stability: move events log from $SNAP_COMMON to $SNAP_DATA#733
Merged
Conversation
CLAUDE.md is clear: app state belongs in $SNAP_DATA, never $SNAP_COMMON. $SNAP_DATA is snapshotted on refresh (rolls back transactionally on a failed install), $SNAP_COMMON is shared across revisions and does not roll back — leaving an older binary with newer-format data on rollback. Today our events.jsonl is forward-tolerant, but the convention is there for a reason and one schema change away from breaking rollbacks. Move events to $SNAP_DATA/stability-events.jsonl, plus a one-shot MigrateEventLog at daemon startup that renames any existing file from the old common path (so devices already on rev 2837 don't lose history on refresh).
Hardcoded fallbacks ('/var/snap/platform/current' and '...common')
hid a real configuration error: if the daemon were ever started outside
the snap, it would silently write to /var/snap/platform/* on the host
rather than its sandboxed dirs. Fail loudly instead — these env vars
are guaranteed by snapd for every snap service.
Same treatment in ioc/common.go where the backend reads the events
file.
Replace env-var lookup with the conventions already used in the codebase: - ioc/common.go: EventLog singleton now depends on *config.SystemConfig and uses systemConfig.DataDir(), matching auth/authelia/totp wiring (ioc/common.go:337, 358, 365). SystemConfig.Load() log.Fatalln's on missing platform.cfg, so misconfiguration still fails loudly. - cmd/stability/main.go: use hook.DataDir / hook.CommonDir constants (same pattern as hook/install.go and cmd/install).
The watcher has no shutdown cleanup — no open file handles to flush, no in-flight state. Process termination via SIGTERM from systemd is fine. Drop the signal.NotifyContext setup in main and the context.Context parameter from Watcher.Run. The for/select collapses to 'for range t.C'.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Per CLAUDE.md convention: app state belongs in
$SNAP_DATA, never$SNAP_COMMON.$SNAP_DATAis snapshotted by snapd on each refresh — copied forward on success, rolled back on failed install.$SNAP_COMMONis shared across revisions and is not part of that snapshotting, so on rollback an older binary can be left looking at newer-format data it doesn't understand.The stability events log is forward-tolerant today (additive JSONL fields), but the convention is one schema change away from breaking rollbacks. Putting it in
$SNAP_DATAis the safe place.Changes
backend/cmd/stability/main.go— point at$SNAP_DATA/stability-events.jsonl.backend/ioc/common.go— backend REST reader points at the same new path.backend/stability/MigrateEventLog— one-shot move at daemon startup: if the file exists at the old$SNAP_COMMONpath and not at the new$SNAP_DATApath, rename it across. Devices already on rev 2837 keep their existing history through the upgrade.Test plan
go test ./stability/— 3 new migration cases (move when only old exists, skip when new exists, no-op when neither exists)./var/snap/platform/current/stability-events.jsonland the previousswapoff_fileevent is preserved.