~pebble-dev/pebble-dev-craft-remote-build/+git/snapcraft-pebble-bd080d5c174fe84a5f43efd1cf672d7a:main

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

656558e... by auto commit <auto commit> on 2024-07-18

auto commit

02e5d2d... by Ben Hoyt on 2024-07-17

fix: make Client.Pull properly handle API errors (#452)

Currently the `Client.Pull` method is immediately checking the content
type for multipart, but we should also check for a regular API error.
This PR fixes that.

Before (in case of permission denied error):

```
$ pebble pull /etc/hosts hosts
error: expected a multipart response, got "application/json"
```

After:

```
$ pebble pull /etc/hosts hosts
error: access denied (try with sudo)
```

Fixes #413

7d0cb7b... by Ben Hoyt on 2024-07-17

fix: avoid need to lock state for restart.Pending() (#451)

This change avoids the need to lock/unlock state when fetching
`restart.Pending()`, avoiding the need for one state lock/unlock on
every HTTP request. (We hope to get rid of the other lock/unlock by
removing warnings, but that's a separate issue.)

Updates https://github.com/canonical/pebble/issues/366

9551de4... by Ben Hoyt on 2024-07-17

refactor: pull in the snapd RestartManager refactoring (#446)

This is based on https://github.com/snapcore/snapd/pull/12166 (though
the diff was applied more or less manually, as the patch couldn't be
applied directly).

It includes the name changes to the restart.Handler interface methods.

ffb99d9... by Cristovao Cordeiro on 2024-07-16

fix(snap): set Pebble version before snap builds (#450)

# Problem

When doing a `snapcraft remote-build`, Snapcraft will create a copy of
the project in Launchpad before running the snap build.
The **problem** is that Snapcraft seems to ignore tags while creating
the copy of the project, which means the `go generate ./cmd` in the
`snapcraft.yaml`'s `override-build` will never dynamically generate the
right version.

# Solution

This PR enforces the execution of `go generate ./cmd` as a pre-requisite
for running the snap build. I.e., for both local and remote builds, `go
generate ./cmd` must be run first, such that the `VERSION` and
`version_generated.go` files are staged in the repo, prior to the snap
build, such that the `override-build` script can simply rely on that
information and thus ignore the missing Git refs in the LP's project.

7570263... by Ben Hoyt on 2024-07-16

chore: update version to v1.15.0 for release

a0f3433... by Ben Hoyt on 2024-07-16

chore: use Go 1.22 (supported), in go.mod and binary builds (#449)

Per discussion with Harry, we'd like to bump up the minimum Go version
to a supported version (1.21 and 1.22). Might as well go up to 1.22
(that's what Juju is on now as well).

ec19d79... by Ben Hoyt on 2024-07-16

feat(daemon): use identities to auth API requests (#434)

This adds the code to actually use the new state-based identities for
API authorization and authentication (part of [spec
OP043](https://docs.google.com/document/d/1nASgUt-piV94i1cpFsbEPRk_xFbZt8AskgL97gh1Dgg/edit)).

The PR updates the daemon to actually use UserState (which now has
access-level and UID feilds). The daemon now fetches the request's named
identity if one exists, otherwise it populates UserState with default
user based on the ucred UID. So UserState is always set -- this makes
the access checkers simpler and the notices API code simpler.

If there is a named identity (a non-nil `UserState`), that identity is
used, even if the "default UID-based auth" would let them in. So named
identities trump the default ("uid==0 || uid==daemon_uid" means admin;
any uid means read). For example, if you have a user `bob: {access:
untrusted, local: {user-id: 42}}` and are making a request with UID 42,
it'll only work for untrusted/open endpoints (`/v1/health` and
`/v1/system-info`), not the usual of any read API.

f976e50... by Ben Hoyt on 2024-07-15

fix(snap): temporarily remove go generate step to "fix" snap version

4e6e89c... by Cristovao Cordeiro on 2024-07-15

fix(snap): build snap with Go 1.22 to fix CVE-2024-24790 (#448)

Although not shown in the CI (because Trivy is being run with `trivy
fs`, which [doesn't consider the Pebble
binary](https://aquasecurity.github.io/trivy/v0.24.4/vulnerability/detection/language/)),
there currently is a reported CVE in the Pebble snap (CVE-2024-24790).

This CVE seems to have been fixed on newer versions of Go, but we are
still using Go 1.20 to build the Pebble snap.

This PR bumps this build dependency to Go 1.22.