaded.
++        #   - Update is available
++        #
++        # Start by creating some big files which will take a while to
++        # download.
++        def write_callback(dst):
++            # Write a 100 MiB sized file.
++            with open(dst, 'wb') as fp:
++                for i in range(25600):
++                    fp.write(b'x' * 4096)
++        self._prepare_index('index_24.json', write_callback)
++        # Create a reactor that will exit when the UpdateDownloaded signal is
++        # received.  We're going to issue a CheckForUpdate with automatic
++        # updates enabled.  As soon as we receive the UpdateAvailableStatus
++        # signal, we'll immediately issue *another* CheckForUpdate, which
++        # should run while the auto-download is working.
++        #
++        # At the end, we should not get another UpdateAvailableStatus signal,
++        # but we should get the UpdateDownloaded signal.
++        reactor = DoubleCheckingReactor(self.iface)
++        reactor.run()
++        self.assertEqual(len(reactor.uas_signals), 1)
++        (is_available, downloading, available_version, update_size,
++         last_update_date,
++         #descriptions,
++         error_reason) = reactor.uas_signals[0]
++        self.assertTrue(is_available)
++        self.assertTrue(downloading)
++        self.assertEqual(available_version, '1600')
++        self.assertEqual(update_size, 314572800)
++        self.assertEqual(last_update_date, 'Unknown')
++        self.assertEqual(error_reason, '')
 === modified file 'systemimage/tests/test_download.py'
 --- systemimage/tests/test_download.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_download.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_gpg.py'
 --- systemimage/tests/test_gpg.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_gpg.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -18,15 +18,20 @@
  __all__ = [
      'TestKeyrings',
      'TestSignature',
++    'TestSignatureError',
+     ]
  import os
++import sys
++import hashlib
  import unittest
++import traceback
  from contextlib import ExitStack
++from io import StringIO
  from systemimage.config import config
--from systemimage.gpg import Context
++from systemimage.gpg import Context, SignatureError
  from systemimage.helpers import temporary_directory
  from systemimage.testing.helpers import (
      configuration, copy, setup_keyring_txz, setup_keyrings, sign)
@@ -330,3 +335,171 @@
              with Context(keyring_1, keyring_2, blacklist=blacklist) as ctx:
                  self.assertFalse(
                      ctx.verify(channels_json + '.asc', channels_json))
++
++    @configuration
++    def test_good_validation(self):
++        # The .validate() method does nothing if the signature is good.
++        channels_json = os.path.join(self._tmpdir, 'channels.json')
++        copy('channels_01.json', self._tmpdir, dst=channels_json)
++        sign(channels_json, 'image-signing.gpg')
++        with temporary_directory() as tmpdir:
++            keyring = os.path.join(tmpdir, 'image-signing.tar.xz')
++            setup_keyring_txz('image-signing.gpg', 'image-master.gpg',
++                              dict(type='image-signing'), keyring)
++            with Context(keyring) as ctx:
++                self.assertIsNone(
++                    ctx.validate(channels_json + '.asc', channels_json))
++
++
++class TestSignatureError(unittest.TestCase):
++    def setUp(self):
++        self._stack = ExitStack()
++        self._tmpdir = self._stack.enter_context(temporary_directory())
++
++    def tearDown(self):
++        self._stack.close()
++
++    def test_extra_data(self):
++        # A SignatureError includes extra information about the path to the
++        # signature file, and the path to the data file.  You also get the md5
++        # checksums of those two paths.
++        signature_path = os.path.join(self._tmpdir, 'signature')
++        data_path = os.path.join(self._tmpdir, 'data')
++        with open(signature_path, 'wb') as fp:
++            fp.write(b'012345')
++        with open(data_path, 'wb') as fp:
++            fp.write(b'67890a')
++        error = SignatureError(signature_path, data_path)
++        self.assertEqual(error.signature_path, signature_path)
++        self.assertEqual(error.data_path, data_path)
++        self.assertEqual(
++            error.signature_checksum, 'd6a9a933c8aafc51e55ac0662b6e4d4a')
++        self.assertEqual(
++            error.data_checksum, 'e82780258de250078f7ad3f595d71f6d')
++
++    @configuration
++    def test_signature_invalid(self):
++        # The .validate() method raises a SignatureError exception with extra
++        # information when the signature is invalid.
++        channels_json = os.path.join(self._tmpdir, 'channels.json')
++        copy('channels_01.json', self._tmpdir, dst=channels_json)
++        sign(channels_json, 'device-signing.gpg')
++        # Verify the signature with the pubkey.
++        with temporary_directory() as tmpdir:
++            dst = os.path.join(tmpdir, 'image-signing.tar.xz')
++            setup_keyring_txz('image-signing.gpg', 'image-master.gpg',
++                              dict(type='image-signing'), dst)
++            # Get the dst's checksum now, because the file will get deleted
++            # when the tmpdir context manager exits.
++            with open(dst, 'rb') as fp:
++                dst_checksum = hashlib.md5(fp.read()).hexdigest()
++            with Context(dst) as ctx:
++                with self.assertRaises(SignatureError) as cm:
++                    ctx.validate(channels_json + '.asc', channels_json)
++        error = cm.exception
++        basename = os.path.basename
++        self.assertEqual(basename(error.signature_path), 'channels.json.asc')
++        self.assertEqual(basename(error.data_path), 'channels.json')
++        # The contents of the signature file are not predictable.
++        with open(channels_json + '.asc', 'rb') as fp:
++            checksum = hashlib.md5(fp.read()).hexdigest()
++        self.assertEqual(error.signature_checksum, checksum)
++        self.assertEqual(
++            error.data_checksum, '715c63fecbf44b62f9fa04a82dfa7d29')
++        basenames = [basename(path) for path in error.keyrings]
++        self.assertEqual(basenames, ['image-signing.tar.xz'])
++        self.assertIsNone(error.blacklist)
++        self.assertEqual(error.keyring_checksums, [dst_checksum])
++        self.assertIsNone(error.blacklist_checksum)
++
++    @configuration
++    def test_signature_invalid_due_to_blacklist(self):
++        # Like above, but we put the device signing key id in the blacklist.
++        channels_json = os.path.join(self._tmpdir, 'channels.json')
++        copy('channels_01.json', self._tmpdir, dst=channels_json)
++        sign(channels_json, 'device-signing.gpg')
++        # Verify the signature with the pubkey.
++        with temporary_directory() as tmpdir:
++            keyring_1 = os.path.join(tmpdir, 'image-signing.tar.xz')
++            keyring_2 = os.path.join(tmpdir, 'device-signing.tar.xz')
++            blacklist = os.path.join(tmpdir, 'blacklist.tar.xz')
++            setup_keyring_txz('image-signing.gpg', 'image-master.gpg',
++                              dict(type='image-signing'), keyring_1)
++            setup_keyring_txz('device-signing.gpg', 'image-signing.gpg',
++                              dict(type='device-signing'), keyring_2)
++            # We're letting the device signing pubkey stand in for a blacklist.
++            setup_keyring_txz('device-signing.gpg', 'image-master.gpg',
++                              dict(type='blacklist'), blacklist)
++            # Get the keyring checksums now, because the files will get
++            # deleted when the tmpdir context manager exits.
++            keyring_checksums = []
++            for path in (keyring_1, keyring_2):
++                with open(path, 'rb') as fp:
++                    checksum = hashlib.md5(fp.read()).hexdigest()
++                keyring_checksums.append(checksum)
++            with open(blacklist, 'rb') as fp:
++                blacklist_checksum = hashlib.md5(fp.read()).hexdigest()
++            with Context(keyring_1, keyring_2, blacklist=blacklist) as ctx:
++                with self.assertRaises(SignatureError) as cm:
++                    ctx.validate(channels_json + '.asc', channels_json)
++        error = cm.exception
++        basename = os.path.basename
++        self.assertEqual(basename(error.signature_path), 'channels.json.asc')
++        self.assertEqual(basename(error.data_path), 'channels.json')
++        # The contents of the signature file are not predictable.
++        with open(channels_json + '.asc', 'rb') as fp:
++            checksum = hashlib.md5(fp.read()).hexdigest()
++        self.assertEqual(error.signature_checksum, checksum)
++        self.assertEqual(
++            error.data_checksum, '715c63fecbf44b62f9fa04a82dfa7d29')
++        basenames = [basename(path) for path in error.keyrings]
++        self.assertEqual(basenames, ['image-signing.tar.xz',
++                                     'device-signing.tar.xz'])
++        self.assertEqual(basename(error.blacklist), 'blacklist.tar.xz')
++        self.assertEqual(error.keyring_checksums, keyring_checksums)
++        self.assertEqual(error.blacklist_checksum, blacklist_checksum)
++
++    @configuration
++    def test_signature_error_logging(self):
++        # The repr/str of the SignatureError should contain lots of useful
++        # information that will make debugging easier.
++        channels_json = os.path.join(self._tmpdir, 'channels.json')
++        copy('channels_01.json', self._tmpdir, dst=channels_json)
++        sign(channels_json, 'device-signing.gpg')
++        # Verify the signature with the pubkey.
++        tmpdir = self._stack.enter_context(temporary_directory())
++        dst = os.path.join(tmpdir, 'image-signing.tar.xz')
++        setup_keyring_txz('image-signing.gpg', 'image-master.gpg',
++                          dict(type='image-signing'), dst)
++        output = StringIO()
++        with Context(dst) as ctx:
++            try:
++                ctx.validate(channels_json + '.asc', channels_json)
++            except SignatureError:
++                # For our purposes, log.exception() is essentially a wrapper
++                # around this traceback call.  We don't really care about the
++                # full stack trace though.
++                e = sys.exc_info()
++                traceback.print_exception(e[0], e[1], e[2],
++                                          limit=0, file=output)
++        # 2014-02-12 BAW: Yuck, but I can't get assertRegex() to work properly.
++        for i, line in enumerate(output.getvalue().splitlines()):
++            if i == 0:
++                self.assertEqual(line, 'Traceback (most recent call last):')
++            elif i == 1:
++                self.assertEqual(line, 'systemimage.gpg.SignatureError: ')
++            elif i == 2:
++                self.assertTrue(line.startswith('    sig path :'))
++            elif i == 3:
++                self.assertTrue(line.endswith('/channels.json.asc'))
++            elif i == 4:
++                self.assertEqual(
++                    line, '    data path: 715c63fecbf44b62f9fa04a82dfa7d29')
++            elif i == 5:
++                self.assertTrue(line.endswith('/channels.json'))
++            elif i == 6:
++                self.assertTrue(line.startswith('    keyrings :'))
++            elif i == 7:
++                self.assertTrue(line.endswith("/image-signing.tar.xz']"))
++            elif i == 8:
++                self.assertEqual(line, '    blacklist: no blacklist ')
 === modified file 'systemimage/tests/test_helpers.py'
 --- systemimage/tests/test_helpers.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_helpers.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_image.py'
 --- systemimage/tests/test_image.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_image.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_index.py'
 --- systemimage/tests/test_index.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_index.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_keyring.py'
 --- systemimage/tests/test_keyring.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_keyring.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -22,6 +22,7 @@
  import os
++import hashlib
  import unittest
  from contextlib import ExitStack
@@ -174,11 +175,25 @@
          setup_keyrings()
          # Use the spare key as the blacklist, signed by itself.  Since this
          # won't match the image-signing key, the check will fail.
++        server_path = os.path.join(self._serverdir, 'gpg', 'blacklist.tar.xz')
          setup_keyring_txz(
--            'spare.gpg', 'spare.gpg', dict(type='blacklist'),
--            os.path.join(self._serverdir, 'gpg', 'blacklist.tar.xz'))
--        self.assertRaises(SignatureError, get_keyring,
--                          'blacklist', 'gpg/blacklist.tar.xz', 'image-master')
++            'spare.gpg', 'spare.gpg', dict(type='blacklist'), server_path)
++        with self.assertRaises(SignatureError) as cm:
++            get_keyring('blacklist', 'gpg/blacklist.tar.xz', 'image-master')
++        error = cm.exception
++        # The local file name will be keyring.tar.xz in the cache directory.
++        basename = os.path.basename
++        self.assertEqual(basename(error.data_path), 'keyring.tar.xz')
++        self.assertEqual(basename(error.signature_path), 'keyring.tar.xz.asc')
++        # The crafted blacklist.tar.xz file will have an unpredictable
++        # checksum due to tarfile variablility.
++        with open(server_path, 'rb') as fp:
++            checksum = hashlib.md5(fp.read()).hexdigest()
++        self.assertEqual(error.data_checksum, checksum)
++        # The signature file's checksum is also unpredictable.
++        with open(server_path + '.asc', 'rb') as fp:
++            checksum = hashlib.md5(fp.read()).hexdigest()
++        self.assertEqual(error.signature_checksum, checksum)
      @configuration
      def test_blacklisted_signature(self):
 === modified file 'systemimage/tests/test_main.py'
 --- systemimage/tests/test_main.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_main.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
@@ -26,11 +26,13 @@
  import os
++import sys
  import dbus
  import stat
  import time
  import shutil
  import unittest
++import subprocess
  from contextlib import ExitStack, contextmanager
  from datetime import datetime
@@ -781,3 +783,25 @@
          self.assertEqual(stat.filemode(mode), 'drwx--S---')
          mode = os.stat(config.system.logfile).st_mode
          self.assertEqual(stat.filemode(mode), '-rw-------')
++
++    def test_single_instance(self):
++        # Only one instance of the system-image-dbus service is allowed to
++        # remain active on a single system bus.
++        self.assertIsNone(find_dbus_process(self.ini_path))
++        self._activate()
++        proc = find_dbus_process(self.ini_path)
++        # Attempt to start a second process on the same system bus.
++        env = dict(
++            DBUS_SYSTEM_BUS_ADDRESS=os.environ['DBUS_SYSTEM_BUS_ADDRESS'])
++        args = (sys.executable, '-m', 'systemimage.service',
++                '-C', self.ini_path)
++        second = subprocess.Popen(args, universal_newlines=True, env=env)
++        # Allow a TimeoutExpired exception to fail the test.
++        try:
++            code = second.wait(timeout=10)
++        except subprocess.TimeoutExpired:
++            second.kill()
++            second.communicate()
++            raise
++        self.assertNotEqual(second.pid, proc)
++        self.assertEqual(code, 2)
 === modified file 'systemimage/tests/test_scores.py'
 --- systemimage/tests/test_scores.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_scores.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_settings.py'
 --- systemimage/tests/test_settings.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_settings.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_state.py'
 --- systemimage/tests/test_state.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_state.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/tests/test_winner.py'
 --- systemimage/tests/test_winner.py	2013-12-13 13:55:51 +0000
 +++ systemimage/tests/test_winner.py	2014-02-25 17:45:25 +0000
@@ -1,4 +1,4 @@
--# Copyright (C) 2013 Canonical Ltd.
++# Copyright (C) 2013-2014 Canonical Ltd.
  # Author: Barry Warsaw <barry@ubuntu.com>
  # This program is free software: you can redistribute it and/or modify
 === modified file 'systemimage/version.txt'
 --- systemimage/version.txt	2013-12-13 13:55:51 +0000
 +++ systemimage/version.txt	2014-02-25 17:45:25 +0000
@@ -1,1 +1,1 @@
--2.0.3
++2.1
 === modified file 'tox.ini'
 --- tox.ini	2013-12-13 13:55:51 +0000
 +++ tox.ini	2014-02-25 17:45:25 +0000
@@ -1,5 +1,5 @@
  [tox]
--envlist = py33
++envlist = py33, py34
  [testenv]
  commands = python -m nose2 -v