- snapd (2.68.3-3+rpi1) trixie-staging; urgency=medium
++snapd (2.71-3+rpi1) forky-staging; urgency=medium
+
+ [changes brought forward from 2.27.2-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 24 Aug 2017 17:53:18 +0000]
+ * Treat unknown derivatives the same as Debian.
+ * Disable testsuite.
+ * Fix clean target.
+
- -- Peter Michael Green <plugwash@raspbian.org> Thu, 31 Jul 2025 13:03:44 +0000
++ -- Raspbian forward porter <root@raspbian.org> Wed, 14 Jan 2026 08:39:54 +0000
++
+ snapd (2.71-3) unstable; urgency=medium
+
+ * Set nooptee build tag to disable OP-TEE support
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 21 Aug 2025 20:46:02 +0000
+
+ snapd (2.71-2) unstable; urgency=medium
+
+ * Cherry pick a fix for unit test
+ * Depend on libcap2-bin for setcap
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 21 Aug 2025 19:08:54 +0000
+
+ snapd (2.71-1) unstable; urgency=medium
+
+ [ Ernest Lotter ]
+ * New upstream release, LP: #2118396
+ - FDE: auto-repair when recovery key is used
+ - FDE: revoke keys on shim update
+ - FDE: revoke old TPM keys when dbx has been updated
+ - FDE: do not reseal FDE hook keys every time
+ - FDE: store keys in the kernel keyring when installing from initrd
+ - FDE: allow disabled DMA on Core
+ - FDE: snap-bootstrap: do not check for partition in scan-disk on
+ CVM
+ - FDE: support secboot preinstall check for 25.10+ hybrid installs
+ via the /v2/system/{label} endpoint
+ - FDE: support generating recovery key at install time via the
+ /v2/systems/{label} endpoint
+ - FDE: update passphrase quality check at install time via the
+ /v2/systems/{label} endpoint
+ - FDE: support replacing recovery key at runtime via the new
+ /v2/system-volumes endpoint
+ - FDE: support checking recovery keys at runtime via the /v2/system-
+ volumes endpoint
+ - FDE: support enumerating keyslots at runtime via the /v2/system-
+ volumes endpoint
+ - FDE: support changing passphrase at runtime via the /v2/system-
+ volumes endpoint
+ - FDE: support passphrase quality check at runtime via the
+ /v2/system-volumes endpoint
+ - FDE: update secboot to revision 3e181c8edf0f
+ - Confdb: support lists and indexed paths on read and write
+ - Confdb: alias references must be wrapped in brackets
+ - Confdb: support indexed paths in confdb-schema assertion
+ - Confdb: make API errors consistent with options
+ - Confdb: fetch confdb-schema assertion on access
+ - Confdb: prevent --previous from being used in read-side hooks
+ - Components: fix snap command with multiple components
+ - Components: set revision of seed components to x1
+ - Components: unmount extra kernel-modules components mounts
+ - AppArmor Prompting: add lifespan "session" for prompting rules
+ - AppArmor Prompting: support restoring prompts after snapd restart
+ - AppArmor Prompting: limit the extra information included in probed
+ AppArmor features and system key
+ - Notices: refactor notice state internals
+ - SELinux: look for restorecon/matchpathcon at all known locations
+ rather than current PATH
+ - SELinux: update policy to allow watching cgroups (for RAA), and
+ talking to user session agents (service mgmt/refresh)
+ - Refresh App Awareness: Fix unexpected inotify file descriptor
+ cleanup
+ - snap-confine: workaround for glibc fchmodat() fallback and handle
+ ENOSYS
+ - snap-confine: add support for host policy for limiting users able
+ to run snaps
+ - LP: #2114923 Reject system key mismatch advise when not yet seeded
+ - Use separate lanes for essential and non-essential snaps during
+ seeding and allow non-essential installs to retry
+ - Fix bug preventing remodel from core18 to core18 when snapd snap
+ is unchanged
+ - LP: #2112551 Make removal of last active revision of a snap equal
+ to snap remove
+ - LP: #2114779 Allow non-gpt in fallback mode to support RPi
+ - Switch from using systemd LogNamespace to manually controlled
+ journal quotas
+ - Change snap command trace logging to only log the command names
+ - Grant desktop-launch access to /v2/snaps
+ - Update code for creating the snap journal stream
+ - Switch from using core to snapd snap for snap debug connectivity
+ - LP: #2112544 Fix offline remodel case where we switched to a
+ channel without an actual refresh
+ - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed
+ tarball
+ - LP: #1952500 Fix snap command progress reporting
+ - LP: #1849346 Interfaces: kerberos-tickets | add new interface
+ - Interfaces: u2f | add support for Thetis Pro
+ - Interfaces: u2f | add OneSpan device and fix older device
+ - Interfaces: pipewire, audio-playback | support pipewire as system
+ daemon
+ - Interfaces: gpg-keys | allow access to GPG agent sockets
+ - Interfaces: usb-gadget | add new interface
+ - Interfaces: snap-fde-control, firmware-updater-support | add new
+ interfaces to support FDE
+ - Interfaces: timezone-control | extend to support timedatectl
+ varlink
+ - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and
+ procfs directories
+ - Interfaces: microstack-support | allow SR-IOV attachments
+ - Interfaces: modify AppArmor template to allow snaps to read their
+ own systemd credentials
+ - Interfaces: posix-mq | allow stat on /dev/mqueue
+ - LP: #2098780 Interfaces: log-observe | add capability
+ dac_read_search
+ - Interfaces: block-devices | allow access to ZFS pools and datasets
+ - LP: #2033883 Interfaces: block-devices | opt-in access to
+ individual partitions
+ - Interfaces: accel | add new interface to support accel kernel
+ subsystem
+ - Interfaces: shutdown | allow client to bind on its side of dbus
+ socket
+ - Interfaces: modify seccomp template to allow pwritev2
+ - Interfaces: modify AppArmor template to allow reading
+ /proc/sys/fs/nr_open
+ - Packaging: drop snap.failure service for openSUSE
+ - Packaging: add SELinux support for openSUSE
+ - Packaging: disable optee when using nooptee build tag
+ - Packaging: add support for static PIE builds in snapd.mk, drop
+ pie.patch from openSUSE
+ - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04
+ - Packaging: use snapd.mk for packaging on Fedora
+ - Packaging: exclude .git directory
+ - Packaging: fix DPKG_PARSECHANGELOG assignment
+ - Packaging: fix building on Fedora with dpkg installed
+
+ [ Zygmunt Krynicki ]
+ * Remove auth_requestor.go (secboot)
+ * Rebase and re-export patches
+ * Fix typo and clarify what core means
+ * Remove transitional ubuntu-core-launcher package
+ * Remove transitional snap-confine package
+ * Simplify Conflicts: snap to exclude ubuntu version
+ * Expand the description of golang-github-snapcore-snapd-dev
+ * Rewrite summary of golang-github-snapcore-snapd-dev
+ * Move golang-github-snapcore-snapd-dev to golang section
+ * Update lintian overrides
+ * Add Static-Built-Using to snapd
+ * Use Breaks: snap, instead of Conflicts: snap
+ * Do not ship snapd.recovery-chooser-trigger.service
+ * Add manual page for snapd.apparmor.service
+ * Add manual page for snapd.seeded.service
+ * Add manual page for snapd.service
+ * Update standards-version to 4.7.2
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 21 Aug 2025 13:57:25 +0000
+
+ snapd (2.70-1) unstable; urgency=medium
+
+ * New upstream release, LP: #2112209
+ - FDE: Fix reseal with v1 hook key format
+ - FDE: set role in TPM keys
+ - AppArmor prompting (experimental): add handling for expired
+ requests or listener in the kernel
+ - AppArmor prompting: log the notification protocol version
+ negotiated with the kernel
+ - AppArmor prompting: implement notification protocol v5 (manually
+ disabled for now)
+ - AppArmor prompting: register listener ID with the kernel and
+ resend notifications after snapd restart (requires protocol v5+)
+ - AppArmor prompting: select interface from metadata tags and set
+ request interface accordingly (requires protocol v5+)
+ - AppArmor prompting: include request PID in prompt
+ - AppArmor prompting: move the max prompt ID file to a subdirectory
+ of the snap run directory
+ - AppArmor prompting: avoid race between closing/reading socket fd
+ - Confdb (experimental): make save/load hooks mandatory if affecting
+ ephemeral
+ - Confdb: clear tx state on failed load
+ - Confdb: modify 'snap sign' formats JSON in assertion bodies (e.g.
+ confdb-schema)
+ - Confdb: add NestedEphemeral to confdb schemas
+ - Confdb: add early concurrency checks
+ - Simplify building Arch package
+ - Enable snapd.apparmor on Fedora
+ - Build snapd snap with libselinux
+ - Emit snapd.apparmor warning only when using apparmor backend
+ - When running snap, on system key mismatch e.g. due to network
+ attached HOME, trigger and wait for a security profiles
+ regeneration
+ - Avoid requiring state lock to get user, warnings, or pending
+ restarts when handling API requests
+ - Start/stop ssh.socket for core24+ when enabling/disabling the ssh
+ service
+ - Allow providing a different base when overriding snap
+ - Modify snap-bootstrap to mount snapd snap directly to /snap
+ - Modify snap-bootstrap to mount /lib/{modules,firmware} from snap
+ as fallback
+ - Modify core-initrd to use systemctl reboot instead of /sbin/reboot
+ - Copy the initramfs 'manifest-initramfs.yaml' to initramfs file
+ creation directory so it can be copied to the kernel snap
+ - Build the early initrd from installed ucode packages
+ - Create drivers tree when remodeling from UC20/22 to UC24
+ - Load gpio-aggregator module before the helper-service needs it
+ - Run 'systemctl start' for mount units to ensure they are run also
+ when unchanged
+ - Update godbus version to 'v5 v5.1.0'
+ - Add support for POST to /v2/system-info with system-key-mismatch
+ indication from the client
+ - Add 'snap sign --update-timestamp' flag to update timestamp before
+ signing
+ - Add vfs support for snap-update-ns to use to simulate and evaluate
+ mount sequences
+ - Add refresh app awareness debug logging
+ - Add snap-bootstrap scan-disk subcommand to be called from udev
+ - Add feature to inject proxy store assertions in build image
+ - Add OP-TEE bindings, enable by default in ARM and ARM64 builds
+ - Fix systemd dependency options target to go under 'unit' section
+ - Fix snap-bootstrap reading kernel snap instead of base resulting
+ in bad modeenv
+ - Fix a regression during seeding when using early-config
+ - LP: #2107443 reset SHELL to /bin/bash in non-classic snaps
+ - Make Azure kernels reboot upon panic
+ - Fix snap-confine to not drop capabilities if the original user is
+ already root
+ - Fix data race when stopping services
+ - Fix task dependency issue by temporarily disable re-refresh on
+ prerequisite updates
+ - Fix compiling against op-tee on armhf
+ - Fix dbx update when not using FDE
+ - Fix potential validation set deadlock due to bases waiting on
+ snaps
+ - LP: #2104066 Only cancel notices requests on stop/shutdown
+ - Interfaces: bool-file | fix gpio glob pattern as required for
+ '[XXXX]*' format
+ - Interfaces: system-packages-doc | allow access to
+ /usr/local/share/doc
+ - Interfaces: ros-snapd-support interface | added new interface
+ - Interfaces: udisks2 | allow chown capability
+ - Interfaces: system-observe | allow reading cpu.max
+ - Interfaces: serial-port | add ttyMAXX to allowed list
+ - Interfaces: modified seccomp template to disallow
+ 'O_NOTIFICATION_PIPE'
+ - Interfaces: fwupd | add support for modem-manager plugin
+ - Interfaces: gpio-chardev | make unsupported and remove
+ experimental flag to hide this feature until gpio-aggregator is
+ available
+ - Interfaces: hardware-random | fix udev match rule
+ - Interfaces: timeserver-control | extend to allow timedatectl
+ timesync commands
+ - Interfaces: add symlinks backend
+ - Interfaces: system key mismatch handling
+
+ -- Ernest Lotter <ernest.lotter@canonical.com> Tue, 03 Jun 2025 11:46:44 +0200
+
+ snapd (2.69-1) unstable; urgency=medium
+
+ * New upstream release, LP: #2105854
+ - FDE: re-factor listing of the disks based on run mode model and
+ model to correctly resolve paths
+ - FDE: run snapd from snap-failure with the correct keyring mode
+ - Snap components: allow remodeling back to an old snap revision
+ that includes components
+ - Snap components: fix remodel to a kernel snap that is already
+ installed on the system, but not the current kernel due to a
+ previous remodel.
+ - Snap components: fix for snapctl inputs that can crash snapd
+ - Confdb (experimental): load ephemeral data when reading data via
+ snapctl get
+ - Confdb (experimental): load ephemeral data when reading data via
+ snap get
+ - Confdb (experimental): rename {plug}-view-changed hook to observe-
+ view-{plug}
+ - Confdb (experimental): rename confdb assertion to confdb-schema
+ - Confdb (experimental): change operator grouping in confdb-control
+ assertion
+ - Confdb (experimental): add confdb-control API
+ - AppArmor: extend the probed features to include the presence of
+ files, as well as directories
+ - AppArmor prompting (experimental): simplify the listener
+ - AppArmor metadata tagging (disabled): probe parser support for
+ tags
+ - AppArmor metadata tagging (disabled): implement notification
+ protocol v5
+ - Confidential VMs: sysroot.mount is now dynamically created by
+ snap-bootstrap instead of being a static file in the initramfs
+ - Confidential VMs: Add new implementation of snap integrity API
+ - Non-suid snap-confine: first phase to replace snap-confine suid
+ with capabilities to achieve the required permissions
+ - Initial changes for dynamic security profiles updates
+ - Provide snap icon fallback for /v2/icons without requiring network
+ access at runtime
+ - Add eMMC gadget update support
+ - Support reexec when using /usr/libexec/snapd on the host (Arch
+ Linux, openSUSE)
+ - Auto detect snap mount dir location on unknown distributions
+ - Modify snap-confine AppArmor template to allow all glibc HWCAPS
+ subdirectories to prevent launch errors
+ - LP: #2102456 update secboot to bf2f40ea35c4 and modify snap-
+ bootstrap to remove usage of go templates to reduce size by 4MB
+ - Fix snap-bootstrap to mount kernel snap from
+ /sysroot/writable/system-data
+ - LP: #2106121 fix snap-bootstrap busy loop
+ - Fix encoding of time.Time by using omitzero instead of omitempty
+ (on go 1.24+)
+ - Fix setting snapd permissions through permctl for openSUSE
+ - Fix snap struct json tags typo
+ - Fix snap pack configure hook permissions check incorrect file mode
+ - Fix gadget snap reinstall to honor existing sizes of partitions
+ - Fix to update command line when re-executing a snapd tool
+ - Fix 'snap validate' of specific missing newline and add error on
+ missed case of 'snap validate --refresh' without another action
+ - Workaround for snapd-confine time_t size differences between
+ architectures
+ - Disallow pack and install of snapd, base and os with specific
+ configure hooks
+ - Drop udev build dependency that is no longer required and add
+ missing systemd-dev dependency
+ - Build snap-bootstrap with nomanagers tag to decrease size by 1MB
+ - Interfaces: polkit | support custom polkit rules
+ - Interfaces: opengl | LP: #2088456 fix GLX on nvidia when xorg is
+ confined by AppArmor
+ - Interfaces: log-observe | add missing udev rule
+ - Interfaces: hostname-control | fix call to hostnamectl in core24
+ - Interfaces: network-control | allow removing created network
+ namespaces
+ - Interfaces: scsi-generic | re-enable base declaration for scsi-
+ generic plug
+ - Interfaces: u2f | add support for Arculus AuthentiKey
+
+ -- Ernest Lotter <ernest.lotter@canonical.com> Tue, 08 Apr 2025 12:53:39 +0200
snapd (2.68.3-3) unstable; urgency=medium
projects / snapd.git / commitdiff