tests: make sure we write the bootstrap wrapper for core24, update mo…

…del for hybrid 24, fix how we add and check for section in kernel.efi

tests/lib/assertions/classic-model-24.assert

@@ -4,7 +4,7 @@ series: 16
 brand-id: test-snapd
 model: ubuntu-core-24-pc-amd64
 architecture: amd64
-base: core24
+base: core22
 classic: true
 distribution: ubuntu
 grade: dangerous
@@ -22,23 +22,23 @@ snaps:
   -
     default-channel: latest/edge
     id: dwTAh7MZZ01zyriOZErqd1JynQLiOGvM
-    name: core24
+    name: core22
     type: base
   -
     default-channel: latest/edge
     id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
     name: snapd
     type: snapd
 timestamp: 2024-08-02T00:00:00+00:00
-sign-key-sha3-384: 7qWG-Uwck6Dji43a3Z8ZZrm7rAziZAch3xf76iFvqe4GaD0LI7U9lYPWMSJAsEgu
+sign-key-sha3-384: otrcUqT_QfGtlWYvW6INNpLQ-5Z87buGZ5iJhIJHs3d7XnaTGOzyn48mKzzIIn1-
 
-AcLBcwQAAQoAHRYhBGESvKlz1RXG1IBOC0MdJKf2hr9ABQJmtOLnAAoJEEMdJKf2hr9ABGMP+QHw
-q7J7KLiz/slrwelWmxzJE8m+odTK23ttFXB5da5UKjFOnpMdY0ZgWDGAPW/d1r3/T8+agsPYGMhM
-EyP0YNaVEhbAoZqd2jrFYPO2185zOtTtpsunnrGklfJv9YhMbXj3qfuSDnzZyKfBbiVMrfcHRV8y
-4EksSGfTE4vvlsqcg4dNnwpRoNEKcGzmaHExS+nOWVV88VxmzpJVc4UCDRV3bTeAEGQ0O1OQ48we
-7Ke8+z+LD46hj7uSCyCtLFxFNWpnTQYdnA/8oJFPZ3+5DIFtgatFqjMONMNZWbSOB1e1eMzIFD97
-9/ilLi14VGBAAB3ULotauYA/hb+YG7f5bZ14/gUyWjaVglsiUZFeHs22uPpEdgrjVQfbMujL8pJN
-hrdb5d8BFkduvNhh/PbbTwalhP5xCE5dWHeec2IVAYgHFI03yX/9jR4x4ddjwNYwo9em2Iu0t0aE
-LvGEjOz6+yPBHWpICRjvapa1hcUMnmWIpsp082bxOjLgKq68NnplHt/fZ4f4DDKETUCvxyIAEQZ8
-75IJvZLg5CJt5cmeJHUE5w0pA//jQv1pTA6PjJ7kLfZZgnDtufHfqcQdGpgtarI3MkWK5vNqhk1m
-z0HPYp1oZpHUq/vxW7MzHtCpHGQ4jHncAc/5ecyIJVFb9dqxnZZWzaAogYXrGOrfdCBQmSeh
+AcLBcwQAAQoAHRYhBMa0YcNqUpaoMa/N63X6DcHTUZzTBQJnRZgnAAoJEHX6DcHTUZzTxJUQAIDh
+3ymPcimKGC3Mm3Ca0UnlIp3+resHQeiyI6EsbkYEw2kzitcicZV2JAfYczKgrOFjnTLyvj7IZJH6
+0HKOuRfGsY6Rqgy7Fe+TA9l+7UOOjSa9vYCt3DRQHMyPq67MRHmR2Q93wQZIWUItgYF/rNS8E9J8
+gO/bA8NKyV+D2k5ajkpJGOMhQmhRpBo4eQ9M87HZotOo4AZjGvQmktgW0vsSfnYFklc1HIRcrAV2
+Nh+Hju8qQWR3ASgl6kWZkZ1mkirG7D3bEUlyww9kQt1qY570OxEuxb21ndfmSYPbXOhwS4zoemjl
+qtqOXzRSbq2Ot4VqyQKia/dDPbKJRKqdxRNUQEmo6oDntR7VQszUHc0F5ySZ1Y9O7R1tJ1njTkT1
+tRiCRMSVHAJCQcWU5mLVgxMzUeJmvourgqdW1vB2uPfCaDv3NcB+393D04jxc6q6Y9Pr9zM5f20K
+gmNFPvG8my3erf0BORpVH3pLejaLpXRWVHib6nJVJGYdibncNSyNKyUn54Bkyfzxr57huPdIi1rR
+iclFg7us8Tyce5jorpTIEPqBY6aDCw1MjTgmlGbPUqDeQKZPPXk2aHYU14JZ0+JjagD+7Z0gtp/L
+EFNVUThldbrmbcJVJELT0Tg20qAmDhrciHA5gMAle4mai5NjJb9z+fdVFq+U1IKvPRcctUT9

tests/lib/assertions/classic-model-24.json

@@ -1,12 +1,12 @@
 {
     "type": "model",
     "series": "16",
-    "authority-id": "<YOUR_ID_HERE>",
-    "brand-id": "<YOUR_ID_HERE>",
+    "authority-id": "test-snapd",
+    "brand-id": "test-snapd",
     "model": "ubuntu-core-24-pc-amd64",
     "architecture": "amd64",
     "timestamp": "2024-08-02T00:00:00+00:00",
-    "base": "core24",
+    "base": "core22",
     "grade": "dangerous",
     "classic": "true",
     "distribution": "ubuntu",
@@ -25,7 +25,7 @@
             "default-channel": "24/beta"
         },
         {
-            "name": "core24",
+            "name": "core22",
             "type": "base",
             "default-channel": "latest/edge",
             "id": "dwTAh7MZZ01zyriOZErqd1JynQLiOGvM"

tests/lib/prepare.sh

@@ -775,6 +775,39 @@ uc20_build_corrupt_kernel_snap() {
     rm -rf "$REPACKED_DIR"
 }
 
+uc_write_bootstrap_wrapper() {
+    local SKELETON_PATH="$1"
+    local INJECT_ERR="${2:-false}"
+
+    cp -a /usr/lib/snapd/snap-bootstrap "$SKELETON_PATH"/usr/lib/snapd/snap-bootstrap.real
+    cat <<'EOF' >"$SKELETON_PATH"/usr/lib/snapd/snap-bootstrap
+#!/bin/sh
+set -eux
+if [ "$1" != initramfs-mounts ]; then
+    exec /usr/lib/snapd/snap-bootstrap.real "$@"
+fi
+beforeDate="$(date --utc '+%s')"
+/usr/lib/snapd/snap-bootstrap.real "$@"
+if [ -d /run/mnt/data/system-data ]; then
+    touch /run/mnt/data/system-data/the-tool-ran
+fi
+# also copy the time for the clock-epoch to system-data, this is
+# used by a specific test but doesn't hurt anything to do this for
+# all tests
+mode="$(grep -Eo 'snapd_recovery_mode=([a-z]+)' /proc/cmdline)"
+mode=${mode##snapd_recovery_mode=}
+mkdir -p /run/mnt/ubuntu-seed/test
+stat -c '%Y' /usr/lib/clock-epoch >> /run/mnt/ubuntu-seed/test/${mode}-clock-epoch
+echo "$beforeDate" > /run/mnt/ubuntu-seed/test/${mode}-before-snap-bootstrap-date
+date --utc '+%s' > /run/mnt/ubuntu-seed/test/${mode}-after-snap-bootstrap-date
+EOF
+    if [ "$INJECT_ERR" = "true" ]; then
+        # add a kernel panic to the end of the-tool execution
+        echo "echo 'forcibly panicking'; echo c > /proc/sysrq-trigger" >> "$SKELETON_PATH"/usr/lib/snapd/snap-bootstrap
+    fi
+    chmod +x "$SKELETON_PATH"/usr/lib/snapd/snap-bootstrap
+}
+
 uc20_build_initramfs_kernel_snap() {
     quiet apt install software-properties-common -y
     # carries ubuntu-core-initframfs
@@ -836,41 +869,13 @@ uc20_build_initramfs_kernel_snap() {
         cp -ar unpacked-initrd skeleton
         # all the skeleton edits go to a local copy of distro directory
         skeletondir="$PWD/skeleton"
-        snap_bootstrap_file="$skeletondir/main/usr/lib/snapd/snap-bootstrap"
+        initrd_dir="$skeletondir/main"
         clock_epoch_file="$skeletondir/main/usr/lib/clock-epoch"
         if os.query is-arm; then
-            snap_bootstrap_file="$skeletondir/usr/lib/snapd/snap-bootstrap"
+            initrd_dir="$skeletondir"
             clock_epoch_file="$skeletondir/usr/lib/clock-epoch"
         fi
-        cp -a /usr/lib/snapd/snap-bootstrap "${snap_bootstrap_file}.real"
-        cat <<'EOF' | sed -E "s/^ {8}//" >"$snap_bootstrap_file"
-        #!/bin/sh
-        set -eux
-        if [ "$1" != initramfs-mounts ]; then
-            exec /usr/lib/snapd/snap-bootstrap.real "$@"
-        fi
-        beforeDate="$(date --utc '+%s')"
-        /usr/lib/snapd/snap-bootstrap.real "$@"
-        if [ -d /run/mnt/data/system-data ]; then
-            touch /run/mnt/data/system-data/the-tool-ran
-        fi
-        # also copy the time for the clock-epoch to system-data, this is
-        # used by a specific test but doesn't hurt anything to do this for
-        # all tests
-        mode="$(grep -Eo 'snapd_recovery_mode=([a-z]+)' /proc/cmdline)"
-        mode=${mode##snapd_recovery_mode=}
-        mkdir -p /run/mnt/ubuntu-seed/test
-        stat -c '%Y' /usr/lib/clock-epoch >> /run/mnt/ubuntu-seed/test/${mode}-clock-epoch
-        echo "$beforeDate" > /run/mnt/ubuntu-seed/test/${mode}-before-snap-bootstrap-date
-        date --utc '+%s' > /run/mnt/ubuntu-seed/test/${mode}-after-snap-bootstrap-date
-EOF
-
-        chmod +x "$snap_bootstrap_file"
-
-        if [ "$injectKernelPanic" = "true" ]; then
-            # add a kernel panic to the end of the-tool execution
-            echo "echo 'forcibly panicking'; echo c > /proc/sysrq-trigger" >> "$snap_bootstrap_file"
-        fi
+        uc_write_bootstrap_wrapper "$initrd_dir" "$injectKernelPanic"
 
         # bump the epoch time file timestamp, converting unix timestamp to 
         # touch's date format
@@ -949,7 +954,7 @@ uc24_build_initramfs_kernel_snap() {
         --inject-kernel-panic-in-initramfs)
             injectKernelPanic=true
             ;;
-    esac    
+    esac
 
     unsquashfs -d pc-kernel "$ORIG_SNAP"
     objcopy -O binary -j .initrd pc-kernel/kernel.efi initrd.img
@@ -965,21 +970,12 @@ uc24_build_initramfs_kernel_snap() {
     fi
 
     if [ -d ./initrd/early ]; then
-        cp -a /usr/lib/snapd/snap-bootstrap ./initrd/main/usr/lib/snapd/snap-bootstrap
-        chmod +x ./initrd/main/usr/lib/snapd/snap-bootstrap
-        if [ "$injectKernelPanic" = "true" ]; then
-            # add a kernel panic to the end of the-tool execution
-            echo "echo 'forcibly panicking'; echo c > /proc/sysrq-trigger" > ./initrd/main/usr/lib/snapd/snap-bootstrap
-        fi
+        uc_write_bootstrap_wrapper ./initrd/main "$injectKernelPanic"
 
         (cd ./initrd/early; find . | cpio --create --quiet --format=newc --owner=0:0) >initrd.img
         (cd ./initrd/main; find . | cpio --create --quiet --format=newc --owner=0:0 | zstd -1 -T0) >>initrd.img
     else
-        cp -a /usr/lib/snapd/snap-bootstrap ./initrd/usr/lib/snapd/snap-bootstrap
-        if [ "$injectKernelPanic" = "true" ]; then
-            # add a kernel panic to the end of the-tool execution
-            echo "echo 'forcibly panicking'; echo c > /proc/sysrq-trigger" >> ./initrd/usr/lib/snapd/snap-bootstrap
-        fi
+        uc_write_bootstrap_wrapper ./initrd "$injectKernelPanic"
 
         (cd ./initrd; find . | cpio --create --quiet --format=newc --owner=0:0 | zstd -1 -T0) >initrd.img
     fi

tests/nested/core/core20-kernel-reseal/task.yaml

@@ -15,8 +15,12 @@ prepare: |
   unsquashfs -d pc-kernel "$KERNEL_SNAP"
   
   if os.query is-ubuntu-ge 24.04; then
-    apt install -y llvm
-    llvm-objcopy --add-section .modified=/dev/null pc-kernel/kernel.efi
+    quiet apt install -y systemd-boot-efi systemd-ukify
+
+    objcopy -O binary -j .initrd pc-kernel/kernel.efi initrd.img
+    objcopy -O binary -j .linux pc-kernel/kernel.efi linux
+    
+    /usr/lib/systemd/ukify build --linux=linux --initrd=initrd.img --section=.spread:test --output=pc-kernel/kernel.efi
   else
     # ensure we really have the header we expect
     grep -q -a "This program cannot be run in DOS mode" pc-kernel/kernel.efi
@@ -47,8 +51,10 @@ execute: |
 
   echo "Check that we are using the right kernel"
   if os.query is-ubuntu-ge 24.04; then
-    remote.pull /boot/grub/kernel.efi
-    objdump -h kernel.efi  | grep '[.]modified'
+    remote.exec "sudo cp /boot/grub/kernel.efi ."
+    remote.exec "sudo chown user1:user1 kernel.efi"
+    remote.pull /home/user1/kernel.efi
+    objdump -h kernel.efi  | grep '[.]spread'
   else
     remote.exec sudo grep -q -a "This program cannot be run in XXX mode" /boot/grub/kernel.efi
   fi