Skip to content

devicestate: silence device-registration noise from trusted-baked assertions#3

Open
cyberb wants to merge 1 commit into
masterfrom
fix-device-serial-trusted-clash
Open

devicestate: silence device-registration noise from trusted-baked assertions#3
cyberb wants to merge 1 commit into
masterfrom
fix-device-serial-trusted-clash

Conversation

@cyberb

@cyberb cyberb commented Jul 1, 2026

Copy link
Copy Markdown
Member

Problem

A user device error report showed a perpetually-errored Initialize device change in snap changes:

ID    Status  Spawn                Ready                Summary
1882  Error   today at 08:53 AEST  today at 08:53 AEST  Initialize device

=== snap change 1882 ===
Done    Generate device key
Error   Request device serial

ERROR cannot add "account-key" assertion with primary key clashing with a
trusted assertion: [hIedp1AvrWlcDI4uS_qjoFLzjKl5enu4G2FYJpgB3Pj-tUzGlTQBxMBsBmi-tnJR]

The device works fine, but the errored change is confusing noise in every debug report.

Root cause

Syncloud bakes its brand account and root account-key (hIedp1Av...) into the trusted assertion set (asserts/sysdb.trusted). During device registration the device service still streams those same assertions alongside the serial. Committing that ancillary batch fails because Database.Add refuses any assertion whose primary key clashes with a trusted one, so the Request device serial task errors out.

Fix

When decoding the serial response stream in submitSerialRequest, drop ancillary assertions that already exist in the trusted set. If the batch ends up empty, the serial is accepted via the existing acceptSerialOnly path — its fetcher resolves the (trusted) signing key through FindPredefined and skips it — so registration completes cleanly and the noise disappears.

The change is deliberately small and contained to the syncloud device-registration flow; it does not touch the core assertion database semantics. The eventual store-side fix (not streaming assertions that are already trusted on the device) would let an unmodified upstream snapd work as well — this keeps us moving toward dropping the fork without requiring it now.

Tests

  • New TestClashesWithTrusted unit test.
  • Happy-path registration tests (TestFullDeviceRegistrationHappy*, TestDoRequestSerialIdempotent*) still pass. (The broader suite's network tests hang in an offline sandbox and were excluded — unrelated to this change.)

The syncloud brand account and root account-key are baked into the
trusted assertion set (asserts/sysdb.trusted), but the device service
still streams them alongside the serial when registering the device.

Committing the returned ancillary batch fails because the assertion
database refuses to add an assertion whose primary key clashes with a
trusted one, so device registration (the 'Initialize device' change)
perpetually shows Error in 'snap changes':

  cannot add "account-key" assertion with primary key clashing with a
  trusted assertion: [hIedp1AvrWlcDI4uS_qjoFLzjKl5enu4G2FYJpgB3Pj...]

Drop ancillary assertions that already exist in the trusted set when
building the batch. When the batch ends up empty the serial is accepted
via the acceptSerialOnly path, whose fetcher resolves the trusted
signing key via FindPredefined and skips it, so registration completes
cleanly and the noise disappears.

This keeps the change small and contained; the eventual store-side fix
(not streaming already-trusted assertions) would let an unmodified
upstream snapd work as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant