--- /dev/null
+snapd (2.49-1+deb11u1) bullseye-security; urgency=high
+
+ * SECURITY UPDATE: local privilege escalation
+ - 0015-cve-2021-44730-44731-4120.patch: Add validations of the
+ location of the snap-confine binary within snapd.
+ - 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine
+ when preparing a private mount namespace for a snap.
+ - 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic
+ remove vulnerable inactive core/snapd snaps
+ - CVE-2021-44730
+ - CVE-2021-44731
+ * SECURITY UPDATE: data injection from malicious snaps
+ - 0015-cve-2021-44730-44731-4120: Add validations of snap content
+ interface and layout paths in snapd
+ - CVE-2021-4120
+ - LP: #1949368
+
+ -- Michael Vogt <mvo@debian.org> Wed, 16 Feb 2022 10:56:34 +0100
+
+snapd (2.49-1) unstable; urgency=high
+
+ * New upstream release with security updates:
+ * SECURITY UPDATE: sandbox escape vulnerability for containers
+ (LP: #1910456)
+ - many: add Delegate=true to generated systemd units for special
+ interfaces
+ - interfaces/greengrass-support: back-port interface changes to
+ 2.48
+ - CVE-2020-27352
+ * interfaces/builtin/docker-support: allow /run/containerd/s/...
+ - This is a new path that docker 19.03.14 (with a new version of
+ containerd) uses to avoid containerd CVE issues around the unix
+ socket. See also CVE-2020-15257.
+ * debian/patches/0013-cherry-pick-pr9936.patch:
+ - cherry pick PR#9936 to use all apparmor available (closes: 923500)
+ * d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844:
+ - dropped, applied upstream
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Feb 2021 09:23:51 +0100
+
+snapd (2.48.2-3) unstable; urgency=medium
+
+ * debian/patches/0012-cherry-pick-pr9844:
+ - cherry pick PR#9844 to avoid leaking of errno in snap-confine
+ tests that caused i386 to FTBFS
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 22 Jan 2021 10:13:11 +0100
+
+snapd (2.48.2-2) unstable; urgency=medium
+
+ * debian/rules:
+ - ignore usr/bin/genasset during arch-indep build too
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 18:32:45 +0100
+
+snapd (2.48.2-1) unstable; urgency=medium
+
+ * debian/patch/0011-cherry-pick-pr9809
+ - Cherry-pick https://github.com/snapcore/snapd/pull/9809.
+ This skips the --help output unit tests for older go-flags
+ versions.
+ * New upstream release, LP: #1906690
+ - tests: sign new nested-18|20* models to allow for generic serials
+ - secboot: add extra paranoia when waiting for that fde-reveal-key
+ - tests: backport netplan workarounds from #9785
+ - secboot: add workaround for snapcore/core-initrd issue #13
+ - devicestate: log checkEncryption errors via logger.Noticef
+ - tests: add nested spread end-to-end test for fde-hooks
+ - devicestate: implement checkFDEFeatures()
+ - boot: tweak resealing with fde-setup hooks
+ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
+ init restrict file
+ - secboot: add new LockSealedKeys() that uses either TPM or
+ fde-reveal-key
+ - gadget: use "sealed-keys" to determine what method to use for
+ reseal
+ - boot: add sealKeyToModeenvUsingFdeSetupHook()
+ - secboot: use `fde-reveal-key` if available to unseal key
+ - cmd/snap-update-ns: fix sorting of overname mount entries wrt
+ other entries
+ - o/devicestate: save model with serial in the device save db
+ - devicestate: add runFDESetupHook() helper
+ - secboot,devicestate: add scaffoling for "fde-reveal-key" support
+ - hookstate: add new HookManager.EphemeralRunHook()
+ - update-pot: fix typo in plural keyword spec
+ - store,cmd/snap-repair: increase initial expontential time
+ intervals
+ - o/devicestate,daemon: fix reboot system action to not require a
+ system label
+ - github: run nested suite when commit is pushed to release branch
+ - tests: reset fakestore unit status
+ - tests: fix uc20-create-parition-* tests for updated gadget
+ - hookstate: implement snapctl fde-setup-{request,result}
+ - devicestate: make checkEncryption fde-setup hook aware
+ - client,snapctl: add naive support for "stdin"
+ - devicestate: support "storage-safety" defaults during install
+ - snap: use the boot-base for kernel hooks
+ - vendor: update secboot repo to avoid including secboot.test binary
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 09:11:00 +0100
+
+snapd (2.48.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1906690
+ - gadget: disable ubuntu-boot role validation check
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Dec 2020 17:43:30 +0100
+
+snapd (2.48-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1904098
+ - osutil: add KernelCommandLineKeyValue
+ - devicestate: implement boot.HasFDESetupHook
+ - boot/makebootable.go: set snapd_recovery_mode=install at image-
+ build time
+ - bootloader: use ForGadget when installing boot config
+ - interfaces/raw_usb: allow read access to /proc/tty/drivers
+ - boot: add scaffolding for "fde-setup" hook support for sealing
+ - tests: fix basic20 test on arm devices
+ - seed: make a shared seed system label validation helper
+ - snap: add new "fde-setup" hooktype
+ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
+ - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
+ device handling
+ - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
+ messiness
+ - tests/nested/manual/refresh-revert-fundamentals: temporarily
+ disable secure boot
+ - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
+ boot modes
+ - many: address degraded recover mode feedback, cleanups
+ - tests: Use systemd-run on tests part2
+ - tests: set the opensuse tumbleweed system as manual in spread.yaml
+ - secboot: call BlockPCRProtectionPolicies even if the TPM is
+ disabled
+ - vendor: update to current secboot
+ - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
+ save
+ - spread.yaml: increase number of workers on 20.10
+ - snap: add new `snap recovery --show-keys` option
+ - tests: minor test tweaks suggested in the review of 9607
+ - snapd-generator: set standard snapfuse options when generating
+ units for containers
+ - tests: enable lxd test on ubuntu-core-20 and 16.04-32
+ - interfaces: share /tmp/.X11-unix/ from host or provider
+ - tests: enable main lxd test on 20.10
+ - cmd/s-b/initramfs-mounts: refactor recover mode to implement
+ degraded mode
+ - gadget/install: add progress logging
+ - packaging: keep secboot/encrypt_dummy.go in debian
+ - interfaces/udev: use distro specific path to snap-device-helper
+ - o/devistate: fix chaining of tasks related to regular snaps when
+ preseeding
+ - gadget, overlord/devicestate: validate that system supports
+ encrypted data before install
+ - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
+ ESP layout
+ - many: add /v2/system-recovery-keys API and client
+ - secboot, many: return UnlockMethod from Unlock* methods for future
+ usage
+ - many: mv keys to ubuntu-boot, move model file, rename keyring
+ prefix for secboot
+ - tests: using systemd-run instead of manually create a systemd unit
+ - part 1
+ - secboot, cmd/snap-bootstrap: enable or disable activation with
+ recovery key
+ - secboot: refactor Unlock...IfEncrypted to take keyfile + check
+ disks first
+ - secboot: add LockTPMSealedKeys() to lock access to keys
+ independently
+ - gadget: correct sfdisk arguments
+ - bootloader/assets/grub: adjust fwsetup menuentry label
+ - tests: new boot state tool
+ - spread: use the official image for Ubuntu 20.10, no longer an
+ unstable system
+ - tests/lib/nested: enable snapd logging to console for core18
+ - osutil/disks: re-implement partition searching for disk w/ non-
+ adjacent parts
+ - tests: using the nested-state tool in nested tests
+ - many: seal a fallback object to the recovery boot chain
+ - gadget, gadget/install: move helpers to install package, refactor
+ unit tests
+ - dirs: add "gentoo" to altDirDistros
+ - update-pot: include file locations in translation template, and
+ extract strings from desktop files
+ - gadget/many: drop usage of gpt attr 59 for indicating creation of
+ partitions
+ - gadget/quantity: tweak test name
+ - snap: fix failing unittest for quantity.FormatDuration()
+ - gadget/quantity: introduce a new package that captures quantities
+ - o/devicestate,a/sysdb: make a backup of the device serial to save
+ - tests: fix rare interaction of tests.session and specific tests
+ - features: enable classic-preserves-xdg-runtime-dir
+ - tests/nested/core20/save: check the bind mount and size bump
+ - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
+ - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
+ tests
+ - o/devicestate: unit test tweaks
+ - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
+ - testutil, cmd/snap/version: fix misc little errors
+ - overlord/devicestate: bind mount ubuntu-save under
+ /var/lib/snapd/save on startup
+ - gadget/internal: tune ext4 setting for smaller filesystems
+ - tests/nested/core20/save: a test that verifies ubuntu-save is
+ present and set up
+ - tests: update google sru backend to support groovy
+ - o/ifacestate: handle interface hooks when preseeding
+ - tests: re-enable the apt hooks test
+ - interfaces,snap: use correct type: {os,snapd} for test data
+ - secboot: set metadata and keyslots sizes when formatting LUKS2
+ volumes
+ - tests: improve uc20-create-partitions-reinstall test
+ - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
+ - cmd/snap-bootstrap: mount ubuntu-save during boot if present
+ - secboot: fix doc comment on helper for unlocking volume with key
+ - tests: add spread test for refreshing from an old snapd and core18
+ - o/snapstate: generate snapd snap wrappers again after restart on
+ refresh
+ - secboot: version bump, unlock volume with key
+ - tests/snap-advise-command: re-enable test
+ - cmd/snap, snapmgr, tests: cleanups after #9418
+ - interfaces: deny connected x11 plugs access to ICE
+ - daemon,client: write and read a maintenance.json file for when
+ snapd is shut down
+ - many: update to secboot v1 (part 1)
+ - osutil/disks/mockdisk: panic if same mountpoint shows up again
+ with diff opts
+ - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
+ reseal tests
+ - many: implement snap routine console-conf-start for synchronizing
+ auto-refreshes
+ - dirs, boot: add ubuntu-save directories and related locations
+ - usersession: fix typo in test name
+ - overlord/snapstate: refactor ihibitRefresh
+ - overlord/snapstate: stop warning about inhibited refreshes
+ - cmd/snap: do not hardcode snapshot age value
+ - overlord,usersession: initial notifications of pending refreshes
+ - tests: add a unit test for UpdateMany where a single snap fails
+ - o/snapstate/catalogrefresh.go: don't refresh catalog in install
+ mode uc20
+ - tests: also check snapst.Current in undo-unlink tests
+ - tests: new nested tool
+ - o/snapstate: implement undo handler for unlink-snap
+ - tests: clean systems.sh helper and migrate last set of tests
+ - tests: moving the lib section from systems.sh helper to os.query
+ tool
+ - tests/uc20-create-partitions: don't check for grub.cfg
+ - packaging: make sure that static binaries are indeed static, fix
+ openSUSE
+ - many: have install return encryption keys for data and save,
+ improve tests
+ - overlord: add link participant for linkage transitions
+ - tests: lxd smoke test
+ - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
+ seed too
+ - tests: moving main suite from systems.sh to os.query tool
+ - tests: moving the core test suite from systems.sh to os.query tool
+ - cmd/snap-confine: mask host's apparmor config
+ - o/snapstate: move setting updated SnapState after error paths
+ - tests: add value to INSTANCE_KEY/regular
+ - spread, tests: tweaks for openSUSE
+ - cmd/snap-confine: update path to snap-device-helper in AppArmor
+ profile
+ - tests: new os.query tool
+ - overlord/snapshotstate/backend: specify tar format for snapshots
+ - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
+ UC20
+ - client,daemon,snap: auto-import does not error on managed devices
+ - interfaces: PTP hardware clock interface
+ - tests: use tests.backup tool
+ - many: verify that unit tests work with nosecboot tag and without
+ secboot package
+ - wrappers: do not error out on read-only /etc/dbus-1/session.d
+ filesystem on core18
+ - snapshots: import of a snapshot set
+ - tests: more output for sbuild test
+ - o/snapstate: re-order remove tasks for individual snap revisions
+ to remove current last
+ - boot: skip some unit tests when running as root
+ - o/assertstate: introduce
+ ValidationTrackingKey/ValidationSetTracking and basic methods
+ - many: allow ignoring running apps for specific request
+ - tests: allow the searching test to fail under load
+ - overlord/snapstate: inhibit startup while unlinked
+ - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
+ features
+ - tests/main/sudo-env: snap bin is available on Fedora
+ - boot, overlord/devicestate: list trusted and managed assets
+ upfront
+ - gadget, gadget/install: support for ubuntu-save, create one during
+ install if needed
+ - spread-shellcheck: temporary workaround for deadlock, drop
+ unnecessary test
+ - snap: support different exit-code in the snap command
+ - logger: use strutil.KernelCommandLineSplit in
+ debugEnabledOnKernelCmdline
+ - logger: fix snapd.debug=1 parsing
+ - overlord: increase refresh postpone limit to 14 days
+ - spread-shellcheck: use single thread pool executor
+ - gadget/install,secboot: add debug messages
+ - spread-shellcheck: speed up spread-shellcheck even more
+ - spread-shellcheck: process paths from arguments in parallel
+ - tests: tweak error from tests.cleanup
+ - spread: remove workaround for openSUSE go issue
+ - o/configstate: create /etc/sysctl.d when applying early config
+ defaults
+ - tests: new tests.backup tool
+ - tests: add tests.cleanup pop sub-command
+ - tests: migration of the main suite to snaps-state tool part 6
+ - tests: fix journal-state test
+ - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
+ recover files
+ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
+ same IP addr
+ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
+ building snapd
+ - boot, gadget, bootloader: observer preserves managed bootloader
+ configs
+ - tests/nested/manual: add uc20 grade signed cloud-init test
+ - o/snapstate/autorefresh.go: eliminate race when launching
+ autorefresh
+ - daemon,snapshotstate: do not return "size" from Import()
+ - daemon: limit reading from snapshot import to Content-Length
+ - many: set/expect Content-Length header when importing snapshots
+ - github: switch from ::set-env command to environment file
+ - tests: migration of the main suite to snaps-state tool part 5
+ - client: cleanup the Client.raw* and Client.do* method families
+ - tests: moving main suite to snaps-state tool part 4
+ - client,daemon,snap: use constant for snapshot content-type
+ - many: fix typos and repeated "the"
+ - secboot: fix tpm connection leak when it's not enabled
+ - many: scaffolding for snapshots import API
+ - run-checks: run spread-shellcheck too
+ - interfaces: update network-manager interface to allow
+ ObjectManager access from unconfined clients
+ - tests: move core and regression suites to snaps-state tool
+ - tests: moving interfaces tests to snaps-state tool
+ - gadget: preserve files when indicated by content change observer
+ - tests: moving smoke test suite and some tests from main suite to
+ snaps-state tool
+ - o/snapshotstate: pass set id to backend.Open, update tests
+ - asserts/snapasserts: introduce ValidationSets
+ - o/snapshotstate: improve allocation of new set IDs
+ - boot: look at the gadget for run mode bootloader when making the
+ system bootable
+ - cmd/snap: allow snap help vs --all to diverge purposefully
+ - usersession/userd: separate bus name ownership from defining
+ interfaces
+ - o/snapshotstate: set snapshot set id from its filename
+ - o/snapstate: move remove-related tests to snapstate_remove_test.go
+ - desktop/notification: switch ExpireTimeout to time.Duration
+ - desktop/notification: add unit tests
+ - snap: snap help output refresh
+ - tests/nested/manual/preseed: include a system-usernames snap when
+ preseeding
+ - tests: fix sudo-env test
+ - tests: fix nested core20 shellcheck bug
+ - tests/lib: move to new directory when restoring PWD, cleanup
+ unpacked unpacked snap directories
+ - desktop/notification: add bindings for FDO notifications
+ - dbustest: fix stale comment references
+ - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
+ drop former
+ - snap-repair: add uc20 support
+ - tests: print all the serial logs for the nested test
+ - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
+ bug in test
+ - cmd/snap/auto-import: stop importing system user assertions from
+ initramfs mnts
+ - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
+ as Unknown*
+ - asserts: deserialize grouping only once in Pool.AddBatch if needed
+ - gadget: allow content observer to have opinions about a change
+ - tests: new snaps-state command - part1
+ - o/assertstate: support refreshing any number of snap-declarations
+ - boot: use test helpers
+ - tests/core/snap-debug-bootvars: also check snap_mode
+ - many/apparmor: adjust rules for reading profile/ execing new
+ profiles for new kernel
+ - tests/core/snap-debug-bootvars: spread test for snap debug boot-
+ vars
+ - tests/lib/nested.sh: more little tweaks
+ - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
+ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
+ recover modes
+ - overlord: explicitly set refresh-app-awareness in tests
+ - kernel: remove "edition" from kernel.yaml and add "update"
+ - spread: drop vendor from the packed project archive
+ - boot: fix debug bootloader variables dump on UC20 systems
+ - wrappers, systemd: allow empty root dir and conditionally do not
+ pass --root to systemctl
+ - tests/nested/manual: add test for grades above signed booting with
+ testkeys
+ - tests/nested: misc robustness fixes
+ - o/assertstate,asserts: use bulk refresh to refresh snap-
+ declarations
+ - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
+ been updated now
+ - tests/nested/manual/refresh-revert-fundamentals: re-enable test
+ - update-pot: ignore .go files inside .git when running xgettext-go
+ - tests: disable part of the lxd test completely on 16.04.
+ - o/snapshotstate: tweak comment regarding snapshot filename
+ - o/snapstate: improve snapshot iteration
+ - bootloader: lk cleanups
+ - tests: update to support nested kvm without reboots on UC20
+ - tests/nested/manual/preseed: disable system-key check for 20.04
+ image
+ - spread.yaml: add ubuntu-20.10-64 to qemu
+ - store: handle v2 error when fetching assertions
+ - gadget: resolve device mapper devices for fallback device lookup
+ - tests/nested/cloud-init-many: simplify tests and unify
+ helpers/seed inputs
+ - tests: copy /usr/lib/snapd/info to correct directory
+ - check-pr-title.py * : allow "*" in the first part of the title
+ - many: typos and small test tweak
+ - tests/main/lxd: disable cgroup combination for 16.04 that is
+ failing a lot
+ - tests: make nested signing helpers less confusing
+ - tests: misc nested changes
+ - tests/nested/manual/refresh-revert-fundamentals: disable
+ temporarily
+ - tests/lib/cla_check: default to Python 3, tweaks, formatting
+ - tests/lib/cl_check.py: use python3 compatible code
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 Nov 2020 17:51:02 +0100
+
+snapd (2.47.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1895929
+ - o/configstate: create /etc/sysctl.d when applying early config
+ defaults
+ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
+ same IP addr
+ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
+ building snapd
+ - cmd/snap: allow snap help vs --all to diverge purposefully
+ - snap: snap help output refresh
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Oct 2020 09:30:44 +0200
+
+snapd (2.47-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1895929
+ - tests: fix nested core20 shellcheck bug
+ - many/apparmor: adjust rule for reading apparmor profile for new
+ kernel
+ - snap-repair: add uc20 support
+ - cmd/snap/auto-import: stop importing system user assertions from
+ initramfs mnts
+ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
+ recover modes
+ - gadget: resolve device mapper devices for fallback device lookup
+ - secboot: add boot manager profile to pcr protection profile
+ - sysconfig,o/devicestate: mv DisableNoCloud to
+ DisableAfterLocalDatasourcesRun
+ - tests: make gadget-reseal more robust
+ - tests: skip nested images pre-configuration by default
+ - tests: fix for basic20 test running on external backend and rpi
+ - tests: improve kernel reseal test
+ - boot: adjust comments, naming, log success around reseal
+ - tests/nested, fakestore: changes necessary to run nested uc20
+ signed/secured tests
+ - tests: add nested core20 gadget reseal test
+ - boot/modeenv: track unknown keys in Read and put back into modeenv
+ during Write
+ - interfaces/process-control: add sched_setattr to seccomp
+ - boot: with unasserted kernels reseal if there's a hint modeenv
+ changed
+ - client: bump the default request timeout to 120s
+ - configcore: do not error in console-conf.disable for install mode
+ - boot: streamline bootstate20.go reseal and tests changes
+ - boot: reseal when changing kernel
+ - cmd/snap/model: specify grade in the model command output
+ - tests: simplify
+ repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
+ - test: improve logging in nested tests
+ - nested: add support to telnet to serial port in nested VM
+ - secboot: use the snapcore/secboot native recovery key type
+ - tests/lib/nested.sh: use more focused cloud-init config for uc20
+ - tests/lib/nested.sh: wait for the tpm socket to exist
+ - spread.yaml, tests/nested: misc changes
+ - tests: add more checks to disk space awareness spread test
+ - tests: disk space awareness spread test
+ - boot: make MockUC20Device use a model and MockDevice more
+ realistic
+ - boot,many: reseal only when meaningful and necessary
+ - tests/nested/core20/kernel-failover: add test for failed refresh
+ of uc20 kernel
+ - tests: fix nested to work with qemu and kvm
+ - boot: reseal when updating boot assets
+ - tests: fix snap-routime-portal-info test
+ - boot: verify boot chain file in seal and reseal tests
+ - tests: use full path to test-snapd-refresh.version binary
+ - boot: store boot chains during install, helper for checking
+ whether reseal is needed
+ - boot: add call to reseal an existing key
+ - boot: consider boot chains with unrevisioned kernels incomparable
+ - overlord: assorted typos and miscellaneous changes
+ - boot: group SealKeyModelParams by model, improve testing
+ - secboot: adjust parameters to buildPCRProtectionProfile
+ - strutil: add SortedListsUniqueMergefrom the doc comment:
+ - snap/naming: upgrade TODO to TODO:UC20
+ - secboot: add call to reseal an existing key
+ - boot: in seal.go adjust error message and function names
+ - o/snapstate: check available disk space in RemoveMany
+ - boot: build bootchains data for sealing
+ - tests: remove "set -e" from function only shell libs
+ - o/snapstate: disk space check on UpdateMany
+ - o/snapstate: disk space check with snap update
+ - snap: implement new `snap reboot` command
+ - boot: do not reorder boot assets when generating predictable boot
+ chains and other small tweaks
+ - tests: some fixes and improvements for nested execution
+ - tests/core/uc20-recovery: fix check for at least specific calls to
+ mock-shutdown
+ - boot: be consistent using bootloader.Role* consts instead of
+ strings
+ - boot: helper for generating secboot load chains from a given boot
+ asset sequence
+ - boot: tweak boot chains to support a list of kernel command lines,
+ keep track of model and kernel boot file
+ - boot,secboot: switch to expose and use snapcore/secboot load event
+ trees
+ - tests: use `nested_exec` in core{20,}-early-config test
+ - devicestate: enable cloud-init on uc20 for grade signed and
+ secured
+ - boot: add "rootdir" to baseBootenvSuite and use in tests
+ - tests/lib/cla_check.py: don't allow users.noreply.github.com
+ commits to pass CLA
+ - boot: represent boot chains, helpers for marshalling and
+ equivalence checks
+ - boot: mark successful with boot assets
+ - client, api: handle insufficient space error
+ - o/snapstate: disk space check with single snap install
+ - configcore: "service.console-conf.disable" is gadget defaults only
+ - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
+ AppArmor profile path
+ - tests: skip udp protocol in nfs-support test on ubuntu-20.10
+ - packaging/debian-sid: tweak code preparing _build tree
+ - many: move seal code from gadget/install to boot
+ - tests: remove workaround for cups on ubuntu-20.10
+ - client: implement RebootToSystem
+ - many: seed.Model panics now if called before LoadAssertions
+ - daemon: add /v2/systems "reboot" action API
+ - github: run tests also on push to release branches
+ - interfaces/bluez: let slot access audio streams
+ - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
+ new seed.ReadSystemEssential
+ - interfaces: allow snap-update-ns to read /proc/cmdline
+ - tests: new organization for nested tests
+ - o/snapstate, features: add feature flags for disk space awareness
+ - tests: workaround for cups issue on 20.10 where default printer is
+ not configured.
+ - interfaces: update cups-control and add cups for providing snaps
+ - boot: keep track of the original asset when observing updates
+ - tests: simplify and fix tests for disk space checks on snap remove
+ - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
+ cloud.conf
+ - tests/main: mv core specific tests to core suite
+ - tests/lib/nested.sh: reset the TPM when we create the uc20 vm
+ - devicestate: rename "mockLogger" to "logbuf"
+ - many: introduce ContentChange for tracking gadget content in
+ observers
+ - many: fix partion vs partition typo
+ - bootloader: retrieve boot chains from bootloader
+ - devicestate: add tests around logging in RequestSystemAction
+ - boot: handle canceled update
+ - bootloader: tweak doc comments (thanks Samuele)
+ - seed/seedwriter: test local asserted snaps with UC20 grade signed
+ - sysconfig/cloudinit.go: add DisableNoCloud to
+ CloudInitRestrictOptions
+ - many: use BootFile type in load sequences
+ - boot,bootloader: clarifications after the changes to introduce
+ bootloader.Options.Role
+ - boot,bootloader,gadget: apply new bootloader.Options.Role
+ - o/snapstate, features: add feature flag for disk space check on
+ remove
+ - testutil: add checkers for symbolic link target
+ - many: refactor tpm seal parameter setting
+ - boot/bootstate20: reboot to rollback to previous kernel
+ - boot: add unit test helpers
+ - boot: observe update & rollback of trusted assets
+ - interfaces/utf: Add MIRKey to u2f devices
+ - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
+ cloud-init tests
+ - many: check that users of BaseTest don't forget to consume
+ cleanups
+ - tests/nested/core20/tpm: verify trusted boot assets tracking
+ - github: run macOS job with Go 1.14
+ - many: misc doc-comment changes and typo fixes
+ - o/snapstate: disk space check with InstallMany
+ - many: cloud-init cleanups from previous PR's
+ - tests: running tests on opensuse leap 15.2
+ - run-checks: check for dirty build tree too
+ - vendor: run ./get-deps.sh to update the secboot hash
+ - tests: update listing test for "-dirty" versions
+ - overlord/devicestate: do not release the state lock when updating
+ gadget assets
+ - secboot: read kernel efi image from snap file
+ - snap: add size to the random access file return interface
+ - daemon: correctly parse Content-Type HTTP header.
+ - tests: account for apt-get on core18
+ - cmd/snap-bootstrap/initramfs-mounts: compute string outside of
+ loop
+ - mkversion.sh: simple hack to include dirty in version if the tree
+ is dirty
+ - cgroup,snap: track hooks on system bus only
+ - interfaces/systemd: compare dereferenced Service
+ - run-checks: only check files in git for misspelling
+ - osutil: add a package doc comment (via doc.go)
+ - boot: complain about reused asset name during initial install
+ - snapstate: installSize helper that calculates total size of snaps
+ and their prerequisites
+ - snapshots: export of snapshots
+ - boot/initramfs_test.go: reset boot vars on the bootloader for each
+ iteration
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 29 Sep 2020 17:19:13 +0200
+
+snapd (2.46.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1891134
+ - interfaces: allow snap-update-ns to read
+ /proc/cmdline
+ - github: run macOS job with Go 1.14
+ - o/snapstate, features: add feature flag for disk space check on
+ remove
+ - tests: account for apt-get on core18
+ - mkversion.sh: include dirty in version if the tree
+ is dirty
+ - interfaces/systemd: compare dereferenced Service
+ - vendor.json: update mysterious secboot SHA again
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Sep 2020 17:42:54 +0200
+
+snapd (2.46-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1891134
+ - logger: add support for setting snapd.debug=1 on kernel cmdline
+ - o/snapstate: check disk space before creating automatic snapshot
+ on remove
+ - boot, o/devicestate: observe existing recovery bootloader trusted
+ boot assets
+ - many: use transient scope for tracking apps and hooks
+ - features: add HiddenSnapFolder feature flag
+ - tests/lib/nested.sh: fix partition typo, unmount the image on uc20
+ too
+ - runinhibit: open the lock file in read-only mode in IsLocked
+ - cmd/s-b/initramfs-mounts: make recover -> run mode transition
+ automatic
+ - tests: update spread test for unknown plug/slot with snapctl is-
+ connected
+ - osutil: add OpenExistingLockForReading
+ - kernel: add kernel.Validate()
+ - interfaces: add vcio interface
+ - interfaces/{docker,kubernetes}-support: load overlay and support
+ systemd cgroup driver
+ - tests/lib/nested.sh: use more robust code for finding what loop
+ dev we mounted
+ - cmd/snap-update-ns: detach all bind-mounted file
+ - snap/snapenv: set SNAP_REAL_HOME
+ - packaging: umount /snap on purge in containers
+ - interfaces: misc policy updates xlvi
+ - secboot,cmd/snap-bootstrap: cross-check partitions before
+ unlocking, mounting
+ - boot: copy boot assets cache to new root
+ - gadget,kernel: add new kernel.{Info,Asset} struct and helpers
+ - o/hookstate/ctlcmd: make is-connected check whether the plug or
+ slot exists
+ - tests: find -ignore_readdir_race when scanning cgroups
+ - interfaces/many: deny arbitrary desktop files and misc from
+ /usr/share
+ - tests: use "set -ex" in prep-snapd-in-lxd.sh
+ - tests: re-enable udisks test on debian-sid
+ - cmd/snapd-generator: use PATH fallback if PATH is not set
+ - tests: disable udisks2 test on arch linux
+ - github: use latest/stable go, not latest/edge
+ - tests: remove support for ubuntu 19.10 from spread tests
+ - tests: fix lxd test wrongly tracking 'latest'
+ - secboot: document exported functions
+ - cmd: compile snap gdbserver shim correctly
+ - many: correctly calculate the desktop file prefix everywhere
+ - interfaces: add kernel-crypto-api interface
+ - corecfg: add "system.timezone" setting to the system settings
+ - cmd/snapd-generator: generate drop-in to use fuse in container
+ - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
+ from previous PR
+ - interfaces/many: miscellaneous updates for strict microk8s
+ - secboot,cmd/snap-bootstrap: don't import boot package from secboot
+ - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
+ the-tool
+ - tests: work around broken update of systemd-networkd
+ - tests/main/install-fontconfig-cache-gen: enhance test by
+ verifying, add fonts to test
+ - o/devicestate: wrap asset update observer error
+ - boot: refactor such that bootStateUpdate20 mainly carries Modeenv
+ - mkversion.sh: disallow changelog versions that have git in it, if
+ we also have git version
+ - interfaces/many: miscellaneous updates for strict microk8s
+ - snap: fix repeated "cannot list recovery system" and add test
+ - boot: track trusted assets during initial install, assets cache
+ - vendor: update secboot to fix key data validation
+ - tests: unmount FUSE file-systems from XDG runtime dir
+ - overlord/devicestate: workaround non-nil interface with nil struct
+ - sandbox/cgroup: remove temporary workaround for multiple cgroup
+ writers
+ - sandbox/cgroup: detect dangling v2 cgroup
+ - bootloader: add helper for creating a bootloader based on gadget
+ - tests: support different images on nested execution
+ - many: reorg cmd/snapinfo.go into snap and new client/clientutil
+ - packaging/arch: use external linker when building statically
+ - tests: cope with ghost cgroupv2
+ - tests: fix issues related to restarting systemd-logind.service
+ - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
+ gadget updates
+ - vendor: update github.com/kr/pretty to fix diffs of values with
+ pointer cycles
+ - boot: move bootloaderKernelState20 impls to separate file
+ - .github/workflows: move snap building to test.yaml as separate
+ cached job
+ - tests/nested/manual/minimal-smoke: run core smoke tests in a VM
+ meeting minimal requirements
+ - osutil: add CommitAs to atomic file
+ - gadget: introduce content update observer
+ - bootloader: introduce TrustedAssetsBootloader, implement for grub
+ - o/snapshotstate: helpers for calculating disk space needed for an
+ automatic snapshot
+ - gadget/install: retrieve command lines from bootloader
+ - boot/bootstate20: unify commit method impls, rm
+ bootState20MarkSuccessful
+ - tests: add system information and image information when debug
+ info is displayed
+ - tests/main/cgroup-tracking: try to collect some information about
+ cgroups
+ - boot: introduce current_boot_assets and
+ current_recovery_boot_assets to modeenv
+ - tests: fix for timing issues on journal-state test
+ - many: remove usage and creation of hijacked pid cgroup
+ - tests: port regression-home-snap-root-owned to tests.session
+ - tests: run as hightest via tests.session
+ - github: run CLA checks on self-hosted workers
+ - github: remove Ubuntu 19.10 from actions workflow
+ - tests: remove End-Of-Life opensuse/fedora releases
+ - tests: remove End-Of-Life releases from spread.yaml
+ - tests: fix debug section of appstream-id test
+ - interfaces: check !b.preseed earlier
+ - tests: work around bug in systemd/debian
+ - boot: add deepEqual, Copy helpers for Modeenv to simplify
+ bootstate20 refactor
+ - cmd: add new "snap recovery" command
+ - interfaces/systemd: use emulation mode when preseeding
+ - interfaces/kmod: don't load kernel modules in kmod backend when
+ preseeding
+ - interfaces/udev: do not reload udevadm rules when preseeding
+ - cmd/snap-preseed: use snapd from the deb if newer than from seeds
+ - boot: fancy marshaller for modeenv values
+ - gadget, osutil: use atomic file copy, adjust tests
+ - overlord: use new tracking cgroup for refresh app awareness
+ - github: do not skip gofmt with Go 1.9/1.10
+ - many: introduce content write observer, install mode glue, initial
+ seal stubs
+ - daemon,many: switch to use client.ErrorKind and drop the local
+ errorKind...
+ - tests: new parameters for nested execution
+ - client: move all error kinds into errors.go and add doc strings
+ - cmd/snap: display the error in snap debug seeding if seeding is in
+ error
+ - cmd/snap/debug/seeding: use unicode for proper yaml
+ - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
+ recovery_mode
+ - osutil/disks: add mock disk and tests for happy path of mock disks
+ - tests: refresh/revert snapd in uc20
+ - osutil/disks: use a dedicated error to indicate a fs label wasn't
+ found
+ - interfaces/system-key: in WriteSystemKey during tests, don't call
+ ParserFeatures
+ - boot: add current recovery systems to modeenv
+ - bootloader: extend managed assets bootloader interface to compose
+ a candidate command line
+ - interfaces: make the unmarshal test match more the comment
+ - daemon/api: use pointers to time.Time for debug seeding aspect
+ - o/ifacestate: update security profiles in connect undo handler
+ - interfaces: add uinput interface
+ - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
+ tests
+ - o/devicestate: save seeding/preseeding times for use with debug
+ seeding api
+ - cmd/snap/debug: add "snap debug seeding" command for preseeding
+ debugging
+ - tests/main/selinux-clean: workaround SELinux denials triggered by
+ linger setup on Centos8
+ - bootloader: compose command line with mode and extra arguments
+ - cmd/snap, daemon: detect and bail purge on multi-snap
+ - o/ifacestate: fix bug in snapsWithSecurityProfiles
+ - interfaces/builtin/multipass: replace U+00A0 no-break space with
+ simple space
+ - bootloader/assets: generate bootloader assets from files
+ - many/tests/preseed: reset the preseeded images before preseeding
+ them
+ - tests: drop accidental accents from e
+ - secboot: improve key sealing tests
+ - tests: replace _wait_for_file_change with retry
+ - tests: new fs-state which replaces the files.sh helper
+ - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
+ from path
+ - cmd/snap: track started apps and hooks
+ - tests/main/interfaces-pulseaudio: disable start limit checking for
+ pulseaudio service
+ - api: seeding debug api
+ - .github/workflows/snap-build.yaml: build the snapd snap via GH
+ Actions too
+ - tests: moving journalctl.sh to a new journal-state tool
+ - tests/nested/manual: add spread tests for cloud-init vuln
+ - bootloader/assets: helpers for registering per-edition snippets,
+ register snippets for grub
+ - data,packaging,wrappers: extend D-Bus service activation search
+ path
+ - spread: add opensuse 15.2 and tumbleweed for qemu
+ - overlord,o/devicestate: restrict cloud-init on Ubuntu Core
+ - sysconfig/cloudinit: add RestrictCloudInit
+ - cmd/snap-preseed: check that target path exists and is a directory
+ on --reset
+ - tests: check for pids correctly
+ - gadget,gadget/install: refactor partition table update
+ - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
+ type
+ - interface/fwupd: add more policies for making fwupd upstream
+ strict
+ - tests: new to-one-line tool which replaces the strings.sh helper
+ - interfaces: new helpers to get and compare system key, for use
+ with seeding debug api
+ - osutil, many: add helper for checking whether the process is a go
+ test binary
+ - cmd/snap-seccomp/syscalls: add faccessat2
+ - tests: adjust xdg-open after launcher changes
+ - tests: new core config helper
+ - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
+ open
+ - cmd/snap-preseed: handle relative chroot path
+ - snapshotstate: move sizer to osutil.Sizer()
+ - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
+ kernel tests
+ - gadget/install,secboot: use snapcore/secboot luks2 api
+ - boot/initramfs_test.go: add Commentf to more Assert()'s
+ - tests/lib: account for changes in arch package file name extension
+ - bootloader/bootloadertest: fix comment typo
+ - bootloader: add helper for getting recovery system environment
+ variables
+ - tests: preinstall shellcheck and run tests on focal
+ - strutil: add a helper for parsing kernel command line
+ - osutil: add CheckFreeSpace helper
+ - secboot: update tpm connection error handling
+ - packaging, cmd/snap-mgmt, tests: remove modules files on purge
+ - tests: add tests.cleanup helper
+ - packaging: add "ca-certificates" to build-depends
+ - tests: more checks in core20 early config spread test
+ - tests: fix some snapstate tests to use pointers for
+ snapmgrTestSuite
+ - boot: better naming of helpers for obtaining kernel command line
+ - many: use more specific check for unit test mocking
+ - systemd/escape: fix issues with "" and "\t" handling
+ - asserts: small improvements and corrections for sequence-forming
+ assertions' support
+ - boot, bootloader: query kernel command line of run mod and
+ recovery mode systems
+ - snap/validate.go: disallow snap layouts with new top-level
+ directories
+ - tests: allow to add a new label to run nested tests as part of PR
+ validation
+ - tests/core/gadget-update-pc: port to UC20
+ - tests: improve nested tests flexibility
+ - asserts: integer headers: disallow prefix zeros and make parsing
+ more uniform
+ - asserts: implement Database.FindSequence
+ - asserts: introduce SequenceMemberAfter in the asserts backstores
+ - spread.yaml: remove tests/lib/tools from PATH
+ - overlord: refuse to install snaps whose activatable D-Bus services
+ conflict with installed snaps
+ - tests: shorten lxd-state undo-mount-changes
+ - snap-confine: don't die if a device from sysfs path cannot be
+ found by udev
+ - tests: fix argument handling of apt-state
+ - tests: rename lxd-tool to lxd-state
+ - tests: rename user-tool to user-state, fix --help
+ - interfaces: add gconf interface
+ - sandbox/cgroup: avoid parsing security tags twice
+ - tests: rename version-tool to version-compare
+ - cmd/snap-update-ns: handle anomalies better
+ - tests: fix call to apt.Package.mark_install(auto_inst=True)
+ - tests: rename mountinfo-tool to mountinfo.query
+ - tests: rename memory-tool to memory-observe-do
+ - tests: rename invariant-tool to tests.invariant
+ - tests: rename apt-tool to apt-state
+ - many: managed boot config during run mode setup
+ - asserts: introduce the concept of sequence-forming assertion types
+ - tests: tweak comments/output in uc20-recovery test
+ - tests/lib/pkgdb: do not use quiet when purging debs
+ - interfaces/apparmor: allow snap-specific /run/lock
+ - interfaces: add system-source-code for access to /usr/src
+ - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
+ - gadget/install: move udev trigger to gadget/install
+ - many: make nested spread tests more reliable
+ - tests/core/uc20-recovery: apply hack to get gopath in recover mode
+ w/ external backend
+ - tests: enable tests on uc20 which now work with the real model
+ assertion
+ - tests: enable system-snap-refresh test on uc20
+ - gadget, bootloader: preserve managed boot assets during gadget
+ updates
+ - tests: fix leaked dbus-daemon in selinux-clean
+ - tests: add servicestate.Control tests
+ - tests: fix "restart.service"
+ - wrappers: helper for enabling services - extract and move enabling
+ of services into a helper
+ - tests: new test to validate refresh and revert of kernel and
+ gadget on uc20
+ - tests/lib/prepare-restore: collect debug info when prepare purge
+ fails
+ - bootloader: allow managed bootloader to update its boot config
+ - tests: Remove unity test from nightly test suite
+ - o/devicestate: set mark-seeded to done in the task itself
+ - tests: add spread test for disconnect undo caused by failing
+ disconnect hook
+ - sandbox/cgroup: allow discovering PIDs of given snap
+ - osutil/disks: support IsDecryptedDevice for mountpoints which are
+ dm devices
+ - osutil: detect autofs mounted in /home
+ - spread.yaml: allow amazon-linux-2-64 qemu with
+ ec2-user/ec2-user
+ - usersession: support additional zoom URL schemes
+ - overlord: mock timings.DurationThreshold in TestNewWithGoodState
+ - sandbox/cgroup: add tracking helpers
+ - tests: detect stray dbus-daemon
+ - overlord: refuse to install snaps providing user daemons on Ubuntu
+ 14.04
+ - many: move encryption and installer from snap-boostrap to gadget
+ - o/ifacestate: fix connect undo handler
+ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
+ - bootloader: introduce managed bootloader, implement for grub
+ - tests: fix incorrect check in smoke/remove test
+ - asserts,seed: split handling of essential/not essential model
+ snaps
+ - gadget: fix typo in mounted filesystem updater
+ - gadget: do only one mount point lookup in mounted fs updater
+ - tests/core/snap-auto-mount: try to make the test more robust
+ - tests: adding ubuntu-20.04 to google-sru backend
+ - o/servicestate: add updateSnapstateServices helper
+ - bootloader: pull recovery grub config from internal assets
+ - tests/lib/tools: apply linger workaround when needed
+ - overlord/snapstate: graceful handling of denied "managed" refresh
+ schedule
+ - snapstate: fix autorefresh from classic->strict
+ - overlord/configstate: add system.kernel.printk.console-loglevel
+ option
+ - tests: fix assertion disk handling for nested UC systems
+ - snapstate: use testutil.HostScaledTimeout() in snapstate tests
+ - tests: extra worker for google-nested backend to avoid timeout
+ error on uc20
+ - snapdtool: helper to check whether the current binary is reexeced
+ from a snap
+ - tests: mock servicestate in api tests to avoid systemctl checks
+ - many: rename back snap.Info.GetType to Type
+ - tests/lib/cla_check: expect explicit commit range
+ - osutil/disks: refactor diskFromMountPointImpl a bit
+ - o/snapstate: service-control task handler
+ - osutil: add disks pkg for associating mountpoints with
+ disks/partitions
+ - gadget,cmd/snap-bootstrap: move partitioning to gadget
+ - seed: fix LoadEssentialMeta when gadget is not loaded
+ - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
+ secure_path
+ - asserts: introduce new assertion validation-set
+ - asserts,daemon: add support for "serials" field in system-user
+ assertion
+ - data/sudo: drop a failed sudo secure_path workaround
+ - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
+ - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
+ - spread.yaml: update secure boot attribute name
+ - interfaces/block_devices: add NVMe subsystem devices, support
+ multipath paths
+ - tests: use the "jq" snap from the edge channel
+ - tests: simplify the tpm test by removing the test-snapd-mokutil
+ snap
+ - boot/bootstate16.go: clean snap_try_* vars when not in Trying
+ status too
+ - tests/main/sudo-env: check snap path under sudo
+ - tests/main/lxd: add test for snaps inside nested lxd containers
+ not working
+ - asserts/internal: expand errors about invalid serialized grouping
+ labels
+ - usersession/userd: add msteams url support
+ - tests/lib/prepare.sh: adjust comment about sgdisk
+ - tests: fix how gadget pc is detected when the snap does not exist
+ and ls fails
+ - tests: move a few more tests to snapstate_update_test.go
+ - tests/main: add spread test for running svc from install hook
+ - tests/lib/prepare: increase the size of the uc16/uc18 partitions
+ - tests/special-home-can-run-classic-snaps: re-enable
+ - workflow: test PR title as part of the static checks again
+ - tests/main/xdg-open-compat: backup and restore original xdg-open
+ - tests: move update-related tests to snapstate_update_test.go
+ - cmd,many: move Version and bits related to snapd tools to
+ snapdtool, merge cmdutil
+ - tests/prepare-restore.sh: reset-failed systemd-journald before
+ restarting
+ - interfaces: misc small interface updates
+ - spread: use find rather than recursive ls, skip mounted snaps
+ - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
+ /var/lib/snapd
+ - tests: enable snap-auto-mount test on core20
+ - cmd/snap: do not show $PATH warning when executing under sudo on a
+ known distro
+ - asserts/internal: add some iteration benchmarks
+ - sandbox/cgroup: improve pid parsing code
+ - snap: add new `snap run --experimental-gdbserver` option
+ - asserts/internal: limit Grouping size switching to a bitset
+ representationWe don't always use the bit-set representation
+ because:
+ - snap: add an activates-on property to apps for D-Bus activation
+ - dirs: delete unused Cloud var, fix typo
+ - sysconfig/cloudinit: make callers of DisableCloudInit use
+ WritableDefaultsDir
+ - tests: fix classic ubuntu core transition auth
+ - tests: fail in setup_reflash_magic() if there is snapd state left
+ - tests: port interfaces-many-core-provided to tests.session
+ - tests: wait after creating partitions with sfdisk
+ - bootloader: introduce bootloarder assets, import grub.cfg with an
+ edition marker
+ - riscv64: bump timeouts
+ - gadget: drop dead code, hide exports that are not used externally
+ - tests: port 2 uc20 part1
+ - tests: fix bug waiting for snap command to be ready
+ - tests: move try-related tests to snapstate_try_test.go
+ - tests: add debug for 20.04 prepare failure
+ - travis.yml: removed, all our checks run in GH actions now
+ - tests: clean up up the use of configcoreSuite in the configcore
+ tests
+ - sandbox/cgroup: remove redundant pathOfProcPidCgroup
+ - sandbox/cgroup: add tests for ParsePids
+ - tests: fix the basic20 test for uc20 on external backend
+ - tests: use configcoreSuite in journalSuite and remove some
+ duplicated code
+ - tests: move a few more tests to snapstate_install_test
+ - tests: assorted small patches
+ - dbusutil/dbustest: separate license from package
+ - interfaces/builtin/time-control: allow POSIX clock API
+ - usersession/userd: add "slack" to the white list of URL schemes
+ handled by xdg-open
+ - tests: check that host settings like hostname are settable on core
+ - tests: port xdg-settings test to tests.session
+ - tests: port snap-handle-link test to tests.session
+ - arch: add riscv64
+ - tests: core20 early defaults spread test
+ - tests: move install tests from snapstate_test.go to
+ snapstate_install_test.go
+ - github: port macOS sanity checks from travis
+ - data/selinux: allow checking /var/cache/app-info
+ - o/devicestate: core20 early config from gadget defaults
+ - tests: autoremove after removing lxd in preseed-lxd test
+ - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
+ - sandbox/cgroup: move FreezerCgroupDir from dirs.go
+ - tests: update the file used to detect the boot path on uc20
+ - spread.yaml: show /var/lib/snapd in debug
+ - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
+ netplan files
+ - snap/naming: add helpers to parse app and hook security tags
+ - tests: modernize retry tool
+ - tests: fix and trim debug section in xdg-open-portal
+ - tests: modernize and use snapd.tool
+ - vendor: update to latest github.com/snapcore/bolt for riscv64
+ - cmd/snap-confine: add support for libc6-lse
+ - interfaces: miscellaneous policy updates xlv
+ - interfaces/system-packages-doc: fix typo in variable names
+ - tests: port interfaces-calendar-service to tests.session
+ - tests: install/run the lzo test snap too
+ - snap: (small) refactor of `snap download` code for
+ testing/extending
+ - data: fix shellcheck warnings in snapd.sh.in
+ - packaging: disable buildmode=pie for riscv64
+ - tests: install test-snapd-rsync snap from edge channel
+ - tests: modernize tests.session and port everything using it
+ - tests: add ubuntu 20.10 to spread tests
+ - cmd/snap/remove: mention snap restore/automatic snapshots
+ - dbusutil: move all D-Bus helpers and D-Bus test helpers
+ - wrappers: pass 'disable' flag to StopServices wrapper
+ - osutil: enable riscv64 build
+ - snap/naming: add ParseSecurityTag and friends
+ - tests: port document-portal-activation to session-tool
+ - bootloader: rename test helpers to reflect we are mocking EFI boot
+ locations
+ - tests: disable test of nfs v3 with udp proto on debian-sid
+ - tests: plan to improve the naming and uniformity of utilities
+ - tests: move *-tool tests to their own suite
+ - snap-bootstrap: remove sealed key file on reinstall
+ - bootloader/ubootenv: don't panic with an empty uboot env
+ - systemd: rename actualFsTypeAndMountOptions to
+ hostFsTypeAndMountOptions
+ - daemon: fix filtering of service-control changes for snap.app
+ - tests: spread test for preseeding in lxd container
+ - tests: fix broken snapd.session agent.socket
+ - wrappers: add RestartServices function and ReloadOrRestart to
+ systemd
+ - o/cmdstate: handle ignore flag on exec-command tasks
+ - gadget: make ext4 filesystems with or without metadata checksum
+ - tests: update statx test to run on all LTS releases
+ - configcore: show better error when disabling services
+ - interfaces: add hugepages-control
+ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
+ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
+ - tests: skip interfaces-openvswitch for centos 8 in nightly suite
+ - tests: reload systemd --user for root, if present
+ - tests: reload systemd after editing /etc/fstab
+ - tests: add missing dependencies needed for sbuild test on debian
+ - tests: reload systemd after removing pulseaudio
+ - image, tests: core18 early config.
+ - interfaces: add system-packages-doc interface
+ - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
+ preseeding
+ - interfaces/fwupd: allow bind mount to /boot on core
+ - tests: improve oom-vitality tests
+ - tests: add fedora 32 to spread.yaml
+ - config: apply vitality-hint immediately when the config changes
+ - tests: port snap-routine-portal-info to session-tool
+ - configcore: add "service.console-conf.disable" config option
+ - tests: port xdg-open to session-tool
+ - tests: port xdg-open-compat to session-tool
+ - tests: port interfaces-desktop-* to session-tool
+ - spread.yaml: apply yaml formatter/linter
+ - tests: port interfaces-wayland to session-tool
+ - o/devicestate: refactor current system handling
+ - snap-mgmt: perform cleanup of user services
+ - snap/snapfile,squashfs: followups from 8729
+ - boot, many: require mode in modeenv
+ - data/selinux: update policy to allow forked processes to call
+ getpw*()
+ - tests: log stderr from dbus-monitor
+ - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
+ tag
+ - snap/squashfs: also symlink snap Install with uc20 seed snap dir
+ layout
+ - interfaces/builtin/desktop: do not mount fonts cache on distros
+ with quirks
+ - data/selinux: allow snapd to remove/create the its socket
+ - testutil/exec.go: set PATH after running shellcheck
+ - tests: silence stderr from dbus-monitor
+ - snap,many: mv Open to snapfile pkg to support add'l options to
+ Container methods
+ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
+ gadget
+ - github: remove workaround for bug 133 in actions/cache
+ - tests: remove dbus.sh
+ - cmd/snap-preseed: improve mountpoint checks of the preseeded
+ chroot
+ - spread.yaml: add ps aux to debug section
+ - github: run all spread systems in a single go with cached results
+ - test: session-tool cli tweaks
+ - asserts: rest of the Pool API
+ - tests: port interfaces-network-status-classic to session-tool
+ - packaging: remove obsolete 16.10,17.04 symlinks
+ - tests: setup portals before starting user session
+ - o/devicestate: typo fix
+ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
+ devices
+ - cmd/snap/model: support store, system-user-authority keys in
+ --verbose
+ - o/devicestate: raise conflict when requesting system action while
+ seeding
+ - tests: detect signs of crashed snap-confine
+ - tests: sign kernel and gadget to run nested tests using current
+ snapd code
+ - tests: remove gnome-online-accounts we install
+ - tests: fix the issue where all the tests were executed on secboot
+ system
+ - tests: port interfaces-accounts-service to session-tool
+ - interfaces/network-control: bring /var/lib/dhcp from host
+ - image,cmd/snap,tests: add support for store-wide cohort keys
+ - configcore: add nomanagers buildtag for conditional build
+ - tests: port interfaces-password-manager-service to session-tool
+ - o/devicestate: cleanup system actions supported by recover mode
+ - snap-bootstrap: remove create-partitions and update tests
+ - tests: fix nested tests
+ - packaging/arch: update PKGBUILD to match one in AUR
+ - tests: port interfaces-location-control to session-tool
+ - tests: port interfaces-contacts-service to session-tool
+ - state: log task errors in the journal too
+ - o/devicestate: change how current system is reported for different
+ modes
+ - devicestate: do not report "ErrNoState" for seeded up
+ - tests: add a note about broken test sequence
+ - tests: port interfaces-autopilot-introspection to session-tool
+ - tests: port interfaces-dbus to session-tool
+ - packaging: update sid packaging to match 16.04+
+ - tests: enable degraded test on uc20
+ - c/snaplock/runinhibit: add run inhibition operations
+ - tests: detect and report root-owned files in /home
+ - tests: reload root's systemd --user after snapd tests
+ - tests: test registration with serial-authority: [generic]
+ - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
+ key in recover
+ - tests/mount-ns: stop binfmt_misc mount unit
+ - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
+ uuid if available
+ - daemon, tests: indicate system mode, test switching to recovery
+ and back to run
+ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
+ denials
+ - tests/mount-ns: update to reflect new UEFI boot mode
+ - usersession,tests: clean ups for userd/settings.go and move
+ xdgopenproxy under usersession
+ - tests: disable mount-ns test
+ - tests: test user belongs to systemd-journald, on core20
+ - tests: run core/snap-set-core-config on uc20 too
+ - tests: remove generated session-agent units
+ - sysconfig: use new _writable_defaults dir to create cloud config
+ - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
+ future work
+ - asserts: make clearer that with label we mean a serialized label
+ - cmd/snap-bootstrap: tweak recovery trigger log messages
+ - asserts: introduce PoolTo
+ - userd: allow setting default-url-scheme-handler
+ - secboot: append uuid to ubuntu-data when decrypting
+ - o/configcore: pass extra options to FileSystemOnlyApply
+ - tests: add dbus-user-session to bionic and reorder package names
+ - boot, bootloader: adjust comments, expand tests
+ - tests: improve debugging of user session agent tests
+ - packaging: add the inhibit directory
+ - many: add core.resiliance.vitality-hint config setting
+ - tests: test adjustments and fixes for recently published images
+ - cmd/snap: coldplug auto-import assertions from all removable
+ devices
+ - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
+ secboot
+ - tests: not fail when boot dir cannot be determined
+ - tests: new directory used to store the cloud images on gce
+ - tests: inject snapd from edge into seeds of the image in manual
+ preseed test
+ - usersession/agent,wrappers: fix races between Shutdown and Serve
+ - tests: add dependency needed for next upgrade of bionic
+ - tests: new test user is used for external backend
+ - cmd/snap: fix the order of positional parameters in help output
+ - tests: don't create root-owned things in ~test
+ - tests/lib/prepare.sh: delete patching of the initrd
+ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
+ as well
+ - progress: tweak multibyte label unit test data
+ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
+ - gadget: fix fallback device lookup for 'mbr' type structures
+ - configcore: only reload journald if systemd is new enough
+ - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
+ - wrappers: allow user mode systemd daemons
+ - progress: fix progress bar with multibyte duration units
+ - tests: fix raciness in pulseaudio test
+ - asserts/internal: introduce Grouping and Groupings
+ - tests: remove user.sh
+ - tests: pair of follow-ups from earlier reviews
+ - overlord/snapstate: warn of refresh/postpone events
+ - configcore,tests: use daemon-reexec to apply watchdog config
+ - c/snap-bootstrap: check mount states via initramfsMountStates
+ - store: implement DownloadAssertions
+ - tests: run smoke test with different bases
+ - tests: port user-mounts test to session-tool
+ - store: handle error-list in fetch-assertions results
+ - tests: port interfaces-audio-playback-record to session-tool
+ - data/completion: add `snap` command completion for zsh
+ - tests/degraded: ignore failure in systemd-vconsole-setup.service
+ - image: stub implementation of image.Prepare for darwin
+ - tests: session-tool --restore -u stops user-$UID.slice
+ - o/ifacestate/handlers.go: fix typo
+ - tests: port pulseaudio test to session-tool
+ - tests: port user-session-env to session-tool
+ - tests: work around journald bug in core16
+ - tests: add debug to core-persistent-journal test
+ - tests: port selinux-clean to session-tool
+ - tests: port portals test to session-tool, fix portal tests on sid
+ - tests: adding option --no-install-recommends option also when
+ install all the deps
+ - tests: add session-tool --has-systemd-and-dbus
+ - packaging/debian-sid: add gcc-multilib to build deps
+ - osutil: expand FileLock to support shared locks and more
+ - packaging: stop depending on python-docutils
+ - store,asserts,many: support the new action fetch-assertions
+ - tests: port snap-session-agent-* to session-tool
+ - packaging/fedora: disable FIPS compliant crypto for static
+ binaries
+ - tests: fix for preseeding failures
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 25 Aug 2020 17:26:21 +0200
+
+snapd (2.45.3.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1875071
+ - o/ifacestate: fix bug in snapsWithSecurityProfiles
+ - tests/main/selinux-clean: workaround SELinux denials triggered by
+ linger setup on Centos8
+
+ -- Samuele Pedroni <pedronis@lucediurna.net> Tue, 28 Jul 2020 21:43:38 +0200
+
+snapd (2.45.3-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1875071
+ - many: backport _writable_defaults dir changes
+ - tests: fix incorrect check in smoke/remove test
+ - cmd/snap-bootstrap,seed: backport of uc20 PRs
+ - tests: avoid exit when nested type var is not defined
+ - cmd/snap-preseed: backport fixes
+ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
+ - many: cherry-picks for 2.45, gh-action, test fixes
+ - tests/lib: account for changes in arch package file name extension
+ - postrm, snap-mgmt: cleanup modules and other cherry-picks
+ - snap-confine: don't die if a device from sysfs path cannot be
+ found by udev
+ - data/selinux: update policy to allow forked processes to call
+ getpw*()
+ - tests/main/interfaces-time-control: exercise setting time via date
+ - interfaces/builtin/time-control: allow POSIX clock API
+ - usersession/userd: add "slack" to the white list of URL schemes
+ handled by xdg-open
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Mon, 27 Jul 2020 12:01:14 +0200
+
+snapd (2.45.2-1) unstable; urgency=high
+
+ * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
+ implementation
+ - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
+ variable modification when calling the system xdg-open. Patch
+ thanks to James Henstridge
+ - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
+ restarted. Patch thanks to Michael Vogt
+ - CVE-2020-11934
+ * SECURITY UPDATE: arbitrary code execution vulnerability on core
+ devices with access to physical removable media
+ - devicestate: Disable/restrict cloud-init after seeding.
+ - CVE-2020-11933
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Jul 2020 20:06:29 +0200
+
+snapd (2.45.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1875071
+ - data/selinux: allow checking /var/cache/app-info
+ - cmd/snap-confine: add support for libc6-lse
+ - interfaces: miscellaneous policy updates xlv
+ - snap-bootstrap: remove sealed key file on reinstall
+ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
+ - gadget: make ext4 filesystems with or without metadata checksum
+ - interfaces/fwupd: allow bind mount to /boot on core
+ - tests: cherry-pick test fixes from master
+ - snap/squashfs: also symlink snap Install with uc20 seed snap dir
+ layout
+ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
+ devices
+ - snap,many: mv Open to snapfile pkg to support add'l options to
+ Container methods
+ - interfaces/builtin/desktop: do not mount fonts cache on distros
+ with quirks
+ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
+ gadget
+ - data/completion, packaging: cherry-pick zsh completion
+ - state: log task errors in the journal too
+ - devicestate: do not report "ErrNoState" for seeded up
+ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
+ denials
+ - packaging/fedora: disable FIPS compliant crypto for static
+ binaries
+ - packaging: stop depending on python-docutils
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 05 Jun 2020 15:13:49 +0200
+
+snapd (2.45-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1875071
+ - o/devicestate: support doing system action reboots from recover
+ mode
+ - vendor: update to latest secboot
+ - tests: not fail when boot dir cannot be determined
+ - configcore: only reload journald if systemd is new enough
+ - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
+ when decrypting
+ - tests/lib/prepare.sh: delete patching of the initrd
+ - cmd/snap: coldplug auto-import assertions from all removable
+ devices
+ - cmd/snap: fix the order of positional parameters in help output
+ - c/snap-bootstrap: port mount state mocking to the new style on
+ master
+ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
+ as well
+ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
+ unlock in recover mode initramfs
+ - progress: tweak multibyte label unit test data
+ - gadget: fix fallback device lookup for 'mbr' type structures
+ - progress: fix progress bar with multibyte duration units
+ - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
+ - many: put the sealed keys in a directory on seed for tidiness
+ - cmd/snap-bootstrap: measure epoch and model before unlocking
+ encrypted data
+ - o/configstate: core config handler for persistent journal
+ - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
+ - packaging: add "$TAGS" to dh_auto_test for debian packaging
+ - tests: ensure $cache_dir is actually available
+ - secboot,cmd/snap-bootstrap: add model to pcr protection profile
+ - devicestate: do not use snap-boostrap in devicestate to install
+ - tests: fix a typo in nested.sh helper
+ - devicestate: add support for cloud.cfg.d config from the gadget
+ - cmd/snap-bootstrap: cleanups, naming tweaks
+ - testutil: add NewDBusTestConn
+ - snap-bootstrap: lock access to sealed keys
+ - overlord/devicestate: preserve the current model inside ubuntu-
+ boot
+ - interfaces/apparmor: use differently templated policy for non-core
+ bases
+ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
+ syscalls
+ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
+ other misc changes
+ - o/snapstate: tweak "waiting for restart" message
+ - boot: store model model and grade information in modeenv
+ - interfaces/firewall-control: allow -legacy and -nft for core20
+ - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
+ bootloaders
+ - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
+ implementation
+ - daemon: fix error message from `snap remove-user foo` on classic
+ - overlord: have a variant of Mock that can take a state.State
+ - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
+ - seed: clearer errors for missing essential snapd or core snap
+ - cmd/snap-bootstrap/initramfs-mounts: support
+ EnvRefExtractedKernelBootloader's
+ - gadget, cmd/snap-bootstrap: MBR schema support
+ - image: improve/adjust DownloadSnap doc comment
+ - asserts: introduce ModelGrade.Code
+ - tests: ignore user-12345 slice and service
+ - image,seed/seedwriter: support redirect channel aka default
+ tracks
+ - bootloader: use binary.Read/Write
+ - tests: uc20 nested suite part II
+ - tests/boot: refactor to make it easier for new
+ bootloaderKernelState20 impl
+ - interfaces/openvswitch: support use of ovs-appctl
+ - snap-bootstrap: copy auth data from real ubuntu-data in recovery
+ mode
+ - snap-bootstrap: seal and unseal encryption key using tpm
+ - tests: disable special-home-can-run-classic-snaps due to jenkins
+ repo issue
+ - packaging: fix build on Centos8 to support BUILDTAGS
+ - boot/bootstate20: small changes to bootloaderKernelState20
+ - cmd/snap: Implement a "snap routine file-access" command
+ - spread.yaml: switch back to latest/candidate for lxd snap
+ - boot/bootstate20: re-factor kernel methods to use new interface
+ for state
+ - spread.yaml,tests/many: use global env var for lxd channel
+ - boot/bootstate20: fix bug in try-kernel cleanup
+ - config: add system.store-certs.[a-zA-Z0-9] support
+ - secboot: key sealing also depends on secure boot enabled
+ - httputil: fix client timeout retry tests
+ - cmd/snap-update-ns: handle EBUSY when unlinking files
+ - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
+ vars
+ - secboot: add tpm support helpers
+ - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
+ kernel and gadget
+ - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
+ - tests: preserve size for centos images on spread.yaml
+ - github: partition the github action workflows
+ - run-checks: use consistent "Checking ..." style messages
+ - bootloader: add efi pkg for reading efi variables
+ - data/systemd: do not run snapd.system-shutdown if finalrd is
+ available
+ - overlord: update tests to work with latest go
+ - cmd/snap: do not hide debug boot-vars on core
+ - cmd/snap-bootstrap: no error when not input devices are found
+ - snap-bootstrap: fix partition numbering in create-partitions
+ - httputil/client_test.go: add two TLS version tests
+ - tests: ignore user@12345.service hierarchy
+ - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
+ - tests: rewrite timeserver-control test
+ - tests: fix racy pulseaudio tests
+ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
+ - tests: update snap-preseed --reset logic to accommodate for 2.44
+ change
+ - cmd/snap: don't wait for system key when stopping
+ - sandbox/cgroup: avoid making arrays we don't use
+ - osutil: mock proc/self/mountinfo properly everywhere
+ - selinux: export MockIsEnforcing; systemd: use in tests
+ - tests: add 32 bit machine to GH actions
+ - tests/session-tool: kill cron session, if any
+ - asserts: it should be possible to omit many snap-ids if allowed,
+ fix
+ - boot: cleanup more things, simplify code
+ - github: skip spread jobs when corresponding label is set
+ - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
+ pkg
+ - tests/session-tool: add session-tool --dump
+ - github: allow cached debian downloads to restore
+ - tests/session-tool: session ordering is non-deterministic
+ - tests: enable unit tests on debian-sid again
+ - github: move spread to self-hosted workers
+ - secboot: import secboot on ubuntu, provide dummy on !ubuntu
+ - overlord/devicestate: support for recover and run modes
+ - snap/naming: add validator for snap security tag
+ - interfaces: add case for rootWritableOverlay + NFS
+ - tests/main/uc20-create-partitions: tweaks, renames, switch to
+ 20.04
+ - github: port CLA check to Github Actions
+ - interfaces/many: miscellaneous policy updates xliv
+ - configcore,tests: fix setting watchdog options on UC18/20
+ - tests/session-tool: collect information about services on startup
+ - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
+ partitions
+ - state: add state.CopyState() helper
+ - tests/session-tool: stop anacron.service in prepare
+ - interfaces: don't use the owner modifier for files shared via
+ document portal
+ - systemd: move the doc comments to the interface so they are
+ visible
+ - cmd/snap-recovery-chooser: tweaks
+ - interfaces/docker-support: add overlayfs file access
+ - packaging: use debian/not-installed to ignore snap-preseed
+ - travis.yml: disable unit tests on travis
+ - store: start splitting store.go and store_test.go into subtopic
+ files
+ - tests/session-tool: stop cron/anacron from meddling
+ - github: disable fail-fast as spread cannot be interrupted
+ - github: move static checks and spread over
+ - tests: skip "/etc/machine-id" in "writablepaths" test
+ - snap-bootstrap: store encrypted partition recovery key
+ - httputil: increase testRetryStrategy max timelimit to 5s
+ - tests/session-tool: kill leaking closing session
+ - interfaces: allow raw access to USB printers
+ - tests/session-tool: reset failed session-tool units
+ - httputil: increase httpclient timeout in
+ TestRetryRequestTimeoutHandling
+ - usersession: extend timerange in TestExitOnIdle
+ - client: increase timeout in client tests to 100ms
+ - many: disentagle release and snapdenv from sandbox/*
+ - boot: simplify modeenv mocking to always write a modeenv
+ - snap-bootstrap: expand data partition on install
+ - o/configstate: add backlight option for core config
+ - cmd/snap-recovery-chooser: add recovery chooser
+ - features: enable robust mount ns updates
+ - snap: improve TestWaitRecovers test
+ - sandbox/cgroup: add ProcessPathInTrackingCgroup
+ - interfaces/policy: fix comment in recent new test
+ - tests: make session tool way more robust
+ - interfaces/seccomp: allow passing an address to setgroups
+ - o/configcore: introduce core config handlers (3/N)
+ - interfaces: updates to login-session-observe, network-manager and
+ modem-manager interfaces
+ - interfaces/policy/policy_test.go: add more tests'allow-
+ installation: false' and we grant based on interface attributes
+ - packaging: detect/disable broken seed in the postinst
+ - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
+ library
+ - tests: remove google-tpm backend from spread.yaml
+ - tests: install dependencies with apt using --no-install-recommends
+ - usersession/userd: add zoommtg url support
+ - snap-bootstrap: fix disk layout sanity check
+ - snap: add `snap debug state --is-seeded` helper
+ - devicestate: generate warning if seeding fails
+ - config, features: move and rename config.GetFeatureFlag helper to
+ features.Flag
+ - boot, overlord/devicestate, daemon: implement requesting boot
+ into a given recovery system
+ - xdgopenproxy: forward requests to the desktop portal
+ - many: support immediate reboot
+ - store: search v2 tweaks
+ - tests: fix cross build tests when installing dependencies
+ - daemon: make POST /v2/systems/<label> root only
+ - tests/lib/prepare.sh: use only initrd from the kernel snap
+ - cmd/snap,seed: validate full seeds (UC 16/18)
+ - tests/main/user-session-env: stop the user session before deleting
+ the test-zsh user
+ - overlord/devicestate, daemon: record the seed current system was
+ installed from
+ - gadget: SystemDefaults helper function to convert system defaults
+ config into a flattened map suitable for FilesystemOnlyApply.
+ - many: comment or avoid cryptic snap-ids in tests
+ - tests: add LXD_CHANNEL environment
+ - store: support for search API v2
+ - .github: register a problem matcher to detect spread failures
+ - seed: add Info() method for seed.Snap
+ - github: always run the "Discard spread workers" step, even if the
+ job fails
+ - github: offload self-hosted workers
+ - cmd/snap: the model command needs just a client, no waitMixin
+ - github: combine tests into one workflow
+ - github: fix order of go get caches
+ - tests: adding more workers for ubuntu 20.04
+ - boot,overlord: rename operating mode to system mode
+ - config: add new Transaction.GetPristine{,Maybe}() function
+ - o/devicestate: rename readMaybe* to maybeRead*
+ - github: cache Debian dependencies for unit tests
+ - wrappers: respect pre-seeding in error path
+ - seed: validate UC20 seed system label
+ - client, daemon, overlord/devicestate: request system action API
+ and stubs
+ - asserts,o/devicestate: support model specified alternative serial-
+ authority
+ - many: introduce naming.WellKnownSnapID
+ - o/configcore: FilesystemOnlyApply method for early configuration
+ of core (1/N)
+ - github: run C unit tests
+ - github: run spread tests on PRs only
+ - interfaces/docker-support: make containerd abstract socket more
+ generic
+ - tests: cleanup security-private-tmp properly
+ - overlord/devicestate,boot: do not hold to the originally read
+ modeenv
+ - dirs: rm RunMnt; boot: add vars for early boot env layout;
+ sysconfig: take targetdir arg
+ - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
+ s.runMnt
+ - tests: add regression test for MAAS refresh bug
+ - errtracker: add missing mocks
+ - github: apt-get update before installing build-deps
+ - github: don't fail-fast
+ - github: run spread via github actions
+ - boot,many: add modeenv.WriteTo, make Write take no args
+ - wrappers: fix timer schedules that are days only
+ - tests/main/snap-seccomp-syscalls: install gperf
+ - github: always checkout to snapcore/snapd
+ - github: add prototype workflow running unit tests
+ - many: improve comments, naming, a possible TODO
+ - client: use Assert when checking for error
+ - tests: ensure sockets target is ready in session agent spread
+ tests
+ - osutil: do not leave processes behind after the test run
+ - tests: update proxy-no-core to match latest CDN changes
+ - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
+ dangerous
+ - cmd/snap-failure,tests: try to make snap-failure more robust
+ - many: fix packages having mistakenly their copyright as doc
+ - many: enumerate system seeds, return them on the /v2/systems API
+ endpoint
+ - randutil: don't consume kernel entropy at init, just mix more info
+ to try to avoid fleet collisions
+ - snap-bootstrap: add creationSupported predicate for partition
+ types
+ - tests: umount partitions which are not umounted after remount
+ gadget
+ - snap: run gofmt -s
+ - many: improve environment handling, fixing duplicate entries
+ - boot_test: add many boot robustness tests for UC20 kernel
+ MarkBootSuccessul and SetNextBoot
+ - overlord: remove unneeded overlord.MockPruneInterval() mocks
+ - interfaces/greengrass-support: fix typo
+ - overlord,timings,daemon: separate timings from overlord/state
+ - tests: enable nested on core20 and test current branch
+ - snap-bootstrap: remove created partitions on reinstall
+ - boot: apply Go 1.10 formatting
+ - apparmor: use rw for uuidd request to default and remove from
+ elsewhere
+ - packaging: add README.source for debian
+ - tests: cleanup various uc20 boot tests from previous PR
+ - devicestate: disable cloud-init by default on uc20
+ - run-checks: tweak formatting checks
+ - packaging,tests: ensure debian-sid builds without vendor/
+ - travis.yml: run unit tests with go/master as well* travis.yml: run
+ unit tests with go/master as well
+ - seed: make Brand() part of the Seed interface
+ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
+ - daemon: do a forceful server shutdown if we hit a deadline
+ - tests/many: don't use StartLimitInterval anymore, unify snapd-
+ failover variants, build snapd snap for UC16 tests
+ - snap-seccomp: robustness improvements
+ - run-tests: disable -v for go test to avoid spaming the logs
+ - snap: whitelist lzo as support compression for snap pack
+ - snap: tweak comment in Install() for overlayfs detection
+ - many: introduce snapdenv.Preseeding instead of release.PreseedMode
+ - client, daemon, overlord/devicestate: structures and stubs for
+ systems API
+ - o/devicestate: delay the creation of mark-seeded task until
+ asserts are loaded
+ - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
+ policy, updates
+ - interfaces/greengrass-support: add new 1.9 access
+ - snap: do not hardlink on overlayfs
+ - boot,image: ARM kernel extract prepare image
+ - interfaces: make gpio robust against not-existing gpios in /sys
+ - cmd/snap-preseed: handle --reset flag
+ - many: introduce snapdenv to present common snapd env options
+ - interfaces/kubernetes-support: allow autobind to journald socket
+ - snap-seccomp: allow mprotect() to unblock the tests
+ - tests/lib/reset: workaround unicode dot in systemctl output
+ - interfaces/udisks2: also allow Introspection on
+ /org/freedesktop/UDisks/**
+ - snap: introduce Container.RandomAccessFile
+ - o/ifacestate, api: implementation of snap disconnect --forget
+ - cmd/snap: make the portal-info command search for the network-
+ status interface
+ - interfaces: work around apparmor_parser slowness affecting uio
+ - tests: fix/improve failing spread tests
+ - many: clean separation of bootenv mocking vs mock bootloader kinds
+ - tests: mock prune ticker in overlord tests to reduce wait times
+ - travis: disable arm64 again
+ - httputil: add support for extra snapd certs
+ - travis.yml: run unit tests on arm64 as well
+ - many: fix a pair of ineffectual assignments
+ - tests: add uc20 kernel snap upgrade managers test, fix
+ bootloadertest bugs
+ - o/snapstate: set base in SnapSetup on snap revert
+ - interfaces/{docker,kubernetes}-support: updates for lastest k8s
+ - cmd/snap-exec: add test case for LP bug 1860369
+ - interfaces: make the network-status interface implicit on
+ classic
+ - interfaces: power control interfaceIt is documented in the
+ kernel
+ - interfaces: miscellaneous policy updates
+ - cmd/snap: add a "snap routine portal-info" command
+ - usersession/userd: add "apt" to the white list of URL schemes
+ handled by xdg-open
+ - interfaces/desktop: allow access to system prompter interface
+ - devicestate: allow encryption regardless of grade
+ - tests: run ipv6 network-retry test too
+ - tests: test that after "remove-user" the system is unmanaged
+ - snap-confine: unconditionally add /dev/net/tun to the device
+ cgroup
+ - snapcraft.yaml: use sudo -E and remove workaround
+ - interfaces/audio_playback: Fix pulseaudio config access
+ - ovelord/snapstate: update only system wide fonts cache
+ - wrappers: import /etc/environment in all services
+ - interfaces/u2f: Add Titan USB-C key
+ - overlord, taskrunner: exit on task/ensure error when preseeding
+ - tests: add session-tool, a su / sudo replacement
+ - wrappers: add mount unit dependency for snapd services on core
+ devices
+ - tests: just remove user when the system is not managed on create-
+ user-2 test
+ - snap-preseed: support for preseeding of snapd and core18
+ - boot: misc UC20 changes
+ - tests: adding arch-linux execution
+ - packaging: revert "work around review-tools and snap-confine"
+ - netlink: fix panic on arm64 with the new rawsockstop codewith a
+ nil Timeval panics
+ - spread, data/selinux: add CentOS 8, update policy
+ - tests: updating checks to new test account for snapd-test snaps
+ - spread.yaml: mv opensuse 15.1 to unstable
+ - cmd/snap-bootstrap,seed: verify only in-play snaps
+ - tests: use ipv4 in retry-network to unblock failing master
+ - data/systemd: improve the description
+ - client: add "Resume" to DownloadOptions and new test
+ - tests: enable snapd-failover on uc20
+ - tests: add more debug output to the snapd-failure handling
+ - o/devicestate: unset recovery_system when done seeding
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 May 2020 17:17:57 +0200
+
+snapd (2.44.5-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - spread.yaml: adding more workers for ubuntu 20.04
+ - packaging: stop depending on python-docutils on opensuse
+ - spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
+ is not recent enough to drive ubuntu-core-20
+ - spread.yaml: Preserve size for centos images on spread.yaml
+ - spread.yaml: use non-uefi enabled image for uc20
+ - tests: ensure $cache_dir is actually available
+ - tests: disable preseed tests, they work in master but require too
+ much cherry-picking here
+ - travis.yml: remove go/master unit tests from 2.44
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 30 Apr 2020 09:09:22 +0200
+
+snapd (2.44.4-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - packaging/fedora: disable FIPS compliant crypto for static
+ binaries
+ - interfaces/firewall-control: allow -legacy and -nft for core20
+ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
+ syscalls
+ - tests: 16.04 and 18.04 now have mediating pulseaudio
+ - tests: ignore user@12345.service hierarchy
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Apr 2020 08:32:56 +0200
+
+snapd (2.44.3-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - tests: fix racy pulseaudio tests
+ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
+ - tests: update snap-preseed --reset logic
+ - tests: backport partition fixes
+ - cmd/snap: don't wait for system key when stopping
+ - interfaces/many: miscellaneous policy updates xliv
+ - tests/main/uc20-snap-recovery: use 20.04 system
+ - tests: skip "/etc/machine-id" in "writablepaths
+ - interfaces/docker-support: add overlays file access
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Apr 2020 16:57:25 +0200
+
+snapd (2.44.2-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - packaging: detect/disable broken seeds in the postinst
+ - cmd/snap,seed: validate full seeds (UC 16/18)
+ - snap: add `snap debug state --is-seeded` helper
+ - devicestate: generate warning if seeding fails
+ - store: support for search API v2
+ - cmd/snap-seccomp/syscalls: update the list of known syscalls
+ - snap/cmd: the model command needs just a client, no waitMixin
+ - tests: cleanup security-private-tmp properly
+ - wrappers: fix timer schedules that are days only
+ - tests: update proxy-no-core to match latest CDN changes
+ - cmd/snap-failure,tests: make snap-failure more robust
+ - tests, many: don't use StartLimitInterval anymore, unify snapd-
+ failover variants, build snapd snap for UC16 tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Apr 2020 09:51:34 +0200
+
+snapd (2.44.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - randutil: switch back to setting up seed with lower entropy data
+ - interfaces/greengrass-support: fix typo
+ - packaging,tests: ensure debian-sid builds without vendor/
+ - travis.yml: run unit tests with go/master as well
+ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Sat, 21 Mar 2020 18:32:12 +0100
+
+snapd (2.44-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1864808
+ - daemon: do a forceful serer shutdown if we hit a deadline
+ - snap: whitelist lzo as support compression for snap pack
+ - data/selinux: update policy to allow more ops
+ - interfaces/greengrass-support: add new 1.9 access
+ - snap: do not hardlink on overlayfs
+ - cmd/snap-preseed: handle --reset flag
+ - interfaces/kubernetes-support: allow autobind to journald socket
+ - snap-seccomp: allow mprotect() to unblock the tests
+ - tests/lib/reset: workaround unicode dot in systemctl output
+ - interfaces: work around apparmor_parser slowness affecting uio
+ - interfaces/udisks2: also allow Introspection on
+ /org/freedesktop/UDisks2/**
+ - tests: mock prune ticker in overlord tests to reduce wait times
+ - interfaces/{docker,kubernetes}-support: updates for lastest k8s
+ - interfaces: miscellaneous policy updates
+ - interfaces/audio_playback: Fix pulseaudio config access
+ - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
+ - ovelord/snapstate: update only system wide fonts cache
+ - wrappers: import /etc/environment in all services
+ - interfaces/u2f: Add Titan USB-C key
+ - overlord, taskrunner: exit on task/ensure error when preseeding
+ - overlord/snapstate/backend: update snapd services contents in unit
+ tests
+ - wrappers: add mount unit dependency for snapd services on core
+ devices
+ - Revert "tests: remove /tmp/snap.* left over by other tests"
+ - Revert "packaging: work around review-tools and snap-confine"
+ - netlink: fix panic on arm64 with the new rawsockstop code
+ - spread, data/selinux: add CentOS 8, update policy
+ - spread.yaml: mv opensuse tumbleweed to unstable too
+ - spread.yaml: mv opensuse 15.1 to unstable
+ - tests: use ipv4 in retry-network to unblock failing master
+ - data/systemd: improve the description
+ - tests/lib/prepare.sh: simplify, combine code paths
+ - tests/main/user-session-env: add test verifying environment
+ variables inside the user session
+ - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
+ - run-checks: SKIP_GMFMT really skips formatting checks
+ - tests: enable more tests for UC20/UC18
+ - tests: remove tmp dir for snap not-test-snapd-sh on security-
+ private-tmp test
+ - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
+ simplify bootstrap code
+ - snapstate: do not restart in undoLinkSnap unless on first install
+ - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
+ - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
+ mode too
+ - cmd/libsnap, tests: fix C unit tests failing as non-root
+ - cmd/snap-bootstrap: verify kernel snap is in modeenv before
+ mounting it
+ - tests: adding amazon linux to google backend
+ - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
+ status
+ - client: add support for "ResumeToken", "HeaderPeek" to download
+ - build: enable type: snapd
+ - tests: rm -rf /tmp/snap.* in restore
+ - cmd/snap-confine: deny snap-confine to load nss libs
+ - snapcraft.yaml: add comments, rename snapd part to snapd-deb
+ - boot: write current_kernels in bootstate20, makebootable
+ - packaging: work around review-tools and snap-confine
+ - tests: skipping interfaces-openvswitch on centos due to package is
+ not available
+ - packaging,snap-confine: stop being setgid root
+ - cmd/snap-confine: bring /var/lib/dhcp from host, if present
+ - store: rely on CommandFromSystemSnap to find xdelta3
+ - tests: bump sleep time of the new overlord tests
+ - cmd/snap-preseed: snapd version check for the target
+ - netlink: fix/support stopping goroutines reading netlink raw
+ sockets
+ - tests: reset PS1 before possibly interactive dash
+ - overlord, state: don't abort changes if spawn time before
+ StartOfOperationTime (2/2)
+ - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
+ snapd snap
+ - tests: ask tar to speak English
+ - tests: using google storage when downloading ubuntu cloud images
+ from gce
+ - Coverity produces false positives for code like this:
+ - many: maybe restart & security backend options
+ - o/standby: add SNAPD_STANDBY_WAIT to control standby in
+ development
+ - snap: use the actual staging snap-id for snapd
+ - cmd/snap-bootstrap: create a new parser instance
+ - snapcraft.yaml: use build-base and adopt-info, rm builddeb
+ plugin
+ - tests: set StartLimitInterval in snapd failover test
+ - tests: disable archlinux system
+ - tests: add preseed test for classic
+ - many, tests: integrate all preseed bits and add spread tests
+ - daemon: support resuming downloads
+ - tests: use Filename() instead of filepath.Base(sn.MountFile())
+ - tests/core: add swapfiles test
+ - interfaces/cpu-control: allow to control cpufreq tunables
+ - interfaces: use commonInteface for desktopInterface
+ - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
+ location
+ - snap/info: add Filename
+ - bootloader: make uboot a RecoveryAwareBootloader
+ - gadget: skip update when mounted filesystem content is identical
+ - systemd: improve is-active check for 'failed' services
+ - boot: add current_kernels to modeenv
+ - o/devicestate: StartOfOperationTime helper for Prune (1/2)
+ - tests: detect LXD launching i386 containers
+ - tests: move main/ubuntu-core-* tests to core/ suite
+ - tests: remove snapd in ubuntu-core-snapd
+ - boot: enable base snap updates in bootstate20
+ - tests: Fix core revert channel after 2.43 has been released to
+ stable
+ - data/selinux: unify tabs/spaces
+ - o/ifacestate: move ResolveDisconnect to ifacestate
+ - spread: move centos to stable systems
+ - interfaces/opengl: allow datagrams to nvidia-driver
+ - httputil: add NoNetwork(err) helper, spread test and use in serial
+ acquire
+ - store: detect if server does not support http range headers
+ - test/lib/user: add helper lib for doing things for and as a user
+ - overlord/snapstate, wrappers: undo of snapd on core
+ - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
+ set kill timeout
+ - store: add support for resume in DownloadStream
+ - cmd/snap: implement 'snap remove-user'
+ - overlord/devicestate: fix preseed unit tests on systems not using
+ /snap
+ - tests/main/static: ldd in glibc 2.31 logs to stderr now
+ - run-checks, travis: allow skipping spread jobs by adding a label
+ - tests: add new backend which includes images with tpm support
+ - boot: use constants for boot status values
+ - tests: add "core" suite for UC specific tests
+ - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
+ - tests: retry mounting the udisk2 device due to timing issue
+ - usersession/client: add a client library for the user session
+ agent
+ - o/devicestate: Handle preseed mode in the firstboot mode (core16
+ only for now).
+ - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
+ - cmd/snap-confine: detect base transitions on core16
+ - boot: don't use "kernel" from the modeenv anymore
+ - interfaces: add uio interface
+ - tests: repack the initramfs + kernel snap for UC20 spread tests
+ - interfaces/greengrass-support: add /dev/null ->
+ /proc/latency_stats mount
+ - httputil: remove workaround for redirect handling in go1.7
+ - httputil: remove go1.6 transport workaround
+ - snap: add `snap pack --compression=<comp>` options
+ - tests/lib/prepare: fix hardcoded loopback device names for UC
+ images
+ - timeutil: add a unit test case for trivial schedule
+ - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
+ introduction
+ - dirs: variable with distros using alternate snap mount
+ - many,randutil: centralize and streamline our random value
+ generation
+ - tests/lib/prepare-restore: Revert "Continue on errors updating or
+ installing dependencies"
+ - daemon: Allow clients to call /v2/logout via Polkit
+ - dirs: manjaro-arm is like manjaro
+ - data, packaging: Add sudoers snippet to allow snaps to be run with
+ sudo
+ - daemon, store: better expose single action errors
+ - tests: switch mount-ns test to differential data set
+ - snapstate: refactor things to add the re-refresh task last
+ - daemon: drop support for the DELETE method
+ - client: move to /v2/users; implement RemoveUser
+ - boot: enable UC20 kernel extraction and bootState20 handling
+ - interfaces/policy: enforce plug-names/slot-names constraints
+ - asserts: parse plug-names/slot-names constraints
+ - daemon: make users result more consistent
+ - cmd/snap-confine,tests: support x.y.z nvidia version
+ - dirs: fixlet for XdgRuntimeDirGlob
+ - boot: add bootloader options to coreKernel
+ - o/auth,daemon: do not remove unknown user
+ - tests: tweak and enable tests on ubuntu 20.04
+ - daemon: implement user removal
+ - cmd/snap-confine: allow snap-confine to link to libpcre2
+ - interfaces/builtin: Allow NotificationReplied signal on
+ org.freedesktop.Notifications
+ - overlord/auth: add RemoveUserByName
+ - client: move user-related things to their own files
+ - boot: tweak kernel cmdline helper docstring
+ - osutil: implement deluser
+ - gadget: skip update when raw structure content is unchanged
+ - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
+ detection to boot
+ - tests: fix revisions leaking from snapd-refresh test
+ - daemon: refactor create-user to a user action & hide behind a flag
+ - osutil/tests: check there are no leftover symlinks with
+ AtomicSymlink
+ - grub: support atomically renaming kernel symlinks
+ - osutil: add helpers for creating symlinks and renaming in an
+ atomic manner
+ - tests: add marker tag for core 20 test failure
+ - tests: fix gadget-update-pc test leaking snaps
+ - tests: remove revision leaking from ubuntu-core-refresh
+ - tests: remove revision leaking from remodel-kernel
+ - tests: disable system-usernames test on core20
+ - travis, tests, run-checks: skip nakedret
+ - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
+ - tests: update mount-ns test tables
+ - snap: disable auto-import in uc20 install-mode
+ - tests: add a command-chain service test
+ - tests: use test-snapd-upower instead of upower
+ - data/selinux: workaround incorrect fonts cache labeling on RHEL7
+ - spread.yaml: fix ubuntu 19.10 and 20.04 names
+ - debian: check embedded keys for snap-{bootstrap,preseed} too
+ - interfaces/apparmor: fix doc-comments, unnecessary code
+ - o/ifacestate,o/devicestatate: merge gadget-connect logic into
+ auto-connect
+ - bootloader: add ExtractedRunKernelImageBootloader interface,
+ implement in grub
+ - tests: add spread test for hook permissions
+ - cmd/snap-bootstrap: check device size before boostrapping and
+ produce a meaningful error
+ - cmd/snap: add ability to register "snap routine" commands
+ - tests: add a test demonstrating that snaps can't access the
+ session agent socket
+ - api: don't return connections referring to non-existing
+ plugs/slots
+ - interfaces: refactor path() from raw-volume into utils with
+ comments for old
+ - gitignore: ignore snap files
+ - tests: skip interfaces-network-manager on arm devices
+ - o/devicestate: do not create perfTimings if not needed inside
+ ensureSeed/Operational
+ - tests: add ubuntu 20.04 to the tests execution and remove
+ tumbleweed from unstable
+ - usersession: add systemd user instance service control to user
+ session agent
+ - cmd/snap: print full channel in 'snap list', 'snap info'
+ - tests: remove execution of ubuntu 19.04 from google backend
+ - cmd/snap-boostrap: add mocking for fakeroot
+ - tests/core18/snapd-failover: collect more debug info
+ - many: run black formatter on all python files
+ - overlord: increase settle timeout for slow machines
+ - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
+ - store, o/snapstate: send default-tracks header, use
+ RedirectChannel
+ - overlord/standby: fix possible deadlock in standby test
+ - cmd/snap-discard-ns: fix pattern for .info files
+ - boot: add HasModeenv to Device
+ - devicestate: do not allow remodel between core20 models
+ - bootloader,snap: misc tweaks
+ - store, overlord/snapstate, etc: SnapAction now returns a []…Result
+ - snap-bootstrap: create encrypted partition
+ - snap: remove "host" output from `snap version`
+ - tests: use snap remove --purge flag in most of the spread tests
+ - data/selinux, test/main/selinux-clean: update the test to cover
+ more scenarios
+ - many: drop NameAndRevision, use snap.PlaceInfo instead
+ - boot: split MakeBootable tests into their own file
+ - travis-ci: add go import path
+ - boot: split MakeBootable implementations into their own file
+ - tests: enable a lot of the tests of main on uc20
+ - packaging, tests: stop services in prerm
+ - tests: enable regression suite on core20
+ - overlord/snapstate: improve snapd snap backend link unit tests
+ - boot: implement SetNextBoot in terms of bootState.setNext
+ - wrappers: write and undo snapd services on core
+ - boot,o/devicestate: refactor MarkBootSuccessful over bootState
+ - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
+ - snap-bootstrap: refactor partition creation
+ - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
+ - tests: add core20 tests
+ - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
+ use the information
+ - tests/main/snap-sign: add test for non-stdin signing
+ - snap-bootstrap: trigger udev after filesystem creation
+ - boot,overlord: introduce internal abstraction bootState and use it
+ for InUse/GetCurrentBoot
+ - overlord/snapstate: tracks are now sticky
+ - cmd: sign: add filename param
+ - tests: remove "test-snapd-tools" in smoke/sandbox on restore
+ - cmd/snap, daemon: stop over-normalising channels
+ - tests: fix classic-ubuntu-core-transition-two-cores after refactor
+ of MATCH -v
+ - packaging: ship var/lib/snapd/desktop/applications in the pkg
+ - spread: drop copr repo with F30 build dependencies
+ - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
+ - tests: fix partition creation test
+ - tests: unify/rename services-related spread tests to start with
+ services- prefix
+ - test: extract code that modifies "writable" for test prep
+ - systemd: handle preseed mode
+ - snap-bootstrap: read only stdout when parsing the sfdisk json
+ - interfaces/browser-support: add more product/vendor paths
+ - boot: write compat UC16 bootvars in makeBootable20RunMode
+ - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
+ - devicestate: request reboot after successful doSetupRunSystem()
+ - snapd.core-fixup.sh: do not run on UC20 at all
+ - tests: unmount automounted snap-bootstrap devices
+ - devicestate: run boot.MakeBootable in doSetupRunSystem
+ - boot: copy kernel/base to data partition in makeBootable20RunMode
+ - tests: also check nested lxd container
+ - run-checks: complain about MATCH -v
+ - boot: always return the trivial boot participant in ephemeral mode
+ - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
+ gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
+ - snap-bootstrap: append new partitions
+ - snap-bootstrap: mount filesystems after creation
+ - snapstate: do not try to detect rollback in ephemeral modes
+ - snap-bootstrap: trigger udev for new partitions
+ - cmd/snap-bootstrap: xxx todos about kernel cross-checks
+ - tests: avoid mask rsyslog service in case is not enabled on the
+ system
+ - tests: fix use of MATCH -v
+ - cmd/snap-preseed: update help strings
+ - cmd/snap-bootstrap: actually parse snapd_recovery_system label
+ - bootstrap: reduce runmode mounts from 5 to 2 steps.
+ - lkenv.go: adjust for new location of include file
+ - snap: improve squashfs.ReadFile() error
+ - systemd: fix uc20 shutdown
+ - boot: write modeenv when creating the run mode
+ - boot,image: add skeleton boot.makeBootable20RunMode
+ - cmd/snap-preseed: add snap-preseed executable
+ - overlord,boot: follow ups to #7889 and #7899
+ - interfaces/wayland: Add access to Xwayland's shm files
+ - o/hookstate/ctlcmd: fix command name in snapctl -h
+ - daemon,snap: remove screenshot deprecation notice
+ - overlord,o/snapstate: make sure we never leave config behind
+ - many: pass consistently boot.Device state to boot methods
+ - run-checks: check multiline string blocks in
+ restore/prepare/execute sections of spread tests
+ - intrefaces: login-session-control - added missing dbus commands
+ - tests/main/parallel-install-remove-after: parallel installs should
+ not break removal
+ - overlord/snapstate: tweak assumes error hint
+ - overlord: replace DeviceContext.OldModel with GroundContext
+ - devicestate: use httputil.ShouldRetryError() in
+ prepareSerialRequest
+ - tests: replace "test-snapd-base-bare" with real "bare" base snap
+ - many: pass a Model to the gadget info reading functions
+ - snapstate: relax gadget constraints in ConfigDefaults Et al.
+ - devicestate: only run ensureBootOk() in "run" mode
+ - tests/many: quiet lxc launching, file pushing
+ - tests: disable apt-hooks test until it can be properly fixed
+ - tests: 16.04 and 18.04 now have mediating pulseaudio
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 17 Mar 2020 20:55:47 +0100
+
+snapd (2.43.3-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1856159
+ - interfaces/opengl: allow datagrams to nvidia-driver
+ - httputil: add NoNetwork(err) helper, spread test and use
+ in serial acquire
+ - interfaces: add uio interface
+ - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
+ start due to apparmor deny on mounting of "/proc/latency_stats".
+ - data, packaging: Add sudoers snippet to allow snaps to be run with
+ sudo
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Feb 2020 14:59:15 +0100
+
+snapd (2.43.2-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1856159
+ - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
+ - overlord/snapstate: fix for re-refresh bug
+ - tests, run-checks, many: fix nakedret issues
+ - data/selinux: workaround incorrect fonts cache labeling on RHEL7
+ - tests: use test-snapd-upower instead of upower
+ - overlord: increase overall settle timeout for slow arm boards
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 28 Jan 2020 15:50:25 +0100
+
+snapd (2.43.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1856159
+ - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
+ - overlord/standby: fix possible deadlock in standby test
+ - cmd/snap-discard-ns: fix pattern for .info files
+ - overlord,o/snapstate: make sure we never leave config behind
+ - data/selinux: update policy to cover more cases
+ - snap: remove "host" output from `snap version`
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 14 Jan 2020 20:30:07 +0100
+
+snapd (2.43-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 09 Jan 2020 17:16:12 +0100
+
+snapd (2.42.5-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1853244
+ - snap-confine: revert, with comment, explicit unix deny for nested
+ lxd
+ - Disable mount-ns test on 16.04. It is too flaky currently.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 06 Dec 2019 14:10:56 +0100
+
+snapd (2.42.4-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1853244
+ - overlord/snapstate: make sure configuration defaults are applied
+ only once
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 28 Nov 2019 06:48:26 +0100
+
+snapd (2.42.3-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1853244
+ - overlord/snapstate: pick up system defaults when seeding the snapd
+ snap
+ - cmd/snap-update-ns: fix overlapping, nested writable mimic
+ handling
+ - interfaces: misc updates for u2f-devices, browser-support,
+ hardware-observe, et al
+ - tests: reset failing "fwupd-refresh.service" if needed
+ - tests/main/gadget-update-pc: use a program to modify gadget yaml
+ - snap-confine: suppress noisy classic snap file_inherit denials
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Nov 2019 12:41:07 +0100
+
+snapd (2.42.2-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1853244
+ - interfaces/lxd-support: Fix on core18
+ - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
+ 2.4.1 now
+ - snap-seccomp: add missing clock_getres_time64
+ - cmd/snap-seccomp/syscalls: update the list of known
+ syscalls
+ - sandbox/seccomp: accept build ID generated by Go toolchain
+ - interfaces: allow access to ovs bridge sockets
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 20 Nov 2019 08:09:15 +0100
+
+snapd (2.42.1-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1846181
+ - interfaces: de-duplicate emitted update-ns profiles
+ - packaging: tweak handling of usr.lib.snapd.snap-confine
+ - interfaces: allow introspecting network-manager on core
+ - tests/main/interfaces-contacts-service: disable on openSUSE
+ Tumbleweed
+ - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
+ - snap: fix default-provider in seed validation
+ - tests: update system-usernames test now that opensuse-15.1 works
+ - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
+ - gadget: rename "boot{select,img}" -> system-boot-{select,image}
+ - tests: listing test, make accepted snapd/core versions consistent
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Oct 2019 13:17:43 +0100
+
+snapd (2.42-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 01 Oct 2019 11:40:58 +0200
+
+snapd (2.41-1) unstable; urgency=medium
+
+ [ Michael Vogt ]
+ * New upstream release, LP: #1840740
+
+ [ Jamie Strandboge ]
+ * debian/control: Depends on apparmor >= 2.10.95-5 instead of
+ 2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have
+ all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 30 Aug 2019 08:53:57 +0200
+
+snapd (2.40-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Michael Vogt <mvo@debian.org> Tue, 23 Jul 2019 15:38:36 +0200
+
+snapd (2.39.3-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1827495
+ - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
+ - spread: run tests against openSUSE 15.1
+ - data/selinux: fix policy for snaps with bases and classic snaps
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 21 Jun 2019 09:06:01 +0200
+
+snapd (2.39.2-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1827495
+ - debian: rework how we run autopkgtests
+ - interfaces/docker-support: add overlayfs accesses for ubuntu core
+ - data/selinux: permit init_t to remount snappy_snap_t
+ - strutil/shlex: fix ineffassign
+ - packaging: fix build-depends on powerpc
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jun 2019 08:46:14 +0200
+
+snapd (2.39-1) unstable; urgency=medium
+
+ * New upstream release
+ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
+ fixed upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
+
+snapd (2.39.1-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 May 2019 12:08:43 +0200
+
+snapd (2.38-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 21 Mar 2019 11:02:04 +0100
+
+snapd (2.37.4-1) unstable; urgency=medium
+
+ * New upstream release
+ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
+ fixed upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
+
+snapd (2.37.3-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 19 Feb 2019 13:46:24 +0100
+
+snapd (2.37.2-1) unstable; urgency=medium
+
+ * New upstream releease.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 07 Feb 2019 21:26:34 +1300
+
+snapd (2.37.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch:
+ applied upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 29 Jan 2019 19:24:35 +0100
+
+snapd (2.37-3) unstable; urgency=medium
+
+ * Fix --no-arch-any build.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 16:11:17 +1300
+
+snapd (2.37-2) unstable; urgency=medium
+
+ * d/patches/0010-man-page-sections.patch: fix a couple of instances of the
+ lintian warning 'manpage-section-mismatch'.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 09:52:09 +1300
+
+snapd (2.37-1) unstable; urgency=medium
+
+ [ Michael Hudson-Doyle ]
+ * New upstream version.
+ * d/control: make myself Maintainer, use my Debian address, update Vcs-* to
+ point to salsa.
+ * Add new build-dependencies.
+ * d/watch: update to download new upstream-provided no-vendor tarballs.
+ * d/patches: refresh/drop.
+ * d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse.
+ * d/patches/upstram-bolt.patch: use upstream version of boltdb.
+ * d/patches/systemd-activation-compat.patch: compatibility for the
+ newer go-systemd in debian
+
+ [ Ondřej Nový ]
+ * d/copyright: Use https protocol in Format field
+ * d/changelog: Remove trailing whitespaces
+
+ [ Zygmunt Krynicki ]
+ * Update unreleased package to 2.37
+ * Drop and recreate all patches
+ * Add patches for failing unit tests
+ * Reconcile packaging with snapd upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 22 Jan 2019 12:39:58 +0100
+
+snapd (2.30-5) unstable; urgency=medium
+
+ * Team upload.
+ * add fix-pkg-config-line.patch to fix FTBFS
+ * Set XS-Go-Import-Path
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 10 Feb 2018 23:18:15 +0100
+
+snapd (2.30-4) unstable; urgency=medium
+
+ * Fix Built-Using computation on Debian.
+ * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable
+ a flaky test.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 16 Jan 2018 13:02:31 +1300
+
+snapd (2.30-3) unstable; urgency=medium
+
+ * Fix arch builds again, sigh,
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 13:56:48 +1300
+
+snapd (2.30-2) unstable; urgency=medium
+
+ * Fix arch-all-only build. (Closes: 886431)
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 10:48:20 +1300
+
+snapd (2.30-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Remove several patches:
+ - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
+ release.
+ - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
+ now implements a better solution to the problem.
+ - pb.v1-canonical-path.patch: applied upstream.
+ * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Fri, 05 Jan 2018 09:39:07 +1300
+
+snapd (2.28.5) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - snap-confine: cleanup broken nvidia udev tags
+ - cmd/snap-confine: update valid security tag regexp
+ - overlord/ifacestate: refresh udev backend on startup
+ - dbus: ensure io.snapcraft.Launcher.service is created on re-
+ exec
+ - snap-confine: add support for handling /dev/nvidia-modeset
+ - interfaces/network-control: remove incorrect rules for tun
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Oct 2017 23:25:46 +0200
+
+snapd (2.28.4) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - interfaces/opengl: don't udev tag nvidia devices and use snap-
+ confine instead
+ - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 19:40:57 +0200
+
+snapd (2.28.3) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - interfaces/lxd: lxd slot implementation can also be an app
+ snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 08:20:26 +0200
+
+snapd (2.28.2) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - interfaces: fix udev rules for tun
+ - release,cmd,dirs: Redo the distro checks to take into account
+ distribution families
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 10 Oct 2017 18:39:58 +0200
+
+snapd (2.28.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - snap-confine: update apparmor rules for fedora based basesnaps
+ - snapstate: rename refresh hook to post-refresh for consistency
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Sep 2017 17:59:49 -0400
+
+snapd (2.28) xenial; urgency=medium
+
+ * New upstream release, LP: #1714984
+ - hooks: rename refresh to after-refresh
+ - snap-confine: bind mount /usr/lib/snapd relative to snap-confine
+ - cmd,dirs: treat "liri" the same way as "arch"
+ - snap-confine: fix base snaps on core
+ - hooks: substitute env vars when executing hooks
+ - interfaces: updates for default, browser-support, desktop, opengl,
+ upower and stub-resolv.conf
+ - cmd,dirs: treat manjaro the same as arch
+ - systemd: do not run auto-import and repair services on classic
+ - packaging/fedora: Ensure vendor/ is empty for builds and fix spec
+ to build current master
+ - many: fix TestSetConfNumber missing an Unlock and other fragility
+ improvements
+ - osutil: adjust StreamCommand tests for golang 1.9
+ - daemon: allow polkit authorisation to install/remove snaps
+ - tests: make TestCmdWatch more robust
+ - debian: improve package description
+ - interfaces: add netlink kobject uevent to hardware observe
+ - debian: update trusted account-keys check on 14.04 packaging
+ - interfaces/network-{control,observe}: allow receiving
+ kobject_uevent() messages
+ - tests: fix lxd test for external backend
+ - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
+ go1.7,ppc64
+ - corecfg: mock "systemctl" in all corecfg tests
+ - tests: fix unit tests on Ubuntu 14.04
+ - debian: add missing flags when building static snap-exec
+ - many: end-to-end support for the bare base snap
+ - overlord/snapstate: SetRootDir from SetUpTest, not in just some
+ tests
+ - store: have an ad-hoc method on cfg to get its list of uris for
+ tests
+ - daemon: let client decide whether to allow interactive auth via
+ polkit
+ - client,daemon,snap,store: add license field
+ - overlord/snapstate: rename HasCurrent to IsInstalled, remove
+ superfluous/misleading check from All
+ - cmd/snap: SetRootDir from SetUpTest, not in just some individual
+ tests.
+ - systemd: rename snap-repair.{service,timer} to snapd.snap-
+ repair.{service,timer}
+ - snap-seccomp: remove use of x/net/bpf from tests
+ - httputil: more naive per go version way to recreate a default
+ transport for tls reconfig
+ - cmd/snap-seccomp/main_test.go: add one more syscall for arm64
+ - interfaces/opengl: use == to compare, not =
+ - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
+ - cmd/snap-repair: track and use a lower bound for the time for
+ TLSÂ checks
+ - interfaces: expose bluez interface on classic OS
+ - snap-seccomp: add in-kernel bpf tests
+ - overlord: always try to get a serial, lazily on classic
+ - tests: add nmcli regression test
+ - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
+ - tests: add autopilot-introspection interface test
+ - vendor: fix artifact from manually editing vendor/vendor.json
+ - tests: rename complexion to test-snapd-complexion
+ - interfaces: add desktop and desktop-legacy
+ interfaces/desktop: add new 'desktop' interface for modern DEs
+ interfaces/builtin/desktop_test.go: use modern testing techniques
+ interfaces/wayland: allow read on /etc/drirc for Plasma desktop
+ interfaces/desktop-legacy: add new 'legacy' interface (currently
+ for a11y and input)
+ - tests: fix race in snap userd test
+ - devices/iio: add read/write for missing sysfs entries
+ - spread: don't set HTTPS?_PROXY for linode
+ - cmd/snap-repair: check signatures of repairs from Next
+ - env: set XDG_DATA_DIRS for wayland et.al.
+ - interfaces/{default,account-control}: Use username/group instead
+ of uid/gid
+ - interfaces/builtin: use udev tagging more broadly
+ - tests: add basic lxd test
+ - wrappers: ensure bash completion snaps install on core
+ - vendor: use old golang.org/x/crypto/ssh/terminal to build on
+ powerpc again
+ - docs: add PULL_REQUEST_TEMPLATE.md
+ - interfaces: fix network-manager plug
+ - hooks: do not error out when hook is optional and no hook handler
+ is registered
+ - cmd/snap: add userd command to replace snapd-xdg-open
+ - tests: new regex used to validate the core version on extra snaps
+ ass...
+ - snap: add new `snap switch` command
+ - tests: wait more and more debug info about fakestore start issues
+ - apparmor,release: add better apparmor detection/mocking code
+ - interfaces/i2c: adjust sysfs rule for alternate paths
+ - interfaces/apparmor: add missing call to dirs.SetRootDir
+ - cmd: "make hack" now also installs snap-update-ns
+ - tests: copy files with less verbosity
+ - cmd/snap-confine: allow using additional libraries required by
+ openSUSE
+ - packaging/fedora: Merge changes from Fedora Dist-Git
+ - snapstate: improve the error message when classic confinement is
+ not supported
+ - tests: add test to ensure amd64 can run i386 syscall binaries
+ - tests: adding extra info for fakestore when fails to start
+ - tests: install most important snaps
+ - cmd/snap-repair: more test coverage of filtering
+ - squashfs: remove runCommand/runCommandWithOutput as we do not need
+ it
+ - cmd/snap-repair: ignore superseded revisions, filter on arch and
+ models
+ - hooks: support for refresh hook
+ - Partial revert "overlord/devicestate, store: update device auth
+ endpoints URLs"
+ - cmd/snap-confine: allow reading /proc/filesystems
+ - cmd/snap-confine: genearlize apparmor profile for various lib
+ layout
+ - corecfg: fix proxy.* writing and add integration test
+ - corecfg: deal with system.power-key-action="" correctly
+ - vendor: update vendor.json after (presumed) manual edits
+ - cmd/snap: in `snap info`, don't print a newline between tracks
+ - daemon: add polkit support to /v2/login
+ - snapd,snapctl: decode json using Number
+ - client: fix go vet 1.7 errors
+ - tests: make 17.04 shellcheck clean
+ - tests: remove TestInterfacesHelp as it breaks when go-flags
+ changes
+ - snapstate: undo a daemon restart on classic if needed
+ - cmd/snap-repair: recover brand/model from
+ /var/lib/snapd/seed/assertions checking signatures and brand
+ account
+ - spread: opt into unsafe IO during spread tests
+ - snap-repair: update snap-repair/runner_test.go for API change in
+ makeMockServer
+ - cmd/snap-repair: skeleton code around actually running a repair
+ - tests: wait until the port is listening after start the fake store
+ - corecfg: fix typo in tests
+ - cmd/snap-repair: test that redirects works during fetching
+ - osutil: honor SNAPD_UNSAFE_IO for testing
+ - vendor: explode and make more precise our golang.go/x/crypto deps,
+ use same version as Debian unstable
+ - many: sanitize NewStoreStack signature, have shared default store
+ test private keys
+ - systemd: disable `Nice=-5` to fix error when running inside lxd
+ - spread.yaml: update delta ref to 2.27
+ - cmd/snap-repair: use E-Tags when refetching a repair to retry
+ - interfaces/many: updates based on chromium and mrrescue denials
+ - cmd/snap-repair: implement most logic to get the next repair to
+ run/retry in a brand sequence
+ - asserts/assertstest: copy headers in SigningDB.Sign
+ - interfaces: convert uhid to common interface and test cases
+ improvement for time_control and opengl
+ - many tests: move all panicing fake store methods to a common place
+ - asserts: add store assertion type
+ - interfaces: don't crash if content slot has no attributes
+ - debian: do not build with -buildmode=pie on i386
+ - wrappers: symlink completion snippets when symlinking binaries
+ - tests: adding more debug information for the interfaces-cups-
+ control …
+ - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
+ - many: allow and support serials signed by the 'generic' authority
+ instead of the brand
+ - corecfg: add proxy configuration via `snap set core
+ proxy.{http,https,ftp}=...`
+ - interfaces: a bunch of interfaces test improvement
+ - tests: enable regression and completion suites for opensuse
+ - tests: installing snapd for nested test suite
+ - interfaces: convert lxd_support to common iface
+ - interfaces: add missing test for camera interface.
+ - snap: add support for parsing snap layout section
+ - cmd/snap-repair: like for downloads we cannot have a timeout (at
+ least for now), less aggressive retry strategies
+ - overlord: rely on more conservative ensure interval
+ - overlord,store: no piles of return args for methods gathering
+ device session request params
+ - overlord,store: send model assertion when setting up device
+ sessions
+ - interfaces/misc: updates for unity7/x11, browser-
+ support, network-control and mount-observe
+ interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
+ interfaces/browser-support: update sysfs reads for
+ newer browser versions, interfaces/network-control: rw for
+ ieee80211 advanced wireless interfaces/mount-observe: allow read
+ on sysfs entries for block devices
+ - tests: use dnf --refresh install to avert stale cache
+ - osutil: ensure TestLockUnlockWorks uses supported flock
+ - interfaces: convert lxd to common iface
+ - tests: restart snapd to ensure re-exec settings are applied
+ - tests: fix interfaces-cups-control test
+ - interfaces: improve and tweak bunch of interfaces test cases.
+ - tests: adding extra worker for fedora
+ - asserts,overlord/devicestate: support predefined assertions that
+ don't establish foundational trust
+ - interfaces: convert two hardware_random interfaces to common iface
+ - interfaces: convert io_ports_control to common iface
+ - tests: fix for upgrade test on fedora
+ - daemon, client, cmd/snap: implement snap start/stop/restart
+ - cmd/snap-confine: set _FILE_OFFSET_BITS to 64
+ - interfaces: covert framebuffer to commonInterface
+ - interfaces: convert joystick to common iface
+ - interfaces/builtin: add the spi interface
+ - wrappers, overlord/snapstate/backend: make link-snap clean up on
+ failure.
+ - interfaces/wayland: add wayland interface
+ - interfaces: convert kvm to common iface
+ - tests: extend upower-observe test to cover snaps providing slots
+ - tests: enable main suite for opensuse
+ - interfaces: convert physical_memory_observe to common iface
+ - interfaces: add missing test for optical_drive interface.
+ - interfaces: convert physical_memory_control to common iface
+ - interfaces: convert ppp to common iface
+ - interfaces: convert time-control to common iface
+ - tests: fix failover test
+ - interfaces/builtin: rework for avahi interface
+ - interfaces: convert broadcom-asic-control to common iface
+ - snap/snapenv: document the use of CoreSnapMountDir for SNAP
+ - packaging/arch: drop patches merged into master
+ - cmd: fix mustUnsetenv docstring (thanks to Chipaca)
+ - release: remove default from VERSION_ID
+ - tests: enable regression, upgrade and completion test suites for
+ fedora
+ - tests: restore interfaces-account-control properly
+ - overlord/devicestate, store: update device auth endpoints URLs
+ - tests: fix install-hook test failure
+ - tests: download core and ubuntu-core at most once
+ - interfaces: add common support for udev
+ - overlord/devicestate: fix, don't assume that the serial is backed
+ by a 1-key chain
+ - cmd/snap-confine: don't share /etc/nsswitch from host
+ - store: do not resume a download when we already have the whole
+ thing
+ - many: implement "snap logs"
+ - store: don't call useDeltas() twice in quick succession
+ - interfaces/builtin: add kvm interface
+ - snap/snapenv: always expect /snap for $SNAP
+ - cmd: mark arch as non-reexecing distro
+ - cmd: fix tests that assume /snap mount
+ - gitignore: ignore more build artefacts
+ - packaging: add current arch packaging
+ - interfaces/unity7: allow receiving media key events in (at least)
+ gnome-shell
+ - interfaces/many, cmd/snap-confine: miscellaneous policy updates
+ - interfaces/builtin: implement broadcom-asic-control interface
+ - interfaces/builtin: reduce duplication and remove cruft in
+ Sanitize{Plug,Slot}
+ - tests: apply underscore convention for SNAPMOUNTDIR variable
+ - interfaces/greengrass-support: adjust accesses now that have
+ working snap
+ - daemon, client, cmd/snap: implement "snap services"
+ - tests: fix refresh tests not stopping fake store for fedora
+ - many: add the interface command
+ - overlord/snapstate/backend: some copydata improvements
+ - many: support querying and completing assertion type names
+ - interfaces/builtin: discard empty Validate{Plug,Slot}
+ - cmd/snap-repair: start of Runner, implement first pass of Peek
+ and Fetch
+ - tests: enable main suite on fedora
+ - snap: do not always quote the snap info summary
+ - vendor: update go-flags to address crash in "snap debug"
+ - interfaces: opengl support pci device and vendor
+ - many: start implenting "base" snap type on the snapd side
+ - arch,release: map armv6 correctly
+ - many: expose service status in 'snap info'
+ - tests: add browser-support interface test
+ - tests: disable snapd-notify for the external backend
+ - interfaces: Add /run/uuid/request to openvswitch
+ - interfaces: add password-manager-service implicit classic
+ interface
+ - cmd: rework reexec detection
+ - cmd: fix re-exec bug when starting from snapd 2.21
+ - tests: dependency packages installed during prepare-project
+ - tests: remove unneeded check for re-exec in InternalToolPath()
+ - cmd,tests: fix classic confinement confusing re-execution code
+ - store: configurable base api
+ - tests: fix how package lists are updated for opensuse and fedora
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 25 Sep 2017 12:07:34 -0400
+
+snapd (2.27.6-2) unstable; urgency=medium
+
+ * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch
+ to fix FTBFS with Go 1.9. (Closes: #876867)
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 26 Sep 2017 13:41:53 -0400
+
+snapd (2.27.6-1) unstable; urgency=medium
+
+ * New upstream release, LP: #1703798:
+ - interfaces: add udev netlink support to hardware-observe
+ - interfaces/network-{control,observe}: allow receiving
+ kobject_uevent() messages
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Fri, 08 Sep 2017 00:03:18 +0200
+
+snapd (2.27.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ - interfaces: fix network-manager plug regression
+ - hooks: do not error when hook handler is not registered
+ - interfaces/alsa,pulseaudio: allow read on udev data for sound
+ - interfaces/optical-drive: read access to udev data for /dev/scd*
+ - interfaces/browser-support: read on /proc/vmstat and misc udev data
+
+ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 31 Aug 2017 10:11:20 +0200
+
+snapd (2.27.4-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Enable seccomp.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 24 Aug 2017 22:12:52 +1200
+
+snapd (2.27.2-2) unstable; urgency=medium
+
+ * Fix re-exec test failure.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:37:47 +1200
+
+snapd (2.27.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Stop using single-debian-patch, split delta into separate patches.
+ * Allow confining snap-confine even when --disable-apparmor is used.
+ * Pass --enable-static-libcap to cmd/configure, as was always the intention.
+ * Disable re-exec on Debian until core snap can cope with a partial apparmor
+ implementation. (Closes: #851473)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:00:31 +1200
+
+snapd (2.27.1-1) unstable; urgency=medium
+
+ * New upstream release. (Closes: #868959, #869268, #872071)
+ * New changes to upstream sources:
+ - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of
+ golang/x/net.
+ - Use upstream version of libseccomp-golang.
+ * Do not install ancient ubuntu-core-launcher symlink.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 14 Aug 2017 21:53:09 +1200
+
+snapd (2.27.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1703798:
+ - tests: use dnf --refresh install to avert stale cache
+ - tests: fix test failure on 14.04 due to old version of
+ flock
+ - updates for unity7/x11, browser-support, network-control,
+ mount-observe
+ - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
+ - interfaces/browser-support: update sysfs reads for
+ newer browser versions
+ - interfaces/network-control: rw for ieee80211 advanced wireless
+ - interfaces/mount-observe: allow read on sysfs entries for block
+ devices
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 14 Aug 2017 08:02:17 +0200
+
+snapd (2.27) xenial; urgency=medium
+
+ * New upstream release, LP: #1703798
+ - fix build failure on 32bit fedora
+ - interfaces: add password-manager-service implicit classic interface
+ - interfaces/greengrass-support: adjust accesses now that have working
+ snap
+ - interfaces/many, cmd/snap-confine: miscellaneous policy updates
+ - interfaces/unity7: allow receiving media key events in (at least)
+ gnome-shell
+ - cmd: fix re-exec bug when starting from snapd 2.21
+ - tests: restore interfaces-account-control properly
+ - cmd: fix tests that assume /snap mount
+ - cmd: mark arch as non-reexecing distro
+ - snap-confine: don't share /etc/nsswitch from host
+ - store: talk to api.snapcraft.io for purchases
+ - hooks: support for install and remove hooks
+ - packaging: fix Fedora support
+ - tests: add bluetooth-control interface test
+ - store: talk to api.snapcraft.io for assertions
+ - tests: remove snapd before building from branch
+ - tests: add avahi-observe interface test
+ - store: orders API now checks if customer is ready
+ - cmd/snap: snap find only searches stable
+ - interfaces: updates default, mir, optical-observe, system-observe,
+ screen-inhibit-control and unity7
+ - tests: speedup prepare statement part 1
+ - store: do not send empty refresh requests
+ - asserts: fix error handling in snap-developer consistency check
+ - systemd: add explicit sync to snapd.core-fixup.sh
+ - snapd: generate snap cookies on startup
+ - cmd,client,daemon: expose "force devmode" in sysinfo
+ - many: introduce and use strutil.ListContains and also
+ strutil.SortedListContains
+ - assserts,overlord/assertstate: test we don't accept chains of
+ assertions founded on a self-signed key coming externally
+ - interfaces: enable access to bridge settings
+ - interfaces: fix copy-pasted iio vs io in io-ports-control
+ - cmd/snap-confine: various small fixes and tweaks to seccomp
+ support code
+ - interfaces: bring back seccomp argument filtering
+ - systemd, osutil: rework systemd logs in preparation for services
+ commands
+ - tests: store /etc/systemd/system/snap-*core*.mount in snapd-
+ state.tar.gz
+ - tests: shellcheck improvements for tests/main tasks - first set of
+ tests
+ - cmd/snap: `--last` for abort and watch, and aliases
+ (search→find, change→tasks)
+ - tests: shellcheck improvements for tests/lib scripts
+ - tests: create ramdisk if it's not present
+ - tests: shellcheck improvements for nightly upgrade and regressions
+ tests
+ - snapd: fix for snapctl get panic on null config values.
+ - tests: fix for rng-tools service not restarting
+ - systemd: add snapd.core-fixup.service unit
+ - cmd: avoid using current symlink in InternalToolPath
+ - tests: fix timeout issue for test refresh core with hanging …
+ - intefaces: control bridged vlan/ppoe-tagged traffic
+ - cmd/snap: include snap type in notes
+ - overlord/state: Abort() only visits each task once
+ - tests: extend find-private test to cover more cases
+ - snap-seccomp: skip socket() tests on systems that use socketcall()
+ instead of socket()
+ - many: support snap title as localized/title-cased name
+ - snap-seccomp: deal with mknod on aarch64 in the seccomp tests
+ - interfaces: put base policy fragments inside each interface
+ - asserts: introduce NewDecoderWithTypeMaxBodySize
+ - tests: fix snapd-notify when it takes more time to restart
+ - snap-seccomp: fix snap-seccomp tests in artful
+ - tests: fix for create-key task to avoid rng-tools service ramains
+ alive
+ - snap-seccomp: make sure snap-seccomp writes the bpf file
+ atomically
+ - tests: do not disable ipv6 on core systems
+ - arch: the kernel architecture name is armv7l instead of armv7
+ - snap-confine: ensure snap-confine waits some seconds for seccomp
+ security profiles
+ - tests: shellcheck improvements for tests/nested tasks
+ - wrappers: add SyslogIdentifier to the service unit files.
+ - tests: shellcheck improvements for unit tasks
+ - asserts: implement FindManyTrusted as well
+ - asserts: open up and optimize Encoder to help avoiding unnecessary
+ copying
+ - interfaces: simplify snap-confine by just loading pre-generated
+ bpf code
+ - tests: restart rng-tools services after few seconds
+ - interfaces, tests: add mising dbus abstraction to system-observe
+ and extend spread test
+ - store: change main store host to api.snapcraft.io
+ - overlord/cmdstate: new package for running commands as tasks.
+ - spread: help libapt resolve installing libudev-dev
+ - tests: show the IP from .travis.yaml
+ - tests/main: use pkgdb function in more test cases
+ - cmd,daemon: add debug command for displaying the base policy
+ - tests: prevent quoting error on opensuse
+ - tests: fix nightly suite
+ - tests: add linode-sru backend
+ - snap-confine: validate SNAP_NAME against security tag
+ - tests: fix ipv6 disable for ubuntu-core
+ - tests: extend core-revert test to cover bluez issues
+ - interfaces/greengrass-support: add support for Amazon Greengrass
+ as a snap
+ - asserts: support timestamp and optional disabled header on repair
+ - tests: reboot after upgrading to snapd on the -proposed pocket
+ - many: fix test cases to work with different DistroLibExecDir
+ - tests: reenable help test on ubuntu and debian systems
+ - packaging/{opensuse,fedora}: allow package build with testkeys
+ included
+ - tests/lib: generalize RPM build support
+ - interfaces/builtin: sync connected slot and permanent slot snippet
+ - tests: fix snap create-key by restarting automatically rng-tools
+ - many: switch to use http numeric statuses as agreed
+ - debian: add missing Type=notify in 14.04 packaging
+ - tests: mark interfaces-openvswitch as manual due to prepare errors
+ - debian: unify built_using between the 14.04 and 16.04 packaging
+ branch
+ - tests: pull from urandom when real entropy is not enough
+ - tests/main/manpages: install missing man package
+ - tests: add refresh --time output check
+ - debian: add missing "make -C data/systemd clean"
+ - tests: fix for upgrade test when it is repeated
+ - tests/main: use dir abstraction in a few more test cases
+ - tests/main: check for confinement in a few more interface tests
+ - spread: add fedora snap bin dir to global PATH
+ - tests: check that locale-control is not present on core
+ - many: snapctl outside hooks
+ - tests: add whoami check
+ - interfaces: compose the base declaration from interfaces
+ - tests: fix spread flaky tests linode
+ - tests,packaging: add package build support for openSUSE
+ - many: slight improvement of some snap error messaging
+ - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
+ err reports
+ - tests: fix for the test postrm-purge
+ - tests: restoring the /etc/environment and service units config for
+ each test
+ - daemon: make snapd a "Type=notify" daemon and notify when startup
+ is done
+ - cmd/snap-confine: add support for --base snap
+ - many: derive implicit slots from interface meta-data
+ - tests: add core revert test
+ - tests,packaging: add package build support for Fedora for our
+ spread setup
+ - interfaces: move base declaration to the policy sub-package
+ - tests: fix for snapd-reexec test cheking for restart info on debug
+ log
+ - tests: show available entropy on error
+ - tests: clean journalctl logs on trusty
+ - tests: fix econnreset on staging
+ - tests: modify core before calling set
+ - tests: add snap-confine privilege test
+ - tests: add staging snap-id
+ - interfaces/builtin: silence ptrace denial for network-manager
+ - tests: add alsa interface spread test
+ - tests: prefer ipv4 over ipv6
+ - tests: fix for econnreset test checking that the download already
+ started
+ - httputil,store: extract retry code to httputil, reorg usages
+ - errtracker: report if snapd did re-execute itself
+ - errtracker: include bits of snap-confine apparmor profile
+ - tests: take into account staging snap-ids for snap-info
+ - cmd: add stub new snap-repair command and add timer
+ - many: stop "snap refresh $x --channel invalid" from working
+ - interfaces: revert "interfaces: re-add reverted ioctl and quotactl
+ - snapstate: consider connect/disconnect tasks in
+ CheckChangeConflict.
+ - interfaces: disable "mknod |N" in the default seccomp template
+ again
+ - interfaces,overlord/ifacestate: make sure installing slots after
+ plugs works similarly to plugs after slots
+ - interfaces/seccomp: add bind() syscall for forced-devmode systems
+ - packaging/fedora: Sync packaging from Fedora Dist-Git
+ - tests: move static and unit tests to spread task
+ - many: error types should be called FooError, not ErrFoo.
+ - partition: add directory sync to the save uboot.env file code
+ - cmd: test everything (100% coverage \o/)
+ - many: make shell scripts shellcheck-clean
+ - tests: remove additional setup for docker on core
+ - interfaces: add summary to each interface
+ - many: remove interface meta-data from list of connections
+ - logger (& many more, to accommodate): drop explicit syslog.
+ - packaging: import packaging bits for opensuse
+ - snapstate,many: implement snap install --unaliased
+ - tests/lib: abstract build dependency installation a bit more
+ - interfaces, osutil: move flock code from interfaces/mount to
+ osutil
+ - cmd: auto import assertions only from ext4,vfat file systems
+ - many: refactor in preparation for 'snap start'
+ - overlord/snapstate: have an explicit code path last-refresh
+ unset/zero => immediately refresh try
+ - tests: fixes for executions using the staging store
+ - tests: use pollinate to seed the rng
+ - cmd/snap,tests: show the sha3-384 of the snap for snap info
+ --verbose SNAP-FILE
+ - asserts: simplify and adjust repair assertion definition
+ - cmd/snap,tests: show the snap id if available in snap info
+ - daemon,overlord/auth: store from model assertion wins
+ - cmd/snap,tests/main: add confinement switch instead of spread
+ system blacklisting
+ - many: cleanup MockCommands and don't leave a process around after
+ hookstate tests
+ - tests: update listing test to the core version number schema
+ - interfaces: allow snaps to use the timedatectl utility
+ - packaging: Add Fedora packaging files
+ - tests/libs: add distro_auto_remove_packages function
+ - cmd/snap: correct devmode note for anomalous state
+ - tests/main/snap-info: use proper pkgdb functions to install distro
+ packages
+ - tests/lib: use mktemp instead of tempfile to work cross-distro
+ - tests: abstract common dirs which differ on distributions
+ - many: model and expose interface meta-data.
+ - overlord: make config defaults from gadget work also at first boot
+ - interfaces/log-observe: allow using journalctl from hostfs for
+ classic distro
+ - partition,snap: add support for android boot
+ - errtracker: small simplification around readMachineID
+ - snap-confine: move rm_rf_tmp to test-utils.
+ - tests/lib: introduce pkgdb helper library
+ - errtracker: try multiple paths to read machine-id
+ - overlord/hooks: make sure only one hook for given snap is executed
+ at a time.
+ - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
+ confinement env
+ - tests: bump kill-timeout and remove quiet call on build
+ - tests/lib/snaps: add a test store snap with a passthrough
+ configure hook
+ - daemon: teach the daemon to wait on active connections when
+ shutting down
+ - tests: remove unit tests task
+ - tests/main/completion: source from /usr/share/bash-completion
+ - assertions: add "repair" assertion
+ - interfaces/seccomp: document Backend.NewSpecification
+ - wrappers: make StartSnapServices cleanup any services that were
+ added if a later one fails
+ - overlord/snapstate: avoid creating command aliases for daemons
+ - vendor: remove unused packages
+ - vendor,partition: fix panics from uenv
+ - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
+ core if possible
+ - daemon: do not allow to install ubuntu-core anymore
+ - wrappers: service start/stop were inconsistent
+ - tests: fix failing tests (snap core version, syslog changes)
+ - cmd/snap-update-ns: add actual implementation
+ - tests: improve entropy also for ubuntu
+ - cmd/snap-confine: use /etc/ssl from the core snap
+ - wrappers: don't convert between []byte and string needlessly.
+ - hooks: default timeout
+ - overlord/snapstate: Enable() was ignoring the flags from the
+ snap's state, resulting in losing "devmode" on disable/enable.
+ - difs,interfaces/mount: add support for locking namespaces
+ - interfaces/mount: keep track of kept mount entries
+ - tests/main: move a bunch of greps over to MATCH
+ - interfaces/builtin: make all interfaces private
+ - interfaces/mount: spell unmount correctly
+ - tests: allow 16-X.Y.Z version of core snap
+ - the timezone_control interface only allows changing /etc/timezone
+ and /etc/writable/timezone. systemd-timedated also updated the
+ link of /etc/localtime and /etc/writable/localtime ... allow
+ access to this file too
+ - cmd/snap-confine: aggregate operations holding global lock
+ - api, ifacestate: resolve disconnect early
+ - interfaces/builtin: ensure we don't register interfaces twice
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Aug 2017 12:43:16 +0200
+
+snapd (2.26.14) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - cmd: fix incorrect re-exec when starting from snapd 2.21
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 20 Jul 2017 13:52:05 +0200
+
+snapd (2.26.13) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - cmd,tests: fix classic confinement confusing re-execution code
+ - cmd: fix incorrect check check for re-exec in InternalToolPath()
+ - snap-seccomp: add secondary arch for unrestricted snaps as well
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 18 Jul 2017 20:34:33 +0200
+
+snapd (2.26.10) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 17 Jul 2017 11:58:22 +0200
+
+snapd (2.26.9) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - statically link libseccomp in snap-seccomp to fix refresh issue
+ on trusty
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Jul 2017 08:27:14 +0200
+
+snapd (2.26.8) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
+ - add snapd.core-fixup.service unit
+ - ensure re-exec uses the right internal tools
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jul 2017 07:48:22 +0200
+
+snapd (2.26.6) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - interfaces: allow snaps to use the timedatectl utility in
+ time-control
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 27 Jun 2017 08:36:23 +0100
+
+snapd (2.26.5) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - backport of seccomp-bpf branch to the 2.26 release to ensure snap
+ revert with new seccomp syntax works correctly
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 26 Jun 2017 15:30:15 +0100
+
+snapd (2.26.4) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - partly revert aace15ab53 to unbreak core reverts
+ - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
+ - Disable "mknod |N" in the default seccomp template
+ reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
+ - errtracker: include bits of snap-confine apparmor profile
+ - errtracker: report if snapd did re-execute itself
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Jun 2017 18:50:52 +0200
+
+snapd (2.26.3) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
+ sure the image tests are updated for the changes in the
+ `snap info core` output and the removal of the rsyslog
+ package from core.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 17 May 2017 11:31:56 +0200
+
+snapd (2.26.2) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - cherry pick d444728 to make the uboot.env file parsing more
+ robust
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 16 May 2017 18:37:07 +0200
+
+snapd (2.26.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - store: fix panic error in auth
+ - tests: the new ubuntu-image snap needs classic confinement, adjust
+ tests
+ - cmd/snap-confine: don't fail on pre 3.8 kernel
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 21:44:27 +0200
+
+snapd (2.26) xenial; urgency=medium
+
+ * New upstream release, LP: #1690083
+ - timeutil: avoid panicking when the window is very small
+ - image: fix go vet issue
+ - overlord/ifacestate: don't spam logs with harmless auto-connect
+ messages
+ - interfaces/builtin: add network-status interface
+ - interfaces/builtin: add online-accounts-service interface
+ - interfaces/builtin: distribute code of touching allInterfaces
+ - interfaces: API additions for interface hooks
+ - interfaces/builtin: add storage-framework-service interface
+ - tests: disable create-key test on ppc64el for artful (expect not
+ working)
+ - snap: make `snap prepare-image --extra-snaps` derive side info
+ - tests: unify tests/{main/completion,completion}/lib.exp0
+ - cmd/snap: tweak info channels output
+ - interfaces: ensure that legacy interface methods are unused
+ - packaging: cleanup how built-using is generated
+ - tests: extend kernel-module-control interface test
+ - interfaces/network: workaround Go's need for NETLINK_ROUTE with
+ 'net'.
+ - cmd/snap-confine: use defensive argument parser
+ - tests: add test for empty snap name on revert
+ - overlord/hookstate: remove unused Context.timeout
+ - tests: additional setup in docker test for core systems
+ - configstate: return error if patch is invalid
+ - interfaces: add random interface
+ - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
+ - cmd/snap, client: add "whoami" command
+ - cmd/snap: iterate interface tab completion
+ - snap: move locale-control to only be present on classic
+ - interfaces/browser-support: deny read on squashfs backing files
+ and LVM vg names
+ - tests: wait for the docker socket to be listening
+ - snap: add `snap refresh --time` option
+ - tests: re-enable and moderninze /media sharing test
+ - cmd: make rst2man optional
+ - tests: remove quoting from [[ ]] when globs
+ - interfaces: allow plugging DBus clients to introspect the slot
+ service
+ - packaging/ubuntu*/changelog: drop extra dash
+ - snap-confine: init the ENTRY variable, coverity is unhappy
+ otherwise
+ - cmd/snap-confine/spread-tests: discard useless --version test
+ - spread: add spread target qemu:debian-9-64
+ - interfaces: mediate netlink sockets via seccomp
+ - tests,cmd/snap-confine: port older snapd-discard-ns tests
+ - cmd/snap-confine/tests: fix shellcheck on recently added files
+ - tests/upgrade: force install core snap from beta for debian
+ - overlord/snapstate/backend,interfaces/mount: move ns management
+ code.
+ - tests: extend network-control spread test to cope with network
+ namespaces
+ - tests: fail early in the spread suite if trying to run it inside a
+ container
+ - tests: set ownership of $PROJECT_PATH for the external backend
+ - tests: specify the auto-refreshable snap being tested
+ - many: fix tests with go1.8 / artful
+ - fix for tests: debian does not have /snap/bin in secure_path so
+ sudo
+ - snap: support for snap tasks --last=...
+ - cmd/snap-confine: remove obsolete debug message
+ - address review feedback, add a lot of comments :-), call
+ shellcheck on the completion scripts, fix a bug in compopt
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 10:05:44 +0200
+
+snapd (2.25) xenial; urgency=medium
+
+ * New upstream release, LP: #1686713
+ - interfaces/default: allow mknod for regular files, pipes and
+ sockets
+ - many: use "SNAP.APP as ALIAS" instead of => when listing
+ added/removed aliases
+ - cmd/snap-confine: write current mount profile
+ - cmd/snap-discard-ns: remove current profile when cleaning up
+ - many: support debian in our CI
+ - tests: tweak time for econnreset test a bit more
+ - cmd/snap-confine: re-enable re-assciate fix for CE
+ - many: aliases v2 cleanups
+ - cmd/snap-confine: don't use apparmor if it is disabled on boot
+ - many: implement `snap prefer <snap>` (aliases v2)
+ - many: adjust /aliases and "snap aliases" to aliases v2, also some
+ cleanup
+ - snapstate: normalize gadget defaults
+ - many: allow core refresh.schedule setting
+ - many: show alias changes on snap alias/unalias (aliases v2)
+ - client,cmd/snap: improve messaging on --devmode and --classic
+ - many: implement `snap unalias <alias-or-snap>` (aliases v2)
+ - store: retry on connection reset
+ - interfaces/mount: add Change.Perform
+ - tests: add openvswitch interface spread test
+ - interfaces/i2c: allow modifying device-specific sysfs entries
+ - interfaces: allow writing to /run/systemd/journal/stdout by
+ default
+ - tests: ensure travis fails early if static checks fail
+ - store,daemon: make store interpret channel="" as stable in most
+ cases
+ - overlord/snapstate: make UpdateAliases idempotent, simplify the
+ backend interface bits for aliases not used anymore (aliases v2)
+ - many: implement snap alias <snap.app> <alias> (aliases v2)
+ - snap-confine: add code to ensure that / or /snap is mounted
+ "shared"
+ - many: show available "tracks" in `snap info`
+ - cmd/snap: make users Xauthority file available in snap environment
+ - interfaces/mount: write current fstab files with mode 0644
+ - overlord: switch to aliases v2 tasks for install/refresh etc ops
+ plus transition
+ - tests: parameterize gadget snap channel (#3117)
+ - tests: copy .real profile as .real
+ - tests: add empty initrd failover test
+ - many: mount squashfs as read-only
+ - cmd: make locking around namespaces explicit
+ - tests: address review comments from #3186
+ - tests: add dbus interface spread test
+ - interfaces/mount: add ReadMountInfo and LoadMountInfo
+ - snap: require snap name for 'revert'
+ - overlord: maintain per-revision snapshots of snap configuration
+ - tests: relax network-bind interface regexps
+ - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
+ - store: retry once on hashsum mismatches in a Download()
+ - interfaces/builtin: don't panic if content plug has nil attrs
+ - interfaces/mount: pass mount.Profile to mount.NeededChanges
+ - packaging: add `built-using` header for 16.04 packaging
+ - interfaces: add media-hub interface
+ - interfaces/builtin: allow full access to properties iface of the
+ udisks service
+ - tests: handle case when both .real and plain are present
+ - interfaces/mount: add Change.String for readable output
+ - tests: ensure we mock force dev mode as well to fix FTBFS in
+ sbuild
+ - store: add more logs around retry in download
+ - interfaces/mount: add stub Change.{Needed,Perform}
+ - tests: allow installing snapd from -proposed for SRU validation
+ - interfaces/mount: parse mount options to map[string]string
+ - snap: added tasks subcommand
+ - tests: copy snap-confine apparmor profile into testbed
+ - interfaces/mount: improve go identifier names of mountinfo, parse
+ optional fields
+ - Arch Linux wants to respect FHS
+ (https://bugs.archlinux.org/task/53656),
+ - daemon: do not set RemoveSnapPath flag when doing a try
+ - debian: add maintscript helper to remove usr.lib.snapd.snap-
+ confine in snap-confine
+ - cmd/snap-confine: don't use plain "classic" term
+ - cmd/snap-confine: set TMPDIR and TEMPDIR each time
+ - many: fixes for `go vet` in go 1.7
+ - tests: add kernel-module-control interface test
+ - overlord/snapstate: introduce tasks for aliases v2 semantics with
+ temporary names for now (aliases v2)
+ - overlord/devicestate: switch to ssh-keygen for device key
+ generation
+ - snap: skip /dev/ram from auto-import assertions to make it less
+ noisy (#3010)
+ - interfaces: add kubernetes-support interface and adjust related
+ interfaces (LP: #1664638)
+ - tests: download previous snapd package from published versions
+ instead of specific PPA
+ - snap: run snap-confine from core if snap is also running from core
+ - overlord/ifacestate: automatically rename connections on core snap
+ - many: break the /aliases mutation API with a clean 400 (aliases
+ v2)
+ - interfaces/builting: allow read-only access to /sys/module
+ - tests: add extra test after the core transition for snap get/set
+ core
+ - store: misc cleanups in tests
+ - interfaces/mount: add parser for mountinfo entries
+ - store: tests for unexpected EOF
+ - tests: fix unity test
+ - interfaces,overlord: log interface auto-connection failures
+ - cmd/snap-update-ns: add C preamble for setns
+ - interfaces: validate plug/slot uniqueness
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 28 Apr 2017 07:57:49 +0200
+
+snapd (2.24.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1681799:
+ - fix autopkgtest failures with stable core snap
+ - ensure the snap-confine transitional package cleans up
+ the no-longer-used apparmor profile to fix the kernels
+ autopkgtest failures
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 19 Apr 2017 11:54:33 +0200
+
+snapd (2.24) xenial; urgency=medium
+
+ * New upstream release, LP: #1681799:
+ - interfaces/mount: add InfoEntry type
+ - many: fix plug auto-connect during core transition
+ - interfaces: fold network bind into core support with tests
+ - .travis.yml: add option to make raw log less noisy
+ - interfaces: adjust shm accesses to use 'm' for updated mmap kernel
+ mediation
+ - many: rename two core plugs that clash with slot names
+ - snap-confine,browser-support: /dev/tty for snap-confine, misc
+ browser-support for gnome-shell
+ - store: add download test with EOF in the middle
+ - tests: adjust to look for network-bind-plug
+ - store: make hash error message more accurate
+ - overlord/snapstate: simplify AliasesStatus down to just an
+ AutoAliasesDisabled bool flag (aliases v2)
+ - errtracker: never send errtracker reports when running under
+ SNAPPY_TESTING
+ - interfaces/repo: validate slot/plug names
+ - daemon: Give the snap directories via GET /v2/system-info
+ - interfaces/unity7: support unity messaging menu
+ - interfaces/mount: add high-level Profile functions
+ - git: ignore only the cmd/Makefile{,.in}
+ - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
+ support
+ - daemon: add desktop file location for app to the API
+ - overlord,release: disable classic snap support when not possible
+ - overlord: fix TestEnsureLoopPrune not to be so racy
+ - many: abstract path to /bin/{true,false}
+ - data/systemd: tweak data/systemd/Makefile to be slightly simpler
+ - store: handle EOF via url.Error check
+ - packaging: use templates for relevant systemd units
+ - tests: run gccgo only on ubuntu-16.04-64
+ - .travis.yml: remove travis matrix and do a single sequential run
+ - overlord/state: make sure that setting to nil a state key is
+ equivalent to deleting it
+ - tests: fix incorrect shell expression
+ - interfaces/mount: add OptsToFlags for converting arguments to
+ syscall…
+ - interfaces: add a joystick interface
+ - tests: enable docker test for more ubuntu-core systems
+ - tests: download and install additional dependencies when using
+ prepackaged snapd
+ - many: add support for partially static builds
+ - interfaces: allow slot to introspect dbus-daemon in dbus
+ interface, allow /usr/bin/arch by default
+ - interfaces/mount: fix golint issues
+ - interfaces/mount: add function for saving fstab-like file
+ - osutil: introducing GetenvInt64, like GetenvBool but Int64er.
+ - interfaces: drop udev tagging from framebuffer interface
+ - snapstate: more helpers to work with aliases state (aliases
+ v2)
+ - interfaces/mount: add function for parsing fstab-like file
+ - cmd: disable the re-associate fix as requested by jdstrand
+ - overlord/snapstate: unlock/relock the state less, especially not
+ across mutating the SnapState of a snap
+ - interfaces: allow executing ld.so (needed with new AppArmor base
+ abstraction)
+ - interfaces/mount: add function for parsing mount entries
+ - cmd: rework header check for xfs/xqm.h
+ - cmd: add poky to the list of distros which don't support reexec
+ - overlord: finish reorg, revert "be more conservative until we have
+ cut 2.23.x"
+ - cmd: select what socket to use in cmd/snap{,ctl}
+ - overlord: remove snap config values when snap is removed
+ - snapstate: introduce helper to apply to disk a alias states change
+ for a snap (aliases v2)
+ - configstate,hookstate: timeout the configure hook after 5 mins,
+ report failures to the errtracker
+ - interfaces/seccomp: add bind as part of the default seccomp policy
+ for hooks
+ - cmd: discard the C implementation of snap-update-ns
+ - tests: remove stale apt proxy leftover from cloud-init
+ - tests: move unity test to nightly suite
+ - interfaces: add support for location-observe for
+ dbus::ObjectManager session paths
+ - boot: log error in KernelOrOsRebootRequired
+ - interfaces: remove old API
+ - interfaces: use udev spec
+ - interfaces: convert systemd backend to new APIs
+ - osutil: add BootID
+ - tests: move docker test to new nightly suite
+ - interfaces/mount: compute mount changes required to transition
+ mount profiles
+ - data/selinux: add context definition for snapctl
+ - overlord: clean up organization under state packages
+ - overlord: make sure all managers packages have *state.go with the
+ main state manipulation/query APIs
+ - interfaces: use spec in the dbus backend
+ - store: download from authenticated URL if there is a device
+ session set
+ - tests: remove core_name variable
+ - interfaces: rename thumbnailer to thumbnailer-service
+ - interfaces: add chroot to base templates
+ - asserts: remove some unused things
+ - systemd: mount the squashfs with nodev
+ - overlord: when shutting down assume errors might be due to
+ cancellation so retry
+ - cmd: rename all unit tests to $command/unit-test
+ - cmd/snap: fix help string for version command
+ - asserts: don't allow revocations with other items for the same
+ developer
+ - tests: skip lp-1644439 test on older kernels
+ - interfaces: allow "sync" to be used by core support
+ - assertstate,snapstate: have assertstate.AutoAliases use the
+ "aliases" header
+ - interfaces: allow writing config.txt.tmp in the core-support
+ interface
+ - tests: adjust network-bind test
+ - interfaces: dbus backend spec
+ - asserts: introduce a snap-declaration "aliases" header to list
+ auto aliases with explicit targets
+ - cmd: enable large file support
+ - cmd/snap: handle missing snap-confine
+ - cmd/snap-confine: re-associate with pid-1 mount namespace if
+ required
+ - cmd/libsnap: make mountinfo structures public
+ - tests: fix interfaces-cups-control for zesty
+ - misc: revert "Log if the system goes into ForceDevMode"
+ - interfaces: seccomp tests cleanup
+ - cmd: validate SNAP_NAME
+ - interfaces: log if the system goes into ForceDevMode
+ - tests: fix classic-ubuntu-core-transition race
+ - interfaces: use apparmor spec in the apparmor backend
+ - interfaces: alphabetize framebuffer in base decl and add it to
+ all_test.go
+ - tests: add ubuntu-core-16-32 system to the external backend and
+ fix docker test
+ - cmd/libsnap: simplify sc_string_quote default case
+ - osutil: fix double expand in environment map code and add test
+ - interfaces: extend location-control out-of-process provider
+ support
+ - cmd/snap-update-ns: use bidirectional lists for mount entries
+ - tests: prevent automatic transition before setting the initial
+ state of the test
+ - release: detect if we are in ForcedDevMode by inspecting the
+ kernel
+ - tests: add core-snap-refresh test
+ - interfaces: add maliit input method interface
+ - interfaces: seccomp spec API tweaks for better tests
+ - interfaces: updates for mir-kiosk in browser-support, mir, opengl,
+ unity7
+ - testutils: address review feedback from PR#2997
+ - tests: specify the core version to be unsquashfs'ed in the
+ failover tests
+ - interfaces: use MockInfo in tests
+ - cmd/libsnap: add sc_quote_string
+ - cmd/snap-confine: use sc_do_umount everywhere
+ - interfaces: add unity8 plug permissions
+ - timeutil: a few helpers for the recurring events
+ - asserts: implement snap-developer type
+ - partition: deal with grub{,2}-editenv in tests
+ - many: add new (hidden) `snap debug ensure-state-soon` command and
+ use in tests
+ - interfaces/builtin: small refactor of dbus tests
+ - packaging, tests: use "systemctl list-unit-files --full"
+ everywhere
+ - many: some opensuse patches that are ready to go into master
+ - packaging: add opensuse permissions files
+ - client, daemon: move "snap list" name filtering into snapd.
+ - interfaces: use seccomp specs
+ - overlord/snapstate: small cleanup of
+ ensureForceDevmodeDropsDevmodeFromState
+ - interfaces/builtin/alsa: add read access to alsa state dir
+ - interfaces: use spec in kmod backend, updated firewall_control,
+ openvswitch_support, ppp
+ - cmd/snap-confine: use sc_do_mount everywhere
+ - tests: remove workaround for docker again, snap-declaration is
+ fixed now
+ - interfaces: interface to allow autopilot introspection
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 11 Apr 2017 13:31:46 +0200
+
+snapd (2.23.6) xenial; urgency=medium
+
+ * New upstream release, LP: #1673568
+ - cmd: use the most appropriate snap/snapctl sockets
+ - tests: fix interfaces-cups-control for zesty
+ - configstate,hookstate: timeout the configure hook after 5 mins,
+ report failures
+ - packaging: rename the file shipping snap-confine AA profile to
+ workaround dpkg bug #858004
+ - many: ignore configure hook failures on core refresh to ensure
+ upgrades are always possible
+ - snapstate: restart as needed if we undid unlinking aka relinked
+ core or kernel snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Mar 2017 15:30:35 +0200
+
+snapd (2.23.5) xenial; urgency=medium
+
+ * New upstream release, LP: #1673568
+ - allow "sync" in core-support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 18:13:43 +0100
+
+snapd (2.23.4) xenial; urgency=medium
+
+ * New upstream release, LP: #1673568
+ - fix core-support interface for the new pi-config options
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 16:05:57 +0100
+
+snapd (2.23.3) xenial; urgency=medium
+
+ * FTBFS due to missing files in vendor/
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:56:55 +0100
+
+snapd (2.23.2) xenial; urgency=medium
+
+ * New upstream release, LP: #1673568
+ - cmd/snap: handle missing snap-confine (#3041)
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:38:24 +0100
+
+snapd (2.23.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1665608
+ - packaging, tests: use "systemctl list-unit-files --full"
+ everywhere
+ - interfaces: fix default content attribute value
+ - tests: do not nuke the entire snapd.conf.d dir when changing
+ store settings
+ - hookstate: run the right "snap" command in the hookmanager
+ - snapstate: revert PR#2958, run configure hook again everywhere
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Mar 2017 14:29:56 +0100
+
+snapd (2.23) xenial; urgency=medium
+
+ * New upstream release, LP: #1665608
+ - overlord: phase 2 with 2nd setup-profiles and hook done after
+ restart for core installation
+ - data: re-add snapd.refresh.{timer,service} with weekly schedule
+ - interfaces: allow 'getent' by default with some missing dbs to
+ various interfaces
+ - overlord/snapstate: drop forced devmode
+ - snapstate: disable running the configure hook on classic for the
+ core snap
+ - ifacestate: re-generate apparmor in InterfaceManager.initialize()
+ - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
+ - interfaces/bluez,network-manager: implement ConnectedSlot policy
+ - cmd: add helpers for mounting / unmounting
+ - snapstate: error in LinkSnap() if revision is unset
+ - release: add linuxmint 18 to the non-devmode distros
+ - cmd: fixes to run correctly on opensuse
+ - interfaces: consistently use 'const' instead of 'var' for security
+ policy
+ - interfaces: miscellaneous policy updates for unity7, udisks2 and
+ browser-support
+ - interfaces/apparmor: compensate for kernel behavior change
+ - many: only tweak core config if hook exists
+ - overlord/hookstate: don't report a run hook output error without
+ any context
+ - cmd/snap-update-ns: move test data and helpers to new module
+ - vet: fix vet error on mount test.
+ - tests: empty init (systemd) failover test
+ - cmd: add .indent.pro file to the tree
+ - interfaces: specs for apparmor, seccomp, udev
+ - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
+ cmds
+ - tests: several improvements to the nested suite
+ - tests: do not use core for "All snaps up to date" check
+ - cmd/snap-update-ns: add function for sorting mount entries
+ - httputil: copy some headers over redirects
+ - data/selinux: merge SELinux policy module
+ - kmod: added Specification for kmod security backend
+ - tests: failover test for rc.local crash
+ - debian/tests: map snapd deb pockets to core snap channels for
+ autopkgtest
+ - many: switch channels on refresh if needed
+ - interfaces/builtin: add /boot/uboot/config.txt access to core-
+ support
+ - release: assume higher version of supported distros will still
+ work
+ - cmd/snap-update-ns: add compare function for mount entries
+ - tests: enable docker test
+ - tests: bail out if core snap is not installed
+ - interfaces: use mount.Entry instead of string snippets.
+ - osutil: trivial tweaks to build ID support
+ - many: display kernel version in 'snap version'
+ - osutil: add package for reading Build-ID
+ - snap: error when `snap list foo` is run and no snap is installed
+ - cmd/snap-confine: don't crash if nvidia module is loaded but
+ drivers are not available
+ - tests: update listing test for latest core snap version update
+ - overlord/hookstate/ctlcmd: helper function for creating a deep
+ copy of interface attributes
+ - interfaces: add a linux framebuffer interface
+ - cmd/snap, store: change error messages to reflect latest UX doc
+ - interfaces: initial unity8 interface
+ - asserts: improved information about assertions format in the
+ Decode doc comment
+ - snapstate: ensure snapstate.CanAutoRefresh is nil in tests
+ - mkversion.sh: Add support for taking the version as a parameter
+ - interfaces: add an interface for use by thumbnailer
+ - cmd/snap-confine: ensure that hostfs is root owned.
+ - screen-inhibit-control: add methods for delaying screensavers
+ - overlord: optional device registration and gadget support on
+ classic
+ - overlord: make seeding work also on classic, optionally
+ - image,cmd/snap: refactoring and initial envvar support to use
+ stores needing auth
+ - tests: add libvirt interface spread test
+ - cmd/libsnap: add helper for dropping permissions
+ - interfaces: misc updates for network-control, firewall-control,
+ unity7 and default policy
+ - interfaces: allow recv* and send* by default, accept4 with accept
+ and other cleanups
+ - interfaces/builtin: add classic-support interface
+ - store: use xdelta3 from core if available and not on the regular
+ system
+ - snap: add contact: line in `snap info`
+ - interfaces/builtin: add network-setup-control which allows rw
+ access to netplan
+ - unity7: support missing signals and methods for status icons
+ - cmd: autoconf for RHEL
+ - cmd/snap-confine: look for PROCFS_SUPER_MAGIC
+ - dirs: use the right snap mount dir for the distribution
+ - many: differentiate between "distro" and "core" libexecdir
+ - cmd: don't reexec on RHEL family
+ - config: make helpers reusable
+ - snap-exec: support nested environment variables in environment
+ - release: add galliumos support
+ - interfaces/builtin: more path options for serial
+ - i18n: look into core snaps when checking for translations
+ - tests: nested image testing
+ - tests: add basic test for docker
+ - hookstate,ifacestate: support snapctl set/get slot and plug attrs
+ (step 3)
+ - cmd/snap: add shell completion to connect
+ - cmd: add functions to load/save fstab-like files
+ - snap run: create "current" symlink in user data dir
+ - cmd: autoconf for centos
+ - tests: add more debug if ubuntu-core-upgrade fails
+ - tests: increase service retries
+ - packaging/ubuntu-14.04: inform user how to extend PATH with
+ /snap/bin.
+ - cmd: add helpers for working with mount/umount commands
+ - overlord/snapstate: prepare for using snap-update-ns
+ - cmd: use per-snap mount profile to populate the mount namespace
+ - overlord/ifacestate: setup seccomp security on startup
+ - interface/seccomp: sort combined snippets
+ - release: don't force devmode on LinuxMint "serena"
+ - tests: filter ubuntu-core systems for authenticated find-private
+ test
+ - interfaces/builtin/core-support: Allow modifying logind
+ configuration from the core snap
+ - tests: fix "snap managed" output check and suppress output from
+ expect in the authenticated login tests
+ - interfaces: shutdown: also allow shutdown/reboot/suspend via
+ logind
+ - cmd/snap-confine-tests: reformat test to pass shellcheck
+ - cmd: add sc_is_debug_enabled
+ - interfaces/mount: add dedicated mount entry type
+ - interfaces/core-support: allow modifying systemd-timesyncd and
+ sysctl configuration
+ - snap: improve message after `snap refresh pkg1 pkg2`
+ - tests: improve snap-env test
+ - interfaces/io-ports-control: use /dev/port, not /dev/ports
+ - interfaces/mount-observe: add quotactl with arg filtering (LP:
+ #1626359)
+ - interfaces/mount: generate per-snap mount profile
+ - tests: add spread test for delta downloads
+ - daemon: show "$snapname (delta)" in progress when downloading
+ deltas
+ - cmd: use safer functions in sc_mount_opt2str
+ - asserts: introduce a variant of model assertions for classic
+ systems
+ - interfaces/core-support: allow modifying snap rsyslog
+ configuration
+ - interfaces: remove some syscalls already in the default policy
+ plus comment cleanups
+ - interfaces: miscellaneous updates for hardware-observe, kernel-
+ module-control, unity7 and default
+ - snap-confine: add the key for which hsearch_r fails
+ - snap: improve the error message for `snap try`
+ - tests: fix pattern and use MATCH in find-private
+ - tests: stop tying setting up staging store access to the setup of
+ the state tarball
+ - tests: add regression spread test for #1660941
+ - interfaces/default: don't allow TIOCSTI ioctl
+ - interfaces: allow nice/setpriority to 0-19 values for calling
+ process by default
+ - tests: improve debug when the core transition test hangs
+ - tests: disable ubuntu-core->core transition on ppc64el (its just
+ too slow)
+ - snapstate: move refresh from a systemd timer to the internal
+ snapstate Ensure()
+ - tests/lib/fakestore/refresh: some more info when we fail to copy
+ asserts
+ - overlord/devicestate: backoff between retries if the server seems
+ to have refused the serial-request
+ - image: check kernel/gadget publisher vs model brand, warn on store
+ disconnected snaps
+ - vendor: move gettext.go back to github.com/ojii/gettext.go
+ - store: retry on 502 http response as well
+ - tests: increase snap-service kill-timeout
+ - store,osutil: use new osutil.ExecutableExists(exe) check to only
+ use deltas if xdelta3 is present
+ - cmd: fix autogen.sh on fedora
+ - overlord/devicemgr: fix test: setup account-key before using the
+ key for signing
+ - cmd: add /usr/local/* to PATH
+ - cmd: add sc_string_append
+ - asserts: support for correctly suggesting format 2 for snap-
+ declaration
+ - interfaces: port mount backend to new APIs, unify content of per
+ app/hook profiles
+ - overlord/devicestate: implement policy about gadget and kernel
+ matching the model
+ - interfaces: allow sched_setscheduler again by default
+ - debian: update breaks/replaces for snap-confine->snapd
+ - debian: move the snap-confine packaging into snapd
+ - 14.04/integrationtests: rely on upstart to restart ssh.
+ - store: enable download deltas on classic by default
+ - spread: add unit suite
+ - snapctl: add config in client to disable auth and use it in
+ snapctl
+ - overlord/ifacestate: register all security backends with the
+ repository
+ - overlord,tests: have enable/disable affect security profiles
+ - tests: install ubuntu-core from the same channel as core
+ - overlord: move configstate.Transaction into config package
+ - seccomp-support.c: add PF_* domains which can be used instead of
+ AF_*
+ - store: always log retry summary when SNAPD_DEBUG is set
+ - tests: parameterize kernel snap channel
+ - snapenv: do not append ":" to the SNAP_LIBRARY_PATH
+ - interfaces/builtin: refine the content interface rules using $SLOT
+ - asserts,interfaces/policy: add support for
+ $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
+ support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
+ constraints in plugs and slots rules in snap-declarations:
+ - cmd/snap-confine: add snap-confine command line parser module
+ - tests: remove (some) garbage files found by restore cleanup
+ analysis
+ - cmd: fix issues uncovered by valgrind
+ - tests: fix typo in systems name
+ - cmd: collect string utilities in one module, add missing tests
+ - cmd: rename mountinfo to sc_mountinfo
+ - tests: allow to install snapd debs from a ppa instead of building
+ them
+ - spread: remove state tar on project restore
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 12:21:42 +0100
+
+snapd (2.22.7) xenial; urgency=medium
+
+ * New upstream release:
+ - errtracker,overlord/snapstate: more info in errtracker reports
+ - interfaces/apparmor: compensate for kernel behavior change
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 24 Feb 2017 19:24:11 +0100
+
+snapd (2.22.6) xenial; urgency=medium
+
+ * New upstream release, LP: #1667105
+ - overlord/ifacestate: don't fail if affected snap is gone
+ - revert #2910: osutil: add package for reading Build-ID (#2918)
+ - errtracker: include the build-id of host and core snapd (#2912)
+ - errtracker: include the number of ubuntu-core -> core retries
+ (#2915)
+ - snapstate: retry ubuntu-core -> core transition every 6h (#2914)
+ - osutil: add package for reading Build-ID (#2910)
+ - errtracker: include kernel version in error reports (#2905)
+ - release: return "unknown" if uname fails
+ - many: rebased uname branch for 2.22
+ - errtracker: include snapd version in err reports
+ - overlord/ifacestate: don't unconditionally retry stuff (#2906)
+ - snapstate: fix incorrect cut of the timestamps for the error
+ reports (#2908)
+ - tests: update listing test for latest core snap version update
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Wed, 22 Feb 2017 23:34:23 +0100
+
+snapd (2.22.5) xenial; urgency=medium
+
+ * Fix FTBFS due to machine-id file
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 21 Feb 2017 09:43:42 +0100
+
+snapd (2.22.4) xenial; urgency=medium
+
+ * New bugfix release:
+ - errtracker: add support for error reporting via daisy.ubuntu.com
+ - snapstate: allow for 6 retries for the core transition
+ - httputils: ensure User-Agent works across redirects
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 21 Feb 2017 09:07:10 +0100
+
+snapd (2.22.3) xenial; urgency=medium
+
+ * New bugfix release, LP: #1665729:
+ - Limit the number of retries for the ubuntu-core -> core
+ transition to fix possible store overload.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 18:58:34 +0100
+
+snapd (2.22.2) xenial; urgency=medium
+
+ * New upstream release, LP: #1659522
+ - cherry pick fix for sched_setscheduler regression
+ (LP: #1661265)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Feb 2017 17:13:51 +0100
+
+snapd (2.22.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1659522
+ - cherry pick fix for snapctl auth.json handling
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Feb 2017 17:09:31 +0100
+
+snapd (2.22) xenial; urgency=medium
+
+ * New upstream release, LP: #1659522
+ - many: make ubuntu-core-launcher mostly go
+ - interfaces/builtin: add account-control interface
+ - interfaces/builtin: add missing syscalls to core-support needed
+ for systemctl
+ - interfaces/builtin: rework core-support to only allow full access
+ to systemctl
+ - debian/tests: drop stale autopkgtest dependencies.
+ - tests: make the debugging of c-unit-tests more useful
+ - store: retry auth-related requests
+ - tests: integration test for system reload
+ - snap: be more helpful in the `snap install <already-installed>`
+ error message
+ - tests: set SNAPPY_USE_STAGING_STORE in su call
+ - tests: use test snap
+ - spread: set SNAPD_DEBUG=1 in the core snap as well
+ - tests: add extra debugging to security-setuid-root test
+ - cmd,snap,wrappers: systemd reload command support
+ - interfaces: builtin: mir: Allow recv and send
+ - overlord/ifacestate: use ParseConnRef
+ - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
+ -> core transition
+ - debian: remove aliases as well in snapd.postrm
+ - many: change interfaces.ParseID to return value
+ - interfaces/opengl: allow access to the nvidia abstract socket
+ - overlord, daemon: flag failures feature fancy forms.
+ - many: add --classic support to try and revert, and make missing
+ these things a little harder
+ - interfaces: allow reading non-PCI-attached usb devices via raw-usb
+ - many: rename snap-alter-ns to snap-update-ns
+ - interfaces/builtin: add core-support
+ - store: increase the retry.LimitTime()
+ - debian: move the packaging out into package/$id-$version_id
+ - overlord/stapstate: don't use unkeyed fields
+ - many: add stub implementation of snap-alter-ns
+ - asserts: improve error message when key is not valid at the given
+ time
+ - snapstate, ifacestate: add snapstate.CheckChangeConflict() to
+ ifacestate.{Connect,Disconnect}
+ - debian: remove trusty specific bits
+ - docs: Add a note about building snapd.
+ - interfaces: miscellaneous updates for default and network-control
+ - daemon: bubble out store.ErrSnapNotFound in the findOne codepath
+ - store: add retry logging into download as well
+ - snap: show price in `snap info`
+ - cmd: add fault injection support code
+ - interfaces: network-manager: allow rw access to /etc/netplan
+ - debian: move systemd files out of ./debian and into ./data/systemd
+ - asserts: implement SuggestFormat to help avoid specifying the
+ wrong format iteration for an assertion
+ - many: detect potentially insecure use of snap-confine
+ - interfaces: allow querying added security backends
+ - cmd: ensure that all .c files have a -test.c file
+ - asserts: don't use 'context' for the path of attributes, want to
+ reuse the concept for something else
+ - interfaces: abbreviate ConnRef construction
+ - tests: ensure systemd override directory is available before using
+ it
+ - cmd: more build system cleanups and a small fix
+ - tests: increase retries for service up
+ - cmd: move seccomp cleanup function to seccomp-support
+ - many: auto-connect plugs and slots symmetrically
+ - overlord: use a ticker for the pruning
+ - interfaces/builtin: add uhid interface
+ - cmd/snap-confine: add shutdown helper
+ - tests: fix path used when debugging
+ - cmd: switch to non-recursive make
+ - overlord/ifacestate: setup security of snaps affected by auto-
+ connection
+ - spread: refresh apt cache before first install
+ - overlord: allow max 500 changes in "ready" state to avoid growing
+ changes for 24h
+ - snap: add {Plug,Slot}Info.SecurityTags
+ - cmd: move snap-discard-ns to dedicated directory
+ - tests: skip i18n test when no "snappy.mo" file is available
+ - interfaces,overlord/ifacestate: small refactor around reference
+ methods
+ - tests: remove the snapd dirs last (should fix random test errors)
+ - interfaces: mm: permissions for protocol proxies
+ - interfaces/builtin: add evolution interfaces
+ - many: extract the logging http client and user-agent handling for
+ use in devicestate
+ - interfaces: unity8-download-manager is the chosen name for this
+ interface.
+ - tests: add "quiet" wrapper function that only prints output on
+ failure
+ - tests: fix failing snapd-reexec test
+ - docs: simplify HACKING.md that snapd itself supports setting up
+ the sockets
+ - overlord: flag required-snaps from model as required and prevent
+ removing them
+ - spread: exclude .o and .a files
+ - tests: parameterize remote store
+ - cmd: fix hardcoded paths to rst2man and support rst2man.py
+ - tests: improve debug output when reexec is used
+ - tests: disable ipv6 before unpacking delta
+ - interfaces: add new interface API
+ - tests: change TRUST_TEST_KEYS to be controlled from the host
+ - spread: add boilerplate for Linode delta uploads
+ - wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
+ extension
+ - partition: add support for native grubenv read/write and use it
+ - tests: add test ensuring manual pages are shipped
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 27 Jan 2017 23:18:57 +0100
+
+snapd (2.21-2) unstable; urgency=medium
+
+ * Modify snap-confine's apparmor rules to work on Debian when apparmor is
+ enabled on the kernel command line.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 25 Jan 2017 10:26:51 +1300
+
+snapd (2.21-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Disable i18n so the package can build in stretch without new packages.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 16 Jan 2017 11:15:32 +1300
+
+snapd (2.21) xenial; urgency=medium
+
+ * New upstream release, LP: #1656382
+ - daemon: re-enable reexec
+ - interfaces: allow reading installed files from previous revisions
+ by default
+ - daemon: make activation optional
+ - tests: run all snap-confine tests in c-unit-tests task
+ - many: fix abbreviated forms of disconnect
+ - tests: switch more tests to MATCH
+ - store: export userAgent. daemon: print store.UserAgent() on
+ startup.
+ - tests: test classic confinement `snap list` and `snap info`
+ output
+ - debian: skip snap-confine unit tests on nocheck
+ - overlord/snapstate: share code between Update and UpdateMany, so
+ that it deals with auto-aliases correctly
+ - interfaces: upower-observe: refactor to allow snaps to provide a
+ slot
+ - tests: add end-to-end store test for classic confinement
+ - overlord,overlord/snapstate: have UpdateMany retire/enable auto-
+ aliases even without new revision
+ - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
+ /run/udev
+ - interfaces/builtin: add physical-memory-* and io-ports-control
+ - interfaces: allow getsockopt by default since it is so commonly
+ used
+ - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
+ refresh" of a classic snap
+ - interfaces: allow read/write access of real-time clock with time-
+ control interface
+ - store: request no CDN via a header using SNAPPY_STORE_NO_CDN
+ envvar
+ - snap: add information about tracking channel (not just actual
+ channel)
+ - interfaces: use fewer dot imports
+ - overlord/snapstate: remove restrictions on ResetAliases
+ - overlord, store: move confinement filtering to the overlord (from
+ The Store)
+ - many: move interface test helpers to ifacetest package
+ - many: implement 'snap aliases'
+ - vet: fix for unkeyed fields error on aliases_test.go
+ - interfaces: miscellaneous policy updates for network-control,
+ unity7, pulseaudio, default and home
+ - tests: test for auto-aliases
+ - interface hooks: connect plug slot hooks (step 2)
+ - cmd/snap: fix internal naming in snap connect
+ - snap: use "size" as the json tag in snap.ChannelSnapInfo
+ - tests: restore the missing initialization of iface manager causing
+ race
+ - snap: fix missing sizes in `snap info <remote-snap>`
+ - tests: improve cleanup for c-unit-tests
+ - cmd/snap-confine: build non-installed libsnap-confine-private.a
+ - cmd/snap-confine: small tweaks to seccomp support code
+ - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
+ - many: obtain installed snaps developer/publisher username through
+ assertions
+ - store: setting of fields for details endpoint
+ - cmd/snap-confine: check for rst2man on configure
+ - snap: show `snap --help` output when just running `snap`
+ - interface/builtin: drop the obsolete checks in udisks2
+ SanitizeSlot
+ - cmd/snap: remove currency switch following UX review
+ - spread: find top-level directory before running generate-
+ packaging-dir
+ - interface hooks: prepare plug slot hooks (step 1)
+ - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
+ cgo
+ - many: put a marker in the User-Agent sent by snapd/snap when under
+ testingThe User-Agent will look like:
+ - tests: fix -reuse and -resend when govendor is missing
+ - snap: provide friendlier `snap find` message when no snaps are
+ found
+ - tests: fix mkversions.sh failure on zesty
+ - spread: install build-essential unconditionally
+ - spread: improve qemu ubuntu-14.04-{32,64} support
+ - overlord/snapstate,daemon: implement GET /v2/aliases handling
+ - store: retry user info request
+ - tests: port more snap-confine regression tests
+ - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
+ and restore state
+ - tests: debug zesty autopkgtest failures
+ - overlord/snapstate: use keyed fields on literals
+ - tests: use MATCH in install-remove-multi
+ - tests: increase wait time for service to be up
+ - tests: make debug-each succeed if DENIED doesn't match
+ - tests: skip packaging dir generation for non-git based autopkgtest
+ runs
+ - tests: port refresh-all-undo to MATCH
+ - tests: improve snap connect test
+ - tests: port additional snap-confine regression tests
+ - tests: show --version when it matches unknown
+ - tests: optionally use apt proxy for qemu
+ - tests: add hello-classic test
+ - many: behave more consistently when pointed to staging and
+ possibly the fake store
+ - overlord/ifacestate: remove stale comments
+ - interfaces/apparmor: ignore snippets in classic confinement
+ - tests: port first regression test from snap-confine
+ - cmd/snap-confine: disable old tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Jan 2017 19:39:51 +0100
+
+snapd (2.20.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1648520
+ - tests: enable the ppc64el tests again
+ - tests: add classic confinement test
+ - tests: run snap confine tests in debian/rules already
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Dec 2016 11:53:29 +0100
+
+snapd (2.20-2) unstable; urgency=medium
+
+ * Replace unversioned Conflicts on snap package with versioned
+ Breaks/Replaces, now that snap has dropped /usr/bin/snap.
+ Closes: #849162.
+
+ -- Steve Langasek <vorlon@debian.org> Sun, 25 Dec 2016 17:50:25 -0600
+
+snapd (2.20-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer
+ golang-go-flags-dev in unstable.
+ * Explicitly include 'udev' in Build-Depends.
+ * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 19 Dec 2016 11:43:55 +1300
+
+snapd (2.20) xenial; urgency=medium
+
+ * New upstream release, LP: #1648520
+ - many: implement "snap alias --reset" using snapstate.ResetAliases
+ - debian: use a packaging branch for 14.04
+ - store: retry downloads on io.Copy errors and sha3 checksum errors
+ - snap: show apps in `snap info`
+ - store: send an explicit X-Ubuntu-Classic header to the store
+ - overlord/snapstate: implement snapstate.ResetAliases
+ - interfaces/builtin: add dbus interface
+ - tests: fix tests on 17.04
+ - store: use mocked retry strategy to make store tests faster
+ - overlord: apply auto-aliases information from the snap-declaration
+ on install or refresh
+ - many: prepare landing on trusty
+ - many: implement snap unalias using snapstate.Unalias
+ - overlord/snapstate: fixing the placement/grouping of some
+ functions
+ - interfaces: support network namespaces via 'ip netns' in network-
+ control
+ - interfaces/builtin: fix pulseaudio apparmor rules
+ - interfaces/builtin: add iio interface
+ - tests: update custom core snap with the freshly build snap-confine
+ - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
+ - overlord,overlord/snapstate: implement snapstate.Unalias by
+ generalizing the "alias" task
+ - interfaces: misc openstack snap enablement
+ - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
+ - notifications, daemon: kill the unsupported events endpoint
+ - client: only allow Dangerous option in InstallPath
+ - overlord/ifacestate: no interface checks if no snap id
+ - many: implement alias command
+ - snap: tweak snap install output as designed by Mark
+ - debian: fix Pre-Depends on dpkg
+ - tests: check if snap-confine --version is unknown
+ - cmd/snap-confine: allow content interface mounts
+ - tests: remove ppa:snappy-dev/image again
+ - interfaces/apparmor: allow access to core snap
+ - tests: remove snap-confine/ubuntu-core-launcher after the tests
+ - overlord,overlord/snapstate: implement snapstate.Alias
+ - cmd/snap: reject "snap disconnect foo"
+ - debian: add split ubuntu-core-launcher and snap-confine packages
+ - cmd: fix mkversion.sh and add regression test
+ - overlord/snapstate: setup/remove aliases as we link/unlink snaps
+ - cmd/snap,tests: alias support in snap run
+ - snap/snapenv: don't obscure HOME if snap uses classic confinement
+ - store: decode response.Body json inside retry loops
+ - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
+ - vendor: update tomb package fixing context support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 15 Dec 2016 22:07:08 +0100
+
+snapd (2.19) xenial; urgency=medium
+
+ * New upstream release, LP: #1648520
+ - cmd/snap-confine: disable support for XDG_RUNTIME_DIR
+ - cmd/snap-confine/tests: fix stale path after move to snapd
+ - cmd/snap-confine: don't use __attribute__((nonull))
+ - snap: add description to `snap info`
+ - snap: show last refresh time
+ - store: switch default delta format from xdelta to xdelta3
+ - interfaces: fix system-observe interface to work with ps_mem
+ - debian: add missing ca-certificates dependency
+ - cmd/snap-confine: add support for classic confinement
+ - snapstate/backend: add backend methods to manage aliases
+ - tests: re-enable snap-confine unit tests via spread
+ - many: merge snap-confine into snapd
+ - many: add support for classic confinement
+ - snap: abort install with ctrl+c
+ - cmd/snap: change terms accept URL following UX review
+ - interfaces/apparmor: use distinct apparmor template for classic
+ - snap: add snap size to `snap info`
+ - interfaces: add unconfined access to modem-manager
+ - snap: support for parsing and exposing on snap.Info aliases
+ - debian: disable autopkgtests on ppc64el
+ - snap: disable support for socket activation
+ - tests: fix incorrect restore of the current symlink
+ - asserts: introduce auto-aliases header in snap-declaration
+ - interfaces/seccomp: add support for classic confinement
+ - tests: do not use external snaps
+ - daemon: close the dup()ed file descriptor to not leak it
+ - overlord, daemon, progress: enable building snapd without CGO
+ - daemon, store: let snap info find things in any channel
+ - store: retry tweaks and logging
+ - snap: Improve `snap --help` output as designed by Mark
+ - interfaces/builtin: fix incorrect udev rule in i2c
+ - overlord: increase test timeout and improve failure message
+ - snap: remove unused experimental command
+ - debian: remove unneeded conflict against the "snappy" package
+ - daemon, strutil: move daemon.quotedNames to strutil.Quoted
+ - docs: document SNAP_DEBUG_HTTP in HACKING.md
+ - cmd/snap: have some completers
+ - snap: support "daemon: notify" in snap.yaml
+ - snap: fix try command when daemon linie is added
+ - interfaces: apparmor support for classic confinement
+ - debian/rules: build with -buildoptions=pie
+ - tests: include /boot in saved state (including bootenv and any
+ kernels)
+ - daemon: ensure `snap try` installs core if it's missing
+ - tests: save/restore /snap/core/current symlink
+ - tests: decrease the number of expected featured apps
+ - tests: add set -e to the prepare ssh script
+ - cmd/snap: add tests for section completion; fix bugs.
+ - cmd/snap: document 'snap list --all'
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Dec 2016 16:16:04 +0100
+
+snapd (2.18.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1644625
+ - daemon: fix crash when `snap refresh` contains a single update
+ - fix unhandled error from io.Copy() in download()
+ - interfaces/builtin: fix incorrect udev rule in i2c
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 05 Dec 2016 15:04:13 +0100
+
+snapd (2.18) xenial; urgency=medium
+
+ * New upstream release, LP: #1644625
+ - store: retry on io.EOF
+ - tests: skip pty tests on ppc64el and powerpc
+ - client, cmd/snap: introducing "snap info"
+ - snap: do exit 0 on install/remove if that snap is already
+ installed or already removed
+ - snap: add `snap watch <change-id>` to attach to a running change
+ - store: retry downloads using retry loop
+ - snap: try doesn't require snap-dir when run in snap's directory
+ - daemon: show what will change in the "refresh-all" changes
+ - tests: disable autorefresh for the external backend
+ - snap: add `snap list -a` to show all snaps (even inactive ones)
+ - many: unify boolean env var handling
+ - overlord/ifacestate: don't setup jailmode snaps with devmode
+ confinement
+ - snapstate: do not garbage collect the snaps used by the bootenv
+ - debian: drop hard xdelta dependency for now
+ - snap: make `snap login` ask for email if not given as argument
+ - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
+ go-arch)
+ - many: rename DevmodeConfinement to DevModeConfinement
+ - store: resp.Body.Close() missing in ReadyToBuy
+ - many: use ConfinementOptions instead of ConfinementType
+ - snap, daemon, store: fake the channel map in the REST API
+ - misc: run github.com/gordonklaus/ineffassign as part of the static
+ checks
+ - docs: add goreportcard badge and remove coveralls badge
+ - tests: force gofmt -s in static checks
+ - many: run gofmt -s -w on all the code
+ - store: DRY actual retry code
+ - many: fix various errors uncovered by goreportcard.com
+ - interfaces/builtin: allow additional shared memory for webkit
+ - many: some more missing snapState->snapst
+ - asserts: introduce an optional freeform display-name for model
+ - interfaces/builtin: rename usb-raw to raw-usb
+ - progress: init pbar with correct total value
+ - daemon/api.go: add quotedNames() helper
+ - interfaces: add ConfinementOptions type
+ - tests: add a test about the extra bits that prepare-device can
+ specify for device registration
+ - tests: check that gpio device nodes are exported after reboot
+ - tests: parameterize core channel with env var for classic too
+ - many: rename variable "ss" to "snapsup" or "snapst" or "st"
+ (depending on context)
+ - tests: do not use external snaps in spread
+ - store: retry buy request
+ - store: retry store.Find
+ - store: retry assertion store call
+ - store: retry call for snap details
+ - many: use snap.ConfinementType rather than bool devmode
+ - daemon: if a bad snap is posted it is not an internal error but a
+ bad request
+ - client: add "Snap.Screenshots" to the client API
+ - interfaces: update base declaration documentation and policy for
+ on-classic and snap-type
+ - store: check payment method before TOS for a better UX
+ - interfaces: allow sched_setaffinity in process-control
+ - tests: parameterize core channel with env var
+ - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
+ - interfaces: fcitx also listens on the session bus for Qt apps
+ - store: retry ListRefresh
+ - snap: use "Password of <email>:" in the `snap login`
+ - many: reshuffle how we load/inject tests keys so image doesn't
+ need assertstate anymore
+ - store: use range requests if we have a local file already
+ - dirs,interfaces,overlord,snap,snapenv,test: export per-snap
+ XDG_RUNTIME_DIR per user
+ - osutil: make RealUser only look at SUDO_USER when uid==0
+ - tests: do not use the ppa:snappy-dev/image in the tests
+ - store: retry readyToBuy request
+ - tests: increase `expect` timeouts
+ - static tests: add spell check
+ - tests: add debug to all flaky expect tests
+ - systemd: correct the mount arguments when mounting with squashfuse
+ - interfaces: add avahi-observe
+ - store: bring delta downloads back
+ - interfaces: add alsa
+ - interfaces/builtin: fix a broken test that snuck into master
+ - osutil: add chattr funcs
+ - image: init "snap_mode" on image creation time to avoid ugly
+ messages
+ - tests: test-snapd-fuse-consumer needs python-fuse as a build-
+ package
+ - interfaces/builtin: add i2c interface
+ - interfaces: add ofono interface
+ - tests: do not use hello-world in our tests
+ - snap: add support for classic confinement
+ - interfaces: remove LegacyAutoConnect() from the interfaces
+ - interfaces: miscellaneous policy updates
+ - tests: run autopkgtests in the autopkgtest.ubuntu.com
+ infrastructure
+ - Implement lxd-client interface exposing the lxd snap
+ - asserts: validate optional account username
+ - many: remove unnecessary snap name parameter from buying endpoint
+ - tests: do not hardcode the size of /dev/ram0
+ - tests: add test that ensures the right content for /etc/os-release
+ - spread tests: fix snap mode check
+ - docs: fix path for source files location in HACKING.md
+ - interfaces/builtin/mir: allow slot to make recvfrom syscalls
+ - store: sections/featured snaps store support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 24 Nov 2016 19:43:08 +0100
+
+snapd (2.17.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1637215:
+ - release: os-release on core has changed
+ - tests: /dev/ptmx does not work on powerpc, skip here
+ - docs: moved to github.com/snapcore/snapd/wiki (#2258)
+ - debian: golang is not installable on powerpc, use golang-any
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Nov 2016 18:13:10 +0200
+
+snapd (2.17) xenial; urgency=medium
+
+ * New upstream release, LP: #1637215:
+ - overlord/ifacestate: add unit tests for undo of setup-snap-
+ security (#2243)
+ - daemon,overlord,snap,tests: download to .partial in final dir
+ (#2237)
+ - overlord/state: marshaling tests for lanes (#2245)
+ - overlord/state: introduce state lanes (#2241)
+ - overlord/snapstate: fix revert+refresh (#2224)
+ - interfaces/sytemd: enable/disable generated service units (#2229)
+ - many: fix incorrect security files generation on undo
+ - overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
+ - interfaces: network-manager: give slot full read-write access to
+ /run/NetworkManager
+ - docs: update the name of the command for the cross-build
+ - overlord/snapstate: fix missing argument to Noticef
+ - snapstate: ensure gadget/core/kernel can not be disabled (#2218)
+ - asserts: limit to 1y only if len(models) == 0 (#2219)
+ - debian: only install share/locale if available (missing on
+ powerpc)
+ - overlrod/snapstate: fix revert followed by refresh to old-current
+ (#2214)
+ - interfaces/builtin: network-manager and bluez can change hostname
+ (#2204)
+ - snap: switch the auto-import dir to /run/snapd/auto-import
+ - docs: less details about cloud.cfg as requested in trello (#2206)
+ - spread.yaml: Ensure ubuntu user has passwordless sudo for
+ autopkgtests (#2201)
+ - interfaces/builtin: add dcdbas-control interface
+ - boot: do not set boot to try mode if the revision is unchanged
+ - interfaces: add shutdown interface (#2162)
+ - interfaces: add system-power-control interface
+ - many: use the new systemd backend for configuring GPIOs
+ - overlord/ifacestate: setup security for slots before plugs
+ - snap: spool assertion candidates if snapd is not up yet
+ - store,daemon,overlord: download things to a partials dir
+ - asserts,daemon: implement system-user-authority header/concept
+ - interfaces/builtin: home base declaration rule using on-classic
+ for its policy
+ - interfaces/builtin: finish decl based checks
+ - asserts: bump snap-declaration to allow signing with new-style
+ plugs and slots
+ - overlord: checks for kernel installation/refresh based on model
+ assertion and previous kernel
+ - tests/lib/fakestore: fix logic to distinguish assertion not found
+ errors
+ - client: add a few explicit error types (around the request cycle)
+ - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
+ - overlord/snapstate: two bugs for one
+ - snappy: disable auto-import of assertions on classic (#2122)
+ - overlord/snapstate: move trash cleanup to a cleanup handler
+ (#2173)
+ - daemon: make create-user --known fail on classic without --force-
+ managed (#2123)
+ - asserts,interfaces/policy: implement on-classic plug/slot
+ constraints
+ - overlord: check that the first installed gadget matches the model
+ assertion
+ - tests: use the snapd-control-consumer snap from the store
+ - cmd/snap: make snap run not talk to snapd for finding the revision
+ - snap/squashfs: try to hard link instead of copying. Also, switch
+ to osutil.CopyFile for cp invocation.
+ - store: send supported max-format when retrieving assertions
+ - snapstate, devicestate: do not remove seed
+ - boot,image,overlord,partition: read/write boot variables in single
+ operation
+ - tests: reenable ubuntu-core tests on qemu
+ - asserts,interfaces/policy: allow OR-ing of subrule constraints in
+ plug/slot rules
+ - many: move from flags as ints to flags as structs-of-bools (#2156)
+ - many: add supports for keeping and finding assertions with
+ different format iterations
+ - snap: stop using ubuntu-core-launcher, use snap-confine
+ - many: introduce an assertion format iteration concept, refuse to
+ add unsupported assertion
+ - interfaces: tweak wording and comment
+ - spread.yaml: dump apparmor denials on spread failure
+ - tests: unflake ubuntu-core-reboot (#2150)
+ - cmd/snap: tweak unknown command error message (#2139)
+ - client,daemon,cmd: add payment-declined error kind (#2107)
+ - cmd/snap: update remove command help (#2145)
+ - many: removed frameworks target and fixed service files (#2138)
+ - asserts,snap: validate attributes to a JSON-compatible type subset
+ (#2140)
+ - asserts: remove unused serial-proof type
+ - tests: skip auto-import tests on systems without test keys (#2142)
+ - overlord/devicestate: don't spam the debug log on classic (#2141)
+ - cmd/snap: simplify auto-import mountinfo parsing (#2135)
+ - tests: run ubuntu-core upgrades on isolated machine (#2137)
+ - overlord/devicestate: recover seeding from old external approach
+ (#2134)
+ - overlord: merge overlord/boot pkg into overlord/devicestate
+ (#2118)
+ - daemon: add postCreateUserSuite test suite (#2124)
+ - tests: abort tests if an update process is scheduled (#2119)
+ - snapstate: avoid reboots if nothing in the boot setup has changed
+ (#2117)
+ - cmd/snap: do not auto-import from loop or non-dev devices (#2121)
+ - tests: add spread test for `snap auto-import` (#2126)
+ - tests: add test for auto-mount assertion import (#2127)
+ - osutil: add missing unit tests for IsMounted (#2133)
+ - tests: check for failure creating user on managed ubuntu-core
+ systems (#2096)
+ - snap: ignore /dev/loop addings from udev (#2111)
+ - tests: remove snapd.boot-ok reference (#2109)
+ - tests: enable tests related to the home interface in all-snaps
+ (#2106)
+ - snapstate: only import defaults from gadget on install (#2105)
+ - many: move firstboot code into the snapd daemon (#2033)
+ - store: send correct JSON type of string for expected payment
+ amount (#2103)
+ - cmd/snap: rename is-managed to managed and tune (#2102)
+ - interfaces,overlord/ifacestate: initial cleaning up of no arg
+ AutoConnect related bits (#2090)
+ - client, cmd: prompt for password when buying (#2086)
+ - snapstate: fix hanging `snap remove` if snap is no longer mounted
+ - image: support gadget specific cloud.conf file (#2101)
+ - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
+ - store: local users download from the anonymous url (#2100)
+ - docs/hooks.md: fix typos (#2099)
+ - many: check installation of slots and plugs against declarations
+ - docs: fix missing "=" in the systemd-active docs
+ - store: do not set store auth for local users (#2092)
+ - interfaces,overlord/ifacestate: use declaration-based checking for
+ auto-connect (#2071)
+ - overlord, daemon, snap: support gadget config defaults (#2082)The
+ main semantic changes are:
+ - tests: fix snap-disconnect tests after core rename (#2088)
+ - client,daemon,overlord,cmd: add /v2/users and create-user on auto-
+ import (#2074)
+ - many: abbreviated forms of disconnect (#2066)
+ - asserts: require lowercase model until insensitive matching is
+ ready (#2076)
+ - cmd/snap: add version command, same as --version (#2075)
+ - all: use "core" by default but allow "ubuntu-core" still (#2070)
+ - overlord/devicestate, docs/hooks.md: nest prepare-device
+ configuration options
+ - daemon: fix login API to return local macaroons (#2078)
+ - daemon: do not hardcode UID in userLookup (#2080)
+ - client, cmd: connect fixes (#2026)
+ - many: preparations for switching most of autoconnect to use the
+ declarationsfor now:
+ - overlord/auth: update CheckMacaroon to verify local snapd
+ macaroons (#2069)
+ - cmd/snap: trivial auto-import and download tweaks (#2067)
+ - interfaces: add repo.ResolveConnect that handles name resolution
+ - interfaces/policy: introduce InstallCandidate and its checks
+ - interfaces/policy,overlord: check connection requests against the
+ declarations in ifacestate
+ - many: setup snapd macaroon for local users (#2051)Next step: do
+ snapd macaroons verification.
+ - interfaces/policy: implement snap-id/publisher-id checks
+ - many: change Connect to take ConnRef instead of strings (#2060)
+ - snap: auto mount block devices and import assertions (#2047)
+ - daemon: add `snap create-user --force-managed` support (#2041)
+ - docs: remove references to removed buying features (#2057)
+ - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
+ iface (#2063)
+ - interfaces: add Plug/Slot/Connection reference helpers (#2056)
+ - client,daemon,cmd/snap: improve create-user APIs (#2054)
+ - many: introduce snap refresh --ignore-validation <snap> to
+ override refresh validation (#2052)
+ - daemon: add support for `snap create-user --known` (#2040)
+ - interfaces/policy: start of interface policy checking code based
+ on declarations (#2050)
+ - overlord/configstate: support nested configuration (#2039)
+ - asserts,interfaces/builtin,overlord/assertstate: introduce base-
+ declaration (#2037)
+ - interfaces: builtin: Allow writing DHCP lease files to
+ /run/NetworkManager/dhcp (#2049)
+ - many: remove all traces of the /v2/buy/methods endpoint (#2045)
+ - tests: add external spread backend (#1918)
+ - asserts: parse the slot rules in snap-declarations (#2035)
+ - interfaces: allow read of /etc/ld.so.preload by default for armhf
+ on series 16 (#2048)
+ - store: change purchase to order and store clean up first pass
+ (#2043)
+ - daemon, store: switch to new store APIs in snapd (#2036)
+ - many: add email to UserState (#2038)
+ - asserts: support parsing the plugs stanza i.e. plug rules in snap-
+ declarations (#2027)
+ - store: apply deltas if explicitly enabled (#2031)
+ - tests: fix create-key/snap-sign test isolation (#2032)
+ - snap/implicit: don't restrict the camera iface to classic (#2025)
+ - client, cmd: change buy command to match UX document (#2011)
+ - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
+ - store: download deltas if explicitly enabled (#2017)
+ - many: allow use of the system user assertion with create-user
+ (#1990)
+ - asserts,overlord,snap: add prepare-device hook for device
+ registration (#2005)
+ - debian: adjust packaging for trusty/deputy systemd (#2003)
+ - asserts: introduce AttributeConstraints (#2015)
+ - interface/builtin: access system bus on screen-inhibit-control
+ - tests: add firewall-control interface test (#2009)
+ - snapstate: pass errors from ListRefresh in updateInfo (#2018)
+ - README: add links to IRC, mailing list and social media (#2022)
+ - docs: add `configure` hook to hooks list (#2024)LP: #1596629
+ - cmd/snap,configstate: rename apply-config variables to configure.
+ (#2023)
+ - store: retry download on 500 (#2019)
+ - interfaces/builtin: support time and date settings via
+ 'org.freedesktop.timedate1 (#1832)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Nov 2016 01:17:36 +0200
+
+snapd (2.16-1) unstable; urgency=medium
+
+ [ Michael Hudson-Doyle ]
+ * New upstream release.
+ * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb.
+ * Switch to unconditional conflict against `snap` (Closes: #826884)
+ * Update Vcs-Git and Vcs-Browser to point to alioth.
+
+ [ Steve Langasek ]
+ * Remove govendor from gbp.conf, and import Ubuntu tarball as our
+ orig.tar.gz (switching our packaging to non-native).
+ * Add Uploaders.
+ * Drop lintian overrides not used in Debian because we dynamically link
+ against golang-yaml.v2.
+ * Bump standards-version, no changes required.
+ * Add/fix various lintian overrides.
+
+ -- Steve Langasek <vorlon@debian.org> Wed, 02 Nov 2016 12:14:52 +0000
+
+snapd (2.16) xenial; urgency=medium
+
+ * New upstream release, LP: #1628425
+ - overlord/state: prune old empty changes
+ - interfaces: ppp: load needed kernel module (#2007)
+ - interfaces/builtin: add missing rule to allow run-parts to
+ execute all resolvconf scripts
+ - many: rename apply-config hook to configure
+ - tests: use new spread `debug` feature
+ - many: finish `snap set` API.
+ - overlord: fix and simplify configstate.Transaction
+ - assertions: add system-user assertion
+ - snap: add `snap known --remote`
+ - tests: replace systemd-run with on-the-fly generation of units.
+ - overlord/boot: switch to using assertstate.Batch
+ - snap, daemon, store: pass through screenshots from store
+ - image: add meta/gadget.yaml infrastructure
+ - tests: add test benchmark script
+ - daemon: add the actual ssh keys that got added to the create-user
+ response
+ - daemon: add REST API behind `snap get`
+ - debian: re-add golang-github-gosexy-gettext-dev
+ - tests: added install_local function
+ - interfaces/builtin: fix resolvconf permissions for network-manager
+ interface
+ - tests: use apt as compatible with trusty
+ - many: discard preserved namespace after removing snap
+ - daemon, overlord, store: add ReadyToBuy API to snapd
+ - many: add support for installing/removing multiple snaps
+ - progress: use New64 and fix output newline
+ - interfaces/builtin: allow network-manager to access netplan conf
+ files
+ - tests: build once and install test snap from cache
+ - overlord/state: introduce cleanup support
+ - snap: move/clarify Info.Broken
+ - ctlcmd: add snapctl get.
+ - overlord,store: clean up serial-proof plumbing code
+ - interfaces/builtin: add network-setup-observe interface
+ - daemon,overlord/assertstate: support streams of assertions with
+ snap ack
+ - snapd: kmod backend
+ - tests: ensure HOME is also set correctly
+ - configstate,hookstate: add snapctl set
+ - tests: disable broken create-key test
+ - interfaces: adjust bluetooth-control to allow getsockopt (LP:
+ #1613572)
+ - tests: add a test for core about device initialization and device
+ registration and auth
+ - many: show snap name before the download progress bar
+ - interfaces/builtin: add rcvfrom for client connected plugs to mir
+ interface
+ - asserts: support for maps in assertions
+ - tests: increase timeout for key generation in create-key test
+ - many: validate refreshes against validation assertions by gating
+ snaps
+ - interfaces/apparmor: allow 'm' in default policy for snap-exec
+ - many: avoid snap.InfoFromSnapYaml in tests
+ - interfaces/builtin: allow /dev/net/tun with network-control
+ - tests: add spread test for snap create-key/snap sign
+ - tests: add missing quotes in security-device-cgroups/task.yaml
+ - interfaces: drop ErrUnknownSecurity
+ - store: add "ready to buy" method
+ - snap/snapenv, tests: use root's data dirs when running via sudo
+ - interfaces/builtin: add initial docker interface
+ - snap: remove extra newline after progress is done
+ - docs: fix formating of HACKING.md "Testing snapd"
+ - store : add requestOptions.ExtraHeaders so that individual
+ requests can customise headers.
+ - many: use unique plug/slot names in tests
+ - tests: add tests for the classic dimension
+ - many: add vendoring of dependencies by default
+ - tests: use in-tree snap{ctl,-exec} for all tests
+ - many: support snapctl -h
+ - tests: adjust regex after changes in stat output
+ - store,snap: initial support for delta downloads
+ - interfaces/builtin: add run/udev/data paths to mir interface
+ - snap: lessen annoyance of implicit interface tests
+ - tests: ensure http{,s}_proxy is defined inside the fake-store
+ - interfaces: allow xdg-open in unity7, unity7 cleanups
+ - daemon,store: move store login user logic to store
+ - tests: replace realpath with readlink -f for trusty support.
+ - tests: add https_proxy into environment as well
+ - interfaces/builtin: allow mmaping pulseaudio buffers
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 28 Sep 2016 11:09:27 +0200
+
+snapd (2.15.2ubuntu1) xenial; urgency=medium
+
+ * New upstream release, LP: #1623579
+ - snap/snapenv, tests: use root's data dirs when running via sudo
+ (cherry pick PR: #1857)
+ - tests: add https_proxy into environment
+ (cherry pick PR: #1926)
+ - interfaces: allow xdg-open in unity7, unity7 cleanups
+ (cherry pick PR: #1946)
+ - tests: ensure http{,s}_proxy is defined inside the fake-store
+ (cherry pick PR: #1949)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 21 Sep 2016 17:21:12 +0200
+
+snapd (2.15.2) xenial; urgency=medium
+
+ * New upstream release, LP: #1623579
+ - asserts: define a bit less terse Ref.String
+ - interfaces: disable auto-connect in libvirt interface
+ - asserts: check that validation assertions are signed by the
+ publisher of the gating snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 10:42:29 +0200
+
+snapd (2.15.1) xenial; urgency=medium
+
+ * New upstream release, LP: #1623579
+ - image: ensure local snaps are put last in seed.yaml
+ - asserts: revert change that made the account-key's name mandatory.
+ - many: refresh all snap decls
+ - interfaces/apparmor: allow reading /etc/environment
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 09:19:44 +0200
+
+snapd (2.15) xenial; urgency=medium
+
+ * New upstream release, LP: #1623579
+ - tests: disable prepare-image-grub test in autopkgtest
+ - interfaces: allow special casing for auto-connect until we have
+ assertions
+ - docs: add a little documentation on hooks.
+ - hookstate,daemon: don't mock HookRunner, mock command.
+ - tests: add http_proxy to /etc/environment in the autopkgtest
+ environment
+ - backends: first bits of kernel-module security backend
+ - tests: ensure openssh-server is installed in autopkgtest
+ - tests: make ubuntu-core tests more robust
+ - many: mostly work to support ABA upgrades
+ - cmd/snap: do runtime linting of descriptions
+ - spread.yaml: don't assume LANG is set
+ - snap: fix SNAP* environment merging in `snap run`
+ - CONTRIBUTING.md: remove integration-tests, include spread
+ - store: don't discard error body from request device session call
+ - docs: add create-user documentation
+ - cmd/snap: match UX document for message when buying without login
+ - firstboot: do not overwrite any existing netplan config
+ - tests: add debug output to ubuntu-core-update-rollback-
+ stresstest:
+ - tests/lib/prepare.sh: test that classic does not setting bootvars
+ - snap: run all tests with gpg2
+ - asserts: basic support for validation assertion and refresh-
+ control
+ - interfaces: miscellaneous policy updates for default, browser-
+ support and camera
+ - snap: (re)add --force-dangerous compat option
+ - tests: ensure SUDO_{USER,GID} is unset in the spread tests
+ - many: clean out left over references to integration tests
+ - overlord/auth,store: fix raciness in updating device/user in state
+ through authcontext and other issuesbonus fixes:
+ - tests: fix spread tests on yakkety
+ - store: refactor auth/refresh tests
+ - asserts: use gpg --fixed-list-mode to be compatible with both gpg1
+ and gpg2
+ - cmd/snap: i18n option descriptions
+ - asserts: required account key name header
+ - tests: add yakkety test host
+ - packaging: make sure debhelper-generated snippet is invoked on
+ postrm
+ - snap,store: capture newest digest from the store, make it
+ DownloadInfo only
+ - tests: add upower-observe spread test
+ - Merge github.com:snapcore/snapd
+ - tests: fixes to actually run the spread tests inside autopkgtest
+ - cmd/snap: make "snap find" error nicer.
+ - tests: get the gadget name from snap list
+ - cmd/snap: tweak help of 'snap download'
+ - cmd/snap,image: teach snap download to download also assertions
+ - interfaces/builtin: tweak opengl interface
+ - interfaces: serial-port use udevUsbDeviceSnippet
+ - store: ensure the payment methods method handles auth failure
+ - overlord/snapstate: support revert flags
+ - many: add snap configuration to REST API
+ - tests: use ubuntu-image for the ubuntu-core-16 image creation
+ - cmd/snap: serialise empty keys list as [] rather than null
+ - cmd/snap,client: add snap set and snap get commands
+ - asserts: update trusted account-key asserts with names
+ - overlord/snapstate: misc fixes/tweaks/cleanups
+ - image: have prepare-image set devmode correctly
+ - overlord/boot: have firstboot support assertion files with
+ multiple assertions
+ - daemon: bail from enable and disable if revision given, and from
+ multi-op if unsupported optons given
+ - osutil: call sync after cp if
+ requested.overlord/snapstate/backend: switch to use osutil instead
+ of another buggy call to cp
+ - cmd/snap: generate account-key-request "since" header in UTC
+ - many: use symlinks instead of wrappers
+ - tests: remove silly [Service] entry from snapd.socket.d/local.conf
+ - store: switch device session to use device-session-request
+ assertion
+ - snap: ensure that plug and slot names are unique
+ - cmd/snap: fix test suite (no Exit(0) on tests!)
+ - interfaces: add interface for hidraw devices
+ - tests: use the real model assertion when creating the core test
+ image
+ - interfaces/builtin: add udisks2 and removable-media interfaces
+ - interface: network_manager: enable resolvconf
+ - interfaces/builtin: usb serial-port support via udev
+ - interfaces/udev: support noneSecurityTag keyed snippets
+ - snap: switch to the new agreed regexp for snap names
+ - tests: adjust test setup after ubuntu user removal
+ - many: start services only after the snap is fully ready (link-snap
+ was run)
+ - asserts: don't have Add/Check panic in the face of unsupported no-
+ authority assertions
+ - asserts: initial support to generate/sign snap-build assertions
+ - asserts: support checking account-key-request assertions
+ - overlord: introduce AuthContext.DeviceSessionRequest with support
+ in devicestate
+ - overlord/state: fix for reloaded task/change crashing on Set if
+ checkpointed w. no custom data yet
+ - snapd.refresh.service: require snap.socket and /snap/*/current.
+ - many: spell --force-dangerous as just --dangerous, devmode should
+ imply it
+ - overlord/devicestate: try to fetch/refresh the signing key of
+ serial (also in case is not there yet)
+ - image,overlord/boot,snap: metadata from asserts for image snaps
+ - many: automatically restart all-snap devices after os/kernel
+ updates
+ - interfaces: modem-manager: ignore camera
+ - firstboot: only configure en* and eth* interfaces by default
+ - interfaces: fix interface handling on no-app snaps
+ - snap: set user variables even if HOME is unset (like with systemd
+ services)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 16 Sep 2016 07:46:22 +0200
+
+snapd (2.14.2~16.04) xenial; urgency=medium
+
+ * New upstream release: LP: #1618095
+ - tests: use the spread tests with the adhoc interface inside
+ autopkgtest
+ - interfaces: add fwupd interface
+ - asserts,cmd/snap: add "name" header to account-key(-request)
+ - client,cmd/snap: display os-release data only on classic
+ - asserts/tool,cmd/snap: introduce hidden "snap sign"
+ - many: when installing snap file derive metadata from assertions
+ unless --force-dangerous
+ - osutil: tweak the createUserTests a bit and extract common code
+ - debian: umount --lazy before rm on snapd.postrm
+ - interfaces: updates to default policy, browser-support, and x11
+ - store: set initial device session
+ - interfaces: add upower-observe interface (LP: #1595813)
+ - tests: use beta u-d-f in test by default
+ - interfaces/builtin: allow writing on /dev/vhci in bluetooth-
+ control
+ - interfaces/builtin: allow /dev/vhci on bluetooth-control
+ - tests: port integration tests to spread
+ - snapstate: use umount --lazy when removing the mount units
+ - spread: enable halt-timeout, tweak image selection
+ - tests: fix firstboot-assertions to actually be runnable on classic
+ again
+ - asserts: introduce device-session-request
+ - interfaces: add screen-inhibit-control interface (LP: #1604880)
+ - firstboot: change location of netplan config
+ - overlord/devicestate: some cleanups and solving a couple todos
+ - daemon,overlord: add subcommand handling to snapctl
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Sep 2016 18:52:05 +0200
+
+snapd (2.14.1) xenial; urgency=medium
+
+ * New upstream release: LP: #1618095
+ - snap-exec: add support for commands with internal args in snap-
+ exec
+ - store: refresh expired device sessions
+ - debian: re-add ubuntu-core-snapd-units as a transitional package
+ - image: snap assertions into image
+ - overlord/assertstate,asserts/snapasserts: give snap assertions
+ helpers a package, introduce ReconstructSideInfo
+ - docs/interfaces: Add empty line after lxd-support title
+ - README: cover the new /run/snapd-snap.socket
+ - daemon: make socket split backward-compatible.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 30 Aug 2016 16:43:29 +0200
+
+snapd (2.14) xenial; urgency=medium
+
+ * New upstream release: LP: #1618095
+ - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
+ - osutil: fix create-user on classic
+ - firstboot: disable firstboot on classic for now
+ - cmd/snap: add export-key --account= option
+ - many: split public snapd REST API into separate socket.
+ - many: drop ubuntu-core-snapd-units package, use release.OnClassic
+ instead
+ - tests: add content-shareing binary test that excersises snap-
+ confine
+ - snap: use "up to date" instead of "up-to-date"
+ - asserts: add an account-key-request assertion
+ - asserts: fix GPG key generation parameters
+ - tests, integration-tests: implement the cups-control manual test
+ as a spread test
+ - many: clarify/tie down model assertion
+ - cmd/snap: add "snap download" command
+ - integration-tests: remove them in favour of the spread tests
+ - tests: test all snap ubuntu core upgrade
+ - many: support install and remove by revision
+ - overlord/state: prevent change ready => unready
+ - tests: fixes to make the ubuntu-core-16 image usable with
+ -keep/-reuse
+ - asserts: authority-id and brand-id of serial must match
+ - firstboot: generate netplan config rather than ifupdown
+ - store: request device session macaroon from store
+ - tests: add workaround for u-d-f to unblock all-snap image tests
+ - tests: the stable ubuntu-core snap has snap run support now
+ - many: use make StripGlobalRootDir public
+ - asserts: add some stricter checks around format
+ - many: have AuthContext expose device store-id, serial and serial-
+ proof signing to the store
+ - tests: fix "tests/main/ack" to not break if asserts are alreay
+ there
+ - tests/main/ack: fix test/style
+ - snap: add key management commands
+ - firstboot: add firstboot assertions importing
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 29 Aug 2016 17:07:20 +0200
+
+snapd (2.13) xenial; urgency=medium
+
+ * New upstream release: LP: #1616157
+ - many: respect dirs.SnapSnapsDir in tests
+ - tests: update listing test for latest stable image
+ - many: hook in start of code to fetch/check assertions when
+ installing snap from store
+ - boot: add missing udevadm mock to fix FTBFS
+ - interfaces: add lxd-support interface
+ - dirs,snap: handle empty root directory in SetRootDir
+ - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
+ - tests: spread all-snap test cleanup
+ - tests: add all-snap spread image tests
+ - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
+ control talking to staging
+ - overlord/hookstate: use snap run posix parameters.
+ - interfaces/builtin: allow bind in the network interface
+ - asserts,overlord/devicestate: simplify private key/key pairs APIs,
+ they take just key ids
+ - dependencies: update godeps
+ - boot: add support for "devmode: {true,false}" in seed.yaml
+ - many: teach prepare-image to copy the model assertion (and
+ prereqs) into the seed area of the image
+ - tests: start teaching the fakestore about assertions
+ - asserts/sysdb: embed the new format official root/trusted
+ assertions
+ - overlord/devicestate: first pass at device registration logic
+ - tests: add process-control interface spread test
+ - tests: disable unity test
+ - tests: adapt to new spread version
+ - asserts: add serial-proof device assertion
+ - client, cmd/snap: use the new multi-refresh endpoint
+ - many: preparations for image code to fetch model prereqs
+ - debian: add extra checks when debian/snapd.postrm purge is run
+ - overlord/snapstate, daemon: support for multi-snap refresh
+ - tests: do not leave "squashfs-root" around
+ - snap-exec: Fix broken `snap run --shell` and add test
+ - overlord/snapstate: check changes to SnapState for conflicts also.
+ - docs/interfaces: change snappy command to snap
+ - tests: test `snap run --hook` using in-tree snap-exec.
+ - partition: ensure that snap_{kernel,core} is not overridden with an
+ empty value
+ - asserts,overlord/assertstate: introduce an assertstate task
+ handler to fetch snap assertions
+ - spread: disable re-exec to always test development tree.
+ - interfaces: implement a fuse interface
+ - interfaces/hardware-observe.go: re-add /run/udev/data
+ - overlord/assertstate,daemon: reorg how the assert manager exposes
+ the assertion db and adding to it
+ - release: Remove "UBUNTU_CODENAME" from the test data
+ - many: implement snapctl command.
+ - interfaces: mpris updates (fix unconfined introspection, add name
+ attribute)
+ - asserts: export DecodePublicKey
+ - asserts: introduce support for assertions with no authority,
+ implement serial-request
+ - interfaces: bluez: add a few more tests to verify interface
+ connection works
+ - interfaces: bluez: add missing mount security snippet case
+ - interfaces: add kernel-module interface for module insertion.
+ - integration-tests: look for ubuntu-device-flash on PATH before
+ calling sudo
+ - client, cmd, daemon, osutil: support --yaml and --sudoer flags for
+ create-user
+ - spread: use snap-confine from ppa:snappy-dev/image for the tests
+ - many: move to purely hash based key lookup and to new
+ key/signature format (v1)
+ - spread: Use /home/gopath in spread.yaml
+ - tests: base security spread tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Aug 2016 14:48:28 +0200
+
+snapd (2.12) xenial; urgency=medium
+
+ * New upstream release: LP: #1612362
+ - many: do not require root for `snap prepare-image`
+ - tests: prevent restore error on test failure
+ - osutil: change escaping for create-user's sudoers
+ - docs: private flag doesn't exist on /v2/find (it's select)
+ - snap: do not sort the result of `snap find`
+ - interfaces/builtin: add gpio interface
+ - partition: fix cleaning of the boot variables on the second good
+ boot
+ - tests: add udev rules spread test
+ - docs: fix references to refresh action
+ - interfaces/udev,osutil: avoid doubled rules and put all in a per
+ snap file
+ - store: minor store improvements from previous reviews
+ - many: support interactive payments in snapd, filter from command
+ line
+ - docs/interfaces.md: improve interfaces documentation
+ - overlord,store: set store device authorization header
+ - store: add device nonce API support
+ - many: various fixes around the `create-user` command
+ - client, osutil: chown the auth file
+ - interfaces/builtin: add transitional browser-support interface
+ - snap: don't load unsupported implicit hooks.
+ - cmd/snap,cmd/snap-exec: support hooks again.
+ - interfaces/builtin: improve pulseaudio interface
+ - asserts: make account-key's `until` optional to represent a never-
+ expiring key
+ - store: refactor newRequest/doRequest to take requestOptions
+ - tests: allow-downgrades on upgrade test to prevent version errors
+ - daemon: stop using group membership as succedaneous of running
+ things with sudo
+ - interfaces: add bluetooth-control interfaces
+ - many: remove integration-test coverage metrics
+ - daemon,docs: drop license docs and error kind
+ - tests: add network-control interface spread test
+ - tests: add hardware-observe spread test
+ - interfaces: add system-trace interface LP: #1600085
+ - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
+ - store: soft-refresh discharge macaroon from store when required
+ - partition: clear snap_try_{kernel,core} on success
+ - tests: add snapd-control interface spread test
+ - tests: add locale-control write spread test
+ - store: fix buy method after some refactoring broke it
+ - interfaces/builtin: read perms for network devices in network-
+ observe
+ - interfaces: also allow rfkill in network_control
+ - snapstate: remove artifacts from a snap try dir that vanished
+ - client, cmd/snap: better errors for empty snap list result
+ - wrappers: set BAMF_DESKTOP_FILE_HINT for unity
+ - many: cleanup/update rest.md; improve auth errors
+ - interfaces: miscelleneous policy updates for default, log-observe,
+ mount-observe, opengl, pulseaudio, system-observe and unity7
+ - interfaces: add process-control interface (LP: #1598225)
+ - osutil: support both "nobody" and "nogroup" for grpnam tests
+ - cmd: support defaulting to the user's preferred payment method
+ - overlord: actually run hooks.
+ - overlord/state,overlord/ifacestate: define basic infrastructure
+ for and then setting up serialising of interface mgr tasks
+ - asserts: add Assertion.Prerequisites and SigningKey, Ref and
+ FindTrusted
+ - overlord/snapstate: ensure calls to store are done without the
+ state lock held
+ - asserts,client: switch snap-build and snap-revision to be indexed
+ by snap-sha3-384
+ - many: make seed.yaml on firstboot mandatory and include sideInfo
+ - asserts,many: start supporting structured headers using the new
+ parseHeaders
+ - many: update code for the new snap_mode
+ - tests: added spread find private test
+ - store: deal with 404 froms the SSO store properly
+ - snap: remove meta/kernel.yaml again
+ - daemon: always mock release info in tests
+ - snapstate: drop revisions after "current" on refresh
+ - asserts: introduce new parseHeadersThis introduces the new
+ parseHeaders returning map[string]interface{} and capable of
+ accepting:
+ - asserts: remove/disable comma separated lists and their uses
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 Aug 2016 19:30:36 +0200
+
+snapd (2.11) xenial; urgency=medium
+
+ * New upstream release: LP: #1605303
+ - increase version number to reflect the nature of the update
+ better
+ - store, daemon, client, cmd/snap, docs/rest.md: adieu search
+ grammar
+ - debian: move snapd.refresh.timer into timers.target
+ - snapstate: add daemon-reload to fix autopkgtest on yakkety
+ - Interfaces: hardware-observe
+ - snap: rework the output after a snap operation
+ - daemon, cmd/snap: refresh --devmode
+ - store, daemon, client, cmd/snap: implement `snap find --private`
+ - tests: add network-observe interface spread test
+ - interfaces/builtin: allow getsockopt for connected x11 plugs
+ - osutil: check for nogrup instead of adm
+ - store: small cleanups (more needed)
+ - snap/squashfs: fix test not to hardcode snap size
+ - client,cmd/snap: cleanup cmd/snap test suite, add extra args
+ testThis cleans up the cmd/snap test suite:
+ - wrappers: map "never" restart condition to "no."
+ - wrappers: run update-desktop-database after add/remove of desktop
+ files
+ - release: work around elementary mistake
+ - many: remove all traces of channel from the buying codepath
+ - store: kill setUbuntuStoreHeaders
+ - docs: add payment methods documentation
+ - many: present user with a choice of payment backends
+ - asserts: add cross checks for snap asserts
+ - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
+ - tests: improve snap run symlink tests
+ - tests: add content sharing interface spread test
+ - store & many: a mechanical branch shortening store names
+ - snappy: remove old snappy pkg
+ - overlord/snapstate: kill flagscompat
+ - overlord/snapstate, daemon, client, cmd/snap: devmode override
+ (aka confined)
+ - tests: extend refresh test to talk to the staging and production
+ stores
+ - asserts,daemon: cross checks for account and account-key
+ assertions
+ - client: existing JSON fixtures uses tabs for indentation
+ - snap-exec: add proper integration test for snap-exec
+ - spread.yaml, tests: replace hello-world with test-snapd-tools
+ - tests: add locale-control interface spread test
+ - tests: add mount-observe interface spread test
+ - tests: add system-observe interface spread test
+ - many: add AuthContext to mediate user updates to the state
+ - store/auth: add helper for the macaroon refresh endpoint
+ - cmd: add buy command
+ - overlord: switch snapstate.Update to use ListRefresh (aka
+ /snaps/metadata)
+ - snap-exec: fix silly off-by-one error
+ - tests: stop using hello-world.echo in the tests
+ - tests: add env command to test-snapd-tools
+ - classic: remove (most of) "classic" mode, this is implemented as a
+ snap now
+ - many: remove snapstate.Candidate and other cleanups
+ - many: removed authenticator, store gets a user instead
+ - asserts: fix minor doc comment typo
+ - snap: ensure unknown arguments to `snap run` are ignored
+ - overlord/auth: add Device/SetDevice to persist device identity in
+ state
+ - overlord: make SyncBoot work again
+ - tests: add -y flag to apt autoremove command in unity task restore
+ - many: migrate SnapSetup and SideInfo to use RealName
+ - daemon: drop auther()
+ - client: improve error from client.do() on json decode failures
+ - tests: readd the fake store tests
+ - many: allow removal of broken snaps, add spread test
+ - overlord: implement &Retry{After: duration} support for handlers
+ - interface: add new interfaces.all.SecurityBackends
+ - integration-tests: remove login tests
+ - cmd,interfaces,snap: implement hook whitelist.
+ - daemon,overlord/auth,store: update macaroon authentication to use
+ the new endpoints
+ - daemon, overlord: add buy endpoint to REST API
+ - tests: use systemd-run for starting and stopping the unity app
+ - tests, integration-tests: port systemd service check test to
+ spread
+ - store: switch search to new snap-specific endpoint
+ - store, many: start using the new details endpoint
+ - tests, integration-tests: port unity test to spread
+ - tests: add spread test for tried snaps removal
+ - tests, integration-tests: port auth errors test to spread
+ - snapstate: rename OfficialName to RealName in the new tests
+ - many: rename SideInfo.OfficialName to SideInfo.RealName
+ - snapstate: use snapstate.Type in backend.RemoveSnapFiles
+ - many: add `snap enable/disable` commands
+ - tests, integration-tests: port refresh all test to spread
+ - snap: add `snap run --shell`
+ - tests: set yaml indentation to 4 spaces
+ - snapstate: cleanup downloaded temp snap files
+ - overlord: make patch1_test more robust
+ - debian: add snapd.postrm that purges
+ - integration-tests: drop already covered refresh app test
+ - many: add concept of "broken" snaps
+ - tests, integration-tests: port remove errors tests to spread
+ - tests, integration-tests: port revert test to spread
+ - debian: fix snapbuild path
+ - overlord: fix access to the state without lock in firstboot.go and
+ add test
+ - snapstate: add very simple garbage collection on upgrade
+ - asserts: introduce assertstest with helpers to test code involving
+ assertions
+ - tests, integration tests: port undone failed install test to
+ spread
+ - snap,store: switch to the new snaps/metadata endpoint, introduce
+ and start capturing DeveloperID
+ - tests, integration-tests: port the op remove retry test to spread
+ - po: remove snappy.pot from git, it will be generated at build time
+ - many: add some missing tests, clarify some things and nitpicks as
+ follow up to `snap revert`
+ - snapstate: when doing snapsate.Update|Install, talk to the store
+ early
+ - tests, integration-tests: port the op remove test to spread
+ - interfaces: allow /usr/bin/locale in default policy
+ - many: add `snap revert`
+ - overlord/auth,store: add macaroon serialization/deserialization
+ helpers
+ - many: embed main store trusted assertions in snapd, way to have
+ test ones, spread tests for ack and known
+ - overlord/snapstate,daemon: clarify active vs current, add
+ SnapState.HasCurrent,CurrentInfo
+ - tests: do not search for a specific snap (we hit 100 items) and
+ pagination kicks in
+ - tests: use printf instead of echo where we need portability
+ - tests: rename and generalize basic-binaries to test-snapd-tools
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 26 Jul 2016 15:49:04 +0200
+
+snapd (2.0.10) xenial; urgency=medium
+
+ * New upstream release: LP: #1597329
+ - interfaces: also allow @{PROC}/@{pid}/mountinfo and
+ @{PROC}/@{pid}/mountstats
+ - interfaces: allow read access to /etc/machine-id and
+ @{PROC}/@{pid}/smaps
+ - interfaces: miscelleneous policy updates for default, log-observe
+ and system-observe
+ - snapstate: add logging after a successful doLinkSnap
+ - tests, integration-tests: port try tests to spread
+ - store, cmd/snapd: send a basic user-agent to the store
+ - store: add buy method
+ - client: retry on failed GETs
+ - tests: actual refresh test
+ - docs: REST API update
+ - interfaces: add mount support for hooks.
+ - interfaces: add udev support for hooks.
+ - interfaces: add dbus support for hooks.
+ - tests, integration-tests: port refresh test to spread
+ - tests, integration-tests: port change errors test to spread
+ - overlord/ifacestate: don't retry snap security setup
+ - integration-tests: remove unused file
+ - tests: manage the socket unit when reseting state
+ - overlord: improve organization of state patches
+ - tests: wait for snapd listening after reset
+ - interfaces/builtin: allow other sr*/scd* optical devices
+ - systemd: add support for squashfuse
+ - snap: make snaps vanishing less fatal for the system
+ - snap-exec: os.Exec() needs argv0 in the args[] slice too
+ - many: add new `create-user` command
+ - interfaces: auto-connect content interfaces with the same content
+ and developer
+ - snapstate: add Current revision to SnapState
+ - readme: tweak readme blurb
+ - integration-tests: wait for listening port instead of active
+ service reported by systemd
+ - many: rename Current -> {CurrentSideInfo,CurrentInfo}
+ - spread: fix home interface test after suite move
+ - many: name unversioned data.
+ - interfaces: add "content" interface
+ - overlord/snapstate: defaultBackend can go away now
+ - debian: comment to remember why the timer is setup like it is
+ - tests,spread.yaml: introduce an upgrade test, support/split into
+ two suites for this
+ - overlord,overlord/snapstate: ensure we keep snap type in snapstate
+ of each snap
+ - many: rework the firstboot support
+ - integration-tests: fix test failure
+ - spread: keep core on suite restore
+ - tests: temporary fix for state reset
+ - overlord: add infrastructure for simple state format/content
+ migrations
+ - interfaces: add seccomp support for hooks.
+ - interfaces: allow gvfs shares in home and temporarily allow
+ socketcall by default (LP: #1592901, LP: #1594675)
+ - tests, integration-tests: port network-bind interface tests to
+ spread
+ - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
+ and remove MockSnapWithHooks
+ - interfaces: add mpris interface
+ - tests: enable `snap run` on i386
+ - tests, integration-tests: port network interface test to spread
+ - tests, integration-tests: port interfaces cli to spread
+ - tests, integration-tests: port leftover install tests to spread
+ - interfaces: add apparmor support for hooks.
+ - tests, integration-tests: port log-observe interface tests to
+ spread
+ - asserts: improve Decode doc comment about assertion format
+ - tests: moved snaps to lib
+ - many: add the camera interface
+ - many: add optical-drive interface
+ - interfaces: auto-connect home if running on classic
+ - spread: bump gccgo test timeout
+ - interfaces: use security tags to index security snippets.
+ - daemon, overlord/snapstate, store: send confinement header to the
+ store for install
+ - spread: run tests on 16.04 i386 concurrently
+ - tests,integration-tests: port install error tests to spread
+ - interfaces: add a serial-port interface
+ - tests, integration-tests, debian: port sideload install tests to
+ spread
+ - interfaces: add new bind security backend and refactor
+ backendtests
+ - snap: load and validate implicit hooks.
+ - tests: add a build/run test for gccgo in spread
+ - cmd/snap/cmd_login: Adjust message after adding support for wheel
+ group
+ - tests, integration-tests: ported install from store tests to
+ spread
+ - snap: make `snap change <taskid>` show task progress
+ - tests, integration-tests: port search tests to spread
+ - overlord/state,daemon: make abort proceed immediately, fix doc
+ comment, improve tests
+ - daemon: extend privileged access to users in "wheel" group
+ - snap: tweak `snap refresh` and `snap refresh --list` outputTiny
+ branch that does three things:
+ - interfaces: refactor auto-connection candidate check
+ - snap: add support for snap {install,refresh}
+ --{edge,beta,candidate,stable}
+ - release: don't force KDE Neon into devmode.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Jun 2016 21:02:39 +0200
+
+snapd (2.0.9) xenial; urgency=medium
+
+ * New upstream release: LP: #1593201
+ - snap: add the magic redirect part of `snap run`
+ - tests, integration-tests: port server related tests to spread
+ - overlord/snapstate: log restarting in the task
+ - daemon: test restart wiring, fix setup/teardown
+ - cmd: don't show the price if a snap has already been purchased
+ - tests, integration-tests: port listing tests to spread
+ - integration-tests: do not try to kill ubuntu-clock-app.clock (no
+ longer a process)
+ - several: tie up overlord's restart handler into daemon; adjust
+ snap to cope
+ - tests, integration-tests: port abort tests to spread
+ - integration-tests: fix flaky TestRemoveBusyRetries
+ - testutils: refactor/mock exec
+ - snap,cmd: add hook support to snap run.
+ - overlord/snapstate: remove Download from backend
+ - store: use a custom logging transport
+ - overlord/hookstate: implement basic HookManager.
+ - spread: move the suite restore to restore-each
+ - asserts: turn model os into model core field, making it also more
+ like the kernel and gadget fields
+ - asserts: / is not allowed in primary key headers, follow the store
+ in this
+ - release: enable full confinement on Elementary 0.4
+ - integration-tests: fix another i386 autopkgtest failure.
+ - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
+ - many: have the installation of the core snap request a restart (on
+ classic)
+ - asserts: allow to load also account assertions into the trusted
+ set
+ - many: install snaps in devmode on distributions without complete
+ apparmor and seccomp support
+ - spread: run on travis
+ - snapenv: do not hardcode amd64 in tests
+ - spread: initial harness and first test
+ - interfaces: miscelleneous policy updates for chromium, x86,
+ opengl, etc
+ - integration-tests: remove daemon to use the log-observe interface
+ - client: remove client.Revision and import snap.Revision instead
+ - integration-tests: wait for network-bind service in try test
+ - many: move over from snappy to snapstate/backend SetupSnap and
+ related code
+ - integration-tests: add interfaces cli tests
+ - snapenv: cleanup snapenv.{Basic,User}
+ - cmd/snap: also print slots that connect to the wanted snap (LP:
+ #1590704)
+ - asserts: error style, use "cannot" instead of "failed to"
+ following the main decided style
+ - integration-tests: wait until the network-bind service is up
+ before testing
+ - many: add new `snap run` command
+ - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
+ - many: add some shared testing helpers to snap/snaptest and to
+ boot/boottest
+ - rest-api: support to send apps per snap (LP: #1564076)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 16 Jun 2016 13:56:12 +0200
+
+snapd (2.0.8.1) UNRELEASED; urgency=medium
+
+ * New upstream release
+ - Cherry pick four commits that show snaps as installed in devmode on
+ distributions without full confinement dependencies available:
+
+ 25634d3364a46b5e9147e4466932c59b1b572d35
+ 53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
+ 38771f4cc324ad9dd4aa48b03108d13a2c361aad
+ c46e069351c61e45c338c98ab12689a319790bd5
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 14 Jun 2016 15:55:30 +0200
+
+snapd (2.0.8+1) unstable; urgency=medium
+
+ * New upstream release.
+ * Update lintian-overrides for new paths.
+ * debian/copyright: fix a typo (thanks, lintian!)
+
+ -- Steve Langasek <vorlon@debian.org> Fri, 10 Jun 2016 23:17:22 +0000
+
+snapd (2.0.8) xenial; urgency=medium
+
+ * New upstream release: LP: #1589534
+ - debian: make `snap refresh` times more random (LP: #1537793)
+ - cmd: ExecInCoreSnap looks in "core" snap first, and only in
+ "ubuntu-core" snap if rev>125.
+ - cmd/snap: have 'snap list' display helper message on stderr
+ (LP: #1587445)
+ - snap: make app names more restrictive.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Jun 2016 07:56:58 +0200
+
+snapd (2.0.7) xenial; urgency=medium
+
+ * New upstream release: LP: #1589534
+ - debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
+ - debian: fix snapd.refresh.service install and usage (LP: #1588977)
+ - ovlerlord/state: actually support task setting themself as
+ done/undone
+ - snap: do not use "." import in revision_test.go, as this breaks
+ gccgo-6 (fix build failure on powerpc)
+ - interfaces: add fcitx and mozc input methods to unity7
+ - interfaces: add global gsettings interfaces
+ - interfaces: autoconnect home and doc updates (LP: #1588886)
+ - integration-tests: remove
+ abortSuite.TestAbortWithValidIdInDoingStatus
+ - many: adding backward compatible code to upgrade SnapSetup.Flags
+ - overlord/snapstate: handle sideloading over an old sideloaded snap
+ without panicing
+ - interfaces: add socketcall() to the network/network-bind
+ interfaces (LP: #1588100)
+ - overlord/snapstate,snappy: move over CanRemoveThis moves over the
+ CanRemove check to snapstate itself.overlord/snapstate
+ - snappy: move over CanRemove
+ - overlord/snapstate,snappy: move over CopyData and Remove*Data code
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 06 Jun 2016 16:35:50 +0200
+
+snapd (2.0.6) xenial; urgency=medium
+
+ * New upstream release: LP: #1588052:
+ - many: repository moved to snapcore/snapd
+ - debian: add transitional pkg for the github location change
+ - snap: ensure `snap try` work with relative paths
+ - debian: drop run/build dependency on lsb-release
+ - asserts/tool: gpg key pair manager
+ - many: add new snap-exec
+ - many: implement `snap refresh --list` and `snap refresh`
+ - snap: add parsing support for hooks.
+ - many: add the cups interface
+ - interfaces: misc policy fixes (LP: #1583794)
+ - many: add `snap try`
+ - interfaces: allow using sysctl and scmp_sys_resolver for parsing
+ kernel logs
+ - debian: make snapd get its environ from /etc/environment
+ - daemon,client,snap: revisions are now strings
+ - interfaces: allow access to new ibus abstract socket path
+ LP: #1580463
+ - integration-tests: add remove tests
+ - asserts: stronger crypto choices and follow better latest designs
+ - snappy,daemon: hollow out more of snappy (either removing or not
+ exporting stuff on its way out), snappy/gadget.go is gone
+ - asserts: rename device-serial to serial
+ - asserts: rename identity to account (and username access)
+ - integration-tests: add changes tests
+ - backend: add tests for environment wrapper generation
+ - interfaces/builtin: add location-control interface
+ - overlord/snapstate: move over check snap logic from snappy
+ - release: use os-release instead of lsb-release for cross-distro
+ use
+ - asserts: allow empty snap-name for snap-declaration
+ - interfaces/builtin,docs,snap: add the pulseaudio interface
+ - many: add support for an environment map inside snap.yaml
+ - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
+ with sanity unit tests
+ - snap: parse epoch property
+ - snappy: do nothing in SetNextBoot when running on classic
+ - snap: validate snap type
+ - integration-tests: extend find command tests
+ - asserts: extend tests to cover mandatory and empty headers
+ - tests: stop the update-pot check in run-checks
+ - snap: parse confinement property.
+ - store: change applyUbuntuStoreHeaders to not take accept, and to
+ take a channel
+ - many: struct-based revisions, new representation
+ - interfaces: remove 'audit deny' rules from network_control.go
+ - interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7
+ interface
+ - interfaces: firewall-control can access xtables lock file
+ - interfaces: allow unity7 AppMenu
+ - interfaces: allow unity7 launcher API
+ - interfaces/builtin: add location-observe interface
+ - snap: fixed snap empty list text LP: #1587445
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Jun 2016 08:23:50 +0200
+
+snapd (2.0.5+1) unstable; urgency=medium
+
+ * Initial Debian upload. Closes: #824943.
+ * release/release{,_test}.go: use /etc/os-release, which is guaranteed to
+ be part of base-files on both Ubuntu and Debian, instead of
+ /etc/lsb-release which doesn't exist at all on Debian.
+ * drop transitional packages, not needed in Debian.
+ * Add lintian overrides for false-positive detection of embedded libyaml.
+ * Update Vcs-* fields to point at maintainer's branch.
+ * Add a further lintian override for the /snap directory so that the
+ package is not automatically rejected by the NEW queue; this directory
+ location is certainly subject to discussion for Debian, but let's have
+ the discussion rather than blocking the package at the archive level.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 23 May 2016 00:36:06 +0000
+
+snapd (2.0.5) xenial; urgency=medium
+
+ * New upstream release: LP: #1583085
+ - interfaces: add dbusmenu, freedesktop and kde notifications to
+ unity7 (LP: #1573188)
+ - daemon: make localSnapInfo return SnapState
+ - cmd: make snap list with no snaps not special
+ - debian: workaround for XDG_DATA_DIRS issues
+ - cmd,po: fix conflicts, apply review from #1154
+ - snap,store: load and store the private flag sent by the store in
+ SideInfo
+ - interfaces/apparmor/template.go: adjust /dev/shm to be more usable
+ - store: use purchase decorator in Snap and FindSnaps
+ - interfaces: first version of the networkmanager interface
+ - snap, snappy: implement the new (minmimal) kernel spec
+ - cmd/snap, debian: move manpage generation to depend on an environ
+ key; also, fix completion
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 May 2016 15:29:16 +0200
+
+snapd (2.0.4) xenial; urgency=medium
+
+ * New upstream release:
+ - interfaces: cleanup explicit denies
+ - integration-tests: remove the ancient integration daemon tests
+ - integration-tests: add network-bind interface test
+ - integration-tests: add actual checks for undoing install
+ - integration-tests: add store login test
+ - snap: add certain implicit slots only on classic
+ - integration-tests: add coverage flags to snapd.service ExecStart
+ setting when building from branch
+ - integration-tests: remove the tests for features removed in 16.04.
+ - daemon, overlord/snapstate: "(de)activate" is no longer a thing
+ - docs: update meta.md and security.md for current snappy
+ - debian: always start snapd
+ - integration-tests: add test for undoing failed install
+ - overlord: handle ensureNext being in the past
+ - overlord/snapstate,overlord/snapstate/backend,snappy: start
+ backend porting LinkSnap and UnlinkSnap
+ - debian/tests: add reboot capability to autopkgtest and execute
+ snapPersistsSuite
+ - daemon,snappy,progress: drop license agreement broken logic
+ - daemon,client,cmd/snap: nice access denied message
+ (LP: #1574829)
+ - daemon: add user parameter to all commands
+ - snap, store: rework purchase methods into decorators
+ - many: simplify release package and add OnClassic
+ - interfaces: miscellaneous policy updates
+ - snappy,wrappers: move desktop files handling to wrappers
+ - snappy: remove some obviously dead code
+ - interfaces/builtin: quote apparmor label
+ - many: remove the gadget yaml support from snappy
+ - snappy,systemd,wrappers: move service units generation to wrappers
+ - store: add method to determine if a snap must be bought
+ - store: add methods to read purchases from the store
+ - wrappers,snappy: move binary wrapper generation to new package
+ wrappers
+ - snap: add `snap help` command
+ - integration-tests: remove framework-test data and avoid using
+ config-snap for now
+ - add integration test to verify fix for LP: #1571721
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 May 2016 17:19:37 -0700
+
+snapd (2.0.3) xenial; urgency=medium
+
+ * New upstream micro release:
+ - integration-tests, debian/tests: add unity snap autopkg test
+ - snappy: introduce first feature flag for assumes: common-data-dir
+ - timeout,snap: add YAML unmarshal function for timeout.Timeout
+ - many: go into state.Retry state when unmounting a snap fails.
+ (LP: #1571721, #1575399)
+ - daemon,client,cmd/snap: improve output after snap
+ install/refresh/remove (LP: #1574830)
+ - integration-tests, debian/tests: add test for home interface
+ - interfaces,overlord: support unversioned data
+ - interfaces/builtin: improve the bluez interface
+ - cmd: don't include the unit tests when building with go test -c
+ for integration tests
+ - integration-tests: teach some new trick to the fake store,
+ reenable the app refresh test
+ - many: move with some simplifications test snap building to
+ snap/snaptest
+ - asserts: define type for revision related errors
+ - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
+ mocking snaps behind MockSnap
+ - snappy: fix openSnapFile's handling of sideInfo
+ - daemon: improve snap sideload form handling
+ - snap: add short and long description to the man-page
+ (LP: #1570280)
+ - snappy: remove unused SetProperty
+ - snappy: use more accurate test data
+ - integration-tests: add a integration test about remove removing
+ all revisions
+ - overlord/snapstate: make "snap remove" remove all revisions of a
+ snap (LP: #1571710)
+ - integration-tests: re-enable a bunch of integration tests
+ - snappy: remove unused dbus code
+ - overlord/ifacestate: fix setup-profiles to use new snap revision
+ for setup (LP: #1572463)
+ - integration-tests: add regression test for auth bug LP:#1571491
+ - client, snap: remove obsolete TypeCore which was used in the old
+ SystemImage days
+ - integration-tests: add apparmor test
+ - cmd: don't perform type assertion when we know error to be nil
+ - client: list correct snap types
+ - intefaces/builtin: allow getsockname on connected x11 plugs
+ (LP: #1574526)
+ - daemon,overlord/snapstate: read name out of sideloaded snap early,
+ improved change summary
+ - overlord: keep tasks unlinked from a change hidden, prune them
+ - integration-tests: snap list on fresh boot is good again
+ - integration-tests: add partial term to the find test
+ - integration-tests: changed default release to 16
+ - integration-tests: add regression test for snaps not present after
+ reboot
+ - integration-tests: network interface
+ - integration-tests: add proxy related environment variables to
+ snapd env file
+ - README.md: snappy => snap
+ - etc: trivial typo fix (LP:#1569892)
+ - debian: remove unneeded /var/lib/snapd/apparmor/additional
+ directory (LP: #1569577)
+ - builtin/unity7.go: allow using gmenu. LP: #1576287
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 03 May 2016 07:51:57 +0200
+
+snapd (2.0.2) xenial; urgency=medium
+
+ * New upstream release:
+ - systemd: add multi-user.target (LP: #1572125)
+ - release: our series is 16
+ - integration-tests: fix snapd binary path for mounting the daemon
+ built from branch
+ - overlord,snap: add firstboot state sync
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 19 Apr 2016 16:02:44 +0200
+
+snapd (2.0.1) xenial; urgency=medium
+
+ * client,daemon,overlord: fix authentication:
+ - fix incorrect authenication check (LP: #1571491)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 18 Apr 2016 07:24:33 +0200
+
+snapd (2.0) xenial; urgency=medium
+
+ * New upstream release:
+ - debian: put snapd in /usr/lib/snapd/
+ - cmd/snap: minor polishing
+ - cmd,client,daemon: add snap abort command
+ - overlord: don't hold locks when callling backends
+ - release,store,daemon: no more default-channel, release=>series
+ - many: drop support for deprecated environment variables
+ (SNAP_APP_*)
+ - many: support individual ids in changes cmd
+ - overlord/state: use numeric change and task ids
+ - overlord/auth,daemon,client,cmd/snap: logout
+ - daemon: don't install ubuntu-core twice
+ - daemon,client,overlord/state,cmd: add changes command
+ - interfaces/dbus: drop superfluous backslash from template
+ - daemon, overlord/snapstate: updates are users too!
+ - cmd/snap,daemon,overlord/ifacestate: add support for developer
+ mode
+ - daemon,overlord/snapstate: on refresh use the remembered channel,
+ default to stable channel otherwise
+ - cmd/snap: improve UX of snap interfaces when there are no results
+ - overlord/state: include time in task log messages
+ - overlord: prune and abort old changes and tasks
+ - overlord/ifacestate: add implicit slots in setup-profiles
+ - daemon,overlord: setup authentication for store downloads
+ - daemon: macaroon-authed users are like root, and sudoers can login
+ - daemon,client,docs: send install options to daemon
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Sat, 16 Apr 2016 22:15:40 +0200
+
+snapd (1.9.4) xenial; urgency=medium
+
+ * New upstream release:
+ - etc: fix desktop file location
+ - overlord/snapstate: stop an update once download sees the revision
+ is already installed
+ - overlord: make SnapState.DevMode a method, store flags
+ - snappy: no more snapYaml in snappy.Snap
+ - daemon,cmd,dirs,lockfile: drop all lockfiles
+ - debian: use sudo in setup of the proxy environment
+ - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
+ environment
+ - snap: validate similarly to what we did with old snapYaml info
+ from squashfs snaps
+ - daemon,store: plug in authentication for store search/details
+ - overlord/snapstate: fix JSON name of SnapState.Candidate
+ - overlord/snapstate: start using revisions higher than 100000 for
+ local installs (sideloads)
+ - interfaces,overlorf/ifacestate: honor user choice and don't auto-
+ connect disconnected plugs
+ - overlord/auth,daemon,client: hide user ids again
+ - daemon,overlord/snapstate: back /snaps (and so snap list) using
+ state
+ - daemon,client,overlord/auth: rework state auth data
+ - overlord/snapstate: disable Activate and Deactivate
+ - debian: fix silly typo in autopkgtest setup
+ - overlord/ifacestate: remove connection state with discard-conns
+ task, on the removal of last snap
+ - daemon,client: rename API update action to refresh
+ - cmd/snap: rework login to be more resilient
+ - overlord/snapstate: deny two changes on one snap
+ - snappy: fix crash on certain snap.yaml
+ - systemd: use native systemctl enable instead of our own
+ implementation
+ - store: add workaround for misbehaving store
+ - debian: make autopkgtest use the right env vars
+ - state: log do/undo status too when a task is run
+ - docs: update rest.md with price information
+ - daemon: only include price property if the snap is non-free
+ - daemon, client, cmd/snap: connect/disconnect now async
+ - snap,snappy: allow snaps to require system features
+ - integration-tests: fix report of skips in SetUpTest method
+ - snappy: clean out major bits (still using Installed) now
+ unreferenced as cmd/snappy is gone
+ - daemon/api,overlord/auth: add helper to get UserState from a
+ client request
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Apr 2016 23:30:00 +0200
+
+snapd (1.9.3) xenial; urgency=medium
+
+ * New upstream release:
+ - many: prepare for opengl support on classic
+ - interfaces/apparmor: load all apparmor profiles on snap setup
+ - daemon,client: move async resource to change in meta
+ - debian: disable autopilot
+ - snap: add basic progress reporting
+ - client,cmd,daemon,snap,store: show the price of snaps in the cli
+ - state: add minimal taskrunner logging
+ - daemon,snap,overlord/snapstate: in the API get the snap icon using
+ state
+ - client,daemon,overlord: don't guess snap file vs. name
+ - overlord/ifacestate: reload snap connections when setting up
+ security for a given snap
+ - snappy: remove cmd/snappy (superseded in favour of cmd/snap)
+ - interfaecs/apparmor: remove all traces of old-security from
+ apparmor backend
+ - interfaces/builtin: add bluez interface
+ - overlord/ifacestate: don't crash if connection cannot be reloaded
+ - debian: add searchSuite to autopkgtest
+ - client, daemon, cmd/snap: no more tasks; everything is changes
+ - client: send authorization header in client requests
+ - client, daemon: marshal suggested currency over REST
+ - docs, snap: enumerate snap types correctly in docs and comments
+ - many: add store authenticator parameter
+ - overlord/ifacestate,daemon: setup security on conect and
+ disconnect
+ - interfaces/apparmor: remove unused apparmor variables
+ - snapstate: add missing "TaskProgressAdapter.Write()" for working
+ progress reporting
+ - many: clean out snap config related code not for OS
+ - daemon,client,cmd: return snap list from /v2/snaps
+ - docs: update `/v2/snaps` endpoint documentation
+ - interfaces: rename developerMode to devMode
+ - daemon,client,overlord: progress current => done
+ - daemon,client,cmd/snap: move query metadata to top-level doc
+ - interfaces: add TestSecurityBackend
+ - many: replace typographic quotes with ASCII
+ - client, daemon: rework rest changes to export "ready" and "err"
+ - overlord/snapstate,snap,store: track snap-id in side-info and
+ therefore in state
+ - daemon: improve mocking of interfaces API tests
+ - integration-tests: remove origins in default snap names for udf
+ call
+ - integration-test: use "snap list" in GetCurrentVersion
+ - many: almost no more NewInstalledSnap reading manifest from
+ snapstate and backend
+ - daemon: auto install ubuntu-core if missing
+ - oauth,store: remove OAuth authentication logic
+ - overlord/ifacestate: simplify some tests with implicit manager
+ initialization
+ - store, snappy: move away from hitting details directly
+ - overlord/ifacestate: reload connections when restarting the
+ manager
+ - overlord/ifacestate: increase flexibility of unit tests
+ - overlord: use state to discover all installed snaps
+ - overlord/ifacestate: track connections in the state
+ - many: separate copy-data from unlinking of current snap
+ - overlord/auth,store/auth: add macaroon authenticator to UserState
+ - client: support for /v2/changes and /v2/changes/{id}
+ - daemon/api,overlord/auth: rework authenticated users information
+ in state
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 14 Apr 2016 23:29:43 +0200
+
+snapd (1.9.2) xenial; urgency=medium
+
+ * New upstream release:
+ - cmd/snap,daemon,store: rework login command to use daemon login
+ API
+ - store: cache suggested currency from the store
+ - overlord/ifacestate: modularize and extend tests
+ - integration-tests: reenable failure tests
+ - daemon: include progress in rest changes
+ - daemon, overlord/state: expose individual changes
+ - overlord/ifacestate: drop duplicate package comment
+ - overlord/ifacestate: allow tests to override security backends
+ - cmd/snap: install *.snap and *.snap.* as files too
+ - interfaces/apparmor: replace /var/lib/snap with /var/snap
+ - daemon,overlord/ifacestate: connect REST API to interfaces in the
+ overlord
+ - debian: remove unneeded dependencies from snapd
+ - overlord/state: checkpoint on final progress only
+ - osutil: introduce IsUIDInAny
+ - overlord/snapstate: rename GetSnapState to Get, SetSnapState to
+ Set
+ - daemon: add id to changes json
+ - overlord/snapstate: SetSnapState() needs locks
+ - overlord: fix broken tests
+ - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
+ Info) actually using the state
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Apr 2016 17:27:00 +0200
+
+snapd (1.9.1.1) xenial; urgency=medium
+
+ * debian/tests/control:
+ - add git to make autopkgtest work
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 17:19:19 +0200
+
+snapd (1.9.1) xenial; urgency=medium
+
+ * Add warning about installing ubuntu-core-snapd-units on Desktop systems.
+ * Add ${misc:Depends} to ubuntu-core-snapd-units.
+ * interfaces,overlord: add support for auto-connecting plugs on
+ install
+ * fix sideloading snaps and (re)add tests for this
+ * add `ca-certificates` to the test-dependencies to fix autopkgtest
+ failure on armhf
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 14:39:57 +0200
+
+snapd (1.9) xenial; urgency=medium
+
+ * rename source and binary package to "snapd"
+ * update directory layout to final 16.04 layout
+ * use `snap` command instead of the previous `snappy`
+ * use `interface` based security
+ * use new state engine for install/update/remove
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 01:05:09 +0200
+
+ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium
+
+ - debian: update versionized ubuntu-core-launcher dependency
+ - debian: tweak desktop file dir, ship Xsession.d snip for seamless
+ integration
+ - snappy: fix hw-assign to work with per-app udev tags
+ - snappy: use $snap.$app as per-app udev tag
+ - snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
+ - snappy: add mksquashfs --no-xattrs parameter
+ - snap,snappy,systemd: kill SNAP_FULLNAME
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Mar 2016 09:26:20 +0100
+
+ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium
+
+ - snappy,snap: move icon under meta/gui/
+ - debian: add snap.8 manpage
+ - debian: move snapd to /usr/lib/snappy/snapd
+ - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
+ - snappy,dirs: add support to use desktop files from inside snaps
+ - daemon: snapd API events endpoint redux
+ - interfaces/builtin: add "network" interface
+ - overlord/state: do small fixes (typo, id clashes paranoia)
+ - overlord: add first pass of the logic in StateEngine itself
+ - overlord/state: introduce Status/SetStatus on Change
+ - interfaces: support permanent security snippets
+ - overlord/state: introduce Status/SetStatus and
+ Progress/SetProgress on Task
+ - overlord/state: introduce Task and Change.NewTask
+ - many: selectively swap semantics of plugs and slots
+ - client,cmd/snap: remove useless indirection in Interfaces
+ - interfaces: maintain Plug and Slot connection details
+ - client,daemon,cmd/snap: change POST /2.0/interfaces to work with
+ lists
+ - overlord/state: introduce Change and NewChange on state to create
+ them
+ - snappy: bugfix for snap.yaml parsing to be more consistent with
+ the spec
+ - snappy,systemd: remove "ports" from snap.yaml
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 08 Mar 2016 11:24:09 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium
+
+ * rename:
+ debian/golang-snappy-dev.install ->
+ debian/golang-github-ubuntu-core-snappy-dev.install:
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:29:16 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium
+
+ * really fix typo in dependency name
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:21:39 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium
+
+ * fix typo in dependency name
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:05:36 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium
+
+ - debian: update build-depends for MIR
+ - many: implement new REST API: GET /2.0/interfaces
+ - integration-tests: properly stop snapd from branch
+ - cmd/snap: update tests for go-flags changes
+ - overlord/state: implement Lock/Unlock with implicit checkpointing
+ - overlord: split out the managers and State to their own
+ subpackages of overlord
+ - snappy: rename "migration-skill" to "old-security" and use new
+ interface names instead of skills
+ - client,cmd/snap: clarify name ambiguity in Plug or Slot
+ - overlord: start working on state engine along spec v2, have the
+ main skeleton follow that
+ - classic, oauth: update tests for change in MakeRandomString()
+ - client,cmd/snap: s/add/install/:-(
+ - interfaces,daemon: specialize Name to either Plug or Slot
+ - interfaces,interfaces/types: unify security snippet functions
+ - snapd: close the listener on Stop, to force the http.Serve loop to
+ exit
+ - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
+ explicit channel selection to rest api
+ - interfaces,daemon: rename package holding built-in interfaces
+ - integration-tests: add the first classic dimension tests
+ - client,deaemon,docs: rename skills to interfaces on the wire
+ - asserts: add identity assertion type
+ - integration-tests: add the no_proxy env var
+ - debian: update build-depends for new package names
+ - oauth: fix oauth & quoting in the oauth_signature
+ - integration-tests: remove unused field
+ - integration-tests: add the http proxy argument
+ - interfaces,interfaces/types,deamon: mass internal rename to
+ interfaces
+ - client,cmd/snap: rename skills to interfaces (part 2)
+ - arch: fix missing mapping for powerpc
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 11:00:19 +0100
+
+ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium
+
+ - integration-tests: always use the built snapd when compiling
+ binaries from branch
+ - cmd/snap: rename skills to interfaces
+ - testutil,skills/types,skills,daemon: tweak discovery of know skill
+ types
+ - docs: add docs for arm64 cross building
+ - overlord: implement basic ReadState/WriteState
+ - overlord: implement Get/Set/Copy on State
+ - integration-tests: fix dd output check
+ - integration-tests: add fromBranch config field
+ - integration-tests: use cli pkg methods in hwAssignSuite
+ - debian: do not create the snappypkg user, we don't need it anymore
+ - arch: fix build failure on s390x
+ - classic: cleanup downloaded lxd tarball
+ - cmd/snap,client,integration-tests: rename snap subcmds
+ 'assert'=>'ack', 'asserts'=>'known'
+ - skills: fix broken tests builds
+ - skills,skills/types: pass slot to SlotSecuritySnippet()
+ - skills/types: teach bool-file about udev security
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 25 Feb 2016 16:17:19 +0100
+
+ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium
+
+ * New git snapshot:
+ - asserts: introduce snap-declaration
+ - cmd/snap: fix integration tests for the "cmd_asserts"
+ - integration-tests: fix fanctl output check
+ - cmd/snap: fix test failure after merging 23a64e6
+ - cmd/snap: replace skip-help with empty description
+ - docs: update security.md to match current migration-skill
+ semantics
+ - snappy: treat commands with 'daemon' field as services
+ - asserts: use more consistent names for receivers in
+ snap_asserts*.go
+ - debian: add missing golang-websocket-dev build-dependency
+ - classic: if classic fails to get created, undo the bind mounts
+ - snappy: never return nil in NewLocalSnapRepository()
+ - notifications: A simple notification system
+ - snappy: when using staging, authenticate there instead
+ - integration-tests/snapd: fix the start of the test snapd socket
+ - skills/types: use CamelCase for security names
+ - skills: add support for implicit revoke
+ - skills: add security layer
+ - integration-tests: use exec.Command wrapper for updates
+ - cmd/snap: add 'snap skills'
+ - cms/snap: add 'snap revoke'
+ - docs: add docs for skills API
+ - cmd/snap: add 'snap grant'
+ - cmd/snappy, coreconfig, daemon, snappy: move config to always be
+ bytes (in and out)
+ - overlord: start with a skeleton and stubs for Overlord,
+ StateEngine, StateJournal and managers
+ - integration-tests: skip tests affected by LP: #1544507
+ - skills/types: add bool-file
+ - po: refresh translation templates
+ - cmd/snap: add 'snap experimental remove-skill-slot'
+ - asserts: introduce device assertion
+ - cmd/snap: implemented add, remove, purge, refresh, rollback,
+ activate, deactivate
+ - cmd/snap: add 'snap experimental add-skill-slot'
+ - cmd/snap: add 'snap experimental remove-skill'
+ - cmd/snap: add tests for common skills code
+ - cmd/snap: add 'snap experimental add-skill'
+ - asserts: make assertion checkers used by db.Check modular and
+ pluggable
+ - cmd,client,daemon,caps,docs,po: remove capabilities
+ - scripts: move the script to get dependencies to a separate file
+ - asserts: make the disk layout compatible for storing more than one
+ revision
+ - cmd/snap: make the assert command options exported
+ - integration-tests: Remove the target release and channel
+ - asserts: introduce model assertion
+ - integration-tests: add exec.Cmd wrapper
+ - cmd/snap: add client test support methods
+ - cmd/snap: move key=value attribute parsing to commmon
+ - cmd/snap: apply new style consistency to "snap" commands.
+ - cmd/snap: support redirecting the client for testing
+ - cmd/snap: support testing command output
+ - snappy,daemon: remove the meta repositories abstractions
+ - cmd: add support for experimental commands
+ - cmd/snappy,daemon,snap,snappy: remove SetActive from parts
+ - cmd/snappy,daemon,snappy,snap: remove config from parts interface
+ - client: improve test data
+ - cmd: allow to construct a fresh parser
+ - cmd: don't treat help as an error
+ - cmd/snappy,snappy: remove "Details" from the repository interface
+ - asserts: check that primary keys are set when
+ Decode()ing/assembling assertions
+ - snap,snappy: refactor to remove "Install" from the Part interface
+ - client,cmd: make client.New() configurable
+ - client: enable retrieving asynchronous operation information with
+ `Client.Operation`.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 23 Feb 2016 11:28:18 +0100
+
+ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium
+
+ * New git snapshot:
+ - integration-tests: fix the rollback error messages
+ - integration-test: use the common cli method when trying to install
+ an unexisting snap
+ - integration-tests: rename snap find test
+ - daemon: refactor makeErrorResponder()
+ - integration: add regression test for LP: #1541317
+ - integration-tests: reenable TestRollbackMustRebootToOtherVersion
+ - asserts: introduce "snap asserts" subcmd to show assertions in the
+ system db
+ - docs: fix parameter style
+ - daemon: use underscore in JSON interface
+ - client: add skills API
+ - asserts,docs/rest.md: change Encoder not to add extra newlines at
+ the end of the stream
+ - integration-tests: "snappy search" is no more, its "snap search"
+ now
+ - README, integration-tests/tests: chmod snapd.socket after manual
+ start.
+ - snappy: add default security profile if none is specified
+ - skills,daemon: add REST APIs for skills
+ - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
+ - The first step towards REST world domination: search is now done
+ via
+ - debian: remove obsolete /etc/grub.d/09_snappy on upgrade
+ - skills: provide different security snippets for skill and slot
+ side
+ - osutil: make go vet happy again
+ - snappy,systemd: use Type field in systemd.ServiceDescription
+ - skills: add basic grant-revoke methods
+ - client,daemon,asserts: expose the ability to query assertions in
+ the system db
+ - skills: add basic methods for slot handling
+ - snappy,daemon,snap: move "Uninstall" into overlord
+ - snappy: move SnapFile.Install() into Overlord.Install()
+ - integration-tests: re-enable some failover tests
+ - client: remove snaps
+ - asserts: uniform searching across trusted (account keys) and main
+ backstore
+ - asserts: introduce Decoder to parse streams of assertions and
+ Encoder to build them
+ - client: filter snaps with a search query
+ - client: pass query as well as path in client internals
+ - skills: provide different security snippets for skill and slot
+ side
+ - snappy: refactor snapYaml to remove methods on snapYaml type
+ - snappy: remove unused variable from test
+ - skills: add basic methods for skill handing
+ - snappy: remove support for meta/package.yaml and implement new
+ meta/snap.yaml
+ - snappy: add new overlord type responsible for
+ Installed/Install/Uninstall/SetActive and stub it out
+ - skills: add basic methods for type handling
+ - daemon, snappy: add find (aka search)
+ - client: filter snaps by type
+ - skills: tweak valid names and error messages
+ - skills: add special skill type for testing
+ - cmd/snapd,daemon: filter snaps by type
+ - partition: remove obsolete uEnv.txt
+ - skills: add Type interface
+ - integration-tests: fix the bootloader path
+ - asserts: introduce a memory backed assertion backstore
+ - integration-tests: get name of OS snap from bootloader
+ - cmd/snapd,daemon: filter snaps by source
+ - asserts,daemon: bump some copyright years for things that have
+ been touched in the new year
+ - skills: add the initial Repository type
+ - skills: add a name validation function
+ - client: filter snaps by source
+ - snappy: unmount the squashfs snap again if it fails to install
+ - snap: make a copy of the search uri before mutating it
+ Closes: LP#1537005
+ - cmd/snap,client,daemon,asserts: introduce "assert " snap
+ subcommand
+ - cmd/snappy, snappy: fix failover handling of the "active"
+ kernel/os snap
+ - daemon, client, docs/rest.md, snapd integration tests: move to the
+ new error response
+ - asserts: change Backstore interface, backstores can now access
+ primary key names from types
+ - asserts: make AssertionType into a real struct exposing the
+ metadata Name and PrimaryKey
+ - caps: improve bool-file sanitization
+ - asserts: fixup toolbelt to use exposed key ID.
+ - client: return by reference rather than by value
+ - asserts: exported filesystem backstores + explicit backstores
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 04 Feb 2016 16:35:31 +0100
+
+ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium
+
+ * New git snapshot
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Jan 2016 11:25:40 +0100
+
+ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium
+
+ * New upstream release:
+ - bin-path integration
+ - assertions/capability work
+ - fix squashfs based snap building
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Dec 2015 08:46:35 +0100
+
+ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium
+
+ * New upstream release:
+ - fix dependencies
+ - fix armhf builds
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Dec 2015 07:46:07 +0100
+
+ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium
+
+ * New upstream release:
+ - kernel/os snap support
+ - squashfs snap support
+ - initial capabilities work
+ - initial assertitions work
+ - rest API support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 18 Nov 2015 19:59:51 +0100
+
+ubuntu-snappy (1.6ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
+ - Fix handleAssets name normalization
+ - Run boot-ok job late (LP: #1476129)
+ - Add support for systemd socket files
+ - Add "snappy service" command
+ - Documentation improvements
+ - Many test improvements (unit and integration)
+ - Override sideload versions
+ - Go1.5 fixes
+ - Add i18n
+ - Add man-page
+ - Add .snapignore
+ - Run services that uses external ports only after the network is up
+ - Bufix in Synbootloader (LP: 1474125)
+ - Use uboot.env for boot state tracking
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 09 Sep 2015 14:20:22 +0200
+
+ubuntu-snappy (1.5ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Use O_TRUNC when copying files
+ - Added path redefinition to include test's binaries location
+ - Don't run update-grub, instead use grub.cfg from the oem
+ package
+ - Do network configuration from first boot
+ - zero size systemd of new partition made executable to
+ prevent unrecoverable boot failure
+ - Close downloaded files
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Mon, 06 Jul 2015 15:14:37 -0300
+
+ubuntu-snappy (1.4ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Allow to run the integration tests using snappy from branch
+ - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
+ - add a bunch of missing i18n.G() now that we have gettext
+ - Generate only the translators comments that start with
+ TRANSLATORS
+ - Try both clickpkg and snappypkg when dropping privs
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 02 Jul 2015 16:21:53 -0300
+
+ubuntu-snappy (1.3ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - gettext support
+ - use snappypkg user for the installed snaps
+ - switch to system-image-3.x as the system-image backend
+ - more reliable developer mode detection
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Jul 2015 10:37:05 +0200
+
+ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Consider the root directory when installing and removing policies
+ - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
+ before creating the partition type
+ - In the PartitionTestSuite, remove the unnecessary patches for
+ defaultCacheDir
+ - Fix the help output of "snappy install -h"
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 17 Jun 2015 11:42:47 -0300
+
+ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Remove compatibility for click-bin-path in generated exec-wrappers
+ - Release the readme.md after parsing it
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 11 Jun 2015 23:42:49 -0300
+
+ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium
+
+ * New upstream release, including the following changes:
+ - Set all app services to restart on failure
+ - Fixes the missing oauth quoting and makes the code a bit nicer
+ - Added integrate() to set Integration to default values needed for
+ integration
+ - Moved setActivateClick to be a method of SnapPart
+ - Make unsetActiveClick a method of SnapPart
+ - Check the package.yaml for the required fields
+ - Integrate lp:snappy/selftest branch into snappy itself
+ - API to record information about the image and to check if the kernel was
+ sideloaded.
+ - Factor out update from cmd
+ - Continue updating when a sideload error is returned
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 10 Jun 2015 15:54:12 -0300
+
+ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low
+
+ * New wily upload with fix for go 1.4 syscall.Setgid() breakage
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 09 Jun 2015 10:02:04 +0200
+
+ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low
+
+ * fix symlink unpacking
+ * fix typo in apparmor rules generation
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 16:09:56 +0200
+
+ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low
+
+ * 15.04 archive upload
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 11:08:22 +0200
+
+ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium
+
+ * initial ubuntu archive upload
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 13 Apr 2015 22:48:13 -0500
+
+ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low
+
+ * new snapshot
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Feb 2015 13:51:22 +0100
+
+ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium
+
+ * Initial packaging
+
+ -- Sergio Schvezov <sergio.schvezov@canonical.com> Fri, 06 Feb 2015 02:25:43 -0200
--- /dev/null
+Index: snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c
+===================================================================
+--- snapd-2.49.orig/cmd/libsnap-confine-private/apparmor-support.c
++++ snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c
+@@ -20,6 +20,8 @@
+ #endif
+
+ #include "apparmor-support.h"
++#include "string-utils.h"
++#include "utils.h"
+
+ #include <string.h>
+ #include <errno.h>
+@@ -53,18 +55,24 @@ void sc_init_apparmor_support(struct sc_
+ debug
+ ("apparmor is available on the system but has been disabled at boot");
+ break;
+- case ENOENT:
+- debug
+- ("apparmor is available but the interface but the interface is not available");
+- break;
+ case EPERM:
+ // NOTE: fall-through
+ case EACCES:
+ debug
+ ("insufficient permissions to determine if apparmor is enabled");
+- break;
++ // since snap-confine is setuid root this should
++ // never happen so likely someone is trying to
++ // manipulate our execution environment - fail hard
++
++ // fall-through
++ case ENOENT:
++ case ENOMEM:
+ default:
+- debug("apparmor is not enabled: %s", strerror(errno));
++ // this shouldn't happen under normal usage so it
++ // is possible someone is trying to manipulate our
++ // execution environment - fail hard
++ die("aa_is_enabled() failed unexpectedly (%s)",
++ strerror(errno));
+ break;
+ }
+ apparmor->is_confined = false;
+@@ -81,13 +89,13 @@ void sc_init_apparmor_support(struct sc_
+ }
+ debug("apparmor label on snap-confine is: %s", label);
+ debug("apparmor mode is: %s", mode);
+- // The label has a special value "unconfined" that is applied to all
+- // processes without a dedicated profile. If that label is used then the
+- // current process is not confined. All other labels imply confinement.
+- if (label != NULL && strcmp(label, SC_AA_UNCONFINED_STR) == 0) {
+- apparmor->is_confined = false;
+- } else {
++ // expect to be confined by a profile with the name of a valid
++ // snap-confine binary since if not we may be executed under a
++ // profile with more permissions than expected
++ if (label != NULL && sc_streq(mode, SC_AA_ENFORCE_STR) && sc_is_expected_path(label)) {
+ apparmor->is_confined = true;
++ } else {
++ apparmor->is_confined = false;
+ }
+ // There are several possible results for the confinement type (mode) that
+ // are checked for below.
+Index: snapd-2.49/cmd/libsnap-confine-private/tool.c
+===================================================================
+--- snapd-2.49.orig/cmd/libsnap-confine-private/tool.c
++++ snapd-2.49/cmd/libsnap-confine-private/tool.c
+@@ -110,7 +110,7 @@ void sc_call_snap_update_ns_as_user(int
+ snap_name);
+
+ const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
+- char xdg_runtime_dir_env[PATH_MAX + strlen("XDG_RUNTIME_DIR=")];
++ char xdg_runtime_dir_env[PATH_MAX + sizeof("XDG_RUNTIME_DIR=")] = { 0 };
+ if (xdg_runtime_dir != NULL) {
+ sc_must_snprintf(xdg_runtime_dir_env,
+ sizeof(xdg_runtime_dir_env),
+@@ -163,14 +163,21 @@ static int sc_open_snapd_tool(const char
+ // want to store the terminating '\0'. The readlink system call doesn't add
+ // terminating null, but our initialization of buf handles this for us.
+ char buf[PATH_MAX + 1] = { 0 };
+- if (readlink("/proc/self/exe", buf, sizeof buf) < 0) {
++ if (readlink("/proc/self/exe", buf, sizeof(buf) - 1) < 0) {
+ die("cannot readlink /proc/self/exe");
+ }
+ if (buf[0] != '/') { // this shouldn't happen, but make sure have absolute path
+ die("readlink /proc/self/exe returned relative path");
+ }
++ // as we are looking up other tools relative to our own path, check
++ // we are located where we think we should be - otherwise we
++ // may have been hardlink'd elsewhere and then may execute the
++ // wrong tool as a result
++ if (!sc_is_expected_path(buf)) {
++ die("running from unexpected location: %s", buf);
++ }
+ char *dir_name = dirname(buf);
+- int dir_fd SC_CLEANUP(sc_cleanup_close) = 1;
++ int dir_fd SC_CLEANUP(sc_cleanup_close) = -1;
+ dir_fd = open(dir_name, O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
+ if (dir_fd < 0) {
+ die("cannot open path %s", dir_name);
+Index: snapd-2.49/cmd/libsnap-confine-private/utils-test.c
+===================================================================
+--- snapd-2.49.orig/cmd/libsnap-confine-private/utils-test.c
++++ snapd-2.49/cmd/libsnap-confine-private/utils-test.c
+@@ -71,6 +71,37 @@ static void test_parse_bool(void)
+ g_assert_cmpint(errno, ==, EFAULT);
+ }
+
++static void test_sc_is_expected_path(void)
++{
++ struct {
++ const char *path;
++ bool expected;
++ } test_cases[] = {
++ {"/tmp/snap-confine", false},
++ {"/tmp/foo", false},
++ {"/home/ ", false},
++ {"/usr/lib/snapd/snap-confine1", false},
++ {"/usr/lib/snapd/snap—confine", false},
++ {"/snap/core/usr/lib/snapd/snap-confine", false},
++ {"/snap/core/x1x/usr/lib/snapd/snap-confine", false},
++ {"/snap/core/z1/usr/lib/snapd/snap-confine", false},
++ {"/snap/cꓳre/1/usr/lib/snapd/snap-confine", false},
++ {"/snap/snapd1/1/usr/lib/snapd/snap-confine", false},
++ {"/snap/core/current/usr/lib/snapd/snap-confine", false},
++ {"/usr/lib/snapd/snap-confine", true},
++ {"/usr/libexec/snapd/snap-confine", true},
++ {"/snap/core/1/usr/lib/snapd/snap-confine", true},
++ {"/snap/core/x1/usr/lib/snapd/snap-confine", true},
++ {"/snap/snapd/1/usr/lib/snapd/snap-confine", true},
++ {"/snap/snapd/1/usr/libexec/snapd/snap-confine", false},
++ };
++ size_t i;
++ for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
++ bool result = sc_is_expected_path(test_cases[i].path);
++ g_assert_cmpint(result, ==, test_cases[i].expected);
++ }
++}
++
+ static void test_die(void)
+ {
+ if (g_test_subprocess()) {
+@@ -194,6 +225,7 @@ static void test_sc_nonfatal_mkpath__abs
+ static void __attribute__((constructor)) init(void)
+ {
+ g_test_add_func("/utils/parse_bool", test_parse_bool);
++ g_test_add_func("/utils/sc_is_expected_path", test_sc_is_expected_path);
+ g_test_add_func("/utils/die", test_die);
+ g_test_add_func("/utils/die_with_errno", test_die_with_errno);
+ g_test_add_func("/utils/sc_nonfatal_mkpath/relative",
+Index: snapd-2.49/cmd/libsnap-confine-private/utils.c
+===================================================================
+--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.c
++++ snapd-2.49/cmd/libsnap-confine-private/utils.c
+@@ -16,6 +16,7 @@
+ */
+ #include <errno.h>
+ #include <fcntl.h>
++#include <regex.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -237,3 +238,15 @@ int sc_nonfatal_mkpath(const char *const
+ }
+ return 0;
+ }
++
++bool sc_is_expected_path(const char *path)
++{
++ const char *expected_path_re =
++ "^(/snap/(snapd|core)/x?[0-9]+/usr/lib|/usr/lib(exec)?)/snapd/snap-confine$";
++ regex_t re;
++ if (regcomp(&re, expected_path_re, REG_EXTENDED | REG_NOSUB) != 0)
++ die("can not compile regex %s", expected_path_re);
++ int status = regexec(&re, path, 0, NULL, 0);
++ regfree(&re);
++ return status == 0;
++}
+Index: snapd-2.49/cmd/libsnap-confine-private/utils.h
+===================================================================
+--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.h
++++ snapd-2.49/cmd/libsnap-confine-private/utils.h
+@@ -101,4 +101,10 @@ void write_string_to_file(const char *fi
+ **/
+ __attribute__((warn_unused_result))
+ int sc_nonfatal_mkpath(const char *const path, mode_t mode);
++
++/**
++ * Return true if path is a valid path for the snap-confine binary
++ **/
++__attribute__((warn_unused_result))
++bool sc_is_expected_path(const char *path);
+ #endif
+Index: snapd-2.49/cmd/snap-confine/mount-support-test.c
+===================================================================
+--- snapd-2.49.orig/cmd/snap-confine/mount-support-test.c
++++ snapd-2.49/cmd/snap-confine/mount-support-test.c
+@@ -21,6 +21,7 @@
+ #include "mount-support-nvidia.c"
+
+ #include <glib.h>
++#include <glib/gstdio.h>
+
+ static void replace_slashes_with_NUL(char *path, size_t len)
+ {
+@@ -91,10 +92,50 @@ static void test_is_subdir(void)
+ g_assert_false(is_subdir("/", ""));
+ }
+
++static void test_must_mkdir_and_open_with_perms(void)
++{
++ // make a directory with some contents and check we can
++ // must_mkdir_and_open_with_perms() to get control of it
++ GError *error = NULL;
++ GStatBuf st;
++ gchar *test_dir = g_dir_make_tmp("test-mkdir-XXXXXX", &error);
++ g_assert_no_error(error);
++ g_assert_nonnull(test_dir);
++ g_assert_cmpint(chmod(test_dir, 0755), ==, 0);
++ g_assert_true(g_file_test
++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0);
++ g_assert_true(st.st_uid == getuid());
++ g_assert_true(st.st_gid == getgid());
++ g_assert_true(st.st_mode == (S_IFDIR | 0755));
++
++ gchar *test_subdir = g_build_filename(test_dir, "foo", NULL);
++ g_assert_cmpint(g_mkdir_with_parents(test_dir, 0755), ==, 0);
++ g_file_test(test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR);
++
++ // take over dir
++ int fd =
++ must_mkdir_and_open_with_perms(test_dir, getuid(), getgid(), 0700);
++ // check can unlink dir itself with no contents successfully and it
++ // still exists
++ g_assert_cmpint(fd, >=, 0);
++ g_assert_false(g_file_test
++ (test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
++ g_assert_true(g_file_test
++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0);
++ g_assert_true(st.st_uid == getuid());
++ g_assert_true(st.st_gid == getgid());
++ g_assert_true(st.st_mode == (S_IFDIR | 0700));
++ close(fd);
++}
++
+ static void __attribute__((constructor)) init(void)
+ {
+ g_test_add_func("/mount/get_nextpath/typical",
+ test_get_nextpath__typical);
+ g_test_add_func("/mount/get_nextpath/weird", test_get_nextpath__weird);
+ g_test_add_func("/mount/is_subdir", test_is_subdir);
++ g_test_add_func("/mount/must_mkdir_and_open_with_perms",
++ test_must_mkdir_and_open_with_perms);
+ }
+Index: snapd-2.49/cmd/snap-confine/mount-support.c
+===================================================================
+--- snapd-2.49.orig/cmd/snap-confine/mount-support.c
++++ snapd-2.49/cmd/snap-confine/mount-support.c
+@@ -14,6 +14,7 @@
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
++
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+ #endif
+@@ -51,6 +52,91 @@
+
+ static void sc_detach_views_of_writable(sc_distro distro, bool normal_mode);
+
++static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid,
++ mode_t mode)
++{
++ int retries = 10;
++ int fd;
++
++ mkdir:
++ if (--retries == 0) {
++ die("lost race to create dir %s too many times", dir);
++ }
++ // Ignore EEXIST since we want to reuse and we will open with
++ // O_NOFOLLOW, below.
++ if (mkdir(dir, 0700) < 0 && errno != EEXIST) {
++ die("cannot create directory %s", dir);
++ }
++ fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
++ if (fd < 0) {
++ // if is not a directory then remove it and try again
++ if (errno == ENOTDIR && unlink(dir) == 0) {
++ goto mkdir;
++ }
++ die("cannot open directory %s", dir);
++ }
++ // ensure base_dir has the expected permissions since it may have
++ // already existed
++ struct stat st;
++ if (fstat(fd, &st) < 0) {
++ die("cannot stat base directory %s", dir);
++ }
++ if (st.st_uid != uid || st.st_gid != gid
++ || st.st_mode != (S_IFDIR | mode)) {
++ unsigned char random[10] = { 0 };
++ char random_dir[MAX_BUF] = { 0 };
++ int offset;
++ size_t i;
++
++ // base_dir isn't what we expect - create a random
++ // directory name and rename the existing erroneous
++ // base_dir to this then try recreating it again - NOTE we
++ // don't use mkdtemp() here since we don't want to actually
++ // create the directory yet as we want rename() to do that
++ // for us
++#ifdef SYS_getrandom
++ // use syscall(SYS_getrandom) since getrandom() is
++ // not available on older glibc
++ if (syscall(SYS_getrandom, random, sizeof(random), 0) !=
++ sizeof(random)) {
++ die("cannot get random bytes");
++ }
++#else
++ // use /dev/urandom on older systems which don't support
++ // SYS_getrandom
++ int rfd = open("/dev/urandom", O_RDONLY);
++ if (rfd < 0) {
++ die("cannot open /dev/urandom");
++ }
++ if (read(rfd, random, sizeof(random)) != sizeof(random)) {
++ die("cannot get random bytes");
++ }
++ close(rfd);
++#endif
++ offset =
++ sc_must_snprintf(random_dir, sizeof(random_dir), "%s.",
++ dir);
++ for (i = 0; i < sizeof(random); i++) {
++ offset +=
++ sc_must_snprintf(random_dir + offset,
++ sizeof(random_dir) - offset,
++ "%02x", (unsigned int)random[i]);
++ }
++ // try and get dir which we own by renaming it to something
++ // else then creating it again
++
++ // TODO - change this to use renameat2(RENAME_EXCHANGE)
++ // once we can use a newer version of glibc for snapd
++ if (rename(dir, random_dir) < 0) {
++ die("cannot rename base_dir to random_dir '%s'",
++ random_dir);
++ }
++ close(fd);
++ goto mkdir;
++ }
++ return fd;
++}
++
+ // TODO: simplify this, after all it is just a tmpfs
+ // TODO: fold this into bootstrap
+ static void setup_private_mount(const char *snap_name)
+@@ -86,29 +172,8 @@ static void setup_private_mount(const ch
+ /* Switch to root group so that mkdir and open calls below create filesystem
+ * elements that are not owned by the user calling into snap-confine. */
+ sc_identity old = sc_set_effective_identity(sc_root_group_identity());
+- // Create /tmp/snap.$SNAP_NAME/ 0700 root.root. Ignore EEXIST since we want
+- // to reuse and we will open with O_NOFOLLOW, below.
+- if (mkdir(base_dir, 0700) < 0 && errno != EEXIST) {
+- die("cannot create base directory %s", base_dir);
+- }
+- base_dir_fd = open(base_dir,
+- O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
+- if (base_dir_fd < 0) {
+- die("cannot open base directory %s", base_dir);
+- }
+- /* This seems redundant on first read but it has the non-obvious
+- * property of changing existing directories that have already existed
+- * but had incorrect ownership or permission. This is possible due to
+- * earlier bugs in snap-confine and due to the fact that some systems
+- * use persistent /tmp directory and may not clean up leftover files
+- * for arbitrarily long. This comment applies the following two pairs
+- * of fchmod and fchown. */
+- if (fchmod(base_dir_fd, 0700) < 0) {
+- die("cannot chmod base directory %s to 0700", base_dir);
+- }
+- if (fchown(base_dir_fd, 0, 0) < 0) {
+- die("cannot chown base directory %s to root.root", base_dir);
+- }
++ // Create /tmp/snap.$SNAP_NAME/ 0700 root.root.
++ base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700);
+ // Create /tmp/snap.$SNAP_NAME/tmp 01777 root.root Ignore EEXIST since we
+ // want to reuse and we will open with O_NOFOLLOW, below.
+ if (mkdirat(base_dir_fd, "tmp", 01777) < 0 && errno != EEXIST) {
+@@ -120,14 +185,14 @@ static void setup_private_mount(const ch
+ if (tmp_dir_fd < 0) {
+ die("cannot open private tmp directory %s/tmp", base_dir);
+ }
+- if (fchmod(tmp_dir_fd, 01777) < 0) {
+- die("cannot chmod private tmp directory %s/tmp to 01777",
+- base_dir);
+- }
+ if (fchown(tmp_dir_fd, 0, 0) < 0) {
+ die("cannot chown private tmp directory %s/tmp to root.root",
+ base_dir);
+ }
++ if (fchmod(tmp_dir_fd, 01777) < 0) {
++ die("cannot chmod private tmp directory %s/tmp to 01777",
++ base_dir);
++ }
+ sc_do_mount(tmp_dir, "/tmp", NULL, MS_BIND, NULL);
+ sc_do_mount("none", "/tmp", NULL, MS_PRIVATE, NULL);
+ }
+@@ -448,7 +513,8 @@ static void sc_bootstrap_mount_namespace
+ sc_identity old = sc_set_effective_identity(sc_root_group_identity());
+ if (mkdir(SC_HOSTFS_DIR, 0755) < 0) {
+ if (errno != EEXIST) {
+- die("cannot perform operation: mkdir %s", SC_HOSTFS_DIR);
++ die("cannot perform operation: mkdir %s",
++ SC_HOSTFS_DIR);
+ }
+ }
+ (void)sc_set_effective_identity(old);
+Index: snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in
+===================================================================
+--- snapd-2.49.orig/cmd/snap-confine/snap-confine.apparmor.in
++++ snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in
+@@ -41,6 +41,17 @@
+
+ @LIBEXECDIR@/snap-confine mr,
+
++ # This rule is needed when executing from a "base: core" devmode snap on
++ # UC18 and newer where the /usr/lib/snapd/snap-confine inside the
++ # "base: core" mount namespace always comes from the snapd snap, and thus
++ # we will execute snap-confine via this path, and thus need to be able to
++ # read this path when executing. It's also necessary on classic where both
++ # the snapd and the core snap are installed at the same time.
++ # TODO: remove this rule when we stop supporting executing other snaps from
++ # inside devmode snaps, ideally even in the short term we would only include
++ # this rule on core only, and specifically uc18 and newer where we need it
++ #@VERBATIM_LIBEXECDIR_SNAP_CONFINE@ mr,
++
+ /dev/null rw,
+ /dev/full rw,
+ /dev/zero rw,
+@@ -376,10 +387,10 @@
+ # stacked filesystems generally.
+ # encrypted ~/.Private and old-style encrypted $HOME
+ @{HOME}/.Private/ r,
+- @{HOME}/.Private/** mrixwlk,
++ @{HOME}/.Private/** mrwlk,
+ # new-style encrypted $HOME
+ @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
+- @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
++ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
+
+ # Allow snap-confine to move to the void, creating it if necessary.
+ /var/lib/snapd/void/ rw,
+Index: snapd-2.49/interfaces/apparmor/apparmor.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/apparmor.go
++++ snapd-2.49/interfaces/apparmor/apparmor.go
+@@ -38,17 +38,6 @@ import (
+ "github.com/snapcore/snapd/osutil"
+ )
+
+-// ValidateNoAppArmorRegexp will check that the given string does not
+-// contain AppArmor regular expressions (AARE), double quotes or \0.
+-func ValidateNoAppArmorRegexp(s string) error {
+- const AARE = `?*[]{}^"` + "\x00"
+-
+- if strings.ContainsAny(s, AARE) {
+- return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE)
+- }
+- return nil
+-}
+-
+ type aaParserFlags int
+
+ const (
+Index: snapd-2.49/interfaces/apparmor/apparmor_test.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/apparmor_test.go
++++ snapd-2.49/interfaces/apparmor/apparmor_test.go
+@@ -217,22 +217,6 @@ func (s *appArmorSuite) TestLoadedApparm
+ c.Check(profiles, IsNil)
+ }
+
+-func (s *appArmorSuite) TestValidateFreeFromAAREUnhappy(c *C) {
+- var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"}
+-
+- for _, s := range testCases {
+- c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s))
+- }
+-}
+-
+-func (s *appArmorSuite) TestValidateFreeFromAAREhappy(c *C) {
+- var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a<b", "a|b"}
+-
+- for _, s := range testCases {
+- c.Check(apparmor.ValidateNoAppArmorRegexp(s), IsNil, Commentf("%q raised an error but shouldn't", s))
+- }
+-}
+-
+ func (s *appArmorSuite) TestMaybeSetNumberOfJobs(c *C) {
+ var cpus int
+ restore := apparmor.MockRuntimeNumCPU(func() int {
+Index: snapd-2.49/interfaces/apparmor/backend.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/backend.go
++++ snapd-2.49/interfaces/apparmor/backend.go
+@@ -69,6 +69,9 @@ var (
+ // Backend is responsible for maintaining apparmor profiles for snaps and parts of snapd.
+ type Backend struct {
+ preseed bool
++
++ coreSnap *snap.Info
++ snapdSnap *snap.Info
+ }
+
+ // Name returns the name of the backend.
+@@ -81,6 +84,11 @@ func (b *Backend) Initialize(opts *inter
+ if opts != nil && opts.Preseed {
+ b.preseed = true
+ }
++
++ if opts != nil {
++ b.coreSnap = opts.CoreSnapInfo
++ b.snapdSnap = opts.SnapdSnapInfo
++ }
+ // NOTE: It would be nice if we could also generate the profile for
+ // snap-confine executing from the core snap, right here, and not have to
+ // do this in the Setup function below. I sadly don't think this is
+@@ -211,7 +219,16 @@ func snapConfineFromSnapProfile(info *sn
+ patchedProfileText := bytes.Replace(
+ vanillaProfileText, []byte("/usr/lib/snapd/snap-confine"), []byte(snapConfineInCore), -1)
+
+- // We need to add a uniqe prefix that can never collide with a
++ // Also replace the test providing access to verbatim
++ // /usr/lib/snapd/snap-confine, which is necessary because to execute snaps
++ // from strict snaps, we need to be able read and map
++ // /usr/lib/snapd/snap-confine from inside the strict snap mount namespace,
++ // even though /usr/lib/snapd/snap-confine from inside the strict snap mount
++ // namespace is actually a bind mount to the "snapConfineInCore"
++ patchedProfileText = bytes.Replace(
++ patchedProfileText, []byte("#@VERBATIM_LIBEXECDIR_SNAP_CONFINE@"), []byte("/usr/lib/snapd/snap-confine"), -1)
++
++ // We need to add a unique prefix that can never collide with a
+ // snap on the system. Using "snap-confine.*" is similar to
+ // "snap-update-ns.*" that is already used there
+ //
+@@ -564,12 +581,12 @@ func (b *Backend) deriveContent(spec *Sp
+ // Add profile for each app.
+ for _, appInfo := range snapInfo.Apps {
+ securityTag := appInfo.SecurityTag()
+- addContent(securityTag, snapInfo, appInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
++ b.addContent(securityTag, snapInfo, appInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
+ }
+ // Add profile for each hook.
+ for _, hookInfo := range snapInfo.Hooks {
+ securityTag := hookInfo.SecurityTag()
+- addContent(securityTag, snapInfo, "hook."+hookInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
++ b.addContent(securityTag, snapInfo, "hook."+hookInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
+ }
+ // Add profile for snap-update-ns if we have any apps or hooks.
+ // If we have neither then we don't have any need to create an executing environment.
+@@ -610,7 +627,7 @@ func addUpdateNSProfile(snapInfo *snap.I
+ }
+ }
+
+-func addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts interfaces.ConfinementOptions, snippetForTag string, content map[string]osutil.FileState, spec *Specification) {
++func (b *Backend) addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts interfaces.ConfinementOptions, snippetForTag string, content map[string]osutil.FileState, spec *Specification) {
+ // If base is specified and it doesn't match the core snaps (not
+ // specifying a base should use the default core policy since in this
+ // case, the 'core' snap is used for the runtime), use the base
+@@ -638,6 +655,151 @@ func addContent(securityTag string, snap
+ }
+ policy = templatePattern.ReplaceAllStringFunc(policy, func(placeholder string) string {
+ switch placeholder {
++ case "###DEVMODE_SNAP_CONFINE###":
++ if !opts.DevMode {
++ // nothing to add if we are not in devmode
++ return ""
++ }
++
++ // otherwise we need to generate special policy to allow executing
++ // snap-confine from inside a devmode snap
++
++ // TODO: we should deprecate this and drop it in a future release
++
++ // assumes coreSnapInfo is not nil
++ coreProfileTarget := func() string {
++ return fmt.Sprintf("/snap/core/%s/usr/lib/snapd/snap-confine", b.coreSnap.SnapRevision().String())
++ }
++
++ // assumes snapdSnapInfo is not nil
++ snapdProfileTarget := func() string {
++ return fmt.Sprintf("/snap/snapd/%s/usr/lib/snapd/snap-confine", b.snapdSnap.SnapRevision().String())
++ }
++
++ // There are 3 main apparmor exec transition rules we need to
++ // generate:
++ // * exec( /usr/lib/snapd/snap-confine ... )
++ // * exec( /snap/snapd/<rev>/usr/lib/snapd/snap-confine ... )
++ // * exec( /snap/core/<rev>/usr/lib/snapd/snap-confine ... )
++
++ // The latter two can always transition to their respective
++ // revisioned profiles unambiguously if each snap is installed.
++
++ // The former rule for /usr/lib/snapd/snap-confine however is
++ // more tricky. First, we can say that if only the snapd snap is
++ // installed, to just transition to that profile and be done. If
++ // just the core snap is installed, then we can deduce this
++ // system is either UC16 or a classic one, in both cases though
++ // we have /usr/lib/snapd/snap-confine defined as the profile to
++ // transition to.
++ // If both snaps are installed however, then we need to branch
++ // and pick a profile that exists, we can't just arbitrarily
++ // pick one profile because not all profiles will exist on all
++ // systems actually, for example the snap-confine profile from
++ // the core snap will not be generated/installed on UC18+. We
++ // can simplify the logic however by realizing that no matter
++ // the relative version numbers of snapd and core, when
++ // executing a snap with base other than core (i.e. base core18
++ // or core20), the snapd snap's version of snap-confine will
++ // always be used for various reasons. This is also true for
++ // base: core snaps, but only on non-classic systems. So we
++ // essentially say that /usr/lib/snapd/snap-confine always
++ // transitions to the snapd snap profile if the base is not
++ // core or if the system is not classic. If the base is core and
++ // the system is classic, then the core snap profile will be
++ // used.
++
++ usrLibSnapdConfineTransitionTarget := ""
++ switch {
++ case b.coreSnap != nil && b.snapdSnap == nil:
++ // only core snap - use /usr/lib/snapd/snap-confine always
++ usrLibSnapdConfineTransitionTarget = "/usr/lib/snapd/snap-confine"
++ case b.snapdSnap != nil && b.coreSnap == nil:
++ // only snapd snap - use snapd snap version
++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget()
++ case b.snapdSnap != nil && b.coreSnap != nil:
++ // both are installed - need to check which one to use
++ // TODO: is snapInfo.Base sometimes unset for snaps w/o bases
++ // these days? maybe this needs to be this instead ?
++ // if release.OnClassic && (snapInfo.Base == "core" || snapInfo.Base == "")
++ if release.OnClassic && snapInfo.Base == "core" {
++ // use the core snap as the target only if we are on
++ // classic and the base is core
++ usrLibSnapdConfineTransitionTarget = coreProfileTarget()
++ } else {
++ // otherwise always use snapd
++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget()
++ }
++
++ default:
++ // neither of the snaps are installed
++
++ // TODO: this panic is unfortunate, but we don't have time
++ // to do any better for this security release
++ // It is actually important that we panic here, the only
++ // known circumstance where this happens is when we are
++ // seeding during first boot of UC16 with a very new core
++ // snap (i.e. with the security fix of 2.54.3) and also have
++ // a devmode confined snap in the seed to prepare. In this
++ // situation, when we panic(), we force snapd to exit, and
++ // systemd will restart us and we actually recover the
++ // initial seed change and continue on. This code will be
++ // removed/adapted before it is merged to the main branch,
++ // it is only meant to exist on the security release branch.
++ msg := fmt.Sprintf("neither snapd nor core snap available while preparing apparmor profile for devmode snap %s, panicing to restart snapd to continue seeding", snapInfo.InstanceName())
++ panic(msg)
++ }
++
++ // We use Pxr for all these rules since the snap-confine profile
++ // is not a child profile of the devmode complain profile we are
++ // generating right now.
++ usrLibSnapdConfineTransitionRule := fmt.Sprintf("/usr/lib/snapd/snap-confine Pxr -> %s,\n", usrLibSnapdConfineTransitionTarget)
++
++ coreSnapConfineSnippet := ""
++ if b.coreSnap != nil {
++ coreSnapConfineSnippet = fmt.Sprintf("/snap/core/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", coreProfileTarget())
++ }
++
++ snapdSnapConfineSnippet := ""
++ if b.snapdSnap != nil {
++ snapdSnapConfineSnippet = fmt.Sprintf("/snap/snapd/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", snapdProfileTarget())
++ }
++
++ nonBaseCoreTransitionSnippet := coreSnapConfineSnippet + "\n" + snapdSnapConfineSnippet
++
++ // include both rules for the core snap and the snapd snap since
++ // we can't know which one will be used at runtime (for example
++ // SNAP_REEXEC could be set which affects which one is used)
++ return fmt.Sprintf(`
++ # allow executing the snap command from either the rootfs (for base: core) or
++ # from the system snaps (all other bases) - this is very specifically only to
++ # enable proper apparmor profile transition to snap-confine below, if we don't
++ # include these exec rules, then when executing the snap command, apparmor
++ # will create a new, unique sub-profile which then cannot be transitioned from
++ # to the actual snap-confine profile
++ /usr/bin/snap ixr,
++ /snap/{snapd,core}/*/usr/bin/snap ixr,
++
++ # allow transitioning to snap-confine to support executing strict snaps from
++ # inside devmode confined snaps
++
++ # this first rule is to handle the case of exec()ing
++ # /usr/lib/snapd/snap-confine directly, the profile we transition to depends
++ # on whether we are classic or not, what snaps (snapd or core) are installed
++ # and also whether this snap is a base: core snap or a differently based snap.
++ # see the comment in interfaces/backend/apparmor.go where this snippet is
++ # generated for the full context
++ %[1]s
++
++ # the second (and possibly third if both core and snapd are installed) rule is
++ # to handle direct exec() of snap-confine from the respective snaps directly,
++ # this happens mostly on non-core based snaps, wherein the base snap has a
++ # symlink from /usr/bin/snap -> /snap/snapd/current/usr/bin/snap, which makes
++ # the snap command execute snap-confine directly from the associated system
++ # snap in /snap/{snapd,core}/<rev>/usr/lib/snapd/snap-confine
++ %[2]s
++`, usrLibSnapdConfineTransitionRule, nonBaseCoreTransitionSnippet)
++
+ case "###VAR###":
+ return templateVariables(snapInfo, securityTag, cmdName)
+ case "###PROFILEATTACH###":
+Index: snapd-2.49/interfaces/apparmor/backend_test.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/backend_test.go
++++ snapd-2.49/interfaces/apparmor/backend_test.go
+@@ -169,6 +169,9 @@ func (s *backendSuite) SetUpTest(c *C) {
+ s.parserCmd = testutil.MockCommand(c, "apparmor_parser", fakeAppArmorParser)
+
+ apparmor.MockRuntimeNumCPU(func() int { return 99 })
++
++ err = s.Backend.Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
+ }
+
+ func (s *backendSuite) TearDownTest(c *C) {
+@@ -1352,7 +1355,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer cmd.Restore()
+
+ // Setup generated policy for snap-confine.
+- err := (&apparmor.Backend{}).Initialize(nil)
++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+ c.Assert(cmd.Calls(), HasLen, 0)
+
+@@ -1408,7 +1411,7 @@ func (s *backendSuite) testSetupSnapConf
+ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil)
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+
+ // Because NFS is being used, we have the extra policy file.
+@@ -1461,7 +1464,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer restore()
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+
+ // Because NFS is being used, we have the extra policy file.
+@@ -1506,7 +1509,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer restore()
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ // NOTE: Errors in determining NFS are non-fatal to prevent snapd from
+ // failing to operate. A warning message is logged but system operates as
+ // if NFS was not active.
+@@ -1543,7 +1546,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer restore()
+
+ // Setup generated policy for snap-confine.
+- err := (&apparmor.Backend{}).Initialize(nil)
++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, ErrorMatches, "cannot read .*corrupt-proc-self-exe: .*")
+
+ // We didn't create the policy file.
+@@ -1582,7 +1585,7 @@ func (s *backendSuite) TestSetupSnapConf
+ c.Assert(ioutil.WriteFile(filepath.Join(apparmor_sandbox.ConfDir, "usr.lib.snapd.snap-confine"), []byte(""), 0644), IsNil)
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, ErrorMatches, "cannot reload snap-confine apparmor profile: .*\n.*\ntesting\n")
+
+ // While created the policy file initially we also removed it so that
+@@ -1598,13 +1601,15 @@ func (s *backendSuite) TestSetupSnapConf
+ // Test behavior when MkdirAll fails
+ func (s *backendSuite) TestSetupSnapConfineGeneratedPolicyError4(c *C) {
+ // Create a file where we would expect to find the local policy.
+- err := os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755)
++ err := os.RemoveAll(filepath.Dir(dirs.SnapConfineAppArmorDir))
++ c.Assert(err, IsNil)
++ err = os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755)
+ c.Assert(err, IsNil)
+ err = ioutil.WriteFile(dirs.SnapConfineAppArmorDir, []byte(""), 0644)
+ c.Assert(err, IsNil)
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, ErrorMatches, "*.: not a directory")
+ }
+
+@@ -1651,7 +1656,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer os.Chmod(dirs.SnapConfineAppArmorDir, 0755)
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, ErrorMatches, `cannot synchronize snap-confine policy: remove .*/generated-test: permission denied`)
+
+ // The policy directory was unchanged.
+@@ -1677,7 +1682,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer cmd.Restore()
+
+ // Setup generated policy for snap-confine.
+- err := (&apparmor.Backend{}).Initialize(nil)
++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+ c.Assert(cmd.Calls(), HasLen, 0)
+
+@@ -1730,7 +1735,7 @@ func (s *backendSuite) testSetupSnapConf
+ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil)
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+
+ // Because overlay is being used, we have the extra policy file.
+@@ -1782,7 +1787,7 @@ func (s *backendSuite) TestSetupSnapConf
+ defer restore()
+
+ // Setup generated policy for snap-confine.
+- err = (&apparmor.Backend{}).Initialize(nil)
++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
+ c.Assert(err, IsNil)
+
+ // Because overlay is being used, we have the extra policy file.
+@@ -2240,7 +2245,10 @@ func (s *backendSuite) TestSetupManyInPr
+ aa, ok := s.Backend.(*apparmor.Backend)
+ c.Assert(ok, Equals, true)
+
+- opts := interfaces.SecurityBackendOptions{Preseed: true}
++ opts := interfaces.SecurityBackendOptions{
++ Preseed: true,
++ CoreSnapInfo: ifacetest.DefaultInitializeOpts.CoreSnapInfo,
++ }
+ c.Assert(aa.Initialize(&opts), IsNil)
+
+ for _, opts := range testedConfinementOpts {
+Index: snapd-2.49/interfaces/apparmor/spec.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/spec.go
++++ snapd-2.49/interfaces/apparmor/spec.go
+@@ -293,30 +293,30 @@ func (spec *Specification) AddLayout(si
+ case l.Bind != "":
+ bind := si.ExpandSnapVariables(l.Bind)
+ // Allow bind mounting the layout element.
+- emit(" mount options=(rbind, rw) %s/ -> %s/,\n", bind, path)
+- emit(" mount options=(rprivate) -> %s/,\n", path)
+- emit(" umount %s/,\n", path)
++ emit(" mount options=(rbind, rw) \"%s/\" -> \"%s/\",\n", bind, path)
++ emit(" mount options=(rprivate) -> \"%s/\",\n", path)
++ emit(" umount \"%s/\",\n", path)
+ // Allow constructing writable mimic in both bind-mount source and mount point.
+ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
+ GenWritableProfile(emit, bind, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION
+ case l.BindFile != "":
+ bindFile := si.ExpandSnapVariables(l.BindFile)
+ // Allow bind mounting the layout element.
+- emit(" mount options=(bind, rw) %s -> %s,\n", bindFile, path)
+- emit(" mount options=(rprivate) -> %s,\n", path)
+- emit(" umount %s,\n", path)
++ emit(" mount options=(bind, rw) \"%s\" -> \"%s\",\n", bindFile, path)
++ emit(" mount options=(rprivate) -> \"%s\",\n", path)
++ emit(" umount \"%s\",\n", path)
+ // Allow constructing writable mimic in both bind-mount source and mount point.
+ GenWritableFileProfile(emit, path, 2) // At least / and /some-top-level-directory
+ GenWritableFileProfile(emit, bindFile, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION
+ case l.Type == "tmpfs":
+- emit(" mount fstype=tmpfs tmpfs -> %s/,\n", path)
+- emit(" mount options=(rprivate) -> %s/,\n", path)
+- emit(" umount %s/,\n", path)
++ emit(" mount fstype=tmpfs tmpfs -> \"%s/\",\n", path)
++ emit(" mount options=(rprivate) -> \"%s/\",\n", path)
++ emit(" umount \"%s/\",\n", path)
+ // Allow constructing writable mimic to mount point.
+ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
+ case l.Symlink != "":
+ // Allow constructing writable mimic to symlink parent directory.
+- emit(" %s rw,\n", path)
++ emit(" \"%s\" rw,\n", path)
+ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
+ }
+ }
+@@ -370,7 +370,7 @@ func GenWritableMimicProfile(emit func(f
+ emit(" # .. permissions for traversing the prefix that is assumed to exist\n")
+ for iter.Next() {
+ if iter.Depth() < assumedPrefixDepth {
+- emit(" %s r,\n", iter.CurrentPath())
++ emit(" \"%s\" r,\n", iter.CurrentPath())
+ }
+ }
+
+@@ -388,33 +388,33 @@ func GenWritableMimicProfile(emit func(f
+ mimicAuxPath := filepath.Join("/tmp/.snap", iter.CurrentPath()) + "/"
+ emit(" # .. variant with mimic at %s\n", mimicPath)
+ emit(" # Allow reading the mimic directory, it must exist in the first place.\n")
+- emit(" %s r,\n", mimicPath)
++ emit(" \"%s\" r,\n", mimicPath)
+ emit(" # Allow setting the read-only directory aside via a bind mount.\n")
+- emit(" %s rw,\n", mimicAuxPath)
+- emit(" mount options=(rbind, rw) %s -> %s,\n", mimicPath, mimicAuxPath)
++ emit(" \"%s\" rw,\n", mimicAuxPath)
++ emit(" mount options=(rbind, rw) \"%s\" -> \"%s\",\n", mimicPath, mimicAuxPath)
+ emit(" # Allow mounting tmpfs over the read-only directory.\n")
+- emit(" mount fstype=tmpfs options=(rw) tmpfs -> %s,\n", mimicPath)
++ emit(" mount fstype=tmpfs options=(rw) tmpfs -> \"%s\",\n", mimicPath)
+ emit(" # Allow creating empty files and directories for bind mounting things\n" +
+ " # to reconstruct the now-writable parent directory.\n")
+- emit(" %s*/ rw,\n", mimicAuxPath)
+- emit(" %s*/ rw,\n", mimicPath)
+- emit(" mount options=(rbind, rw) %s*/ -> %s*/,\n", mimicAuxPath, mimicPath)
+- emit(" %s* rw,\n", mimicAuxPath)
+- emit(" %s* rw,\n", mimicPath)
+- emit(" mount options=(bind, rw) %s* -> %s*,\n", mimicAuxPath, mimicPath)
++ emit(" \"%s*/\" rw,\n", mimicAuxPath)
++ emit(" \"%s*/\" rw,\n", mimicPath)
++ emit(" mount options=(rbind, rw) \"%s*/\" -> \"%s*/\",\n", mimicAuxPath, mimicPath)
++ emit(" \"%s*\" rw,\n", mimicAuxPath)
++ emit(" \"%s*\" rw,\n", mimicPath)
++ emit(" mount options=(bind, rw) \"%s*\" -> \"%s*\",\n", mimicAuxPath, mimicPath)
+ emit(" # Allow unmounting the auxiliary directory.\n" +
+ " # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)\n")
+- emit(" mount options=(rprivate) -> %s,\n", mimicAuxPath)
+- emit(" umount %s,\n", mimicAuxPath)
++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicAuxPath)
++ emit(" umount \"%s\",\n", mimicAuxPath)
+ emit(" # Allow unmounting the destination directory as well as anything\n" +
+ " # inside. This lets us perform the undo plan in case the writable\n" +
+ " # mimic fails.\n")
+- emit(" mount options=(rprivate) -> %s,\n", mimicPath)
+- emit(" mount options=(rprivate) -> %s*,\n", mimicPath)
+- emit(" mount options=(rprivate) -> %s*/,\n", mimicPath)
+- emit(" umount %s,\n", mimicPath)
+- emit(" umount %s*,\n", mimicPath)
+- emit(" umount %s*/,\n", mimicPath)
++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicPath)
++ emit(" mount options=(rprivate) -> \"%s*\",\n", mimicPath)
++ emit(" mount options=(rprivate) -> \"%s*/\",\n", mimicPath)
++ emit(" umount \"%s\",\n", mimicPath)
++ emit(" umount \"%s*\",\n", mimicPath)
++ emit(" umount \"%s*/\",\n", mimicPath)
+ }
+ }
+
+@@ -425,9 +425,9 @@ func GenWritableFileProfile(emit func(f
+ }
+ if isProbablyWritable(path) {
+ emit(" # Writable file %s\n", path)
+- emit(" %s rw,\n", path)
++ emit(" \"%s\" rw,\n", path)
+ for p := parent(path); !isProbablyPresent(p); p = parent(p) {
+- emit(" %s/ rw,\n", p)
++ emit(" \"%s/\" rw,\n", p)
+ }
+ } else {
+ parentPath := parent(path)
+@@ -443,7 +443,7 @@ func GenWritableProfile(emit func(f stri
+ if isProbablyWritable(path) {
+ emit(" # Writable directory %s\n", path)
+ for p := path; !isProbablyPresent(p); p = parent(p) {
+- emit(" %s/ rw,\n", p)
++ emit(" \"%s/\" rw,\n", p)
+ }
+ } else {
+ parentPath := parent(path)
+@@ -537,9 +537,9 @@ func (spec *Specification) UpdateNS() []
+ func snippetFromLayout(layout *snap.Layout) string {
+ mountPoint := layout.Snap.ExpandSnapVariables(layout.Path)
+ if layout.Bind != "" || layout.Type == "tmpfs" {
+- return fmt.Sprintf("# Layout path: %s\n%s{,/**} mrwklix,", mountPoint, mountPoint)
++ return fmt.Sprintf("# Layout path: %s\n\"%s{,/**}\" mrwklix,", mountPoint, mountPoint)
+ } else if layout.BindFile != "" {
+- return fmt.Sprintf("# Layout path: %s\n%s mrwklix,", mountPoint, mountPoint)
++ return fmt.Sprintf("# Layout path: %s\n\"%s\" mrwklix,", mountPoint, mountPoint)
+ }
+ return fmt.Sprintf("# Layout path: %s\n# (no extra permissions required for symlink)", mountPoint)
+ }
+Index: snapd-2.49/interfaces/apparmor/spec_test.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/spec_test.go
++++ snapd-2.49/interfaces/apparmor/spec_test.go
+@@ -284,72 +284,72 @@ func (s *specSuite) TestApparmorSnippets
+ s.spec.AddLayout(snapInfo)
+ c.Assert(s.spec.Snippets(), DeepEquals, map[string][]string{
+ "snap.vanguard.vanguard": {
+- "# Layout path: /etc/foo.conf\n/etc/foo.conf mrwklix,",
+- "# Layout path: /usr/foo\n/usr/foo{,/**} mrwklix,",
++ "# Layout path: /etc/foo.conf\n\"/etc/foo.conf\" mrwklix,",
++ "# Layout path: /usr/foo\n\"/usr/foo{,/**}\" mrwklix,",
+ "# Layout path: /var/cache/mylink\n# (no extra permissions required for symlink)",
+- "# Layout path: /var/tmp\n/var/tmp{,/**} mrwklix,",
++ "# Layout path: /var/tmp\n\"/var/tmp{,/**}\" mrwklix,",
+ },
+ })
+ updateNS := s.spec.UpdateNS()
+
+ profile0 := ` # Layout /etc/foo.conf: bind-file $SNAP/foo.conf
+- mount options=(bind, rw) /snap/vanguard/42/foo.conf -> /etc/foo.conf,
+- mount options=(rprivate) -> /etc/foo.conf,
+- umount /etc/foo.conf,
++ mount options=(bind, rw) "/snap/vanguard/42/foo.conf" -> "/etc/foo.conf",
++ mount options=(rprivate) -> "/etc/foo.conf",
++ umount "/etc/foo.conf",
+ # Writable mimic /etc
+ # .. permissions for traversing the prefix that is assumed to exist
+- / r,
++ "/" r,
+ # .. variant with mimic at /etc/
+ # Allow reading the mimic directory, it must exist in the first place.
+- /etc/ r,
++ "/etc/" r,
+ # Allow setting the read-only directory aside via a bind mount.
+- /tmp/.snap/etc/ rw,
+- mount options=(rbind, rw) /etc/ -> /tmp/.snap/etc/,
++ "/tmp/.snap/etc/" rw,
++ mount options=(rbind, rw) "/etc/" -> "/tmp/.snap/etc/",
+ # Allow mounting tmpfs over the read-only directory.
+- mount fstype=tmpfs options=(rw) tmpfs -> /etc/,
++ mount fstype=tmpfs options=(rw) tmpfs -> "/etc/",
+ # Allow creating empty files and directories for bind mounting things
+ # to reconstruct the now-writable parent directory.
+- /tmp/.snap/etc/*/ rw,
+- /etc/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/etc/*/ -> /etc/*/,
+- /tmp/.snap/etc/* rw,
+- /etc/* rw,
+- mount options=(bind, rw) /tmp/.snap/etc/* -> /etc/*,
++ "/tmp/.snap/etc/*/" rw,
++ "/etc/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/etc/*/" -> "/etc/*/",
++ "/tmp/.snap/etc/*" rw,
++ "/etc/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/etc/*" -> "/etc/*",
+ # Allow unmounting the auxiliary directory.
+ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
+- mount options=(rprivate) -> /tmp/.snap/etc/,
+- umount /tmp/.snap/etc/,
++ mount options=(rprivate) -> "/tmp/.snap/etc/",
++ umount "/tmp/.snap/etc/",
+ # Allow unmounting the destination directory as well as anything
+ # inside. This lets us perform the undo plan in case the writable
+ # mimic fails.
+- mount options=(rprivate) -> /etc/,
+- mount options=(rprivate) -> /etc/*,
+- mount options=(rprivate) -> /etc/*/,
+- umount /etc/,
+- umount /etc/*,
+- umount /etc/*/,
++ mount options=(rprivate) -> "/etc/",
++ mount options=(rprivate) -> "/etc/*",
++ mount options=(rprivate) -> "/etc/*/",
++ umount "/etc/",
++ umount "/etc/*",
++ umount "/etc/*/",
+ # Writable mimic /snap/vanguard/42
+- /snap/ r,
+- /snap/vanguard/ r,
++ "/snap/" r,
++ "/snap/vanguard/" r,
+ # .. variant with mimic at /snap/vanguard/42/
+- /snap/vanguard/42/ r,
+- /tmp/.snap/snap/vanguard/42/ rw,
+- mount options=(rbind, rw) /snap/vanguard/42/ -> /tmp/.snap/snap/vanguard/42/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/,
+- /tmp/.snap/snap/vanguard/42/*/ rw,
+- /snap/vanguard/42/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/*/ -> /snap/vanguard/42/*/,
+- /tmp/.snap/snap/vanguard/42/* rw,
+- /snap/vanguard/42/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/* -> /snap/vanguard/42/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/,
+- umount /tmp/.snap/snap/vanguard/42/,
+- mount options=(rprivate) -> /snap/vanguard/42/,
+- mount options=(rprivate) -> /snap/vanguard/42/*,
+- mount options=(rprivate) -> /snap/vanguard/42/*/,
+- umount /snap/vanguard/42/,
+- umount /snap/vanguard/42/*,
+- umount /snap/vanguard/42/*/,
++ "/snap/vanguard/42/" r,
++ "/tmp/.snap/snap/vanguard/42/" rw,
++ mount options=(rbind, rw) "/snap/vanguard/42/" -> "/tmp/.snap/snap/vanguard/42/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/",
++ "/tmp/.snap/snap/vanguard/42/*/" rw,
++ "/snap/vanguard/42/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/*/" -> "/snap/vanguard/42/*/",
++ "/tmp/.snap/snap/vanguard/42/*" rw,
++ "/snap/vanguard/42/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/*" -> "/snap/vanguard/42/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/",
++ umount "/tmp/.snap/snap/vanguard/42/",
++ mount options=(rprivate) -> "/snap/vanguard/42/",
++ mount options=(rprivate) -> "/snap/vanguard/42/*",
++ mount options=(rprivate) -> "/snap/vanguard/42/*/",
++ umount "/snap/vanguard/42/",
++ umount "/snap/vanguard/42/*",
++ umount "/snap/vanguard/42/*/",
+ `
+ // Find the slice that describes profile0 by looking for the first unique
+ // line of the next profile.
+@@ -358,49 +358,49 @@ func (s *specSuite) TestApparmorSnippets
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0)
+
+ profile1 := ` # Layout /usr/foo: bind $SNAP/usr/foo
+- mount options=(rbind, rw) /snap/vanguard/42/usr/foo/ -> /usr/foo/,
+- mount options=(rprivate) -> /usr/foo/,
+- umount /usr/foo/,
++ mount options=(rbind, rw) "/snap/vanguard/42/usr/foo/" -> "/usr/foo/",
++ mount options=(rprivate) -> "/usr/foo/",
++ umount "/usr/foo/",
+ # Writable mimic /usr
+ # .. variant with mimic at /usr/
+- /usr/ r,
+- /tmp/.snap/usr/ rw,
+- mount options=(rbind, rw) /usr/ -> /tmp/.snap/usr/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /usr/,
+- /tmp/.snap/usr/*/ rw,
+- /usr/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/usr/*/ -> /usr/*/,
+- /tmp/.snap/usr/* rw,
+- /usr/* rw,
+- mount options=(bind, rw) /tmp/.snap/usr/* -> /usr/*,
+- mount options=(rprivate) -> /tmp/.snap/usr/,
+- umount /tmp/.snap/usr/,
+- mount options=(rprivate) -> /usr/,
+- mount options=(rprivate) -> /usr/*,
+- mount options=(rprivate) -> /usr/*/,
+- umount /usr/,
+- umount /usr/*,
+- umount /usr/*/,
++ "/usr/" r,
++ "/tmp/.snap/usr/" rw,
++ mount options=(rbind, rw) "/usr/" -> "/tmp/.snap/usr/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/usr/",
++ "/tmp/.snap/usr/*/" rw,
++ "/usr/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/usr/*/" -> "/usr/*/",
++ "/tmp/.snap/usr/*" rw,
++ "/usr/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/usr/*" -> "/usr/*",
++ mount options=(rprivate) -> "/tmp/.snap/usr/",
++ umount "/tmp/.snap/usr/",
++ mount options=(rprivate) -> "/usr/",
++ mount options=(rprivate) -> "/usr/*",
++ mount options=(rprivate) -> "/usr/*/",
++ umount "/usr/",
++ umount "/usr/*",
++ umount "/usr/*/",
+ # Writable mimic /snap/vanguard/42/usr
+ # .. variant with mimic at /snap/vanguard/42/usr/
+- /snap/vanguard/42/usr/ r,
+- /tmp/.snap/snap/vanguard/42/usr/ rw,
+- mount options=(rbind, rw) /snap/vanguard/42/usr/ -> /tmp/.snap/snap/vanguard/42/usr/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/usr/,
+- /tmp/.snap/snap/vanguard/42/usr/*/ rw,
+- /snap/vanguard/42/usr/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/usr/*/ -> /snap/vanguard/42/usr/*/,
+- /tmp/.snap/snap/vanguard/42/usr/* rw,
+- /snap/vanguard/42/usr/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/usr/* -> /snap/vanguard/42/usr/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/usr/,
+- umount /tmp/.snap/snap/vanguard/42/usr/,
+- mount options=(rprivate) -> /snap/vanguard/42/usr/,
+- mount options=(rprivate) -> /snap/vanguard/42/usr/*,
+- mount options=(rprivate) -> /snap/vanguard/42/usr/*/,
+- umount /snap/vanguard/42/usr/,
+- umount /snap/vanguard/42/usr/*,
+- umount /snap/vanguard/42/usr/*/,
++ "/snap/vanguard/42/usr/" r,
++ "/tmp/.snap/snap/vanguard/42/usr/" rw,
++ mount options=(rbind, rw) "/snap/vanguard/42/usr/" -> "/tmp/.snap/snap/vanguard/42/usr/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/usr/",
++ "/tmp/.snap/snap/vanguard/42/usr/*/" rw,
++ "/snap/vanguard/42/usr/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/usr/*/" -> "/snap/vanguard/42/usr/*/",
++ "/tmp/.snap/snap/vanguard/42/usr/*" rw,
++ "/snap/vanguard/42/usr/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/usr/*" -> "/snap/vanguard/42/usr/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/usr/",
++ umount "/tmp/.snap/snap/vanguard/42/usr/",
++ mount options=(rprivate) -> "/snap/vanguard/42/usr/",
++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*",
++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*/",
++ umount "/snap/vanguard/42/usr/",
++ umount "/snap/vanguard/42/usr/*",
++ umount "/snap/vanguard/42/usr/*/",
+ `
+ // Find the slice that describes profile1 by looking for the first unique
+ // line of the next profile.
+@@ -409,46 +409,46 @@ func (s *specSuite) TestApparmorSnippets
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1)
+
+ profile2 := ` # Layout /var/cache/mylink: symlink $SNAP_DATA/link/target
+- /var/cache/mylink rw,
++ "/var/cache/mylink" rw,
+ # Writable mimic /var/cache
+ # .. variant with mimic at /var/
+- /var/ r,
+- /tmp/.snap/var/ rw,
+- mount options=(rbind, rw) /var/ -> /tmp/.snap/var/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /var/,
+- /tmp/.snap/var/*/ rw,
+- /var/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/var/*/ -> /var/*/,
+- /tmp/.snap/var/* rw,
+- /var/* rw,
+- mount options=(bind, rw) /tmp/.snap/var/* -> /var/*,
+- mount options=(rprivate) -> /tmp/.snap/var/,
+- umount /tmp/.snap/var/,
+- mount options=(rprivate) -> /var/,
+- mount options=(rprivate) -> /var/*,
+- mount options=(rprivate) -> /var/*/,
+- umount /var/,
+- umount /var/*,
+- umount /var/*/,
++ "/var/" r,
++ "/tmp/.snap/var/" rw,
++ mount options=(rbind, rw) "/var/" -> "/tmp/.snap/var/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/",
++ "/tmp/.snap/var/*/" rw,
++ "/var/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/var/*/" -> "/var/*/",
++ "/tmp/.snap/var/*" rw,
++ "/var/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/var/*" -> "/var/*",
++ mount options=(rprivate) -> "/tmp/.snap/var/",
++ umount "/tmp/.snap/var/",
++ mount options=(rprivate) -> "/var/",
++ mount options=(rprivate) -> "/var/*",
++ mount options=(rprivate) -> "/var/*/",
++ umount "/var/",
++ umount "/var/*",
++ umount "/var/*/",
+ # .. variant with mimic at /var/cache/
+- /var/cache/ r,
+- /tmp/.snap/var/cache/ rw,
+- mount options=(rbind, rw) /var/cache/ -> /tmp/.snap/var/cache/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /var/cache/,
+- /tmp/.snap/var/cache/*/ rw,
+- /var/cache/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/var/cache/*/ -> /var/cache/*/,
+- /tmp/.snap/var/cache/* rw,
+- /var/cache/* rw,
+- mount options=(bind, rw) /tmp/.snap/var/cache/* -> /var/cache/*,
+- mount options=(rprivate) -> /tmp/.snap/var/cache/,
+- umount /tmp/.snap/var/cache/,
+- mount options=(rprivate) -> /var/cache/,
+- mount options=(rprivate) -> /var/cache/*,
+- mount options=(rprivate) -> /var/cache/*/,
+- umount /var/cache/,
+- umount /var/cache/*,
+- umount /var/cache/*/,
++ "/var/cache/" r,
++ "/tmp/.snap/var/cache/" rw,
++ mount options=(rbind, rw) "/var/cache/" -> "/tmp/.snap/var/cache/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/cache/",
++ "/tmp/.snap/var/cache/*/" rw,
++ "/var/cache/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/var/cache/*/" -> "/var/cache/*/",
++ "/tmp/.snap/var/cache/*" rw,
++ "/var/cache/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/var/cache/*" -> "/var/cache/*",
++ mount options=(rprivate) -> "/tmp/.snap/var/cache/",
++ umount "/tmp/.snap/var/cache/",
++ mount options=(rprivate) -> "/var/cache/",
++ mount options=(rprivate) -> "/var/cache/*",
++ mount options=(rprivate) -> "/var/cache/*/",
++ umount "/var/cache/",
++ umount "/var/cache/*",
++ umount "/var/cache/*/",
+ `
+ // Find the slice that describes profile2 by looking for the first unique
+ // line of the next profile.
+@@ -457,9 +457,9 @@ func (s *specSuite) TestApparmorSnippets
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2)
+
+ profile3 := ` # Layout /var/tmp: type tmpfs, mode: 01777
+- mount fstype=tmpfs tmpfs -> /var/tmp/,
+- mount options=(rprivate) -> /var/tmp/,
+- umount /var/tmp/,
++ mount fstype=tmpfs tmpfs -> "/var/tmp/",
++ mount options=(rprivate) -> "/var/tmp/",
++ umount "/var/tmp/",
+ # Writable mimic /var
+ `
+ // Find the slice that describes profile2 by looking till the end of the list.
+Index: snapd-2.49/interfaces/apparmor/template.go
+===================================================================
+--- snapd-2.49.orig/interfaces/apparmor/template.go
++++ snapd-2.49/interfaces/apparmor/template.go
+@@ -453,6 +453,9 @@ var templateCommon = `
+ /run/lock/ r,
+ /run/lock/snap.@{SNAP_INSTANCE_NAME}/ rw,
+ /run/lock/snap.@{SNAP_INSTANCE_NAME}/** mrwklix,
++
++
++ ###DEVMODE_SNAP_CONFINE###
+ `
+
+ var templateFooter = `
+Index: snapd-2.49/interfaces/backend.go
+===================================================================
+--- snapd-2.49.orig/interfaces/backend.go
++++ snapd-2.49/interfaces/backend.go
+@@ -70,6 +70,12 @@ type ConfinementOptions struct {
+ type SecurityBackendOptions struct {
+ // Preseed flag is set when snapd runs in preseed mode.
+ Preseed bool
++ // CoreSnapInfo is the current revision of the core snap (if it is
++ // installed)
++ CoreSnapInfo *snap.Info
++ // SnapdSnapInfo is the current revision of the snapd snap (if it is
++ // installed)
++ SnapdSnapInfo *snap.Info
+ }
+
+ // SecurityBackend abstracts interactions between the interface system and the
+Index: snapd-2.49/interfaces/builtin/common_files.go
+===================================================================
+--- snapd-2.49.orig/interfaces/builtin/common_files.go
++++ snapd-2.49/interfaces/builtin/common_files.go
+@@ -27,6 +27,7 @@ import (
+
+ "github.com/snapcore/snapd/interfaces"
+ "github.com/snapcore/snapd/interfaces/apparmor"
++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
+ "github.com/snapcore/snapd/snap"
+ )
+
+@@ -110,7 +111,7 @@ func (iface *commonFilesInterface) valid
+ if strings.Contains(p, "~") {
+ return fmt.Errorf(`%q cannot contain "~"`, p)
+ }
+- if err := apparmor.ValidateNoAppArmorRegexp(p); err != nil {
++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(p); err != nil {
+ return err
+ }
+
+Index: snapd-2.49/interfaces/builtin/content.go
+===================================================================
+--- snapd-2.49.orig/interfaces/builtin/content.go
++++ snapd-2.49/interfaces/builtin/content.go
+@@ -29,6 +29,7 @@ import (
+ "github.com/snapcore/snapd/interfaces/apparmor"
+ "github.com/snapcore/snapd/interfaces/mount"
+ "github.com/snapcore/snapd/osutil"
++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
+ "github.com/snapcore/snapd/snap"
+ )
+
+@@ -68,6 +69,16 @@ func cleanSubPath(path string) bool {
+ return filepath.Clean(path) == path && path != ".." && !strings.HasPrefix(path, "../")
+ }
+
++func validatePath(path string) error {
++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(path); err != nil {
++ return fmt.Errorf("content interface path is invalid: %v", err)
++ }
++ if ok := cleanSubPath(path); !ok {
++ return fmt.Errorf("content interface path is not clean: %q", path)
++ }
++ return nil
++}
++
+ func (iface *contentInterface) BeforePrepareSlot(slot *snap.SlotInfo) error {
+ content, ok := slot.Attrs["content"].(string)
+ if !ok || len(content) == 0 {
+@@ -102,8 +113,8 @@ func (iface *contentInterface) BeforePre
+ paths := rpath
+ paths = append(paths, wpath...)
+ for _, p := range paths {
+- if !cleanSubPath(p) {
+- return fmt.Errorf("content interface path is not clean: %q", p)
++ if err := validatePath(p); err != nil {
++ return err
+ }
+ }
+ return nil
+@@ -122,8 +133,8 @@ func (iface *contentInterface) BeforePre
+ if !ok || len(target) == 0 {
+ return fmt.Errorf("content plug must contain target path")
+ }
+- if !cleanSubPath(target) {
+- return fmt.Errorf("content interface target path is not clean: %q", target)
++ if err := validatePath(target); err != nil {
++ return err
+ }
+
+ return nil
+@@ -224,13 +235,13 @@ func (iface *contentInterface) AppArmorC
+ # directory.
+ `)
+ for i, w := range writePaths {
+- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n",
++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n",
+ resolveSpecialVariable(w, slot.Snap()))
+ source, target := sourceTarget(plug, slot, w)
+ emit(" # Read-write content sharing %s -> %s (w#%d)\n", plug.Ref(), slot.Ref(), i)
+- emit(" mount options=(bind, rw) %s/ -> %s{,-[0-9]*}/,\n", source, target)
+- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target)
+- emit(" umount %s{,-[0-9]*}/,\n", target)
++ emit(" mount options=(bind, rw) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target)
++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target)
++ emit(" umount \"%s{,-[0-9]*}/\",\n", target)
+ // TODO: The assumed prefix depth could be optimized to be more
+ // precise since content sharing can only take place in a fixed
+ // list of places with well-known paths (well, constrained set of
+@@ -249,15 +260,15 @@ func (iface *contentInterface) AppArmorC
+ # read-only.
+ `)
+ for i, r := range readPaths {
+- fmt.Fprintf(contentSnippet, "%s/** mrkix,\n",
++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrkix,\n",
+ resolveSpecialVariable(r, slot.Snap()))
+
+ source, target := sourceTarget(plug, slot, r)
+ emit(" # Read-only content sharing %s -> %s (r#%d)\n", plug.Ref(), slot.Ref(), i)
+- emit(" mount options=(bind) %s/ -> %s{,-[0-9]*}/,\n", source, target)
+- emit(" remount options=(bind, ro) %s{,-[0-9]*}/,\n", target)
+- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target)
+- emit(" umount %s{,-[0-9]*}/,\n", target)
++ emit(" mount options=(bind) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target)
++ emit(" remount options=(bind, ro) \"%s{,-[0-9]*}/\",\n", target)
++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target)
++ emit(" umount \"%s{,-[0-9]*}/\",\n", target)
+ // Look at the TODO comment above.
+ apparmor.GenWritableProfile(emit, source, 1)
+ apparmor.GenWritableProfile(emit, target, 1)
+@@ -281,7 +292,7 @@ func (iface *contentInterface) AppArmorC
+ `)
+ for _, w := range writePaths {
+ _, target := sourceTarget(plug, slot, w)
+- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n",
++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n",
+ target)
+ }
+ }
+Index: snapd-2.49/interfaces/builtin/content_test.go
+===================================================================
+--- snapd-2.49.orig/interfaces/builtin/content_test.go
++++ snapd-2.49/interfaces/builtin/content_test.go
+@@ -194,7 +194,22 @@ plugs:
+ `
+ info := snaptest.MockInfo(c, mockSnapYaml, nil)
+ plug := info.Plugs["content-plug"]
+- c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface target path is not clean:.*")
++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface path is not clean:.*")
++}
++
++func (s *ContentSuite) TestSanitizePlugApparmorInterpretedChar(c *C) {
++ const mockSnapYaml = `name: content-slot-snap
++version: 1.0
++plugs:
++ content-plug:
++ interface: content
++ content: mycont
++ target: foo"bar
++`
++ info := snaptest.MockInfo(c, mockSnapYaml, nil)
++ plug := info.Plugs["content-plug"]
++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches,
++ `content interface path is invalid: "foo\\"bar" contains a reserved apparmor char.*`)
+ }
+
+ func (s *ContentSuite) TestSanitizePlugNilAttrMap(c *C) {
+@@ -223,6 +238,22 @@ apps:
+ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches, "read or write path must be set")
+ }
+
++func (s *ContentSuite) TestSanitizeSlotApparmorInterpretedChar(c *C) {
++ const mockSnapYaml = `name: content-slot-snap
++version: 1.0
++slots:
++ content-plug:
++ interface: content
++ source:
++ read: [$SNAP/shared]
++ write: ["$SNAP_DATA/foo}bar"]
++`
++ info := snaptest.MockInfo(c, mockSnapYaml, nil)
++ slot := info.Slots["content-plug"]
++ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches,
++ `content interface path is invalid: "\$SNAP_DATA/foo}bar" contains a reserved apparmor char.*`)
++}
++
+ func (s *ContentSuite) TestResolveSpecialVariable(c *C) {
+ info := snaptest.MockInfo(c, "{name: name, version: 0}", &snap.SideInfo{Revision: snap.R(42)})
+ c.Check(builtin.ResolveSpecialVariable("$SNAP/foo", info), Equals, filepath.Join(dirs.CoreSnapMountDir, "name/42/foo"))
+@@ -310,143 +341,143 @@ slots:
+ # In addition to the bind mount, add any AppArmor rules so that
+ # snaps may directly access the slot implementation's files
+ # read-only.
+-/snap/producer/5/export/** mrkix,
++"/snap/producer/5/export/**" mrkix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
+
+ updateNS := apparmorSpec.UpdateNS()
+ profile0 := ` # Read-only content sharing consumer:content -> producer:content (r#0)
+- mount options=(bind) /snap/producer/5/export/ -> /snap/consumer/7/import{,-[0-9]*}/,
+- remount options=(bind, ro) /snap/consumer/7/import{,-[0-9]*}/,
+- mount options=(rprivate) -> /snap/consumer/7/import{,-[0-9]*}/,
+- umount /snap/consumer/7/import{,-[0-9]*}/,
++ mount options=(bind) "/snap/producer/5/export/" -> "/snap/consumer/7/import{,-[0-9]*}/",
++ remount options=(bind, ro) "/snap/consumer/7/import{,-[0-9]*}/",
++ mount options=(rprivate) -> "/snap/consumer/7/import{,-[0-9]*}/",
++ umount "/snap/consumer/7/import{,-[0-9]*}/",
+ # Writable mimic /snap/producer/5
+ # .. permissions for traversing the prefix that is assumed to exist
+ # .. variant with mimic at /
+ # Allow reading the mimic directory, it must exist in the first place.
+- / r,
++ "/" r,
+ # Allow setting the read-only directory aside via a bind mount.
+- /tmp/.snap/ rw,
+- mount options=(rbind, rw) / -> /tmp/.snap/,
++ "/tmp/.snap/" rw,
++ mount options=(rbind, rw) "/" -> "/tmp/.snap/",
+ # Allow mounting tmpfs over the read-only directory.
+- mount fstype=tmpfs options=(rw) tmpfs -> /,
++ mount fstype=tmpfs options=(rw) tmpfs -> "/",
+ # Allow creating empty files and directories for bind mounting things
+ # to reconstruct the now-writable parent directory.
+- /tmp/.snap/*/ rw,
+- /*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/,
+- /tmp/.snap/* rw,
+- /* rw,
+- mount options=(bind, rw) /tmp/.snap/* -> /*,
++ "/tmp/.snap/*/" rw,
++ "/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/",
++ "/tmp/.snap/*" rw,
++ "/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*",
+ # Allow unmounting the auxiliary directory.
+ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
+- mount options=(rprivate) -> /tmp/.snap/,
+- umount /tmp/.snap/,
++ mount options=(rprivate) -> "/tmp/.snap/",
++ umount "/tmp/.snap/",
+ # Allow unmounting the destination directory as well as anything
+ # inside. This lets us perform the undo plan in case the writable
+ # mimic fails.
+- mount options=(rprivate) -> /,
+- mount options=(rprivate) -> /*,
+- mount options=(rprivate) -> /*/,
+- umount /,
+- umount /*,
+- umount /*/,
++ mount options=(rprivate) -> "/",
++ mount options=(rprivate) -> "/*",
++ mount options=(rprivate) -> "/*/",
++ umount "/",
++ umount "/*",
++ umount "/*/",
+ # .. variant with mimic at /snap/
+- /snap/ r,
+- /tmp/.snap/snap/ rw,
+- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/,
+- /tmp/.snap/snap/*/ rw,
+- /snap/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/,
+- /tmp/.snap/snap/* rw,
+- /snap/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/,
+- umount /tmp/.snap/snap/,
+- mount options=(rprivate) -> /snap/,
+- mount options=(rprivate) -> /snap/*,
+- mount options=(rprivate) -> /snap/*/,
+- umount /snap/,
+- umount /snap/*,
+- umount /snap/*/,
++ "/snap/" r,
++ "/tmp/.snap/snap/" rw,
++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/",
++ "/tmp/.snap/snap/*/" rw,
++ "/snap/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/",
++ "/tmp/.snap/snap/*" rw,
++ "/snap/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/",
++ umount "/tmp/.snap/snap/",
++ mount options=(rprivate) -> "/snap/",
++ mount options=(rprivate) -> "/snap/*",
++ mount options=(rprivate) -> "/snap/*/",
++ umount "/snap/",
++ umount "/snap/*",
++ umount "/snap/*/",
+ # .. variant with mimic at /snap/producer/
+- /snap/producer/ r,
+- /tmp/.snap/snap/producer/ rw,
+- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/,
+- /tmp/.snap/snap/producer/*/ rw,
+- /snap/producer/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/,
+- /tmp/.snap/snap/producer/* rw,
+- /snap/producer/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/producer/,
+- umount /tmp/.snap/snap/producer/,
+- mount options=(rprivate) -> /snap/producer/,
+- mount options=(rprivate) -> /snap/producer/*,
+- mount options=(rprivate) -> /snap/producer/*/,
+- umount /snap/producer/,
+- umount /snap/producer/*,
+- umount /snap/producer/*/,
++ "/snap/producer/" r,
++ "/tmp/.snap/snap/producer/" rw,
++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/",
++ "/tmp/.snap/snap/producer/*/" rw,
++ "/snap/producer/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/",
++ "/tmp/.snap/snap/producer/*" rw,
++ "/snap/producer/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/",
++ umount "/tmp/.snap/snap/producer/",
++ mount options=(rprivate) -> "/snap/producer/",
++ mount options=(rprivate) -> "/snap/producer/*",
++ mount options=(rprivate) -> "/snap/producer/*/",
++ umount "/snap/producer/",
++ umount "/snap/producer/*",
++ umount "/snap/producer/*/",
+ # .. variant with mimic at /snap/producer/5/
+- /snap/producer/5/ r,
+- /tmp/.snap/snap/producer/5/ rw,
+- mount options=(rbind, rw) /snap/producer/5/ -> /tmp/.snap/snap/producer/5/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/5/,
+- /tmp/.snap/snap/producer/5/*/ rw,
+- /snap/producer/5/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/producer/5/*/ -> /snap/producer/5/*/,
+- /tmp/.snap/snap/producer/5/* rw,
+- /snap/producer/5/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/producer/5/* -> /snap/producer/5/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/producer/5/,
+- umount /tmp/.snap/snap/producer/5/,
+- mount options=(rprivate) -> /snap/producer/5/,
+- mount options=(rprivate) -> /snap/producer/5/*,
+- mount options=(rprivate) -> /snap/producer/5/*/,
+- umount /snap/producer/5/,
+- umount /snap/producer/5/*,
+- umount /snap/producer/5/*/,
++ "/snap/producer/5/" r,
++ "/tmp/.snap/snap/producer/5/" rw,
++ mount options=(rbind, rw) "/snap/producer/5/" -> "/tmp/.snap/snap/producer/5/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/5/",
++ "/tmp/.snap/snap/producer/5/*/" rw,
++ "/snap/producer/5/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/5/*/" -> "/snap/producer/5/*/",
++ "/tmp/.snap/snap/producer/5/*" rw,
++ "/snap/producer/5/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/producer/5/*" -> "/snap/producer/5/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/5/",
++ umount "/tmp/.snap/snap/producer/5/",
++ mount options=(rprivate) -> "/snap/producer/5/",
++ mount options=(rprivate) -> "/snap/producer/5/*",
++ mount options=(rprivate) -> "/snap/producer/5/*/",
++ umount "/snap/producer/5/",
++ umount "/snap/producer/5/*",
++ umount "/snap/producer/5/*/",
+ # Writable mimic /snap/consumer/7
+ # .. variant with mimic at /snap/consumer/
+- /snap/consumer/ r,
+- /tmp/.snap/snap/consumer/ rw,
+- mount options=(rbind, rw) /snap/consumer/ -> /tmp/.snap/snap/consumer/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/,
+- /tmp/.snap/snap/consumer/*/ rw,
+- /snap/consumer/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/consumer/*/ -> /snap/consumer/*/,
+- /tmp/.snap/snap/consumer/* rw,
+- /snap/consumer/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/consumer/* -> /snap/consumer/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/consumer/,
+- umount /tmp/.snap/snap/consumer/,
+- mount options=(rprivate) -> /snap/consumer/,
+- mount options=(rprivate) -> /snap/consumer/*,
+- mount options=(rprivate) -> /snap/consumer/*/,
+- umount /snap/consumer/,
+- umount /snap/consumer/*,
+- umount /snap/consumer/*/,
++ "/snap/consumer/" r,
++ "/tmp/.snap/snap/consumer/" rw,
++ mount options=(rbind, rw) "/snap/consumer/" -> "/tmp/.snap/snap/consumer/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/",
++ "/tmp/.snap/snap/consumer/*/" rw,
++ "/snap/consumer/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/*/" -> "/snap/consumer/*/",
++ "/tmp/.snap/snap/consumer/*" rw,
++ "/snap/consumer/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/*" -> "/snap/consumer/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/",
++ umount "/tmp/.snap/snap/consumer/",
++ mount options=(rprivate) -> "/snap/consumer/",
++ mount options=(rprivate) -> "/snap/consumer/*",
++ mount options=(rprivate) -> "/snap/consumer/*/",
++ umount "/snap/consumer/",
++ umount "/snap/consumer/*",
++ umount "/snap/consumer/*/",
+ # .. variant with mimic at /snap/consumer/7/
+- /snap/consumer/7/ r,
+- /tmp/.snap/snap/consumer/7/ rw,
+- mount options=(rbind, rw) /snap/consumer/7/ -> /tmp/.snap/snap/consumer/7/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/7/,
+- /tmp/.snap/snap/consumer/7/*/ rw,
+- /snap/consumer/7/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/consumer/7/*/ -> /snap/consumer/7/*/,
+- /tmp/.snap/snap/consumer/7/* rw,
+- /snap/consumer/7/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/consumer/7/* -> /snap/consumer/7/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/consumer/7/,
+- umount /tmp/.snap/snap/consumer/7/,
+- mount options=(rprivate) -> /snap/consumer/7/,
+- mount options=(rprivate) -> /snap/consumer/7/*,
+- mount options=(rprivate) -> /snap/consumer/7/*/,
+- umount /snap/consumer/7/,
+- umount /snap/consumer/7/*,
+- umount /snap/consumer/7/*/,
++ "/snap/consumer/7/" r,
++ "/tmp/.snap/snap/consumer/7/" rw,
++ mount options=(rbind, rw) "/snap/consumer/7/" -> "/tmp/.snap/snap/consumer/7/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/7/",
++ "/tmp/.snap/snap/consumer/7/*/" rw,
++ "/snap/consumer/7/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/7/*/" -> "/snap/consumer/7/*/",
++ "/tmp/.snap/snap/consumer/7/*" rw,
++ "/snap/consumer/7/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/7/*" -> "/snap/consumer/7/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/7/",
++ umount "/tmp/.snap/snap/consumer/7/",
++ mount options=(rprivate) -> "/snap/consumer/7/",
++ mount options=(rprivate) -> "/snap/consumer/7/*",
++ mount options=(rprivate) -> "/snap/consumer/7/*/",
++ umount "/snap/consumer/7/",
++ umount "/snap/consumer/7/*",
++ umount "/snap/consumer/7/*/",
+ `
+ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
+ }
+@@ -493,25 +524,25 @@ slots:
+ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
+ # are needed for using named sockets within the exported
+ # directory.
+-/var/snap/producer/5/export/** mrwklix,
++"/var/snap/producer/5/export/**" mrwklix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
+
+ updateNS := apparmorSpec.UpdateNS()
+ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
+- mount options=(bind, rw) /var/snap/producer/5/export/ -> /var/snap/consumer/7/import{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/7/import{,-[0-9]*}/,
+- umount /var/snap/consumer/7/import{,-[0-9]*}/,
++ mount options=(bind, rw) "/var/snap/producer/5/export/" -> "/var/snap/consumer/7/import{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/7/import{,-[0-9]*}/",
++ umount "/var/snap/consumer/7/import{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/5/export
+- /var/snap/producer/5/export/ rw,
+- /var/snap/producer/5/ rw,
+- /var/snap/producer/ rw,
++ "/var/snap/producer/5/export/" rw,
++ "/var/snap/producer/5/" rw,
++ "/var/snap/producer/" rw,
+ # Writable directory /var/snap/consumer/7/import
+- /var/snap/consumer/7/import/ rw,
+- /var/snap/consumer/7/ rw,
+- /var/snap/consumer/ rw,
++ "/var/snap/consumer/7/import/" rw,
++ "/var/snap/consumer/7/" rw,
++ "/var/snap/consumer/" rw,
+ # Writable directory /var/snap/consumer/7/import-[0-9]*
+- /var/snap/consumer/7/import-[0-9]*/ rw,
++ "/var/snap/consumer/7/import-[0-9]*/" rw,
+ `
+ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
+ }
+@@ -558,25 +589,25 @@ slots:
+ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
+ # are needed for using named sockets within the exported
+ # directory.
+-/var/snap/producer/common/export/** mrwklix,
++"/var/snap/producer/common/export/**" mrwklix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
+
+ updateNS := apparmorSpec.UpdateNS()
+ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
+- mount options=(bind, rw) /var/snap/producer/common/export/ -> /var/snap/consumer/common/import{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import{,-[0-9]*}/,
++ mount options=(bind, rw) "/var/snap/producer/common/export/" -> "/var/snap/consumer/common/import{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/common/export
+- /var/snap/producer/common/export/ rw,
+- /var/snap/producer/common/ rw,
+- /var/snap/producer/ rw,
++ "/var/snap/producer/common/export/" rw,
++ "/var/snap/producer/common/" rw,
++ "/var/snap/producer/" rw,
+ # Writable directory /var/snap/consumer/common/import
+- /var/snap/consumer/common/import/ rw,
+- /var/snap/consumer/common/ rw,
+- /var/snap/consumer/ rw,
++ "/var/snap/consumer/common/import/" rw,
++ "/var/snap/consumer/common/" rw,
++ "/var/snap/consumer/" rw,
+ # Writable directory /var/snap/consumer/common/import-[0-9]*
+- /var/snap/consumer/common/import-[0-9]*/ rw,
++ "/var/snap/consumer/common/import-[0-9]*/" rw,
+ `
+ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
+ }
+@@ -650,34 +681,34 @@ slots:
+ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
+ # are needed for using named sockets within the exported
+ # directory.
+-/var/snap/producer/common/write-common/** mrwklix,
+-/var/snap/producer/2/write-data/** mrwklix,
++"/var/snap/producer/common/write-common/**" mrwklix,
++"/var/snap/producer/2/write-data/**" mrwklix,
+
+ # In addition to the bind mount, add any AppArmor rules so that
+ # snaps may directly access the slot implementation's files
+ # read-only.
+-/var/snap/producer/common/read-common/** mrkix,
+-/var/snap/producer/2/read-data/** mrkix,
+-/snap/producer/2/read-snap/** mrkix,
++"/var/snap/producer/common/read-common/**" mrkix,
++"/var/snap/producer/2/read-data/**" mrkix,
++"/snap/producer/2/read-snap/**" mrkix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
+
+ updateNS := apparmorSpec.UpdateNS()
+ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
+- mount options=(bind, rw) /var/snap/producer/common/write-common/ -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
++ mount options=(bind, rw) "/var/snap/producer/common/write-common/" -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/common/write-common
+- /var/snap/producer/common/write-common/ rw,
+- /var/snap/producer/common/ rw,
+- /var/snap/producer/ rw,
++ "/var/snap/producer/common/write-common/" rw,
++ "/var/snap/producer/common/" rw,
++ "/var/snap/producer/" rw,
+ # Writable directory /var/snap/consumer/common/import/write-common
+- /var/snap/consumer/common/import/write-common/ rw,
+- /var/snap/consumer/common/import/ rw,
+- /var/snap/consumer/common/ rw,
+- /var/snap/consumer/ rw,
++ "/var/snap/consumer/common/import/write-common/" rw,
++ "/var/snap/consumer/common/import/" rw,
++ "/var/snap/consumer/common/" rw,
++ "/var/snap/consumer/" rw,
+ # Writable directory /var/snap/consumer/common/import/write-common-[0-9]*
+- /var/snap/consumer/common/import/write-common-[0-9]*/ rw,
++ "/var/snap/consumer/common/import/write-common-[0-9]*/" rw,
+ `
+ // Find the slice that describes profile0 by looking for the first unique
+ // line of the next profile.
+@@ -686,16 +717,16 @@ slots:
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0)
+
+ profile1 := ` # Read-write content sharing consumer:content -> producer:content (w#1)
+- mount options=(bind, rw) /var/snap/producer/2/write-data/ -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
++ mount options=(bind, rw) "/var/snap/producer/2/write-data/" -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/2/write-data
+- /var/snap/producer/2/write-data/ rw,
+- /var/snap/producer/2/ rw,
++ "/var/snap/producer/2/write-data/" rw,
++ "/var/snap/producer/2/" rw,
+ # Writable directory /var/snap/consumer/common/import/write-data
+- /var/snap/consumer/common/import/write-data/ rw,
++ "/var/snap/consumer/common/import/write-data/" rw,
+ # Writable directory /var/snap/consumer/common/import/write-data-[0-9]*
+- /var/snap/consumer/common/import/write-data-[0-9]*/ rw,
++ "/var/snap/consumer/common/import/write-data-[0-9]*/" rw,
+ `
+ // Find the slice that describes profile1 by looking for the first unique
+ // line of the next profile.
+@@ -704,16 +735,16 @@ slots:
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1)
+
+ profile2 := ` # Read-only content sharing consumer:content -> producer:content (r#0)
+- mount options=(bind) /var/snap/producer/common/read-common/ -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
+- remount options=(bind, ro) /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
++ mount options=(bind) "/var/snap/producer/common/read-common/" -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/common/read-common
+- /var/snap/producer/common/read-common/ rw,
++ "/var/snap/producer/common/read-common/" rw,
+ # Writable directory /var/snap/consumer/common/import/read-common
+- /var/snap/consumer/common/import/read-common/ rw,
++ "/var/snap/consumer/common/import/read-common/" rw,
+ # Writable directory /var/snap/consumer/common/import/read-common-[0-9]*
+- /var/snap/consumer/common/import/read-common-[0-9]*/ rw,
++ "/var/snap/consumer/common/import/read-common-[0-9]*/" rw,
+ `
+ // Find the slice that describes profile2 by looking for the first unique
+ // line of the next profile.
+@@ -722,16 +753,16 @@ slots:
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2)
+
+ profile3 := ` # Read-only content sharing consumer:content -> producer:content (r#1)
+- mount options=(bind) /var/snap/producer/2/read-data/ -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
+- remount options=(bind, ro) /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
++ mount options=(bind) "/var/snap/producer/2/read-data/" -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
+ # Writable directory /var/snap/producer/2/read-data
+- /var/snap/producer/2/read-data/ rw,
++ "/var/snap/producer/2/read-data/" rw,
+ # Writable directory /var/snap/consumer/common/import/read-data
+- /var/snap/consumer/common/import/read-data/ rw,
++ "/var/snap/consumer/common/import/read-data/" rw,
+ # Writable directory /var/snap/consumer/common/import/read-data-[0-9]*
+- /var/snap/consumer/common/import/read-data-[0-9]*/ rw,
++ "/var/snap/consumer/common/import/read-data-[0-9]*/" rw,
+ `
+ // Find the slice that describes profile3 by looking for the first unique
+ // line of the next profile.
+@@ -740,102 +771,102 @@ slots:
+ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile3)
+
+ profile4 := ` # Read-only content sharing consumer:content -> producer:content (r#2)
+- mount options=(bind) /snap/producer/2/read-snap/ -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
+- remount options=(bind, ro) /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
+- mount options=(rprivate) -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
+- umount /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
++ mount options=(bind) "/snap/producer/2/read-snap/" -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
++ umount "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
+ # Writable mimic /snap/producer/2
+ # .. permissions for traversing the prefix that is assumed to exist
+ # .. variant with mimic at /
+ # Allow reading the mimic directory, it must exist in the first place.
+- / r,
++ "/" r,
+ # Allow setting the read-only directory aside via a bind mount.
+- /tmp/.snap/ rw,
+- mount options=(rbind, rw) / -> /tmp/.snap/,
++ "/tmp/.snap/" rw,
++ mount options=(rbind, rw) "/" -> "/tmp/.snap/",
+ # Allow mounting tmpfs over the read-only directory.
+- mount fstype=tmpfs options=(rw) tmpfs -> /,
++ mount fstype=tmpfs options=(rw) tmpfs -> "/",
+ # Allow creating empty files and directories for bind mounting things
+ # to reconstruct the now-writable parent directory.
+- /tmp/.snap/*/ rw,
+- /*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/,
+- /tmp/.snap/* rw,
+- /* rw,
+- mount options=(bind, rw) /tmp/.snap/* -> /*,
++ "/tmp/.snap/*/" rw,
++ "/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/",
++ "/tmp/.snap/*" rw,
++ "/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*",
+ # Allow unmounting the auxiliary directory.
+ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
+- mount options=(rprivate) -> /tmp/.snap/,
+- umount /tmp/.snap/,
++ mount options=(rprivate) -> "/tmp/.snap/",
++ umount "/tmp/.snap/",
+ # Allow unmounting the destination directory as well as anything
+ # inside. This lets us perform the undo plan in case the writable
+ # mimic fails.
+- mount options=(rprivate) -> /,
+- mount options=(rprivate) -> /*,
+- mount options=(rprivate) -> /*/,
+- umount /,
+- umount /*,
+- umount /*/,
++ mount options=(rprivate) -> "/",
++ mount options=(rprivate) -> "/*",
++ mount options=(rprivate) -> "/*/",
++ umount "/",
++ umount "/*",
++ umount "/*/",
+ # .. variant with mimic at /snap/
+- /snap/ r,
+- /tmp/.snap/snap/ rw,
+- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/,
+- /tmp/.snap/snap/*/ rw,
+- /snap/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/,
+- /tmp/.snap/snap/* rw,
+- /snap/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/,
+- umount /tmp/.snap/snap/,
+- mount options=(rprivate) -> /snap/,
+- mount options=(rprivate) -> /snap/*,
+- mount options=(rprivate) -> /snap/*/,
+- umount /snap/,
+- umount /snap/*,
+- umount /snap/*/,
++ "/snap/" r,
++ "/tmp/.snap/snap/" rw,
++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/",
++ "/tmp/.snap/snap/*/" rw,
++ "/snap/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/",
++ "/tmp/.snap/snap/*" rw,
++ "/snap/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/",
++ umount "/tmp/.snap/snap/",
++ mount options=(rprivate) -> "/snap/",
++ mount options=(rprivate) -> "/snap/*",
++ mount options=(rprivate) -> "/snap/*/",
++ umount "/snap/",
++ umount "/snap/*",
++ umount "/snap/*/",
+ # .. variant with mimic at /snap/producer/
+- /snap/producer/ r,
+- /tmp/.snap/snap/producer/ rw,
+- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/,
+- /tmp/.snap/snap/producer/*/ rw,
+- /snap/producer/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/,
+- /tmp/.snap/snap/producer/* rw,
+- /snap/producer/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/producer/,
+- umount /tmp/.snap/snap/producer/,
+- mount options=(rprivate) -> /snap/producer/,
+- mount options=(rprivate) -> /snap/producer/*,
+- mount options=(rprivate) -> /snap/producer/*/,
+- umount /snap/producer/,
+- umount /snap/producer/*,
+- umount /snap/producer/*/,
++ "/snap/producer/" r,
++ "/tmp/.snap/snap/producer/" rw,
++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/",
++ "/tmp/.snap/snap/producer/*/" rw,
++ "/snap/producer/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/",
++ "/tmp/.snap/snap/producer/*" rw,
++ "/snap/producer/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/",
++ umount "/tmp/.snap/snap/producer/",
++ mount options=(rprivate) -> "/snap/producer/",
++ mount options=(rprivate) -> "/snap/producer/*",
++ mount options=(rprivate) -> "/snap/producer/*/",
++ umount "/snap/producer/",
++ umount "/snap/producer/*",
++ umount "/snap/producer/*/",
+ # .. variant with mimic at /snap/producer/2/
+- /snap/producer/2/ r,
+- /tmp/.snap/snap/producer/2/ rw,
+- mount options=(rbind, rw) /snap/producer/2/ -> /tmp/.snap/snap/producer/2/,
+- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/2/,
+- /tmp/.snap/snap/producer/2/*/ rw,
+- /snap/producer/2/*/ rw,
+- mount options=(rbind, rw) /tmp/.snap/snap/producer/2/*/ -> /snap/producer/2/*/,
+- /tmp/.snap/snap/producer/2/* rw,
+- /snap/producer/2/* rw,
+- mount options=(bind, rw) /tmp/.snap/snap/producer/2/* -> /snap/producer/2/*,
+- mount options=(rprivate) -> /tmp/.snap/snap/producer/2/,
+- umount /tmp/.snap/snap/producer/2/,
+- mount options=(rprivate) -> /snap/producer/2/,
+- mount options=(rprivate) -> /snap/producer/2/*,
+- mount options=(rprivate) -> /snap/producer/2/*/,
+- umount /snap/producer/2/,
+- umount /snap/producer/2/*,
+- umount /snap/producer/2/*/,
++ "/snap/producer/2/" r,
++ "/tmp/.snap/snap/producer/2/" rw,
++ mount options=(rbind, rw) "/snap/producer/2/" -> "/tmp/.snap/snap/producer/2/",
++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/2/",
++ "/tmp/.snap/snap/producer/2/*/" rw,
++ "/snap/producer/2/*/" rw,
++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/2/*/" -> "/snap/producer/2/*/",
++ "/tmp/.snap/snap/producer/2/*" rw,
++ "/snap/producer/2/*" rw,
++ mount options=(bind, rw) "/tmp/.snap/snap/producer/2/*" -> "/snap/producer/2/*",
++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/2/",
++ umount "/tmp/.snap/snap/producer/2/",
++ mount options=(rprivate) -> "/snap/producer/2/",
++ mount options=(rprivate) -> "/snap/producer/2/*",
++ mount options=(rprivate) -> "/snap/producer/2/*/",
++ umount "/snap/producer/2/",
++ umount "/snap/producer/2/*",
++ umount "/snap/producer/2/*/",
+ # Writable directory /var/snap/consumer/common/import/read-snap
+- /var/snap/consumer/common/import/read-snap/ rw,
++ "/var/snap/consumer/common/import/read-snap/" rw,
+ # Writable directory /var/snap/consumer/common/import/read-snap-[0-9]*
+- /var/snap/consumer/common/import/read-snap-[0-9]*/ rw,
++ "/var/snap/consumer/common/import/read-snap-[0-9]*/" rw,
+ `
+ // Find the slice that describes profile4 by looking till the end of the list.
+ start = end
+@@ -911,13 +942,13 @@ slots:
+ # In addition to the bind mount, add any AppArmor rules so that
+ # snaps may directly access the slot implementation's files
+ # read-only.
+-/snap/plugin-one/1/plugin/** mrkix,
++"/snap/plugin-one/1/plugin/**" mrkix,
+
+
+ # In addition to the bind mount, add any AppArmor rules so that
+ # snaps may directly access the slot implementation's files
+ # read-only.
+-/snap/plugin-two/1/plugin/** mrkix,
++"/snap/plugin-two/1/plugin/**" mrkix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.app.app"), Equals, expected)
+ }
+@@ -975,12 +1006,12 @@ slots:
+ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
+ # are needed for using named sockets within the exported
+ # directory.
+-/var/snap/producer/2/directory/** mrwklix,
++"/var/snap/producer/2/directory/**" mrwklix,
+
+ # In addition to the bind mount, add any AppArmor rules so that
+ # snaps may directly access the slot implementation's files
+ # read-only.
+-/var/snap/producer/2/directory/** mrkix,
++"/var/snap/producer/2/directory/**" mrkix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
+ }
+@@ -1017,7 +1048,7 @@ apps:
+ # implementation to access the slot's exported files at the plugging
+ # snap's mountpoint to accommodate software where the plugging app
+ # tells the slotting app about files to share.
+-/var/snap/consumer/common/import/** mrwklix,
++"/var/snap/consumer/common/import/**" mrwklix,
+ `
+ c.Assert(apparmorSpec.SnippetForTag("snap.producer.app"), Equals, expected)
+ }
+Index: snapd-2.49/interfaces/builtin/daemon_notify.go
+===================================================================
+--- snapd-2.49.orig/interfaces/builtin/daemon_notify.go
++++ snapd-2.49/interfaces/builtin/daemon_notify.go
+@@ -26,6 +26,7 @@ import (
+
+ "github.com/snapcore/snapd/interfaces"
+ "github.com/snapcore/snapd/interfaces/apparmor"
++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
+ )
+
+ const daemonNotifySummary = `allows sending daemon status changes to service manager`
+@@ -64,7 +65,7 @@ func (iface *daemoNotifyInterface) AppAr
+ // must be an absolute path or an abstract socket path
+ return fmt.Errorf("cannot use %q as notify socket path: not absolute", notifySocket)
+ }
+- if err := apparmor.ValidateNoAppArmorRegexp(notifySocket); err != nil {
++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(notifySocket); err != nil {
+ return fmt.Errorf("cannot use %q as notify socket path: %s", notifySocket, err)
+ }
+
+Index: snapd-2.49/interfaces/ifacetest/backendtest.go
+===================================================================
+--- snapd-2.49.orig/interfaces/ifacetest/backendtest.go
++++ snapd-2.49/interfaces/ifacetest/backendtest.go
+@@ -42,7 +42,15 @@ type BackendSuite struct {
+ testutil.BaseTest
+ }
+
++// CoreSnapInfo is set in SetupSuite
++var DefaultInitializeOpts = &interfaces.SecurityBackendOptions{}
++
+ func (s *BackendSuite) SetUpTest(c *C) {
++ coreSnapPlaceInfo := snap.MinimalPlaceInfo("core", snap.Revision{N: 123})
++ snInfo, ok := coreSnapPlaceInfo.(*snap.Info)
++ c.Assert(ok, Equals, true)
++ DefaultInitializeOpts.CoreSnapInfo = snInfo
++
+ // Isolate this test to a temporary directory
+ s.RootDir = c.MkDir()
+ dirs.SetRootDir(s.RootDir)
+Index: snapd-2.49/interfaces/seccomp/backend_test.go
+===================================================================
+--- snapd-2.49.orig/interfaces/seccomp/backend_test.go
++++ snapd-2.49/interfaces/seccomp/backend_test.go
+@@ -175,7 +175,7 @@ fi`)
+ c.Check(s.snapSeccomp.Calls(), HasLen, 0)
+ // ensure the snap-seccomp from the core snap was used instead
+ c.Check(snapSeccompOnCore.Calls(), DeepEquals, [][]string{
+- {"snap-seccomp", "version-info"},
++ {"snap-seccomp", "version-info"}, // from Initialize()
+ {"snap-seccomp", "compile", profile + ".src", profile + ".bin"},
+ })
+ raw, err := ioutil.ReadFile(profile + ".src")
+Index: snapd-2.49/overlord/devicestate/firstboot_test.go
+===================================================================
+--- snapd-2.49.orig/overlord/devicestate/firstboot_test.go
++++ snapd-2.49/overlord/devicestate/firstboot_test.go
+@@ -24,6 +24,7 @@ import (
+ "io/ioutil"
+ "os"
+ "path/filepath"
++ "runtime"
+ "strconv"
+ "strings"
+ "time"
+@@ -76,6 +77,11 @@ type firstBootBaseTest struct {
+ func (t *firstBootBaseTest) setupBaseTest(c *C, s *seedtest.SeedSnaps) {
+ t.BaseTest.SetUpTest(c)
+
++ // TODO: temporary: skip due to timeouts on riscv64
++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" {
++ c.Skip("skipping slow test")
++ }
++
+ tempdir := c.MkDir()
+ dirs.SetRootDir(tempdir)
+ t.AddCleanup(func() { dirs.SetRootDir("/") })
+Index: snapd-2.49/overlord/ifacestate/helpers.go
+===================================================================
+--- snapd-2.49.orig/overlord/ifacestate/helpers.go
++++ snapd-2.49/overlord/ifacestate/helpers.go
+@@ -67,7 +67,39 @@ func (m *InterfaceManager) addInterfaces
+ }
+
+ func (m *InterfaceManager) addBackends(extra []interfaces.SecurityBackend) error {
+- opts := interfaces.SecurityBackendOptions{Preseed: m.preseed}
++ // get the snapd snap info if it is installed
++ var snapdSnap snapstate.SnapState
++ var snapdSnapInfo *snap.Info
++ err := snapstate.Get(m.state, "snapd", &snapdSnap)
++ if err != nil && err != state.ErrNoState {
++ return fmt.Errorf("cannot access snapd snap state: %v", err)
++ }
++ if err == nil {
++ snapdSnapInfo, err = snapdSnap.CurrentInfo()
++ if err != nil && err != snapstate.ErrNoCurrent {
++ return fmt.Errorf("cannot access snapd snap info: %v", err)
++ }
++ }
++
++ // get the core snap info if it is installed
++ var coreSnap snapstate.SnapState
++ var coreSnapInfo *snap.Info
++ err = snapstate.Get(m.state, "core", &coreSnap)
++ if err != nil && err != state.ErrNoState {
++ return fmt.Errorf("cannot access core snap state: %v", err)
++ }
++ if err == nil {
++ coreSnapInfo, err = coreSnap.CurrentInfo()
++ if err != nil && err != snapstate.ErrNoCurrent {
++ return fmt.Errorf("cannot access core snap info: %v", err)
++ }
++ }
++
++ opts := interfaces.SecurityBackendOptions{
++ Preseed: m.preseed,
++ CoreSnapInfo: coreSnapInfo,
++ SnapdSnapInfo: snapdSnapInfo,
++ }
+ for _, backend := range backends.All {
+ if err := backend.Initialize(&opts); err != nil {
+ return err
+Index: snapd-2.49/overlord/managers_test.go
+===================================================================
+--- snapd-2.49.orig/overlord/managers_test.go
++++ snapd-2.49/overlord/managers_test.go
+@@ -34,6 +34,7 @@ import (
+ "net/url"
+ "os"
+ "path/filepath"
++ "runtime"
+ "sort"
+ "strings"
+ "time"
+@@ -140,6 +141,11 @@ func verifyLastTasksetIsRerefresh(c *C,
+ func (s *baseMgrsSuite) SetUpTest(c *C) {
+ s.BaseTest.SetUpTest(c)
+
++ // TODO: temporary: skip due to timeouts on riscv64
++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" {
++ c.Skip("skipping slow tests")
++ }
++
+ s.tempdir = c.MkDir()
+ dirs.SetRootDir(s.tempdir)
+ s.AddCleanup(func() { dirs.SetRootDir("") })
+Index: snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests
+===================================================================
+--- snapd-2.49.orig/packaging/ubuntu-16.04/tests/integrationtests
++++ snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests
+@@ -74,6 +74,9 @@ backends:
+ - adt-local:
+ username: ubuntu
+ password: ubuntu
++prepare: |
++ # Copy external tools from the subtree to the "$TESTSLIB"/tools directory
++ cp -f "$TESTSLIB"/external/snapd-testing-tools/tools/* "$TESTSTOOLS"
+ suites:
+ tests/smoke/:
+ summary: Essenial system level tests for snapd
+Index: snapd-2.49/sandbox/apparmor/apparmor.go
+===================================================================
+--- snapd-2.49.orig/sandbox/apparmor/apparmor.go
++++ snapd-2.49/sandbox/apparmor/apparmor.go
+@@ -35,6 +35,19 @@ import (
+ "github.com/snapcore/snapd/strutil"
+ )
+
++// ValidateNoAppArmorRegexp will check that the given string does not
++// contain AppArmor regular expressions (AARE), double quotes or \0.
++// Note that to check the inverse of this, that is that a string has
++// valid AARE, one should use interfaces/utils.NewPathPattern().
++func ValidateNoAppArmorRegexp(s string) error {
++ const AARE = `?*[]{}^"` + "\x00"
++
++ if strings.ContainsAny(s, AARE) {
++ return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE)
++ }
++ return nil
++}
++
+ // LevelType encodes the kind of support for apparmor
+ // found on this system.
+ type LevelType int
+Index: snapd-2.49/sandbox/apparmor/apparmor_test.go
+===================================================================
+--- snapd-2.49.orig/sandbox/apparmor/apparmor_test.go
++++ snapd-2.49/sandbox/apparmor/apparmor_test.go
+@@ -303,3 +303,19 @@ func (s *apparmorSuite) TestFeaturesProb
+ _, err = apparmor.ParserFeatures()
+ c.Assert(err, IsNil)
+ }
++
++func (s *apparmorSuite) TestValidateFreeFromAAREUnhappy(c *C) {
++ var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"}
++
++ for _, s := range testCases {
++ c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s))
++ }
++}
++
++func (s *apparmorSuite) TestValidateFreeFromAAREhappy(c *C) {
++ var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a<b", "a|b"}
++
++ for _, s := range testCases {
++ c.Check(apparmor.ValidateNoAppArmorRegexp(s), IsNil, Commentf("%q raised an error but shouldn't", s))
++ }
++}
+Index: snapd-2.49/snap/validate.go
+===================================================================
+--- snapd-2.49.orig/snap/validate.go
++++ snapd-2.49/snap/validate.go
+@@ -31,6 +31,7 @@ import (
+ "unicode/utf8"
+
+ "github.com/snapcore/snapd/osutil"
++ "github.com/snapcore/snapd/sandbox/apparmor"
+ "github.com/snapcore/snapd/snap/naming"
+ "github.com/snapcore/snapd/spdx"
+ "github.com/snapcore/snapd/strutil"
+@@ -422,6 +423,9 @@ func ValidateLayoutAll(info *Info) error
+ // Validate that each source path is not a new top-level directory
+ for _, layout := range info.Layout {
+ cleanPathSrc := info.ExpandSnapVariables(filepath.Clean(layout.Path))
++ if err := apparmor.ValidateNoAppArmorRegexp(layout.Path); err != nil {
++ return fmt.Errorf("invalid layout path: %v", err)
++ }
+ elems := strings.SplitN(cleanPathSrc, string(os.PathSeparator), 3)
+ switch len(elems) {
+ // len(1) is either relative path or empty string, will be validated
+@@ -1005,6 +1009,10 @@ func ValidateLayout(layout *Layout, cons
+ !strings.HasPrefix(mountSource, si.ExpandSnapVariables("$SNAP_COMMON")) {
+ return fmt.Errorf("layout %q uses invalid bind mount source %q: must start with $SNAP, $SNAP_DATA or $SNAP_COMMON", layout.Path, mountSource)
+ }
++ // Ensure that the path does not express an AppArmor pattern
++ if err := apparmor.ValidateNoAppArmorRegexp(mountSource); err != nil {
++ return fmt.Errorf("layout %q uses invalid mount source: %s", layout.Path, err)
++ }
+ }
+
+ switch layout.Type {
+@@ -1032,6 +1040,10 @@ func ValidateLayout(layout *Layout, cons
+ !strings.HasPrefix(oldname, si.ExpandSnapVariables("$SNAP_COMMON")) {
+ return fmt.Errorf("layout %q uses invalid symlink old name %q: must start with $SNAP, $SNAP_DATA or $SNAP_COMMON", layout.Path, oldname)
+ }
++ // Ensure that the path does not express an AppArmor pattern
++ if err := apparmor.ValidateNoAppArmorRegexp(oldname); err != nil {
++ return fmt.Errorf("layout %q uses invalid symlink: %s", layout.Path, err)
++ }
+ }
+
+ // When new users and groups are supported those must be added to interfaces/mount/spec.go as well.
+Index: snapd-2.49/snap/validate_test.go
+===================================================================
+--- snapd-2.49.orig/snap/validate_test.go
++++ snapd-2.49/snap/validate_test.go
+@@ -963,6 +963,21 @@ func (s *ValidateSuite) TestValidateLayo
+ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/tmp", Type: "tmpfs"}, nil),
+ ErrorMatches, `layout "/tmp" in an off-limits area`)
+
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Bind: "$SNAP/dev/sda[0123]"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/dev/sda\[0123\]" contains a reserved apparmor char.*`)
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Bind: "$SNAP/*"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/\*" contains a reserved apparmor char.*`)
++
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", BindFile: "$SNAP/a\"quote"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/a\\"quote" contains a reserved apparmor char.*`)
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", BindFile: "$SNAP/^invalid"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/\^invalid" contains a reserved apparmor char.*`)
++
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Symlink: "$SNAP/{here,there}"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid symlink: "/snap/foo/unset/{here,there}" contains a reserved apparmor char.*`)
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Symlink: "$SNAP/**"}, nil),
++ ErrorMatches, `layout "\$SNAP/evil" uses invalid symlink: "/snap/foo/unset/\*\*" contains a reserved apparmor char.*`)
++
+ // Several valid layouts.
+ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/foo", Type: "tmpfs", Mode: 01755}, nil), IsNil)
+ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/usr", Bind: "$SNAP/usr"}, nil), IsNil)
+@@ -1247,6 +1262,7 @@ layout:
+ symlink: $SNAP/existent-dir
+ `
+
++ // TODO: merge with the block below
+ for _, testCase := range []struct {
+ str string
+ topLevelDir string
+@@ -1265,6 +1281,24 @@ layout:
+ c.Assert(err, ErrorMatches, fmt.Sprintf(`layout %q defines a new top-level directory %q`, testCase.str, testCase.topLevelDir))
+ }
+
++ for _, testCase := range []struct {
++ str string
++ expectedError string
++ }{
++ {"$SNAP/with\"quote", "invalid layout path: .* contains a reserved apparmor char.*"},
++ {"$SNAP/myDir[0123]", "invalid layout path: .* contains a reserved apparmor char.*"},
++ {"$SNAP/here{a,b}", "invalid layout path: .* contains a reserved apparmor char.*"},
++ {"$SNAP/anywhere*", "invalid layout path: .* contains a reserved apparmor char.*"},
++ } {
++ // Layout adding a new top-level directory
++ strk = NewScopedTracker()
++ yaml14 := fmt.Sprintf(yaml14Pattern, testCase.str)
++ info, err = InfoFromSnapYamlWithSideInfo([]byte(yaml14), &SideInfo{Revision: R(42)}, strk)
++ c.Assert(err, IsNil)
++ c.Assert(info.Layout, HasLen, 1)
++ err = ValidateLayoutAll(info)
++ c.Assert(err, ErrorMatches, testCase.expectedError, Commentf("path: %s", testCase.str))
++ }
+ }
+
+ func (s *YamlSuite) TestValidateAppStartupOrder(c *C) {
+Index: snapd-2.49/spread.yaml
+===================================================================
+--- snapd-2.49.orig/spread.yaml
++++ snapd-2.49/spread.yaml
+@@ -210,6 +210,10 @@ backends:
+ image: ubuntu-16.04-64
+ username: ubuntu
+ password: ubuntu
++ - ubuntu-core-18-32:
++ image: ubuntu-18.04-32
++ username: ubuntu
++ password: ubuntu
+ - ubuntu-core-18-64:
+ image: ubuntu-16.04-64
+ username: ubuntu
+Index: snapd-2.49/tests/lib/state.sh
+===================================================================
+--- snapd-2.49.orig/tests/lib/state.sh
++++ snapd-2.49/tests/lib/state.sh
+@@ -132,3 +132,9 @@ restore_snapd_lib() {
+ fi
+ rsync -av --delete "$SNAPD_STATE_PATH"/snapd-lib/cache /var/lib/snapd
+ }
++
++remove_disabled_snaps() {
++ snap list --all | grep disabled | while read -r name _ revision _ ; do
++ snap remove "$name" --revision="$revision"
++ done
++}
+Index: snapd-2.49/tests/main/docker-smoke/task.yaml
+===================================================================
+--- snapd-2.49.orig/tests/main/docker-smoke/task.yaml
++++ snapd-2.49/tests/main/docker-smoke/task.yaml
+@@ -14,3 +14,5 @@ execute: |
+ # the retry here is because there's a race between installing the docker snap
+ # and dockerd to be "ready" enough such that docker can talk to it properly
+ retry -n 30 --wait 1 docker run hello-world | MATCH "installation appears to be working correctly"
++
++
+Index: snapd-2.49/tests/main/snap-confine-tmp-mount/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/main/snap-confine-tmp-mount/task.yaml
+@@ -0,0 +1,59 @@
++summary: ensure snap-confine controls private mount namespace
++
++details: |
++ Ensure that when creating the private mount namespace for a snap that
++ if it already exists but is not owned by root then any existing
++ contents within the private mount directory is first removed before the
++ mount is created.
++
++# ubuntu-14.04: the test sets up a user session, which requires more recent systemd
++systems: [-ubuntu-14.04-*]
++
++prepare: |
++ echo "Install a helper snap"
++ "$TESTSTOOLS"/snaps-state install-local test-snapd-sh
++
++ tests.session -u test prepare
++
++restore: |
++ tests.session -u test restore
++
++execute: |
++ rm -rf /tmp/snap.test-snapd-sh
++ # create /tmp/snap.test-snapd-sh as a regular user
++ tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh"
++ test_umask=$(tests.session -u test exec sh -c "umask")
++ # check permissions are as expected
++ expected=$(printf "%o" $((0777-test_umask)))
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "test test $expected"
++ # and place other contents there
++ tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh/tmp"
++ tests.session -u test exec sh -c "touch /tmp/snap.test-snapd-sh/tmp/foo"
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "test test $expected"
++ expected=$(printf "%o" $((0666-test_umask)))
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp/foo | MATCH "test test $expected"
++
++ # then execute snap-confine - this should take over our imposter base
++ # dir but execute id successfully - snap-confine outputs to stderr and
++ # id will output to stdout so capture each separately
++ SNAP_CONFINE=$(os.paths libexec-dir)/snapd/snap-confine
++ if os.query is-core; then
++ # on Ubuntu Core we need to use the correct path to ensure it is
++ # appropriately confined by apparmor as it may be from the snapd
++ # snap
++ SNAP_CONFINE=$(aa-status | grep "snap-confine$")
++ fi
++ tests.session -u test exec sh -c "env -i SNAPD_DEBUG=1 SNAP_INSTANCE_NAME=test-snapd-sh $SNAP_CONFINE --base core snap.test-snapd-sh.sh /bin/bash -c id 1>/tmp/snap-confine-stdout.log 2>/tmp/snap-confine-stderr.log"
++ tests.cleanup defer rm -f /tmp/snap-confine-stdout.log /tmp/snap-confine-stderr.log
++
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700"
++
++ # contents should have been removed and tmp dir recreated with root
++ # ownership but foo file should have been removed
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "root root 1777"
++ [ -f /tmp/snap.test-snapd-sh/tmp/foo ] && exit 1
++ # actual dir should be owned by root now
++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700"
++ # and snap-confine should ensure the target binary is executed as the test user
++ MATCH "uid=12345\(test\) gid=12345\(test\)" /tmp/snap-confine-stdout.log
++
+Index: snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml
+@@ -0,0 +1,35 @@
++summary: ensure snap-confine denies operation when not in expected location
++
++details: |
++ Ensure that when running from an unexpected location, snap-confine will
++ not execute the snap-discard-ns helper from the same location since
++ this may not be the one which is expected.
++
++environment:
++ SNAP_CONFINE: $(os.paths libexec-dir)/snapd/snap-confine
++
++prepare: |
++ echo "Install a helper snap"
++ "$TESTSTOOLS"/snaps-state install-local test-snapd-sh
++
++execute: |
++ # copy snap-confine with full permissions to /tmp - ideally we would do
++ # this by hardlinking snap-confine into /tmp to make this a more
++ # realistic test (as this is something a regular user could do assuming
++ # fs.protected_hardlinks is disabled) but some spread systems have /tmp
++ # on a tmpfs and hence a different mount point so instead copy it as
++ # root for the test
++ echo "Copying snap-confine to /tmp"
++
++ cp -a "$SNAP_CONFINE" /tmp
++ tests.cleanup defer rm -f /tmp/snap-confine
++ # ensure has the correct permissions
++ diff <(stat -c "%U %G %a" "$SNAP_CONFINE") <(stat -c "%U %G %a" /tmp/snap-confine)
++
++ # then execute /tmp/snap-confine - this should fail since snap-confine
++ # is not in the location it expects to be when it goes to find the
++ # snap-discard-ns etc helper binaries
++ env -i SNAP_INSTANCE_NAME=test-snapd-sh /tmp/snap-confine --base snapd snap.test-snapd-sh.sh /nonexistent 2>/tmp/snap-confine-output.txt && exit 1
++ tests.cleanup defer rm -f /tmp/snap-confine-output.txt
++ MATCH "running from unexpected location: /tmp/snap-confine" /tmp/snap-confine-output.txt
++
+Index: snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml
+@@ -0,0 +1,202 @@
++summary: Ensure snap run inside a devmode snap works (for now)
++
++details: |
++ This test ensures inside a devmode snap the "snap run" command
++ works.
++
++ Because of historic mistakes we allowed this and until we properly
++ deprecated it we need to ensure it works. We really do not want to
++ support running other snaps from devmode snaps as the use-case for
++ devmode is to get help on the way to confined snaps. But snaps can
++ not run other snaps so this does not make sense.
++
++systems:
++ # run the classic test on xenial so that we can build the snapd snap
++ # destructively without needing the lxd snap and thus execute much quicker
++ # NOTE: if this test is moved to classic impish or later before the snapd
++ # snap moves off of building based on xenial, then building with LXD will
++ # not work because xenial containers do not boot/get networking properly
++ # when the host has cgroupsv2 in it
++ - ubuntu-16.04-*
++
++environment:
++ # to build natively on the machine rather than with multipass or lxd
++ SNAPCRAFT_BUILD_ENVIRONMENT: host
++
++ # ensure that re-exec is on by default like it should be
++ SNAP_REEXEC: "1"
++
++ SNAP_TO_USE_FIRST/snapd_first: snapd
++ SNAP_TO_USE_FIRST/core_first: core
++
++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for
++ # testing devmode confinement with base: core
++ BASE_CORE_DEVMODE_SNAP: godd
++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18
++
++ BASE_CORE_STRICT_SNAP: test-snapd-sh
++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18
++
++prepare: |
++ # much of what follows is copied from tests/main/snapd-snap
++
++ # install snapcraft snap
++
++ snap install snapcraft --channel=4.x/candidate --classic
++ tests.cleanup defer snap remove --purge snapcraft
++
++ # shellcheck disable=SC2164
++ pushd "$PROJECT_PATH"
++ echo "Build the snap"
++ snap run snapcraft snap --output snapd-from-branch.snap
++ popd
++
++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap"
++
++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c
++ # with defer, so just put what we want to run in a script and execute that
++ cat >> snapcraft-cleanup.sh <<EOF
++ #!/bin/sh
++ cd $PROJECT_PATH
++ snap run snapcraft clean
++ EOF
++ chmod +x snapcraft-cleanup.sh
++ tests.cleanup defer sh -c "$PWD/snapcraft-cleanup.sh"
++
++ unsquashfs -d snapd-from-branch snapd-from-branch.snap
++ snapddir=snapd-from-branch
++
++ # now repack the core snap with this snapd snap
++ snap download core --edge --basename=core-from-edge
++ unsquashfs -d edge-core-snap core-from-edge.snap
++ coredir=edge-core-snap
++
++ # backup the meta dir
++ mv "$coredir/meta" "$coredir/meta-backup"
++ # copy everything from the snapd snap into the core snap
++ cp -ar "$snapddir"/* "$coredir"
++
++ # restore the meta dir
++ rm -r "$coredir/meta"
++ mv "$coredir/meta-backup" "$coredir/meta"
++
++ # set the version for the core snap to be the version from the snapd snap
++ SNAPD_SNAP_VERSION=$(grep -Po "version: \K.*" "$snapddir/meta/snap.yaml")
++ CORE_SNAP_VERSION=$(grep -Po "version: \K.*" "$coredir/meta/snap.yaml")
++ sed -i -e "s/$CORE_SNAP_VERSION/$SNAPD_SNAP_VERSION/" "$coredir/meta/snap.yaml"
++
++ # pack the core snap
++ snap pack --filename=core-from-branch.snap "$coredir"
++
++ rm -r "$coredir"
++ rm -r "$snapddir"
++
++execute: |
++ if [ "$SNAP_TO_USE_FIRST" = "core" ]; then
++ # first install our core snap because we don't have the snapd snap on
++ # the system yet, so we don't need to do any shenanigans
++ snap install --dangerous core-from-branch.snap
++
++ snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
++ snap install "$BASE_CORE_STRICT_SNAP"
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ snap install --dangerous snapd-from-branch.snap
++
++ # trigger profile re-generation because the same build-id for snapd is
++ # in the core and snapd snaps we are using, so profiles won't be
++ # regenerated when we install the snapd snap above
++ systemctl stop snapd.socket snapd.service
++ rm /var/lib/snapd/system-key
++ systemctl start snapd.socket snapd.service
++
++ # also install the non-core base snap, note that we can install and use it
++ # even without the snapd snap, but we cannot execute other snaps from this
++ # devmode snap without also installing the snapd snap, as inside non-core
++ # base snaps, there is a symlink
++ # /usr/bin/snap -> /snap/snapd/current/usr/bin/snap
++ # which effectively requires the snapd snap to be installed to execute other
++ # snaps from inside the devmode non-core based snap
++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh")
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ elif [ "$SNAP_TO_USE_FIRST" = "snapd" ]; then
++ # we already had the core snap installed, so we need to purge things
++ # and then install only the snapd snap to test this scenario
++
++ snap remove go snapcraft
++ snap remove core18
++ apt remove --purge -y snapd
++ apt install snapd -y
++
++ snap install --dangerous snapd-from-branch.snap
++
++ # snaps that don't depend on the core snap
++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
++ snap install "$BASE_NON_CORE_STRICT_SNAP"
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" )
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ # now install the core snap and run those tests
++ echo "install the core snap"
++ snap install --dangerous core-from-branch.snap
++
++ # trigger profile re-generation because the same build-id for snapd is
++ # in the core and snapd snaps we are using, so profiles won't be
++ # regenerated when we install the snapd snap above
++ systemctl stop snapd.socket snapd.service
++ rm /var/lib/snapd/system-key
++ systemctl start snapd.socket snapd.service
++
++ snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
++ snap install "$BASE_CORE_STRICT_SNAP"
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh")
++ if [ "$OUTPUT" != "0022" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ # docker can run from a devmode snap
++ snap install docker
++ echo "snap run docker run hello-world" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" | MATCH "Hello from Docker"
++
++
++ # undo the purging
++ apt install -y "$PROJECT_PATH/../snapd_1337.2.54.2_amd64.deb"
++
++ else
++ echo "unknown variant $SNAP_TO_USE_FIRST"
++ exit 1
++ fi
++
++
+Index: snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml
+@@ -0,0 +1,22 @@
++summary: Test that devmode snaps can be installed during seeding.
++
++# testing with core16 (no snapd snap) and core18 (with snapd snap) is enough
++systems: [ubuntu-16.04-64, ubuntu-18.04-64]
++
++environment:
++ NESTED_IMAGE_ID: core-seeding-devmode
++
++prepare: |
++ # seed a devmode snap
++ snap download --beta godd
++ GODD_SNAP=$(ls godd_*.snap)
++ mv "$GODD_SNAP" "$(tests.nested get extra-snaps-path)"
++
++ tests.nested build-image core
++ tests.nested create-vm core
++
++execute: |
++ tests.nested exec "sudo snap wait system seed.loaded"
++
++ # godd is installed
++ tests.nested exec "snap list godd" | MATCH "godd"
+Index: snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml
+@@ -0,0 +1,220 @@
++summary: |
++ Test that devmode confined snaps can execute other snaps.
++
++systems:
++ - ubuntu-18.04-64
++ - ubuntu-16.04-64
++
++environment:
++ # not needed to build snapd from source to use here, we have to manually
++ # build it ourselves anyways
++ NESTED_BUILD_SNAPD_FROM_CURRENT: false
++
++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for
++ # testing devmode confinement with base: core
++ BASE_CORE_DEVMODE_SNAP: godd
++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18
++
++ BASE_CORE_STRICT_SNAP: test-snapd-sh
++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18
++
++ # build the snap with lxd
++ SNAPCRAFT_BUILD_ENVIRONMENT: lxd
++
++prepare: |
++ # install lxd so we can build the snapd snap
++ snap install lxd --channel="$LXD_SNAP_CHANNEL"
++
++ snap install snapcraft --channel=4.x/candidate --classic
++ tests.cleanup defer snap remove --purge snapcraft
++
++ # much of what follows is copied from tests/main/snapd-snap
++
++ echo "Remove any installed debs (some images carry them) to ensure we test the snap"
++ # apt -v to test if apt is usable
++ if command -v apt && apt -v; then
++ # meh trusty's apt doesn't support -y, so use apt-get
++ apt-get autoremove -y lxd
++ if ! os.query is-debian-sid; then
++ # no lxd-client on debian sid
++ apt-get autoremove -y lxd-client
++ fi
++ fi
++
++ # load the fuse kernel module before installing lxd
++ modprobe fuse
++
++ snap set lxd waitready.timeout=240
++ lxd waitready
++ lxd init --auto
++
++ echo "Setting up proxy for lxc"
++ if [ -n "${http_proxy:-}" ]; then
++ lxd.lxc config set core.proxy_http "$http_proxy"
++ fi
++ if [ -n "${https_proxy:-}" ]; then
++ lxd.lxc config set core.proxy_https "$http_proxy"
++ fi
++
++ # TODO: do we need to address the spread system prepare shenanigans as
++ # mentioned in tests/main/snapd-snap ?
++
++ # shellcheck disable=SC2164
++ pushd "$PROJECT_PATH"
++ echo "Build the snap"
++ snap run snapcraft snap --output snapd-from-branch.snap
++ popd
++
++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap"
++
++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c
++ # with defer, so just put what we want to run in a script and execute that
++ cat >> snapcraft-cleanup.sh <<EOF
++ #!/bin/sh
++ cd $PROJECT_PATH
++ snap run snapcraft clean
++ EOF
++ chmod +x snapcraft-cleanup.sh
++ tests.cleanup defer sh -c "$PWD/snapcraft-cleanup.sh"
++
++ unsquashfs -d snapd-from-branch snapd-from-branch.snap
++ snapddir=snapd-from-branch
++
++ # now repack the core snap with this snapd snap
++ snap download core --edge --basename=core-from-edge
++ unsquashfs -d edge-core-snap core-from-edge.snap
++ coredir=edge-core-snap
++
++ # backup the meta dir
++ mv "$coredir/meta" "$coredir/meta-backup"
++ # copy everything from the snapd snap into the core snap
++ cp -ar "$snapddir"/* "$coredir"
++
++ # restore the meta dir
++ rm -r "$coredir/meta"
++ mv "$coredir/meta-backup" "$coredir/meta"
++
++ # set the version for the core snap to be the version from the snapd snap
++ SNAPD_SNAP_VERSION=$(grep -Po "version: \K.*" "$snapddir/meta/snap.yaml")
++ CORE_SNAP_VERSION=$(grep -Po "version: \K.*" "$coredir/meta/snap.yaml")
++ sed -i -e "s/$CORE_SNAP_VERSION/$SNAPD_SNAP_VERSION/" "$coredir/meta/snap.yaml"
++
++ # pack the core snap
++ snap pack --filename=core-from-branch.snap "$coredir"
++
++ rm -r "$coredir"
++ rm -r "$snapddir"
++
++ tests.nested build-image core
++ tests.nested create-vm core
++
++execute: |
++ # TODO: should we also just test the classic cases on the system that is
++ # driving the nested VM? That would save some time/resources
++
++ # wait for snap seeding to be done
++ tests.nested wait-for snap-command
++ tests.nested exec "sudo snap wait system seed.loaded"
++
++ # push both snaps to the vm
++ tests.nested copy core-from-branch.snap
++
++ tests.nested copy snapd-from-branch.snap
++
++ if os.query is-xenial; then
++ # on UC16, initially we will only have the core snap installed, run those
++ # tests first
++
++ # this will reboot as we refresh to our core snap
++ boot_id="$( tests.nested boot-id )"
++ REMOTE_CHG_ID="$(tests.nested exec sudo snap install --no-wait --dangerous core-from-branch.snap)"
++ tests.nested wait-for reboot "${boot_id}"
++ tests.nested exec sudo snap watch "${REMOTE_CHG_ID}"
++
++ tests.nested exec sudo snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
++ tests.nested exec sudo snap install "$BASE_CORE_STRICT_SNAP"
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ # now install the snapd snap and run those tests
++ echo "install the snapd snap"
++ tests.nested exec sudo snap install --dangerous snapd-from-branch.snap
++
++ # trigger regeneration of profiles
++ tests.nested exec sudo systemctl stop snapd.socket snapd.service
++ tests.nested exec sudo rm -f /var/lib/snapd/system-key
++ tests.nested exec sudo systemctl start snapd.socket snapd.service
++
++ # also install the non-core base snap, note that we can install and use it
++ # even without the snapd snap, but we cannot execute other snaps from this
++ # devmode snap without also installing the snapd snap, as inside non-core
++ # base snaps, there is a symlink
++ # /usr/bin/snap -> /snap/snapd/current/usr/bin/snap
++ # which effectively requires the snapd snap to be installed to execute other
++ # snaps from inside the devmode non-core based snap
++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh")
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ elif os.query is-bionic; then
++ # on UC18, initially we will only have the snapd snap installed, run those
++ # tests first
++ tests.nested exec sudo snap install --dangerous snapd-from-branch.snap
++
++ # snaps that don't depend on the core snap
++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
++ tests.nested exec sudo snap install "$BASE_NON_CORE_STRICT_SNAP"
++
++
++ # umask is the command we execute to avoid yet another layer of quoting
++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh" )
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ # now install the core snap and run those tests
++ echo "install the core snap"
++ tests.nested exec sudo snap install --dangerous core-from-branch.snap
++
++ # trigger regeneration of profiles
++ tests.nested exec sudo systemctl stop snapd.socket snapd.service
++ tests.nested exec sudo rm -f /var/lib/snapd/system-key
++ tests.nested exec sudo systemctl start snapd.socket snapd.service
++
++ # snap that does depend on the core snap
++ tests.nested exec sudo snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
++ tests.nested exec sudo snap install "$BASE_CORE_STRICT_SNAP"
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh")
++ if [ "$OUTPUT" != "0002" ]; then
++ echo "test failed"
++ exit 1
++ fi
++
++ else
++ echo "unsupported system for this test"
++ exit 1
++ fi
+Index: snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml
+@@ -0,0 +1,5 @@
++name: bad-layout
++version: 1.0
++layout:
++ /var/lib/foo:
++ bind: "$SNAP_DATA/var/*"
+Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh
+@@ -0,0 +1,3 @@
++#!/bin/sh
++PS1='$ '
++exec /bin/sh "$@"
+Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml
+@@ -0,0 +1,12 @@
++name: content-consumer
++version: 1.0
++apps:
++ sh:
++ command: bin/sh
++plugs:
++ quoting:
++ interface: content
++ target: "$SNAP_DATA/a,comma"
++ invalid-char:
++ interface: content
++ target: "$SNAP_DATA/{this,that}"
+Index: snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml
+@@ -0,0 +1,9 @@
++name: content-provider
++version: 1.0
++slots:
++ quoting:
++ interface: content
++ read: ["$SNAP_DATA/a,comma"]
++ invalid-char:
++ interface: content
++ read: ["$SNAP_DATA/{this,that}"]
+Index: snapd-2.49/tests/regression/lp-1949368/task.yaml
+===================================================================
+--- /dev/null
++++ snapd-2.49/tests/regression/lp-1949368/task.yaml
+@@ -0,0 +1,35 @@
++summary: Ensure that AppArmor paths are safe
++
++details: |
++ Some interfaces allow the developer to specify filesystem paths in their
++ plug sttributes, which then get encoded into the AppArmor profile of the
++ applications. We need to make sure that these paths are properly quoted,
++ and that snapd will refuse to connect a plug whose paths include some
++ invalid characters.
++
++prepare: |
++ echo "Creating the test snaps"
++ "$TESTSTOOLS"/snaps-state install-local content-provider
++ "$TESTSTOOLS"/snaps-state install-local content-consumer
++
++
++execute: |
++ echo "The plug is disconnected by default"
++ snap interfaces content-provider
++
++ echo "Verify that the plug with invalid characters raised a warning"
++ snap warnings |
++ tr -d '\n' | # remove newlines
++ sed -e 's,\s\+, ,g' | # remove any extra spaces
++ MATCH 'snap "content-consumer" has bad plugs or slots: invalid-char'
++
++ echo "Connect a valid plug"
++ snap connect content-consumer:quoting content-provider:quoting
++
++ if [ "$(snap debug confinement)" = "strict" ]; then
++ echo "Verify that the AppArmor rule has proper quoting"
++ MATCH '"/var/snap/content-provider/x1/a,comma/\*\*" mrkix,' < /var/lib/snapd/apparmor/profiles/snap.content-consumer.sh
++ fi
++
++ echo "Attempt to install a snap with an invalid layout"
++ "$TESTSTOOLS"/snaps-state install-local bad-layout 2>&1 |MATCH 'cannot validate snap "bad-layout".*contains a reserved apparmor char'
projects / snapd.git / commitdiff