--- /dev/null
--- /dev/null
++snapd (2.49-1+deb11u1) bullseye-security; urgency=high
++
++ * SECURITY UPDATE: local privilege escalation
++ - 0015-cve-2021-44730-44731-4120.patch: Add validations of the
++ location of the snap-confine binary within snapd.
++ - 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine
++ when preparing a private mount namespace for a snap.
++ - 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic
++ remove vulnerable inactive core/snapd snaps
++ - CVE-2021-44730
++ - CVE-2021-44731
++ * SECURITY UPDATE: data injection from malicious snaps
++ - 0015-cve-2021-44730-44731-4120: Add validations of snap content
++ interface and layout paths in snapd
++ - CVE-2021-4120
++ - LP: #1949368
++
++ -- Michael Vogt <mvo@debian.org> Wed, 16 Feb 2022 10:56:34 +0100
++
++snapd (2.49-1) unstable; urgency=high
++
++ * New upstream release with security updates:
++ * SECURITY UPDATE: sandbox escape vulnerability for containers
++ (LP: #1910456)
++ - many: add Delegate=true to generated systemd units for special
++ interfaces
++ - interfaces/greengrass-support: back-port interface changes to
++ 2.48
++ - CVE-2020-27352
++ * interfaces/builtin/docker-support: allow /run/containerd/s/...
++ - This is a new path that docker 19.03.14 (with a new version of
++ containerd) uses to avoid containerd CVE issues around the unix
++ socket. See also CVE-2020-15257.
++ * debian/patches/0013-cherry-pick-pr9936.patch:
++ - cherry pick PR#9936 to use all apparmor available (closes: 923500)
++ * d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844:
++ - dropped, applied upstream
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Feb 2021 09:23:51 +0100
++
++snapd (2.48.2-3) unstable; urgency=medium
++
++ * debian/patches/0012-cherry-pick-pr9844:
++ - cherry pick PR#9844 to avoid leaking of errno in snap-confine
++ tests that caused i386 to FTBFS
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 22 Jan 2021 10:13:11 +0100
++
++snapd (2.48.2-2) unstable; urgency=medium
++
++ * debian/rules:
++ - ignore usr/bin/genasset during arch-indep build too
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 18:32:45 +0100
++
++snapd (2.48.2-1) unstable; urgency=medium
++
++ * debian/patch/0011-cherry-pick-pr9809
++ - Cherry-pick https://github.com/snapcore/snapd/pull/9809.
++ This skips the --help output unit tests for older go-flags
++ versions.
++ * New upstream release, LP: #1906690
++ - tests: sign new nested-18|20* models to allow for generic serials
++ - secboot: add extra paranoia when waiting for that fde-reveal-key
++ - tests: backport netplan workarounds from #9785
++ - secboot: add workaround for snapcore/core-initrd issue #13
++ - devicestate: log checkEncryption errors via logger.Noticef
++ - tests: add nested spread end-to-end test for fde-hooks
++ - devicestate: implement checkFDEFeatures()
++ - boot: tweak resealing with fde-setup hooks
++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
++ init restrict file
++ - secboot: add new LockSealedKeys() that uses either TPM or
++ fde-reveal-key
++ - gadget: use "sealed-keys" to determine what method to use for
++ reseal
++ - boot: add sealKeyToModeenvUsingFdeSetupHook()
++ - secboot: use `fde-reveal-key` if available to unseal key
++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt
++ other entries
++ - o/devicestate: save model with serial in the device save db
++ - devicestate: add runFDESetupHook() helper
++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support
++ - hookstate: add new HookManager.EphemeralRunHook()
++ - update-pot: fix typo in plural keyword spec
++ - store,cmd/snap-repair: increase initial expontential time
++ intervals
++ - o/devicestate,daemon: fix reboot system action to not require a
++ system label
++ - github: run nested suite when commit is pushed to release branch
++ - tests: reset fakestore unit status
++ - tests: fix uc20-create-parition-* tests for updated gadget
++ - hookstate: implement snapctl fde-setup-{request,result}
++ - devicestate: make checkEncryption fde-setup hook aware
++ - client,snapctl: add naive support for "stdin"
++ - devicestate: support "storage-safety" defaults during install
++ - snap: use the boot-base for kernel hooks
++ - vendor: update secboot repo to avoid including secboot.test binary
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Jan 2021 09:11:00 +0100
++
++snapd (2.48.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1906690
++ - gadget: disable ubuntu-boot role validation check
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Dec 2020 17:43:30 +0100
++
++snapd (2.48-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1904098
++ - osutil: add KernelCommandLineKeyValue
++ - devicestate: implement boot.HasFDESetupHook
++ - boot/makebootable.go: set snapd_recovery_mode=install at image-
++ build time
++ - bootloader: use ForGadget when installing boot config
++ - interfaces/raw_usb: allow read access to /proc/tty/drivers
++ - boot: add scaffolding for "fde-setup" hook support for sealing
++ - tests: fix basic20 test on arm devices
++ - seed: make a shared seed system label validation helper
++ - snap: add new "fde-setup" hooktype
++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
++ - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
++ device handling
++ - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
++ messiness
++ - tests/nested/manual/refresh-revert-fundamentals: temporarily
++ disable secure boot
++ - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
++ boot modes
++ - many: address degraded recover mode feedback, cleanups
++ - tests: Use systemd-run on tests part2
++ - tests: set the opensuse tumbleweed system as manual in spread.yaml
++ - secboot: call BlockPCRProtectionPolicies even if the TPM is
++ disabled
++ - vendor: update to current secboot
++ - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
++ save
++ - spread.yaml: increase number of workers on 20.10
++ - snap: add new `snap recovery --show-keys` option
++ - tests: minor test tweaks suggested in the review of 9607
++ - snapd-generator: set standard snapfuse options when generating
++ units for containers
++ - tests: enable lxd test on ubuntu-core-20 and 16.04-32
++ - interfaces: share /tmp/.X11-unix/ from host or provider
++ - tests: enable main lxd test on 20.10
++ - cmd/s-b/initramfs-mounts: refactor recover mode to implement
++ degraded mode
++ - gadget/install: add progress logging
++ - packaging: keep secboot/encrypt_dummy.go in debian
++ - interfaces/udev: use distro specific path to snap-device-helper
++ - o/devistate: fix chaining of tasks related to regular snaps when
++ preseeding
++ - gadget, overlord/devicestate: validate that system supports
++ encrypted data before install
++ - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
++ ESP layout
++ - many: add /v2/system-recovery-keys API and client
++ - secboot, many: return UnlockMethod from Unlock* methods for future
++ usage
++ - many: mv keys to ubuntu-boot, move model file, rename keyring
++ prefix for secboot
++ - tests: using systemd-run instead of manually create a systemd unit
++ - part 1
++ - secboot, cmd/snap-bootstrap: enable or disable activation with
++ recovery key
++ - secboot: refactor Unlock...IfEncrypted to take keyfile + check
++ disks first
++ - secboot: add LockTPMSealedKeys() to lock access to keys
++ independently
++ - gadget: correct sfdisk arguments
++ - bootloader/assets/grub: adjust fwsetup menuentry label
++ - tests: new boot state tool
++ - spread: use the official image for Ubuntu 20.10, no longer an
++ unstable system
++ - tests/lib/nested: enable snapd logging to console for core18
++ - osutil/disks: re-implement partition searching for disk w/ non-
++ adjacent parts
++ - tests: using the nested-state tool in nested tests
++ - many: seal a fallback object to the recovery boot chain
++ - gadget, gadget/install: move helpers to install package, refactor
++ unit tests
++ - dirs: add "gentoo" to altDirDistros
++ - update-pot: include file locations in translation template, and
++ extract strings from desktop files
++ - gadget/many: drop usage of gpt attr 59 for indicating creation of
++ partitions
++ - gadget/quantity: tweak test name
++ - snap: fix failing unittest for quantity.FormatDuration()
++ - gadget/quantity: introduce a new package that captures quantities
++ - o/devicestate,a/sysdb: make a backup of the device serial to save
++ - tests: fix rare interaction of tests.session and specific tests
++ - features: enable classic-preserves-xdg-runtime-dir
++ - tests/nested/core20/save: check the bind mount and size bump
++ - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
++ - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
++ tests
++ - o/devicestate: unit test tweaks
++ - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
++ - testutil, cmd/snap/version: fix misc little errors
++ - overlord/devicestate: bind mount ubuntu-save under
++ /var/lib/snapd/save on startup
++ - gadget/internal: tune ext4 setting for smaller filesystems
++ - tests/nested/core20/save: a test that verifies ubuntu-save is
++ present and set up
++ - tests: update google sru backend to support groovy
++ - o/ifacestate: handle interface hooks when preseeding
++ - tests: re-enable the apt hooks test
++ - interfaces,snap: use correct type: {os,snapd} for test data
++ - secboot: set metadata and keyslots sizes when formatting LUKS2
++ volumes
++ - tests: improve uc20-create-partitions-reinstall test
++ - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
++ - cmd/snap-bootstrap: mount ubuntu-save during boot if present
++ - secboot: fix doc comment on helper for unlocking volume with key
++ - tests: add spread test for refreshing from an old snapd and core18
++ - o/snapstate: generate snapd snap wrappers again after restart on
++ refresh
++ - secboot: version bump, unlock volume with key
++ - tests/snap-advise-command: re-enable test
++ - cmd/snap, snapmgr, tests: cleanups after #9418
++ - interfaces: deny connected x11 plugs access to ICE
++ - daemon,client: write and read a maintenance.json file for when
++ snapd is shut down
++ - many: update to secboot v1 (part 1)
++ - osutil/disks/mockdisk: panic if same mountpoint shows up again
++ with diff opts
++ - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
++ reseal tests
++ - many: implement snap routine console-conf-start for synchronizing
++ auto-refreshes
++ - dirs, boot: add ubuntu-save directories and related locations
++ - usersession: fix typo in test name
++ - overlord/snapstate: refactor ihibitRefresh
++ - overlord/snapstate: stop warning about inhibited refreshes
++ - cmd/snap: do not hardcode snapshot age value
++ - overlord,usersession: initial notifications of pending refreshes
++ - tests: add a unit test for UpdateMany where a single snap fails
++ - o/snapstate/catalogrefresh.go: don't refresh catalog in install
++ mode uc20
++ - tests: also check snapst.Current in undo-unlink tests
++ - tests: new nested tool
++ - o/snapstate: implement undo handler for unlink-snap
++ - tests: clean systems.sh helper and migrate last set of tests
++ - tests: moving the lib section from systems.sh helper to os.query
++ tool
++ - tests/uc20-create-partitions: don't check for grub.cfg
++ - packaging: make sure that static binaries are indeed static, fix
++ openSUSE
++ - many: have install return encryption keys for data and save,
++ improve tests
++ - overlord: add link participant for linkage transitions
++ - tests: lxd smoke test
++ - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
++ seed too
++ - tests: moving main suite from systems.sh to os.query tool
++ - tests: moving the core test suite from systems.sh to os.query tool
++ - cmd/snap-confine: mask host's apparmor config
++ - o/snapstate: move setting updated SnapState after error paths
++ - tests: add value to INSTANCE_KEY/regular
++ - spread, tests: tweaks for openSUSE
++ - cmd/snap-confine: update path to snap-device-helper in AppArmor
++ profile
++ - tests: new os.query tool
++ - overlord/snapshotstate/backend: specify tar format for snapshots
++ - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
++ UC20
++ - client,daemon,snap: auto-import does not error on managed devices
++ - interfaces: PTP hardware clock interface
++ - tests: use tests.backup tool
++ - many: verify that unit tests work with nosecboot tag and without
++ secboot package
++ - wrappers: do not error out on read-only /etc/dbus-1/session.d
++ filesystem on core18
++ - snapshots: import of a snapshot set
++ - tests: more output for sbuild test
++ - o/snapstate: re-order remove tasks for individual snap revisions
++ to remove current last
++ - boot: skip some unit tests when running as root
++ - o/assertstate: introduce
++ ValidationTrackingKey/ValidationSetTracking and basic methods
++ - many: allow ignoring running apps for specific request
++ - tests: allow the searching test to fail under load
++ - overlord/snapstate: inhibit startup while unlinked
++ - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
++ features
++ - tests/main/sudo-env: snap bin is available on Fedora
++ - boot, overlord/devicestate: list trusted and managed assets
++ upfront
++ - gadget, gadget/install: support for ubuntu-save, create one during
++ install if needed
++ - spread-shellcheck: temporary workaround for deadlock, drop
++ unnecessary test
++ - snap: support different exit-code in the snap command
++ - logger: use strutil.KernelCommandLineSplit in
++ debugEnabledOnKernelCmdline
++ - logger: fix snapd.debug=1 parsing
++ - overlord: increase refresh postpone limit to 14 days
++ - spread-shellcheck: use single thread pool executor
++ - gadget/install,secboot: add debug messages
++ - spread-shellcheck: speed up spread-shellcheck even more
++ - spread-shellcheck: process paths from arguments in parallel
++ - tests: tweak error from tests.cleanup
++ - spread: remove workaround for openSUSE go issue
++ - o/configstate: create /etc/sysctl.d when applying early config
++ defaults
++ - tests: new tests.backup tool
++ - tests: add tests.cleanup pop sub-command
++ - tests: migration of the main suite to snaps-state tool part 6
++ - tests: fix journal-state test
++ - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
++ recover files
++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
++ same IP addr
++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
++ building snapd
++ - boot, gadget, bootloader: observer preserves managed bootloader
++ configs
++ - tests/nested/manual: add uc20 grade signed cloud-init test
++ - o/snapstate/autorefresh.go: eliminate race when launching
++ autorefresh
++ - daemon,snapshotstate: do not return "size" from Import()
++ - daemon: limit reading from snapshot import to Content-Length
++ - many: set/expect Content-Length header when importing snapshots
++ - github: switch from ::set-env command to environment file
++ - tests: migration of the main suite to snaps-state tool part 5
++ - client: cleanup the Client.raw* and Client.do* method families
++ - tests: moving main suite to snaps-state tool part 4
++ - client,daemon,snap: use constant for snapshot content-type
++ - many: fix typos and repeated "the"
++ - secboot: fix tpm connection leak when it's not enabled
++ - many: scaffolding for snapshots import API
++ - run-checks: run spread-shellcheck too
++ - interfaces: update network-manager interface to allow
++ ObjectManager access from unconfined clients
++ - tests: move core and regression suites to snaps-state tool
++ - tests: moving interfaces tests to snaps-state tool
++ - gadget: preserve files when indicated by content change observer
++ - tests: moving smoke test suite and some tests from main suite to
++ snaps-state tool
++ - o/snapshotstate: pass set id to backend.Open, update tests
++ - asserts/snapasserts: introduce ValidationSets
++ - o/snapshotstate: improve allocation of new set IDs
++ - boot: look at the gadget for run mode bootloader when making the
++ system bootable
++ - cmd/snap: allow snap help vs --all to diverge purposefully
++ - usersession/userd: separate bus name ownership from defining
++ interfaces
++ - o/snapshotstate: set snapshot set id from its filename
++ - o/snapstate: move remove-related tests to snapstate_remove_test.go
++ - desktop/notification: switch ExpireTimeout to time.Duration
++ - desktop/notification: add unit tests
++ - snap: snap help output refresh
++ - tests/nested/manual/preseed: include a system-usernames snap when
++ preseeding
++ - tests: fix sudo-env test
++ - tests: fix nested core20 shellcheck bug
++ - tests/lib: move to new directory when restoring PWD, cleanup
++ unpacked unpacked snap directories
++ - desktop/notification: add bindings for FDO notifications
++ - dbustest: fix stale comment references
++ - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
++ drop former
++ - snap-repair: add uc20 support
++ - tests: print all the serial logs for the nested test
++ - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
++ bug in test
++ - cmd/snap/auto-import: stop importing system user assertions from
++ initramfs mnts
++ - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
++ as Unknown*
++ - asserts: deserialize grouping only once in Pool.AddBatch if needed
++ - gadget: allow content observer to have opinions about a change
++ - tests: new snaps-state command - part1
++ - o/assertstate: support refreshing any number of snap-declarations
++ - boot: use test helpers
++ - tests/core/snap-debug-bootvars: also check snap_mode
++ - many/apparmor: adjust rules for reading profile/ execing new
++ profiles for new kernel
++ - tests/core/snap-debug-bootvars: spread test for snap debug boot-
++ vars
++ - tests/lib/nested.sh: more little tweaks
++ - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
++ recover modes
++ - overlord: explicitly set refresh-app-awareness in tests
++ - kernel: remove "edition" from kernel.yaml and add "update"
++ - spread: drop vendor from the packed project archive
++ - boot: fix debug bootloader variables dump on UC20 systems
++ - wrappers, systemd: allow empty root dir and conditionally do not
++ pass --root to systemctl
++ - tests/nested/manual: add test for grades above signed booting with
++ testkeys
++ - tests/nested: misc robustness fixes
++ - o/assertstate,asserts: use bulk refresh to refresh snap-
++ declarations
++ - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
++ been updated now
++ - tests/nested/manual/refresh-revert-fundamentals: re-enable test
++ - update-pot: ignore .go files inside .git when running xgettext-go
++ - tests: disable part of the lxd test completely on 16.04.
++ - o/snapshotstate: tweak comment regarding snapshot filename
++ - o/snapstate: improve snapshot iteration
++ - bootloader: lk cleanups
++ - tests: update to support nested kvm without reboots on UC20
++ - tests/nested/manual/preseed: disable system-key check for 20.04
++ image
++ - spread.yaml: add ubuntu-20.10-64 to qemu
++ - store: handle v2 error when fetching assertions
++ - gadget: resolve device mapper devices for fallback device lookup
++ - tests/nested/cloud-init-many: simplify tests and unify
++ helpers/seed inputs
++ - tests: copy /usr/lib/snapd/info to correct directory
++ - check-pr-title.py * : allow "*" in the first part of the title
++ - many: typos and small test tweak
++ - tests/main/lxd: disable cgroup combination for 16.04 that is
++ failing a lot
++ - tests: make nested signing helpers less confusing
++ - tests: misc nested changes
++ - tests/nested/manual/refresh-revert-fundamentals: disable
++ temporarily
++ - tests/lib/cla_check: default to Python 3, tweaks, formatting
++ - tests/lib/cl_check.py: use python3 compatible code
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 Nov 2020 17:51:02 +0100
++
++snapd (2.47.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1895929
++ - o/configstate: create /etc/sysctl.d when applying early config
++ defaults
++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
++ same IP addr
++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
++ building snapd
++ - cmd/snap: allow snap help vs --all to diverge purposefully
++ - snap: snap help output refresh
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Oct 2020 09:30:44 +0200
++
++snapd (2.47-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1895929
++ - tests: fix nested core20 shellcheck bug
++ - many/apparmor: adjust rule for reading apparmor profile for new
++ kernel
++ - snap-repair: add uc20 support
++ - cmd/snap/auto-import: stop importing system user assertions from
++ initramfs mnts
++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
++ recover modes
++ - gadget: resolve device mapper devices for fallback device lookup
++ - secboot: add boot manager profile to pcr protection profile
++ - sysconfig,o/devicestate: mv DisableNoCloud to
++ DisableAfterLocalDatasourcesRun
++ - tests: make gadget-reseal more robust
++ - tests: skip nested images pre-configuration by default
++ - tests: fix for basic20 test running on external backend and rpi
++ - tests: improve kernel reseal test
++ - boot: adjust comments, naming, log success around reseal
++ - tests/nested, fakestore: changes necessary to run nested uc20
++ signed/secured tests
++ - tests: add nested core20 gadget reseal test
++ - boot/modeenv: track unknown keys in Read and put back into modeenv
++ during Write
++ - interfaces/process-control: add sched_setattr to seccomp
++ - boot: with unasserted kernels reseal if there's a hint modeenv
++ changed
++ - client: bump the default request timeout to 120s
++ - configcore: do not error in console-conf.disable for install mode
++ - boot: streamline bootstate20.go reseal and tests changes
++ - boot: reseal when changing kernel
++ - cmd/snap/model: specify grade in the model command output
++ - tests: simplify
++ repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
++ - test: improve logging in nested tests
++ - nested: add support to telnet to serial port in nested VM
++ - secboot: use the snapcore/secboot native recovery key type
++ - tests/lib/nested.sh: use more focused cloud-init config for uc20
++ - tests/lib/nested.sh: wait for the tpm socket to exist
++ - spread.yaml, tests/nested: misc changes
++ - tests: add more checks to disk space awareness spread test
++ - tests: disk space awareness spread test
++ - boot: make MockUC20Device use a model and MockDevice more
++ realistic
++ - boot,many: reseal only when meaningful and necessary
++ - tests/nested/core20/kernel-failover: add test for failed refresh
++ of uc20 kernel
++ - tests: fix nested to work with qemu and kvm
++ - boot: reseal when updating boot assets
++ - tests: fix snap-routime-portal-info test
++ - boot: verify boot chain file in seal and reseal tests
++ - tests: use full path to test-snapd-refresh.version binary
++ - boot: store boot chains during install, helper for checking
++ whether reseal is needed
++ - boot: add call to reseal an existing key
++ - boot: consider boot chains with unrevisioned kernels incomparable
++ - overlord: assorted typos and miscellaneous changes
++ - boot: group SealKeyModelParams by model, improve testing
++ - secboot: adjust parameters to buildPCRProtectionProfile
++ - strutil: add SortedListsUniqueMergefrom the doc comment:
++ - snap/naming: upgrade TODO to TODO:UC20
++ - secboot: add call to reseal an existing key
++ - boot: in seal.go adjust error message and function names
++ - o/snapstate: check available disk space in RemoveMany
++ - boot: build bootchains data for sealing
++ - tests: remove "set -e" from function only shell libs
++ - o/snapstate: disk space check on UpdateMany
++ - o/snapstate: disk space check with snap update
++ - snap: implement new `snap reboot` command
++ - boot: do not reorder boot assets when generating predictable boot
++ chains and other small tweaks
++ - tests: some fixes and improvements for nested execution
++ - tests/core/uc20-recovery: fix check for at least specific calls to
++ mock-shutdown
++ - boot: be consistent using bootloader.Role* consts instead of
++ strings
++ - boot: helper for generating secboot load chains from a given boot
++ asset sequence
++ - boot: tweak boot chains to support a list of kernel command lines,
++ keep track of model and kernel boot file
++ - boot,secboot: switch to expose and use snapcore/secboot load event
++ trees
++ - tests: use `nested_exec` in core{20,}-early-config test
++ - devicestate: enable cloud-init on uc20 for grade signed and
++ secured
++ - boot: add "rootdir" to baseBootenvSuite and use in tests
++ - tests/lib/cla_check.py: don't allow users.noreply.github.com
++ commits to pass CLA
++ - boot: represent boot chains, helpers for marshalling and
++ equivalence checks
++ - boot: mark successful with boot assets
++ - client, api: handle insufficient space error
++ - o/snapstate: disk space check with single snap install
++ - configcore: "service.console-conf.disable" is gadget defaults only
++ - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
++ AppArmor profile path
++ - tests: skip udp protocol in nfs-support test on ubuntu-20.10
++ - packaging/debian-sid: tweak code preparing _build tree
++ - many: move seal code from gadget/install to boot
++ - tests: remove workaround for cups on ubuntu-20.10
++ - client: implement RebootToSystem
++ - many: seed.Model panics now if called before LoadAssertions
++ - daemon: add /v2/systems "reboot" action API
++ - github: run tests also on push to release branches
++ - interfaces/bluez: let slot access audio streams
++ - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
++ new seed.ReadSystemEssential
++ - interfaces: allow snap-update-ns to read /proc/cmdline
++ - tests: new organization for nested tests
++ - o/snapstate, features: add feature flags for disk space awareness
++ - tests: workaround for cups issue on 20.10 where default printer is
++ not configured.
++ - interfaces: update cups-control and add cups for providing snaps
++ - boot: keep track of the original asset when observing updates
++ - tests: simplify and fix tests for disk space checks on snap remove
++ - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
++ cloud.conf
++ - tests/main: mv core specific tests to core suite
++ - tests/lib/nested.sh: reset the TPM when we create the uc20 vm
++ - devicestate: rename "mockLogger" to "logbuf"
++ - many: introduce ContentChange for tracking gadget content in
++ observers
++ - many: fix partion vs partition typo
++ - bootloader: retrieve boot chains from bootloader
++ - devicestate: add tests around logging in RequestSystemAction
++ - boot: handle canceled update
++ - bootloader: tweak doc comments (thanks Samuele)
++ - seed/seedwriter: test local asserted snaps with UC20 grade signed
++ - sysconfig/cloudinit.go: add DisableNoCloud to
++ CloudInitRestrictOptions
++ - many: use BootFile type in load sequences
++ - boot,bootloader: clarifications after the changes to introduce
++ bootloader.Options.Role
++ - boot,bootloader,gadget: apply new bootloader.Options.Role
++ - o/snapstate, features: add feature flag for disk space check on
++ remove
++ - testutil: add checkers for symbolic link target
++ - many: refactor tpm seal parameter setting
++ - boot/bootstate20: reboot to rollback to previous kernel
++ - boot: add unit test helpers
++ - boot: observe update & rollback of trusted assets
++ - interfaces/utf: Add MIRKey to u2f devices
++ - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
++ cloud-init tests
++ - many: check that users of BaseTest don't forget to consume
++ cleanups
++ - tests/nested/core20/tpm: verify trusted boot assets tracking
++ - github: run macOS job with Go 1.14
++ - many: misc doc-comment changes and typo fixes
++ - o/snapstate: disk space check with InstallMany
++ - many: cloud-init cleanups from previous PR's
++ - tests: running tests on opensuse leap 15.2
++ - run-checks: check for dirty build tree too
++ - vendor: run ./get-deps.sh to update the secboot hash
++ - tests: update listing test for "-dirty" versions
++ - overlord/devicestate: do not release the state lock when updating
++ gadget assets
++ - secboot: read kernel efi image from snap file
++ - snap: add size to the random access file return interface
++ - daemon: correctly parse Content-Type HTTP header.
++ - tests: account for apt-get on core18
++ - cmd/snap-bootstrap/initramfs-mounts: compute string outside of
++ loop
++ - mkversion.sh: simple hack to include dirty in version if the tree
++ is dirty
++ - cgroup,snap: track hooks on system bus only
++ - interfaces/systemd: compare dereferenced Service
++ - run-checks: only check files in git for misspelling
++ - osutil: add a package doc comment (via doc.go)
++ - boot: complain about reused asset name during initial install
++ - snapstate: installSize helper that calculates total size of snaps
++ and their prerequisites
++ - snapshots: export of snapshots
++ - boot/initramfs_test.go: reset boot vars on the bootloader for each
++ iteration
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 29 Sep 2020 17:19:13 +0200
++
++snapd (2.46.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1891134
++ - interfaces: allow snap-update-ns to read
++ /proc/cmdline
++ - github: run macOS job with Go 1.14
++ - o/snapstate, features: add feature flag for disk space check on
++ remove
++ - tests: account for apt-get on core18
++ - mkversion.sh: include dirty in version if the tree
++ is dirty
++ - interfaces/systemd: compare dereferenced Service
++ - vendor.json: update mysterious secboot SHA again
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Sep 2020 17:42:54 +0200
++
++snapd (2.46-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1891134
++ - logger: add support for setting snapd.debug=1 on kernel cmdline
++ - o/snapstate: check disk space before creating automatic snapshot
++ on remove
++ - boot, o/devicestate: observe existing recovery bootloader trusted
++ boot assets
++ - many: use transient scope for tracking apps and hooks
++ - features: add HiddenSnapFolder feature flag
++ - tests/lib/nested.sh: fix partition typo, unmount the image on uc20
++ too
++ - runinhibit: open the lock file in read-only mode in IsLocked
++ - cmd/s-b/initramfs-mounts: make recover -> run mode transition
++ automatic
++ - tests: update spread test for unknown plug/slot with snapctl is-
++ connected
++ - osutil: add OpenExistingLockForReading
++ - kernel: add kernel.Validate()
++ - interfaces: add vcio interface
++ - interfaces/{docker,kubernetes}-support: load overlay and support
++ systemd cgroup driver
++ - tests/lib/nested.sh: use more robust code for finding what loop
++ dev we mounted
++ - cmd/snap-update-ns: detach all bind-mounted file
++ - snap/snapenv: set SNAP_REAL_HOME
++ - packaging: umount /snap on purge in containers
++ - interfaces: misc policy updates xlvi
++ - secboot,cmd/snap-bootstrap: cross-check partitions before
++ unlocking, mounting
++ - boot: copy boot assets cache to new root
++ - gadget,kernel: add new kernel.{Info,Asset} struct and helpers
++ - o/hookstate/ctlcmd: make is-connected check whether the plug or
++ slot exists
++ - tests: find -ignore_readdir_race when scanning cgroups
++ - interfaces/many: deny arbitrary desktop files and misc from
++ /usr/share
++ - tests: use "set -ex" in prep-snapd-in-lxd.sh
++ - tests: re-enable udisks test on debian-sid
++ - cmd/snapd-generator: use PATH fallback if PATH is not set
++ - tests: disable udisks2 test on arch linux
++ - github: use latest/stable go, not latest/edge
++ - tests: remove support for ubuntu 19.10 from spread tests
++ - tests: fix lxd test wrongly tracking 'latest'
++ - secboot: document exported functions
++ - cmd: compile snap gdbserver shim correctly
++ - many: correctly calculate the desktop file prefix everywhere
++ - interfaces: add kernel-crypto-api interface
++ - corecfg: add "system.timezone" setting to the system settings
++ - cmd/snapd-generator: generate drop-in to use fuse in container
++ - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
++ from previous PR
++ - interfaces/many: miscellaneous updates for strict microk8s
++ - secboot,cmd/snap-bootstrap: don't import boot package from secboot
++ - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
++ the-tool
++ - tests: work around broken update of systemd-networkd
++ - tests/main/install-fontconfig-cache-gen: enhance test by
++ verifying, add fonts to test
++ - o/devicestate: wrap asset update observer error
++ - boot: refactor such that bootStateUpdate20 mainly carries Modeenv
++ - mkversion.sh: disallow changelog versions that have git in it, if
++ we also have git version
++ - interfaces/many: miscellaneous updates for strict microk8s
++ - snap: fix repeated "cannot list recovery system" and add test
++ - boot: track trusted assets during initial install, assets cache
++ - vendor: update secboot to fix key data validation
++ - tests: unmount FUSE file-systems from XDG runtime dir
++ - overlord/devicestate: workaround non-nil interface with nil struct
++ - sandbox/cgroup: remove temporary workaround for multiple cgroup
++ writers
++ - sandbox/cgroup: detect dangling v2 cgroup
++ - bootloader: add helper for creating a bootloader based on gadget
++ - tests: support different images on nested execution
++ - many: reorg cmd/snapinfo.go into snap and new client/clientutil
++ - packaging/arch: use external linker when building statically
++ - tests: cope with ghost cgroupv2
++ - tests: fix issues related to restarting systemd-logind.service
++ - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
++ gadget updates
++ - vendor: update github.com/kr/pretty to fix diffs of values with
++ pointer cycles
++ - boot: move bootloaderKernelState20 impls to separate file
++ - .github/workflows: move snap building to test.yaml as separate
++ cached job
++ - tests/nested/manual/minimal-smoke: run core smoke tests in a VM
++ meeting minimal requirements
++ - osutil: add CommitAs to atomic file
++ - gadget: introduce content update observer
++ - bootloader: introduce TrustedAssetsBootloader, implement for grub
++ - o/snapshotstate: helpers for calculating disk space needed for an
++ automatic snapshot
++ - gadget/install: retrieve command lines from bootloader
++ - boot/bootstate20: unify commit method impls, rm
++ bootState20MarkSuccessful
++ - tests: add system information and image information when debug
++ info is displayed
++ - tests/main/cgroup-tracking: try to collect some information about
++ cgroups
++ - boot: introduce current_boot_assets and
++ current_recovery_boot_assets to modeenv
++ - tests: fix for timing issues on journal-state test
++ - many: remove usage and creation of hijacked pid cgroup
++ - tests: port regression-home-snap-root-owned to tests.session
++ - tests: run as hightest via tests.session
++ - github: run CLA checks on self-hosted workers
++ - github: remove Ubuntu 19.10 from actions workflow
++ - tests: remove End-Of-Life opensuse/fedora releases
++ - tests: remove End-Of-Life releases from spread.yaml
++ - tests: fix debug section of appstream-id test
++ - interfaces: check !b.preseed earlier
++ - tests: work around bug in systemd/debian
++ - boot: add deepEqual, Copy helpers for Modeenv to simplify
++ bootstate20 refactor
++ - cmd: add new "snap recovery" command
++ - interfaces/systemd: use emulation mode when preseeding
++ - interfaces/kmod: don't load kernel modules in kmod backend when
++ preseeding
++ - interfaces/udev: do not reload udevadm rules when preseeding
++ - cmd/snap-preseed: use snapd from the deb if newer than from seeds
++ - boot: fancy marshaller for modeenv values
++ - gadget, osutil: use atomic file copy, adjust tests
++ - overlord: use new tracking cgroup for refresh app awareness
++ - github: do not skip gofmt with Go 1.9/1.10
++ - many: introduce content write observer, install mode glue, initial
++ seal stubs
++ - daemon,many: switch to use client.ErrorKind and drop the local
++ errorKind...
++ - tests: new parameters for nested execution
++ - client: move all error kinds into errors.go and add doc strings
++ - cmd/snap: display the error in snap debug seeding if seeding is in
++ error
++ - cmd/snap/debug/seeding: use unicode for proper yaml
++ - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
++ recovery_mode
++ - osutil/disks: add mock disk and tests for happy path of mock disks
++ - tests: refresh/revert snapd in uc20
++ - osutil/disks: use a dedicated error to indicate a fs label wasn't
++ found
++ - interfaces/system-key: in WriteSystemKey during tests, don't call
++ ParserFeatures
++ - boot: add current recovery systems to modeenv
++ - bootloader: extend managed assets bootloader interface to compose
++ a candidate command line
++ - interfaces: make the unmarshal test match more the comment
++ - daemon/api: use pointers to time.Time for debug seeding aspect
++ - o/ifacestate: update security profiles in connect undo handler
++ - interfaces: add uinput interface
++ - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
++ tests
++ - o/devicestate: save seeding/preseeding times for use with debug
++ seeding api
++ - cmd/snap/debug: add "snap debug seeding" command for preseeding
++ debugging
++ - tests/main/selinux-clean: workaround SELinux denials triggered by
++ linger setup on Centos8
++ - bootloader: compose command line with mode and extra arguments
++ - cmd/snap, daemon: detect and bail purge on multi-snap
++ - o/ifacestate: fix bug in snapsWithSecurityProfiles
++ - interfaces/builtin/multipass: replace U+00A0 no-break space with
++ simple space
++ - bootloader/assets: generate bootloader assets from files
++ - many/tests/preseed: reset the preseeded images before preseeding
++ them
++ - tests: drop accidental accents from e
++ - secboot: improve key sealing tests
++ - tests: replace _wait_for_file_change with retry
++ - tests: new fs-state which replaces the files.sh helper
++ - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
++ from path
++ - cmd/snap: track started apps and hooks
++ - tests/main/interfaces-pulseaudio: disable start limit checking for
++ pulseaudio service
++ - api: seeding debug api
++ - .github/workflows/snap-build.yaml: build the snapd snap via GH
++ Actions too
++ - tests: moving journalctl.sh to a new journal-state tool
++ - tests/nested/manual: add spread tests for cloud-init vuln
++ - bootloader/assets: helpers for registering per-edition snippets,
++ register snippets for grub
++ - data,packaging,wrappers: extend D-Bus service activation search
++ path
++ - spread: add opensuse 15.2 and tumbleweed for qemu
++ - overlord,o/devicestate: restrict cloud-init on Ubuntu Core
++ - sysconfig/cloudinit: add RestrictCloudInit
++ - cmd/snap-preseed: check that target path exists and is a directory
++ on --reset
++ - tests: check for pids correctly
++ - gadget,gadget/install: refactor partition table update
++ - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
++ type
++ - interface/fwupd: add more policies for making fwupd upstream
++ strict
++ - tests: new to-one-line tool which replaces the strings.sh helper
++ - interfaces: new helpers to get and compare system key, for use
++ with seeding debug api
++ - osutil, many: add helper for checking whether the process is a go
++ test binary
++ - cmd/snap-seccomp/syscalls: add faccessat2
++ - tests: adjust xdg-open after launcher changes
++ - tests: new core config helper
++ - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
++ open
++ - cmd/snap-preseed: handle relative chroot path
++ - snapshotstate: move sizer to osutil.Sizer()
++ - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
++ kernel tests
++ - gadget/install,secboot: use snapcore/secboot luks2 api
++ - boot/initramfs_test.go: add Commentf to more Assert()'s
++ - tests/lib: account for changes in arch package file name extension
++ - bootloader/bootloadertest: fix comment typo
++ - bootloader: add helper for getting recovery system environment
++ variables
++ - tests: preinstall shellcheck and run tests on focal
++ - strutil: add a helper for parsing kernel command line
++ - osutil: add CheckFreeSpace helper
++ - secboot: update tpm connection error handling
++ - packaging, cmd/snap-mgmt, tests: remove modules files on purge
++ - tests: add tests.cleanup helper
++ - packaging: add "ca-certificates" to build-depends
++ - tests: more checks in core20 early config spread test
++ - tests: fix some snapstate tests to use pointers for
++ snapmgrTestSuite
++ - boot: better naming of helpers for obtaining kernel command line
++ - many: use more specific check for unit test mocking
++ - systemd/escape: fix issues with "" and "\t" handling
++ - asserts: small improvements and corrections for sequence-forming
++ assertions' support
++ - boot, bootloader: query kernel command line of run mod and
++ recovery mode systems
++ - snap/validate.go: disallow snap layouts with new top-level
++ directories
++ - tests: allow to add a new label to run nested tests as part of PR
++ validation
++ - tests/core/gadget-update-pc: port to UC20
++ - tests: improve nested tests flexibility
++ - asserts: integer headers: disallow prefix zeros and make parsing
++ more uniform
++ - asserts: implement Database.FindSequence
++ - asserts: introduce SequenceMemberAfter in the asserts backstores
++ - spread.yaml: remove tests/lib/tools from PATH
++ - overlord: refuse to install snaps whose activatable D-Bus services
++ conflict with installed snaps
++ - tests: shorten lxd-state undo-mount-changes
++ - snap-confine: don't die if a device from sysfs path cannot be
++ found by udev
++ - tests: fix argument handling of apt-state
++ - tests: rename lxd-tool to lxd-state
++ - tests: rename user-tool to user-state, fix --help
++ - interfaces: add gconf interface
++ - sandbox/cgroup: avoid parsing security tags twice
++ - tests: rename version-tool to version-compare
++ - cmd/snap-update-ns: handle anomalies better
++ - tests: fix call to apt.Package.mark_install(auto_inst=True)
++ - tests: rename mountinfo-tool to mountinfo.query
++ - tests: rename memory-tool to memory-observe-do
++ - tests: rename invariant-tool to tests.invariant
++ - tests: rename apt-tool to apt-state
++ - many: managed boot config during run mode setup
++ - asserts: introduce the concept of sequence-forming assertion types
++ - tests: tweak comments/output in uc20-recovery test
++ - tests/lib/pkgdb: do not use quiet when purging debs
++ - interfaces/apparmor: allow snap-specific /run/lock
++ - interfaces: add system-source-code for access to /usr/src
++ - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
++ - gadget/install: move udev trigger to gadget/install
++ - many: make nested spread tests more reliable
++ - tests/core/uc20-recovery: apply hack to get gopath in recover mode
++ w/ external backend
++ - tests: enable tests on uc20 which now work with the real model
++ assertion
++ - tests: enable system-snap-refresh test on uc20
++ - gadget, bootloader: preserve managed boot assets during gadget
++ updates
++ - tests: fix leaked dbus-daemon in selinux-clean
++ - tests: add servicestate.Control tests
++ - tests: fix "restart.service"
++ - wrappers: helper for enabling services - extract and move enabling
++ of services into a helper
++ - tests: new test to validate refresh and revert of kernel and
++ gadget on uc20
++ - tests/lib/prepare-restore: collect debug info when prepare purge
++ fails
++ - bootloader: allow managed bootloader to update its boot config
++ - tests: Remove unity test from nightly test suite
++ - o/devicestate: set mark-seeded to done in the task itself
++ - tests: add spread test for disconnect undo caused by failing
++ disconnect hook
++ - sandbox/cgroup: allow discovering PIDs of given snap
++ - osutil/disks: support IsDecryptedDevice for mountpoints which are
++ dm devices
++ - osutil: detect autofs mounted in /home
++ - spread.yaml: allow amazon-linux-2-64 qemu with
++ ec2-user/ec2-user
++ - usersession: support additional zoom URL schemes
++ - overlord: mock timings.DurationThreshold in TestNewWithGoodState
++ - sandbox/cgroup: add tracking helpers
++ - tests: detect stray dbus-daemon
++ - overlord: refuse to install snaps providing user daemons on Ubuntu
++ 14.04
++ - many: move encryption and installer from snap-boostrap to gadget
++ - o/ifacestate: fix connect undo handler
++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
++ - bootloader: introduce managed bootloader, implement for grub
++ - tests: fix incorrect check in smoke/remove test
++ - asserts,seed: split handling of essential/not essential model
++ snaps
++ - gadget: fix typo in mounted filesystem updater
++ - gadget: do only one mount point lookup in mounted fs updater
++ - tests/core/snap-auto-mount: try to make the test more robust
++ - tests: adding ubuntu-20.04 to google-sru backend
++ - o/servicestate: add updateSnapstateServices helper
++ - bootloader: pull recovery grub config from internal assets
++ - tests/lib/tools: apply linger workaround when needed
++ - overlord/snapstate: graceful handling of denied "managed" refresh
++ schedule
++ - snapstate: fix autorefresh from classic->strict
++ - overlord/configstate: add system.kernel.printk.console-loglevel
++ option
++ - tests: fix assertion disk handling for nested UC systems
++ - snapstate: use testutil.HostScaledTimeout() in snapstate tests
++ - tests: extra worker for google-nested backend to avoid timeout
++ error on uc20
++ - snapdtool: helper to check whether the current binary is reexeced
++ from a snap
++ - tests: mock servicestate in api tests to avoid systemctl checks
++ - many: rename back snap.Info.GetType to Type
++ - tests/lib/cla_check: expect explicit commit range
++ - osutil/disks: refactor diskFromMountPointImpl a bit
++ - o/snapstate: service-control task handler
++ - osutil: add disks pkg for associating mountpoints with
++ disks/partitions
++ - gadget,cmd/snap-bootstrap: move partitioning to gadget
++ - seed: fix LoadEssentialMeta when gadget is not loaded
++ - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
++ secure_path
++ - asserts: introduce new assertion validation-set
++ - asserts,daemon: add support for "serials" field in system-user
++ assertion
++ - data/sudo: drop a failed sudo secure_path workaround
++ - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
++ - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
++ - spread.yaml: update secure boot attribute name
++ - interfaces/block_devices: add NVMe subsystem devices, support
++ multipath paths
++ - tests: use the "jq" snap from the edge channel
++ - tests: simplify the tpm test by removing the test-snapd-mokutil
++ snap
++ - boot/bootstate16.go: clean snap_try_* vars when not in Trying
++ status too
++ - tests/main/sudo-env: check snap path under sudo
++ - tests/main/lxd: add test for snaps inside nested lxd containers
++ not working
++ - asserts/internal: expand errors about invalid serialized grouping
++ labels
++ - usersession/userd: add msteams url support
++ - tests/lib/prepare.sh: adjust comment about sgdisk
++ - tests: fix how gadget pc is detected when the snap does not exist
++ and ls fails
++ - tests: move a few more tests to snapstate_update_test.go
++ - tests/main: add spread test for running svc from install hook
++ - tests/lib/prepare: increase the size of the uc16/uc18 partitions
++ - tests/special-home-can-run-classic-snaps: re-enable
++ - workflow: test PR title as part of the static checks again
++ - tests/main/xdg-open-compat: backup and restore original xdg-open
++ - tests: move update-related tests to snapstate_update_test.go
++ - cmd,many: move Version and bits related to snapd tools to
++ snapdtool, merge cmdutil
++ - tests/prepare-restore.sh: reset-failed systemd-journald before
++ restarting
++ - interfaces: misc small interface updates
++ - spread: use find rather than recursive ls, skip mounted snaps
++ - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
++ /var/lib/snapd
++ - tests: enable snap-auto-mount test on core20
++ - cmd/snap: do not show $PATH warning when executing under sudo on a
++ known distro
++ - asserts/internal: add some iteration benchmarks
++ - sandbox/cgroup: improve pid parsing code
++ - snap: add new `snap run --experimental-gdbserver` option
++ - asserts/internal: limit Grouping size switching to a bitset
++ representationWe don't always use the bit-set representation
++ because:
++ - snap: add an activates-on property to apps for D-Bus activation
++ - dirs: delete unused Cloud var, fix typo
++ - sysconfig/cloudinit: make callers of DisableCloudInit use
++ WritableDefaultsDir
++ - tests: fix classic ubuntu core transition auth
++ - tests: fail in setup_reflash_magic() if there is snapd state left
++ - tests: port interfaces-many-core-provided to tests.session
++ - tests: wait after creating partitions with sfdisk
++ - bootloader: introduce bootloarder assets, import grub.cfg with an
++ edition marker
++ - riscv64: bump timeouts
++ - gadget: drop dead code, hide exports that are not used externally
++ - tests: port 2 uc20 part1
++ - tests: fix bug waiting for snap command to be ready
++ - tests: move try-related tests to snapstate_try_test.go
++ - tests: add debug for 20.04 prepare failure
++ - travis.yml: removed, all our checks run in GH actions now
++ - tests: clean up up the use of configcoreSuite in the configcore
++ tests
++ - sandbox/cgroup: remove redundant pathOfProcPidCgroup
++ - sandbox/cgroup: add tests for ParsePids
++ - tests: fix the basic20 test for uc20 on external backend
++ - tests: use configcoreSuite in journalSuite and remove some
++ duplicated code
++ - tests: move a few more tests to snapstate_install_test
++ - tests: assorted small patches
++ - dbusutil/dbustest: separate license from package
++ - interfaces/builtin/time-control: allow POSIX clock API
++ - usersession/userd: add "slack" to the white list of URL schemes
++ handled by xdg-open
++ - tests: check that host settings like hostname are settable on core
++ - tests: port xdg-settings test to tests.session
++ - tests: port snap-handle-link test to tests.session
++ - arch: add riscv64
++ - tests: core20 early defaults spread test
++ - tests: move install tests from snapstate_test.go to
++ snapstate_install_test.go
++ - github: port macOS sanity checks from travis
++ - data/selinux: allow checking /var/cache/app-info
++ - o/devicestate: core20 early config from gadget defaults
++ - tests: autoremove after removing lxd in preseed-lxd test
++ - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
++ - sandbox/cgroup: move FreezerCgroupDir from dirs.go
++ - tests: update the file used to detect the boot path on uc20
++ - spread.yaml: show /var/lib/snapd in debug
++ - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
++ netplan files
++ - snap/naming: add helpers to parse app and hook security tags
++ - tests: modernize retry tool
++ - tests: fix and trim debug section in xdg-open-portal
++ - tests: modernize and use snapd.tool
++ - vendor: update to latest github.com/snapcore/bolt for riscv64
++ - cmd/snap-confine: add support for libc6-lse
++ - interfaces: miscellaneous policy updates xlv
++ - interfaces/system-packages-doc: fix typo in variable names
++ - tests: port interfaces-calendar-service to tests.session
++ - tests: install/run the lzo test snap too
++ - snap: (small) refactor of `snap download` code for
++ testing/extending
++ - data: fix shellcheck warnings in snapd.sh.in
++ - packaging: disable buildmode=pie for riscv64
++ - tests: install test-snapd-rsync snap from edge channel
++ - tests: modernize tests.session and port everything using it
++ - tests: add ubuntu 20.10 to spread tests
++ - cmd/snap/remove: mention snap restore/automatic snapshots
++ - dbusutil: move all D-Bus helpers and D-Bus test helpers
++ - wrappers: pass 'disable' flag to StopServices wrapper
++ - osutil: enable riscv64 build
++ - snap/naming: add ParseSecurityTag and friends
++ - tests: port document-portal-activation to session-tool
++ - bootloader: rename test helpers to reflect we are mocking EFI boot
++ locations
++ - tests: disable test of nfs v3 with udp proto on debian-sid
++ - tests: plan to improve the naming and uniformity of utilities
++ - tests: move *-tool tests to their own suite
++ - snap-bootstrap: remove sealed key file on reinstall
++ - bootloader/ubootenv: don't panic with an empty uboot env
++ - systemd: rename actualFsTypeAndMountOptions to
++ hostFsTypeAndMountOptions
++ - daemon: fix filtering of service-control changes for snap.app
++ - tests: spread test for preseeding in lxd container
++ - tests: fix broken snapd.session agent.socket
++ - wrappers: add RestartServices function and ReloadOrRestart to
++ systemd
++ - o/cmdstate: handle ignore flag on exec-command tasks
++ - gadget: make ext4 filesystems with or without metadata checksum
++ - tests: update statx test to run on all LTS releases
++ - configcore: show better error when disabling services
++ - interfaces: add hugepages-control
++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
++ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
++ - tests: skip interfaces-openvswitch for centos 8 in nightly suite
++ - tests: reload systemd --user for root, if present
++ - tests: reload systemd after editing /etc/fstab
++ - tests: add missing dependencies needed for sbuild test on debian
++ - tests: reload systemd after removing pulseaudio
++ - image, tests: core18 early config.
++ - interfaces: add system-packages-doc interface
++ - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
++ preseeding
++ - interfaces/fwupd: allow bind mount to /boot on core
++ - tests: improve oom-vitality tests
++ - tests: add fedora 32 to spread.yaml
++ - config: apply vitality-hint immediately when the config changes
++ - tests: port snap-routine-portal-info to session-tool
++ - configcore: add "service.console-conf.disable" config option
++ - tests: port xdg-open to session-tool
++ - tests: port xdg-open-compat to session-tool
++ - tests: port interfaces-desktop-* to session-tool
++ - spread.yaml: apply yaml formatter/linter
++ - tests: port interfaces-wayland to session-tool
++ - o/devicestate: refactor current system handling
++ - snap-mgmt: perform cleanup of user services
++ - snap/snapfile,squashfs: followups from 8729
++ - boot, many: require mode in modeenv
++ - data/selinux: update policy to allow forked processes to call
++ getpw*()
++ - tests: log stderr from dbus-monitor
++ - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
++ tag
++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir
++ layout
++ - interfaces/builtin/desktop: do not mount fonts cache on distros
++ with quirks
++ - data/selinux: allow snapd to remove/create the its socket
++ - testutil/exec.go: set PATH after running shellcheck
++ - tests: silence stderr from dbus-monitor
++ - snap,many: mv Open to snapfile pkg to support add'l options to
++ Container methods
++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
++ gadget
++ - github: remove workaround for bug 133 in actions/cache
++ - tests: remove dbus.sh
++ - cmd/snap-preseed: improve mountpoint checks of the preseeded
++ chroot
++ - spread.yaml: add ps aux to debug section
++ - github: run all spread systems in a single go with cached results
++ - test: session-tool cli tweaks
++ - asserts: rest of the Pool API
++ - tests: port interfaces-network-status-classic to session-tool
++ - packaging: remove obsolete 16.10,17.04 symlinks
++ - tests: setup portals before starting user session
++ - o/devicestate: typo fix
++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
++ devices
++ - cmd/snap/model: support store, system-user-authority keys in
++ --verbose
++ - o/devicestate: raise conflict when requesting system action while
++ seeding
++ - tests: detect signs of crashed snap-confine
++ - tests: sign kernel and gadget to run nested tests using current
++ snapd code
++ - tests: remove gnome-online-accounts we install
++ - tests: fix the issue where all the tests were executed on secboot
++ system
++ - tests: port interfaces-accounts-service to session-tool
++ - interfaces/network-control: bring /var/lib/dhcp from host
++ - image,cmd/snap,tests: add support for store-wide cohort keys
++ - configcore: add nomanagers buildtag for conditional build
++ - tests: port interfaces-password-manager-service to session-tool
++ - o/devicestate: cleanup system actions supported by recover mode
++ - snap-bootstrap: remove create-partitions and update tests
++ - tests: fix nested tests
++ - packaging/arch: update PKGBUILD to match one in AUR
++ - tests: port interfaces-location-control to session-tool
++ - tests: port interfaces-contacts-service to session-tool
++ - state: log task errors in the journal too
++ - o/devicestate: change how current system is reported for different
++ modes
++ - devicestate: do not report "ErrNoState" for seeded up
++ - tests: add a note about broken test sequence
++ - tests: port interfaces-autopilot-introspection to session-tool
++ - tests: port interfaces-dbus to session-tool
++ - packaging: update sid packaging to match 16.04+
++ - tests: enable degraded test on uc20
++ - c/snaplock/runinhibit: add run inhibition operations
++ - tests: detect and report root-owned files in /home
++ - tests: reload root's systemd --user after snapd tests
++ - tests: test registration with serial-authority: [generic]
++ - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
++ key in recover
++ - tests/mount-ns: stop binfmt_misc mount unit
++ - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
++ uuid if available
++ - daemon, tests: indicate system mode, test switching to recovery
++ and back to run
++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
++ denials
++ - tests/mount-ns: update to reflect new UEFI boot mode
++ - usersession,tests: clean ups for userd/settings.go and move
++ xdgopenproxy under usersession
++ - tests: disable mount-ns test
++ - tests: test user belongs to systemd-journald, on core20
++ - tests: run core/snap-set-core-config on uc20 too
++ - tests: remove generated session-agent units
++ - sysconfig: use new _writable_defaults dir to create cloud config
++ - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
++ future work
++ - asserts: make clearer that with label we mean a serialized label
++ - cmd/snap-bootstrap: tweak recovery trigger log messages
++ - asserts: introduce PoolTo
++ - userd: allow setting default-url-scheme-handler
++ - secboot: append uuid to ubuntu-data when decrypting
++ - o/configcore: pass extra options to FileSystemOnlyApply
++ - tests: add dbus-user-session to bionic and reorder package names
++ - boot, bootloader: adjust comments, expand tests
++ - tests: improve debugging of user session agent tests
++ - packaging: add the inhibit directory
++ - many: add core.resiliance.vitality-hint config setting
++ - tests: test adjustments and fixes for recently published images
++ - cmd/snap: coldplug auto-import assertions from all removable
++ devices
++ - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
++ secboot
++ - tests: not fail when boot dir cannot be determined
++ - tests: new directory used to store the cloud images on gce
++ - tests: inject snapd from edge into seeds of the image in manual
++ preseed test
++ - usersession/agent,wrappers: fix races between Shutdown and Serve
++ - tests: add dependency needed for next upgrade of bionic
++ - tests: new test user is used for external backend
++ - cmd/snap: fix the order of positional parameters in help output
++ - tests: don't create root-owned things in ~test
++ - tests/lib/prepare.sh: delete patching of the initrd
++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
++ as well
++ - progress: tweak multibyte label unit test data
++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
++ - gadget: fix fallback device lookup for 'mbr' type structures
++ - configcore: only reload journald if systemd is new enough
++ - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
++ - wrappers: allow user mode systemd daemons
++ - progress: fix progress bar with multibyte duration units
++ - tests: fix raciness in pulseaudio test
++ - asserts/internal: introduce Grouping and Groupings
++ - tests: remove user.sh
++ - tests: pair of follow-ups from earlier reviews
++ - overlord/snapstate: warn of refresh/postpone events
++ - configcore,tests: use daemon-reexec to apply watchdog config
++ - c/snap-bootstrap: check mount states via initramfsMountStates
++ - store: implement DownloadAssertions
++ - tests: run smoke test with different bases
++ - tests: port user-mounts test to session-tool
++ - store: handle error-list in fetch-assertions results
++ - tests: port interfaces-audio-playback-record to session-tool
++ - data/completion: add `snap` command completion for zsh
++ - tests/degraded: ignore failure in systemd-vconsole-setup.service
++ - image: stub implementation of image.Prepare for darwin
++ - tests: session-tool --restore -u stops user-$UID.slice
++ - o/ifacestate/handlers.go: fix typo
++ - tests: port pulseaudio test to session-tool
++ - tests: port user-session-env to session-tool
++ - tests: work around journald bug in core16
++ - tests: add debug to core-persistent-journal test
++ - tests: port selinux-clean to session-tool
++ - tests: port portals test to session-tool, fix portal tests on sid
++ - tests: adding option --no-install-recommends option also when
++ install all the deps
++ - tests: add session-tool --has-systemd-and-dbus
++ - packaging/debian-sid: add gcc-multilib to build deps
++ - osutil: expand FileLock to support shared locks and more
++ - packaging: stop depending on python-docutils
++ - store,asserts,many: support the new action fetch-assertions
++ - tests: port snap-session-agent-* to session-tool
++ - packaging/fedora: disable FIPS compliant crypto for static
++ binaries
++ - tests: fix for preseeding failures
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 25 Aug 2020 17:26:21 +0200
++
++snapd (2.45.3.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1875071
++ - o/ifacestate: fix bug in snapsWithSecurityProfiles
++ - tests/main/selinux-clean: workaround SELinux denials triggered by
++ linger setup on Centos8
++
++ -- Samuele Pedroni <pedronis@lucediurna.net> Tue, 28 Jul 2020 21:43:38 +0200
++
++snapd (2.45.3-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1875071
++ - many: backport _writable_defaults dir changes
++ - tests: fix incorrect check in smoke/remove test
++ - cmd/snap-bootstrap,seed: backport of uc20 PRs
++ - tests: avoid exit when nested type var is not defined
++ - cmd/snap-preseed: backport fixes
++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
++ - many: cherry-picks for 2.45, gh-action, test fixes
++ - tests/lib: account for changes in arch package file name extension
++ - postrm, snap-mgmt: cleanup modules and other cherry-picks
++ - snap-confine: don't die if a device from sysfs path cannot be
++ found by udev
++ - data/selinux: update policy to allow forked processes to call
++ getpw*()
++ - tests/main/interfaces-time-control: exercise setting time via date
++ - interfaces/builtin/time-control: allow POSIX clock API
++ - usersession/userd: add "slack" to the white list of URL schemes
++ handled by xdg-open
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Mon, 27 Jul 2020 12:01:14 +0200
++
++snapd (2.45.2-1) unstable; urgency=high
++
++ * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
++ implementation
++ - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
++ variable modification when calling the system xdg-open. Patch
++ thanks to James Henstridge
++ - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
++ restarted. Patch thanks to Michael Vogt
++ - CVE-2020-11934
++ * SECURITY UPDATE: arbitrary code execution vulnerability on core
++ devices with access to physical removable media
++ - devicestate: Disable/restrict cloud-init after seeding.
++ - CVE-2020-11933
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Jul 2020 20:06:29 +0200
++
++snapd (2.45.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1875071
++ - data/selinux: allow checking /var/cache/app-info
++ - cmd/snap-confine: add support for libc6-lse
++ - interfaces: miscellaneous policy updates xlv
++ - snap-bootstrap: remove sealed key file on reinstall
++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
++ - gadget: make ext4 filesystems with or without metadata checksum
++ - interfaces/fwupd: allow bind mount to /boot on core
++ - tests: cherry-pick test fixes from master
++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir
++ layout
++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
++ devices
++ - snap,many: mv Open to snapfile pkg to support add'l options to
++ Container methods
++ - interfaces/builtin/desktop: do not mount fonts cache on distros
++ with quirks
++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
++ gadget
++ - data/completion, packaging: cherry-pick zsh completion
++ - state: log task errors in the journal too
++ - devicestate: do not report "ErrNoState" for seeded up
++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
++ denials
++ - packaging/fedora: disable FIPS compliant crypto for static
++ binaries
++ - packaging: stop depending on python-docutils
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 05 Jun 2020 15:13:49 +0200
++
++snapd (2.45-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1875071
++ - o/devicestate: support doing system action reboots from recover
++ mode
++ - vendor: update to latest secboot
++ - tests: not fail when boot dir cannot be determined
++ - configcore: only reload journald if systemd is new enough
++ - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
++ when decrypting
++ - tests/lib/prepare.sh: delete patching of the initrd
++ - cmd/snap: coldplug auto-import assertions from all removable
++ devices
++ - cmd/snap: fix the order of positional parameters in help output
++ - c/snap-bootstrap: port mount state mocking to the new style on
++ master
++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
++ as well
++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
++ unlock in recover mode initramfs
++ - progress: tweak multibyte label unit test data
++ - gadget: fix fallback device lookup for 'mbr' type structures
++ - progress: fix progress bar with multibyte duration units
++ - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
++ - many: put the sealed keys in a directory on seed for tidiness
++ - cmd/snap-bootstrap: measure epoch and model before unlocking
++ encrypted data
++ - o/configstate: core config handler for persistent journal
++ - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
++ - packaging: add "$TAGS" to dh_auto_test for debian packaging
++ - tests: ensure $cache_dir is actually available
++ - secboot,cmd/snap-bootstrap: add model to pcr protection profile
++ - devicestate: do not use snap-boostrap in devicestate to install
++ - tests: fix a typo in nested.sh helper
++ - devicestate: add support for cloud.cfg.d config from the gadget
++ - cmd/snap-bootstrap: cleanups, naming tweaks
++ - testutil: add NewDBusTestConn
++ - snap-bootstrap: lock access to sealed keys
++ - overlord/devicestate: preserve the current model inside ubuntu-
++ boot
++ - interfaces/apparmor: use differently templated policy for non-core
++ bases
++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
++ syscalls
++ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
++ other misc changes
++ - o/snapstate: tweak "waiting for restart" message
++ - boot: store model model and grade information in modeenv
++ - interfaces/firewall-control: allow -legacy and -nft for core20
++ - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
++ bootloaders
++ - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
++ implementation
++ - daemon: fix error message from `snap remove-user foo` on classic
++ - overlord: have a variant of Mock that can take a state.State
++ - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
++ - seed: clearer errors for missing essential snapd or core snap
++ - cmd/snap-bootstrap/initramfs-mounts: support
++ EnvRefExtractedKernelBootloader's
++ - gadget, cmd/snap-bootstrap: MBR schema support
++ - image: improve/adjust DownloadSnap doc comment
++ - asserts: introduce ModelGrade.Code
++ - tests: ignore user-12345 slice and service
++ - image,seed/seedwriter: support redirect channel aka default
++ tracks
++ - bootloader: use binary.Read/Write
++ - tests: uc20 nested suite part II
++ - tests/boot: refactor to make it easier for new
++ bootloaderKernelState20 impl
++ - interfaces/openvswitch: support use of ovs-appctl
++ - snap-bootstrap: copy auth data from real ubuntu-data in recovery
++ mode
++ - snap-bootstrap: seal and unseal encryption key using tpm
++ - tests: disable special-home-can-run-classic-snaps due to jenkins
++ repo issue
++ - packaging: fix build on Centos8 to support BUILDTAGS
++ - boot/bootstate20: small changes to bootloaderKernelState20
++ - cmd/snap: Implement a "snap routine file-access" command
++ - spread.yaml: switch back to latest/candidate for lxd snap
++ - boot/bootstate20: re-factor kernel methods to use new interface
++ for state
++ - spread.yaml,tests/many: use global env var for lxd channel
++ - boot/bootstate20: fix bug in try-kernel cleanup
++ - config: add system.store-certs.[a-zA-Z0-9] support
++ - secboot: key sealing also depends on secure boot enabled
++ - httputil: fix client timeout retry tests
++ - cmd/snap-update-ns: handle EBUSY when unlinking files
++ - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
++ vars
++ - secboot: add tpm support helpers
++ - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
++ kernel and gadget
++ - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
++ - tests: preserve size for centos images on spread.yaml
++ - github: partition the github action workflows
++ - run-checks: use consistent "Checking ..." style messages
++ - bootloader: add efi pkg for reading efi variables
++ - data/systemd: do not run snapd.system-shutdown if finalrd is
++ available
++ - overlord: update tests to work with latest go
++ - cmd/snap: do not hide debug boot-vars on core
++ - cmd/snap-bootstrap: no error when not input devices are found
++ - snap-bootstrap: fix partition numbering in create-partitions
++ - httputil/client_test.go: add two TLS version tests
++ - tests: ignore user@12345.service hierarchy
++ - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
++ - tests: rewrite timeserver-control test
++ - tests: fix racy pulseaudio tests
++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
++ - tests: update snap-preseed --reset logic to accommodate for 2.44
++ change
++ - cmd/snap: don't wait for system key when stopping
++ - sandbox/cgroup: avoid making arrays we don't use
++ - osutil: mock proc/self/mountinfo properly everywhere
++ - selinux: export MockIsEnforcing; systemd: use in tests
++ - tests: add 32 bit machine to GH actions
++ - tests/session-tool: kill cron session, if any
++ - asserts: it should be possible to omit many snap-ids if allowed,
++ fix
++ - boot: cleanup more things, simplify code
++ - github: skip spread jobs when corresponding label is set
++ - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
++ pkg
++ - tests/session-tool: add session-tool --dump
++ - github: allow cached debian downloads to restore
++ - tests/session-tool: session ordering is non-deterministic
++ - tests: enable unit tests on debian-sid again
++ - github: move spread to self-hosted workers
++ - secboot: import secboot on ubuntu, provide dummy on !ubuntu
++ - overlord/devicestate: support for recover and run modes
++ - snap/naming: add validator for snap security tag
++ - interfaces: add case for rootWritableOverlay + NFS
++ - tests/main/uc20-create-partitions: tweaks, renames, switch to
++ 20.04
++ - github: port CLA check to Github Actions
++ - interfaces/many: miscellaneous policy updates xliv
++ - configcore,tests: fix setting watchdog options on UC18/20
++ - tests/session-tool: collect information about services on startup
++ - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
++ partitions
++ - state: add state.CopyState() helper
++ - tests/session-tool: stop anacron.service in prepare
++ - interfaces: don't use the owner modifier for files shared via
++ document portal
++ - systemd: move the doc comments to the interface so they are
++ visible
++ - cmd/snap-recovery-chooser: tweaks
++ - interfaces/docker-support: add overlayfs file access
++ - packaging: use debian/not-installed to ignore snap-preseed
++ - travis.yml: disable unit tests on travis
++ - store: start splitting store.go and store_test.go into subtopic
++ files
++ - tests/session-tool: stop cron/anacron from meddling
++ - github: disable fail-fast as spread cannot be interrupted
++ - github: move static checks and spread over
++ - tests: skip "/etc/machine-id" in "writablepaths" test
++ - snap-bootstrap: store encrypted partition recovery key
++ - httputil: increase testRetryStrategy max timelimit to 5s
++ - tests/session-tool: kill leaking closing session
++ - interfaces: allow raw access to USB printers
++ - tests/session-tool: reset failed session-tool units
++ - httputil: increase httpclient timeout in
++ TestRetryRequestTimeoutHandling
++ - usersession: extend timerange in TestExitOnIdle
++ - client: increase timeout in client tests to 100ms
++ - many: disentagle release and snapdenv from sandbox/*
++ - boot: simplify modeenv mocking to always write a modeenv
++ - snap-bootstrap: expand data partition on install
++ - o/configstate: add backlight option for core config
++ - cmd/snap-recovery-chooser: add recovery chooser
++ - features: enable robust mount ns updates
++ - snap: improve TestWaitRecovers test
++ - sandbox/cgroup: add ProcessPathInTrackingCgroup
++ - interfaces/policy: fix comment in recent new test
++ - tests: make session tool way more robust
++ - interfaces/seccomp: allow passing an address to setgroups
++ - o/configcore: introduce core config handlers (3/N)
++ - interfaces: updates to login-session-observe, network-manager and
++ modem-manager interfaces
++ - interfaces/policy/policy_test.go: add more tests'allow-
++ installation: false' and we grant based on interface attributes
++ - packaging: detect/disable broken seed in the postinst
++ - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
++ library
++ - tests: remove google-tpm backend from spread.yaml
++ - tests: install dependencies with apt using --no-install-recommends
++ - usersession/userd: add zoommtg url support
++ - snap-bootstrap: fix disk layout sanity check
++ - snap: add `snap debug state --is-seeded` helper
++ - devicestate: generate warning if seeding fails
++ - config, features: move and rename config.GetFeatureFlag helper to
++ features.Flag
++ - boot, overlord/devicestate, daemon: implement requesting boot
++ into a given recovery system
++ - xdgopenproxy: forward requests to the desktop portal
++ - many: support immediate reboot
++ - store: search v2 tweaks
++ - tests: fix cross build tests when installing dependencies
++ - daemon: make POST /v2/systems/<label> root only
++ - tests/lib/prepare.sh: use only initrd from the kernel snap
++ - cmd/snap,seed: validate full seeds (UC 16/18)
++ - tests/main/user-session-env: stop the user session before deleting
++ the test-zsh user
++ - overlord/devicestate, daemon: record the seed current system was
++ installed from
++ - gadget: SystemDefaults helper function to convert system defaults
++ config into a flattened map suitable for FilesystemOnlyApply.
++ - many: comment or avoid cryptic snap-ids in tests
++ - tests: add LXD_CHANNEL environment
++ - store: support for search API v2
++ - .github: register a problem matcher to detect spread failures
++ - seed: add Info() method for seed.Snap
++ - github: always run the "Discard spread workers" step, even if the
++ job fails
++ - github: offload self-hosted workers
++ - cmd/snap: the model command needs just a client, no waitMixin
++ - github: combine tests into one workflow
++ - github: fix order of go get caches
++ - tests: adding more workers for ubuntu 20.04
++ - boot,overlord: rename operating mode to system mode
++ - config: add new Transaction.GetPristine{,Maybe}() function
++ - o/devicestate: rename readMaybe* to maybeRead*
++ - github: cache Debian dependencies for unit tests
++ - wrappers: respect pre-seeding in error path
++ - seed: validate UC20 seed system label
++ - client, daemon, overlord/devicestate: request system action API
++ and stubs
++ - asserts,o/devicestate: support model specified alternative serial-
++ authority
++ - many: introduce naming.WellKnownSnapID
++ - o/configcore: FilesystemOnlyApply method for early configuration
++ of core (1/N)
++ - github: run C unit tests
++ - github: run spread tests on PRs only
++ - interfaces/docker-support: make containerd abstract socket more
++ generic
++ - tests: cleanup security-private-tmp properly
++ - overlord/devicestate,boot: do not hold to the originally read
++ modeenv
++ - dirs: rm RunMnt; boot: add vars for early boot env layout;
++ sysconfig: take targetdir arg
++ - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
++ s.runMnt
++ - tests: add regression test for MAAS refresh bug
++ - errtracker: add missing mocks
++ - github: apt-get update before installing build-deps
++ - github: don't fail-fast
++ - github: run spread via github actions
++ - boot,many: add modeenv.WriteTo, make Write take no args
++ - wrappers: fix timer schedules that are days only
++ - tests/main/snap-seccomp-syscalls: install gperf
++ - github: always checkout to snapcore/snapd
++ - github: add prototype workflow running unit tests
++ - many: improve comments, naming, a possible TODO
++ - client: use Assert when checking for error
++ - tests: ensure sockets target is ready in session agent spread
++ tests
++ - osutil: do not leave processes behind after the test run
++ - tests: update proxy-no-core to match latest CDN changes
++ - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
++ dangerous
++ - cmd/snap-failure,tests: try to make snap-failure more robust
++ - many: fix packages having mistakenly their copyright as doc
++ - many: enumerate system seeds, return them on the /v2/systems API
++ endpoint
++ - randutil: don't consume kernel entropy at init, just mix more info
++ to try to avoid fleet collisions
++ - snap-bootstrap: add creationSupported predicate for partition
++ types
++ - tests: umount partitions which are not umounted after remount
++ gadget
++ - snap: run gofmt -s
++ - many: improve environment handling, fixing duplicate entries
++ - boot_test: add many boot robustness tests for UC20 kernel
++ MarkBootSuccessul and SetNextBoot
++ - overlord: remove unneeded overlord.MockPruneInterval() mocks
++ - interfaces/greengrass-support: fix typo
++ - overlord,timings,daemon: separate timings from overlord/state
++ - tests: enable nested on core20 and test current branch
++ - snap-bootstrap: remove created partitions on reinstall
++ - boot: apply Go 1.10 formatting
++ - apparmor: use rw for uuidd request to default and remove from
++ elsewhere
++ - packaging: add README.source for debian
++ - tests: cleanup various uc20 boot tests from previous PR
++ - devicestate: disable cloud-init by default on uc20
++ - run-checks: tweak formatting checks
++ - packaging,tests: ensure debian-sid builds without vendor/
++ - travis.yml: run unit tests with go/master as well* travis.yml: run
++ unit tests with go/master as well
++ - seed: make Brand() part of the Seed interface
++ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
++ - daemon: do a forceful server shutdown if we hit a deadline
++ - tests/many: don't use StartLimitInterval anymore, unify snapd-
++ failover variants, build snapd snap for UC16 tests
++ - snap-seccomp: robustness improvements
++ - run-tests: disable -v for go test to avoid spaming the logs
++ - snap: whitelist lzo as support compression for snap pack
++ - snap: tweak comment in Install() for overlayfs detection
++ - many: introduce snapdenv.Preseeding instead of release.PreseedMode
++ - client, daemon, overlord/devicestate: structures and stubs for
++ systems API
++ - o/devicestate: delay the creation of mark-seeded task until
++ asserts are loaded
++ - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
++ policy, updates
++ - interfaces/greengrass-support: add new 1.9 access
++ - snap: do not hardlink on overlayfs
++ - boot,image: ARM kernel extract prepare image
++ - interfaces: make gpio robust against not-existing gpios in /sys
++ - cmd/snap-preseed: handle --reset flag
++ - many: introduce snapdenv to present common snapd env options
++ - interfaces/kubernetes-support: allow autobind to journald socket
++ - snap-seccomp: allow mprotect() to unblock the tests
++ - tests/lib/reset: workaround unicode dot in systemctl output
++ - interfaces/udisks2: also allow Introspection on
++ /org/freedesktop/UDisks/**
++ - snap: introduce Container.RandomAccessFile
++ - o/ifacestate, api: implementation of snap disconnect --forget
++ - cmd/snap: make the portal-info command search for the network-
++ status interface
++ - interfaces: work around apparmor_parser slowness affecting uio
++ - tests: fix/improve failing spread tests
++ - many: clean separation of bootenv mocking vs mock bootloader kinds
++ - tests: mock prune ticker in overlord tests to reduce wait times
++ - travis: disable arm64 again
++ - httputil: add support for extra snapd certs
++ - travis.yml: run unit tests on arm64 as well
++ - many: fix a pair of ineffectual assignments
++ - tests: add uc20 kernel snap upgrade managers test, fix
++ bootloadertest bugs
++ - o/snapstate: set base in SnapSetup on snap revert
++ - interfaces/{docker,kubernetes}-support: updates for lastest k8s
++ - cmd/snap-exec: add test case for LP bug 1860369
++ - interfaces: make the network-status interface implicit on
++ classic
++ - interfaces: power control interfaceIt is documented in the
++ kernel
++ - interfaces: miscellaneous policy updates
++ - cmd/snap: add a "snap routine portal-info" command
++ - usersession/userd: add "apt" to the white list of URL schemes
++ handled by xdg-open
++ - interfaces/desktop: allow access to system prompter interface
++ - devicestate: allow encryption regardless of grade
++ - tests: run ipv6 network-retry test too
++ - tests: test that after "remove-user" the system is unmanaged
++ - snap-confine: unconditionally add /dev/net/tun to the device
++ cgroup
++ - snapcraft.yaml: use sudo -E and remove workaround
++ - interfaces/audio_playback: Fix pulseaudio config access
++ - ovelord/snapstate: update only system wide fonts cache
++ - wrappers: import /etc/environment in all services
++ - interfaces/u2f: Add Titan USB-C key
++ - overlord, taskrunner: exit on task/ensure error when preseeding
++ - tests: add session-tool, a su / sudo replacement
++ - wrappers: add mount unit dependency for snapd services on core
++ devices
++ - tests: just remove user when the system is not managed on create-
++ user-2 test
++ - snap-preseed: support for preseeding of snapd and core18
++ - boot: misc UC20 changes
++ - tests: adding arch-linux execution
++ - packaging: revert "work around review-tools and snap-confine"
++ - netlink: fix panic on arm64 with the new rawsockstop codewith a
++ nil Timeval panics
++ - spread, data/selinux: add CentOS 8, update policy
++ - tests: updating checks to new test account for snapd-test snaps
++ - spread.yaml: mv opensuse 15.1 to unstable
++ - cmd/snap-bootstrap,seed: verify only in-play snaps
++ - tests: use ipv4 in retry-network to unblock failing master
++ - data/systemd: improve the description
++ - client: add "Resume" to DownloadOptions and new test
++ - tests: enable snapd-failover on uc20
++ - tests: add more debug output to the snapd-failure handling
++ - o/devicestate: unset recovery_system when done seeding
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 May 2020 17:17:57 +0200
++
++snapd (2.44.5-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - spread.yaml: adding more workers for ubuntu 20.04
++ - packaging: stop depending on python-docutils on opensuse
++ - spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
++ is not recent enough to drive ubuntu-core-20
++ - spread.yaml: Preserve size for centos images on spread.yaml
++ - spread.yaml: use non-uefi enabled image for uc20
++ - tests: ensure $cache_dir is actually available
++ - tests: disable preseed tests, they work in master but require too
++ much cherry-picking here
++ - travis.yml: remove go/master unit tests from 2.44
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 30 Apr 2020 09:09:22 +0200
++
++snapd (2.44.4-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - packaging/fedora: disable FIPS compliant crypto for static
++ binaries
++ - interfaces/firewall-control: allow -legacy and -nft for core20
++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
++ syscalls
++ - tests: 16.04 and 18.04 now have mediating pulseaudio
++ - tests: ignore user@12345.service hierarchy
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Apr 2020 08:32:56 +0200
++
++snapd (2.44.3-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - tests: fix racy pulseaudio tests
++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
++ - tests: update snap-preseed --reset logic
++ - tests: backport partition fixes
++ - cmd/snap: don't wait for system key when stopping
++ - interfaces/many: miscellaneous policy updates xliv
++ - tests/main/uc20-snap-recovery: use 20.04 system
++ - tests: skip "/etc/machine-id" in "writablepaths
++ - interfaces/docker-support: add overlays file access
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Apr 2020 16:57:25 +0200
++
++snapd (2.44.2-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - packaging: detect/disable broken seeds in the postinst
++ - cmd/snap,seed: validate full seeds (UC 16/18)
++ - snap: add `snap debug state --is-seeded` helper
++ - devicestate: generate warning if seeding fails
++ - store: support for search API v2
++ - cmd/snap-seccomp/syscalls: update the list of known syscalls
++ - snap/cmd: the model command needs just a client, no waitMixin
++ - tests: cleanup security-private-tmp properly
++ - wrappers: fix timer schedules that are days only
++ - tests: update proxy-no-core to match latest CDN changes
++ - cmd/snap-failure,tests: make snap-failure more robust
++ - tests, many: don't use StartLimitInterval anymore, unify snapd-
++ failover variants, build snapd snap for UC16 tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Apr 2020 09:51:34 +0200
++
++snapd (2.44.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - randutil: switch back to setting up seed with lower entropy data
++ - interfaces/greengrass-support: fix typo
++ - packaging,tests: ensure debian-sid builds without vendor/
++ - travis.yml: run unit tests with go/master as well
++ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Sat, 21 Mar 2020 18:32:12 +0100
++
++snapd (2.44-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1864808
++ - daemon: do a forceful serer shutdown if we hit a deadline
++ - snap: whitelist lzo as support compression for snap pack
++ - data/selinux: update policy to allow more ops
++ - interfaces/greengrass-support: add new 1.9 access
++ - snap: do not hardlink on overlayfs
++ - cmd/snap-preseed: handle --reset flag
++ - interfaces/kubernetes-support: allow autobind to journald socket
++ - snap-seccomp: allow mprotect() to unblock the tests
++ - tests/lib/reset: workaround unicode dot in systemctl output
++ - interfaces: work around apparmor_parser slowness affecting uio
++ - interfaces/udisks2: also allow Introspection on
++ /org/freedesktop/UDisks2/**
++ - tests: mock prune ticker in overlord tests to reduce wait times
++ - interfaces/{docker,kubernetes}-support: updates for lastest k8s
++ - interfaces: miscellaneous policy updates
++ - interfaces/audio_playback: Fix pulseaudio config access
++ - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
++ - ovelord/snapstate: update only system wide fonts cache
++ - wrappers: import /etc/environment in all services
++ - interfaces/u2f: Add Titan USB-C key
++ - overlord, taskrunner: exit on task/ensure error when preseeding
++ - overlord/snapstate/backend: update snapd services contents in unit
++ tests
++ - wrappers: add mount unit dependency for snapd services on core
++ devices
++ - Revert "tests: remove /tmp/snap.* left over by other tests"
++ - Revert "packaging: work around review-tools and snap-confine"
++ - netlink: fix panic on arm64 with the new rawsockstop code
++ - spread, data/selinux: add CentOS 8, update policy
++ - spread.yaml: mv opensuse tumbleweed to unstable too
++ - spread.yaml: mv opensuse 15.1 to unstable
++ - tests: use ipv4 in retry-network to unblock failing master
++ - data/systemd: improve the description
++ - tests/lib/prepare.sh: simplify, combine code paths
++ - tests/main/user-session-env: add test verifying environment
++ variables inside the user session
++ - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
++ - run-checks: SKIP_GMFMT really skips formatting checks
++ - tests: enable more tests for UC20/UC18
++ - tests: remove tmp dir for snap not-test-snapd-sh on security-
++ private-tmp test
++ - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
++ simplify bootstrap code
++ - snapstate: do not restart in undoLinkSnap unless on first install
++ - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
++ - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
++ mode too
++ - cmd/libsnap, tests: fix C unit tests failing as non-root
++ - cmd/snap-bootstrap: verify kernel snap is in modeenv before
++ mounting it
++ - tests: adding amazon linux to google backend
++ - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
++ status
++ - client: add support for "ResumeToken", "HeaderPeek" to download
++ - build: enable type: snapd
++ - tests: rm -rf /tmp/snap.* in restore
++ - cmd/snap-confine: deny snap-confine to load nss libs
++ - snapcraft.yaml: add comments, rename snapd part to snapd-deb
++ - boot: write current_kernels in bootstate20, makebootable
++ - packaging: work around review-tools and snap-confine
++ - tests: skipping interfaces-openvswitch on centos due to package is
++ not available
++ - packaging,snap-confine: stop being setgid root
++ - cmd/snap-confine: bring /var/lib/dhcp from host, if present
++ - store: rely on CommandFromSystemSnap to find xdelta3
++ - tests: bump sleep time of the new overlord tests
++ - cmd/snap-preseed: snapd version check for the target
++ - netlink: fix/support stopping goroutines reading netlink raw
++ sockets
++ - tests: reset PS1 before possibly interactive dash
++ - overlord, state: don't abort changes if spawn time before
++ StartOfOperationTime (2/2)
++ - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
++ snapd snap
++ - tests: ask tar to speak English
++ - tests: using google storage when downloading ubuntu cloud images
++ from gce
++ - Coverity produces false positives for code like this:
++ - many: maybe restart & security backend options
++ - o/standby: add SNAPD_STANDBY_WAIT to control standby in
++ development
++ - snap: use the actual staging snap-id for snapd
++ - cmd/snap-bootstrap: create a new parser instance
++ - snapcraft.yaml: use build-base and adopt-info, rm builddeb
++ plugin
++ - tests: set StartLimitInterval in snapd failover test
++ - tests: disable archlinux system
++ - tests: add preseed test for classic
++ - many, tests: integrate all preseed bits and add spread tests
++ - daemon: support resuming downloads
++ - tests: use Filename() instead of filepath.Base(sn.MountFile())
++ - tests/core: add swapfiles test
++ - interfaces/cpu-control: allow to control cpufreq tunables
++ - interfaces: use commonInteface for desktopInterface
++ - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
++ location
++ - snap/info: add Filename
++ - bootloader: make uboot a RecoveryAwareBootloader
++ - gadget: skip update when mounted filesystem content is identical
++ - systemd: improve is-active check for 'failed' services
++ - boot: add current_kernels to modeenv
++ - o/devicestate: StartOfOperationTime helper for Prune (1/2)
++ - tests: detect LXD launching i386 containers
++ - tests: move main/ubuntu-core-* tests to core/ suite
++ - tests: remove snapd in ubuntu-core-snapd
++ - boot: enable base snap updates in bootstate20
++ - tests: Fix core revert channel after 2.43 has been released to
++ stable
++ - data/selinux: unify tabs/spaces
++ - o/ifacestate: move ResolveDisconnect to ifacestate
++ - spread: move centos to stable systems
++ - interfaces/opengl: allow datagrams to nvidia-driver
++ - httputil: add NoNetwork(err) helper, spread test and use in serial
++ acquire
++ - store: detect if server does not support http range headers
++ - test/lib/user: add helper lib for doing things for and as a user
++ - overlord/snapstate, wrappers: undo of snapd on core
++ - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
++ set kill timeout
++ - store: add support for resume in DownloadStream
++ - cmd/snap: implement 'snap remove-user'
++ - overlord/devicestate: fix preseed unit tests on systems not using
++ /snap
++ - tests/main/static: ldd in glibc 2.31 logs to stderr now
++ - run-checks, travis: allow skipping spread jobs by adding a label
++ - tests: add new backend which includes images with tpm support
++ - boot: use constants for boot status values
++ - tests: add "core" suite for UC specific tests
++ - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
++ - tests: retry mounting the udisk2 device due to timing issue
++ - usersession/client: add a client library for the user session
++ agent
++ - o/devicestate: Handle preseed mode in the firstboot mode (core16
++ only for now).
++ - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
++ - cmd/snap-confine: detect base transitions on core16
++ - boot: don't use "kernel" from the modeenv anymore
++ - interfaces: add uio interface
++ - tests: repack the initramfs + kernel snap for UC20 spread tests
++ - interfaces/greengrass-support: add /dev/null ->
++ /proc/latency_stats mount
++ - httputil: remove workaround for redirect handling in go1.7
++ - httputil: remove go1.6 transport workaround
++ - snap: add `snap pack --compression=<comp>` options
++ - tests/lib/prepare: fix hardcoded loopback device names for UC
++ images
++ - timeutil: add a unit test case for trivial schedule
++ - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
++ introduction
++ - dirs: variable with distros using alternate snap mount
++ - many,randutil: centralize and streamline our random value
++ generation
++ - tests/lib/prepare-restore: Revert "Continue on errors updating or
++ installing dependencies"
++ - daemon: Allow clients to call /v2/logout via Polkit
++ - dirs: manjaro-arm is like manjaro
++ - data, packaging: Add sudoers snippet to allow snaps to be run with
++ sudo
++ - daemon, store: better expose single action errors
++ - tests: switch mount-ns test to differential data set
++ - snapstate: refactor things to add the re-refresh task last
++ - daemon: drop support for the DELETE method
++ - client: move to /v2/users; implement RemoveUser
++ - boot: enable UC20 kernel extraction and bootState20 handling
++ - interfaces/policy: enforce plug-names/slot-names constraints
++ - asserts: parse plug-names/slot-names constraints
++ - daemon: make users result more consistent
++ - cmd/snap-confine,tests: support x.y.z nvidia version
++ - dirs: fixlet for XdgRuntimeDirGlob
++ - boot: add bootloader options to coreKernel
++ - o/auth,daemon: do not remove unknown user
++ - tests: tweak and enable tests on ubuntu 20.04
++ - daemon: implement user removal
++ - cmd/snap-confine: allow snap-confine to link to libpcre2
++ - interfaces/builtin: Allow NotificationReplied signal on
++ org.freedesktop.Notifications
++ - overlord/auth: add RemoveUserByName
++ - client: move user-related things to their own files
++ - boot: tweak kernel cmdline helper docstring
++ - osutil: implement deluser
++ - gadget: skip update when raw structure content is unchanged
++ - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
++ detection to boot
++ - tests: fix revisions leaking from snapd-refresh test
++ - daemon: refactor create-user to a user action & hide behind a flag
++ - osutil/tests: check there are no leftover symlinks with
++ AtomicSymlink
++ - grub: support atomically renaming kernel symlinks
++ - osutil: add helpers for creating symlinks and renaming in an
++ atomic manner
++ - tests: add marker tag for core 20 test failure
++ - tests: fix gadget-update-pc test leaking snaps
++ - tests: remove revision leaking from ubuntu-core-refresh
++ - tests: remove revision leaking from remodel-kernel
++ - tests: disable system-usernames test on core20
++ - travis, tests, run-checks: skip nakedret
++ - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
++ - tests: update mount-ns test tables
++ - snap: disable auto-import in uc20 install-mode
++ - tests: add a command-chain service test
++ - tests: use test-snapd-upower instead of upower
++ - data/selinux: workaround incorrect fonts cache labeling on RHEL7
++ - spread.yaml: fix ubuntu 19.10 and 20.04 names
++ - debian: check embedded keys for snap-{bootstrap,preseed} too
++ - interfaces/apparmor: fix doc-comments, unnecessary code
++ - o/ifacestate,o/devicestatate: merge gadget-connect logic into
++ auto-connect
++ - bootloader: add ExtractedRunKernelImageBootloader interface,
++ implement in grub
++ - tests: add spread test for hook permissions
++ - cmd/snap-bootstrap: check device size before boostrapping and
++ produce a meaningful error
++ - cmd/snap: add ability to register "snap routine" commands
++ - tests: add a test demonstrating that snaps can't access the
++ session agent socket
++ - api: don't return connections referring to non-existing
++ plugs/slots
++ - interfaces: refactor path() from raw-volume into utils with
++ comments for old
++ - gitignore: ignore snap files
++ - tests: skip interfaces-network-manager on arm devices
++ - o/devicestate: do not create perfTimings if not needed inside
++ ensureSeed/Operational
++ - tests: add ubuntu 20.04 to the tests execution and remove
++ tumbleweed from unstable
++ - usersession: add systemd user instance service control to user
++ session agent
++ - cmd/snap: print full channel in 'snap list', 'snap info'
++ - tests: remove execution of ubuntu 19.04 from google backend
++ - cmd/snap-boostrap: add mocking for fakeroot
++ - tests/core18/snapd-failover: collect more debug info
++ - many: run black formatter on all python files
++ - overlord: increase settle timeout for slow machines
++ - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
++ - store, o/snapstate: send default-tracks header, use
++ RedirectChannel
++ - overlord/standby: fix possible deadlock in standby test
++ - cmd/snap-discard-ns: fix pattern for .info files
++ - boot: add HasModeenv to Device
++ - devicestate: do not allow remodel between core20 models
++ - bootloader,snap: misc tweaks
++ - store, overlord/snapstate, etc: SnapAction now returns a []…Result
++ - snap-bootstrap: create encrypted partition
++ - snap: remove "host" output from `snap version`
++ - tests: use snap remove --purge flag in most of the spread tests
++ - data/selinux, test/main/selinux-clean: update the test to cover
++ more scenarios
++ - many: drop NameAndRevision, use snap.PlaceInfo instead
++ - boot: split MakeBootable tests into their own file
++ - travis-ci: add go import path
++ - boot: split MakeBootable implementations into their own file
++ - tests: enable a lot of the tests of main on uc20
++ - packaging, tests: stop services in prerm
++ - tests: enable regression suite on core20
++ - overlord/snapstate: improve snapd snap backend link unit tests
++ - boot: implement SetNextBoot in terms of bootState.setNext
++ - wrappers: write and undo snapd services on core
++ - boot,o/devicestate: refactor MarkBootSuccessful over bootState
++ - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
++ - snap-bootstrap: refactor partition creation
++ - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
++ - tests: add core20 tests
++ - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
++ use the information
++ - tests/main/snap-sign: add test for non-stdin signing
++ - snap-bootstrap: trigger udev after filesystem creation
++ - boot,overlord: introduce internal abstraction bootState and use it
++ for InUse/GetCurrentBoot
++ - overlord/snapstate: tracks are now sticky
++ - cmd: sign: add filename param
++ - tests: remove "test-snapd-tools" in smoke/sandbox on restore
++ - cmd/snap, daemon: stop over-normalising channels
++ - tests: fix classic-ubuntu-core-transition-two-cores after refactor
++ of MATCH -v
++ - packaging: ship var/lib/snapd/desktop/applications in the pkg
++ - spread: drop copr repo with F30 build dependencies
++ - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
++ - tests: fix partition creation test
++ - tests: unify/rename services-related spread tests to start with
++ services- prefix
++ - test: extract code that modifies "writable" for test prep
++ - systemd: handle preseed mode
++ - snap-bootstrap: read only stdout when parsing the sfdisk json
++ - interfaces/browser-support: add more product/vendor paths
++ - boot: write compat UC16 bootvars in makeBootable20RunMode
++ - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
++ - devicestate: request reboot after successful doSetupRunSystem()
++ - snapd.core-fixup.sh: do not run on UC20 at all
++ - tests: unmount automounted snap-bootstrap devices
++ - devicestate: run boot.MakeBootable in doSetupRunSystem
++ - boot: copy kernel/base to data partition in makeBootable20RunMode
++ - tests: also check nested lxd container
++ - run-checks: complain about MATCH -v
++ - boot: always return the trivial boot participant in ephemeral mode
++ - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
++ gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
++ - snap-bootstrap: append new partitions
++ - snap-bootstrap: mount filesystems after creation
++ - snapstate: do not try to detect rollback in ephemeral modes
++ - snap-bootstrap: trigger udev for new partitions
++ - cmd/snap-bootstrap: xxx todos about kernel cross-checks
++ - tests: avoid mask rsyslog service in case is not enabled on the
++ system
++ - tests: fix use of MATCH -v
++ - cmd/snap-preseed: update help strings
++ - cmd/snap-bootstrap: actually parse snapd_recovery_system label
++ - bootstrap: reduce runmode mounts from 5 to 2 steps.
++ - lkenv.go: adjust for new location of include file
++ - snap: improve squashfs.ReadFile() error
++ - systemd: fix uc20 shutdown
++ - boot: write modeenv when creating the run mode
++ - boot,image: add skeleton boot.makeBootable20RunMode
++ - cmd/snap-preseed: add snap-preseed executable
++ - overlord,boot: follow ups to #7889 and #7899
++ - interfaces/wayland: Add access to Xwayland's shm files
++ - o/hookstate/ctlcmd: fix command name in snapctl -h
++ - daemon,snap: remove screenshot deprecation notice
++ - overlord,o/snapstate: make sure we never leave config behind
++ - many: pass consistently boot.Device state to boot methods
++ - run-checks: check multiline string blocks in
++ restore/prepare/execute sections of spread tests
++ - intrefaces: login-session-control - added missing dbus commands
++ - tests/main/parallel-install-remove-after: parallel installs should
++ not break removal
++ - overlord/snapstate: tweak assumes error hint
++ - overlord: replace DeviceContext.OldModel with GroundContext
++ - devicestate: use httputil.ShouldRetryError() in
++ prepareSerialRequest
++ - tests: replace "test-snapd-base-bare" with real "bare" base snap
++ - many: pass a Model to the gadget info reading functions
++ - snapstate: relax gadget constraints in ConfigDefaults Et al.
++ - devicestate: only run ensureBootOk() in "run" mode
++ - tests/many: quiet lxc launching, file pushing
++ - tests: disable apt-hooks test until it can be properly fixed
++ - tests: 16.04 and 18.04 now have mediating pulseaudio
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 17 Mar 2020 20:55:47 +0100
++
++snapd (2.43.3-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1856159
++ - interfaces/opengl: allow datagrams to nvidia-driver
++ - httputil: add NoNetwork(err) helper, spread test and use
++ in serial acquire
++ - interfaces: add uio interface
++ - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
++ start due to apparmor deny on mounting of "/proc/latency_stats".
++ - data, packaging: Add sudoers snippet to allow snaps to be run with
++ sudo
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Feb 2020 14:59:15 +0100
++
++snapd (2.43.2-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1856159
++ - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
++ - overlord/snapstate: fix for re-refresh bug
++ - tests, run-checks, many: fix nakedret issues
++ - data/selinux: workaround incorrect fonts cache labeling on RHEL7
++ - tests: use test-snapd-upower instead of upower
++ - overlord: increase overall settle timeout for slow arm boards
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 28 Jan 2020 15:50:25 +0100
++
++snapd (2.43.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1856159
++ - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
++ - overlord/standby: fix possible deadlock in standby test
++ - cmd/snap-discard-ns: fix pattern for .info files
++ - overlord,o/snapstate: make sure we never leave config behind
++ - data/selinux: update policy to cover more cases
++ - snap: remove "host" output from `snap version`
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 14 Jan 2020 20:30:07 +0100
++
++snapd (2.43-1) unstable; urgency=medium
++
++ * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 09 Jan 2020 17:16:12 +0100
++
++snapd (2.42.5-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1853244
++ - snap-confine: revert, with comment, explicit unix deny for nested
++ lxd
++ - Disable mount-ns test on 16.04. It is too flaky currently.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 06 Dec 2019 14:10:56 +0100
++
++snapd (2.42.4-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1853244
++ - overlord/snapstate: make sure configuration defaults are applied
++ only once
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 28 Nov 2019 06:48:26 +0100
++
++snapd (2.42.3-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1853244
++ - overlord/snapstate: pick up system defaults when seeding the snapd
++ snap
++ - cmd/snap-update-ns: fix overlapping, nested writable mimic
++ handling
++ - interfaces: misc updates for u2f-devices, browser-support,
++ hardware-observe, et al
++ - tests: reset failing "fwupd-refresh.service" if needed
++ - tests/main/gadget-update-pc: use a program to modify gadget yaml
++ - snap-confine: suppress noisy classic snap file_inherit denials
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Nov 2019 12:41:07 +0100
++
++snapd (2.42.2-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1853244
++ - interfaces/lxd-support: Fix on core18
++ - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
++ 2.4.1 now
++ - snap-seccomp: add missing clock_getres_time64
++ - cmd/snap-seccomp/syscalls: update the list of known
++ syscalls
++ - sandbox/seccomp: accept build ID generated by Go toolchain
++ - interfaces: allow access to ovs bridge sockets
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 20 Nov 2019 08:09:15 +0100
++
++snapd (2.42.1-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1846181
++ - interfaces: de-duplicate emitted update-ns profiles
++ - packaging: tweak handling of usr.lib.snapd.snap-confine
++ - interfaces: allow introspecting network-manager on core
++ - tests/main/interfaces-contacts-service: disable on openSUSE
++ Tumbleweed
++ - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
++ - snap: fix default-provider in seed validation
++ - tests: update system-usernames test now that opensuse-15.1 works
++ - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
++ - gadget: rename "boot{select,img}" -> system-boot-{select,image}
++ - tests: listing test, make accepted snapd/core versions consistent
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Oct 2019 13:17:43 +0100
++
++snapd (2.42-1) unstable; urgency=medium
++
++ * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 01 Oct 2019 11:40:58 +0200
++
++snapd (2.41-1) unstable; urgency=medium
++
++ [ Michael Vogt ]
++ * New upstream release, LP: #1840740
++
++ [ Jamie Strandboge ]
++ * debian/control: Depends on apparmor >= 2.10.95-5 instead of
++ 2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have
++ all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 30 Aug 2019 08:53:57 +0200
++
++snapd (2.40-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Michael Vogt <mvo@debian.org> Tue, 23 Jul 2019 15:38:36 +0200
++
++snapd (2.39.3-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1827495
++ - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
++ - spread: run tests against openSUSE 15.1
++ - data/selinux: fix policy for snaps with bases and classic snaps
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 21 Jun 2019 09:06:01 +0200
++
++snapd (2.39.2-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1827495
++ - debian: rework how we run autopkgtests
++ - interfaces/docker-support: add overlayfs accesses for ubuntu core
++ - data/selinux: permit init_t to remount snappy_snap_t
++ - strutil/shlex: fix ineffassign
++ - packaging: fix build-depends on powerpc
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jun 2019 08:46:14 +0200
++
++snapd (2.39-1) unstable; urgency=medium
++
++ * New upstream release
++ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
++ fixed upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
++
++snapd (2.39.1-1) unstable; urgency=medium
++
++ * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 May 2019 12:08:43 +0200
++
++snapd (2.38-1) unstable; urgency=medium
++
++ * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 21 Mar 2019 11:02:04 +0100
++
++snapd (2.37.4-1) unstable; urgency=medium
++
++ * New upstream release
++ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
++ fixed upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 28 Feb 2019 18:21:26 +0100
++
++snapd (2.37.3-1) unstable; urgency=medium
++
++ * New upstream release
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 19 Feb 2019 13:46:24 +0100
++
++snapd (2.37.2-1) unstable; urgency=medium
++
++ * New upstream releease.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 07 Feb 2019 21:26:34 +1300
++
++snapd (2.37.1-1) unstable; urgency=medium
++
++ * New upstream release.
++ * d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch:
++ applied upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 29 Jan 2019 19:24:35 +0100
++
++snapd (2.37-3) unstable; urgency=medium
++
++ * Fix --no-arch-any build.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 16:11:17 +1300
++
++snapd (2.37-2) unstable; urgency=medium
++
++ * d/patches/0010-man-page-sections.patch: fix a couple of instances of the
++ lintian warning 'manpage-section-mismatch'.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Thu, 24 Jan 2019 09:52:09 +1300
++
++snapd (2.37-1) unstable; urgency=medium
++
++ [ Michael Hudson-Doyle ]
++ * New upstream version.
++ * d/control: make myself Maintainer, use my Debian address, update Vcs-* to
++ point to salsa.
++ * Add new build-dependencies.
++ * d/watch: update to download new upstream-provided no-vendor tarballs.
++ * d/patches: refresh/drop.
++ * d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse.
++ * d/patches/upstram-bolt.patch: use upstream version of boltdb.
++ * d/patches/systemd-activation-compat.patch: compatibility for the
++ newer go-systemd in debian
++
++ [ Ondřej Nový ]
++ * d/copyright: Use https protocol in Format field
++ * d/changelog: Remove trailing whitespaces
++
++ [ Zygmunt Krynicki ]
++ * Update unreleased package to 2.37
++ * Drop and recreate all patches
++ * Add patches for failing unit tests
++ * Reconcile packaging with snapd upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Tue, 22 Jan 2019 12:39:58 +0100
++
++snapd (2.30-5) unstable; urgency=medium
++
++ * Team upload.
++ * add fix-pkg-config-line.patch to fix FTBFS
++ * Set XS-Go-Import-Path
++
++ -- Michael Stapelberg <stapelberg@debian.org> Sat, 10 Feb 2018 23:18:15 +0100
++
++snapd (2.30-4) unstable; urgency=medium
++
++ * Fix Built-Using computation on Debian.
++ * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable
++ a flaky test.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 16 Jan 2018 13:02:31 +1300
++
++snapd (2.30-3) unstable; urgency=medium
++
++ * Fix arch builds again, sigh,
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 13:56:48 +1300
++
++snapd (2.30-2) unstable; urgency=medium
++
++ * Fix arch-all-only build. (Closes: 886431)
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 09 Jan 2018 10:48:20 +1300
++
++snapd (2.30-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Remove several patches:
++ - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
++ release.
++ - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
++ now implements a better solution to the problem.
++ - pb.v1-canonical-path.patch: applied upstream.
++ * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Fri, 05 Jan 2018 09:39:07 +1300
++
++snapd (2.28.5) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - snap-confine: cleanup broken nvidia udev tags
++ - cmd/snap-confine: update valid security tag regexp
++ - overlord/ifacestate: refresh udev backend on startup
++ - dbus: ensure io.snapcraft.Launcher.service is created on re-
++ exec
++ - snap-confine: add support for handling /dev/nvidia-modeset
++ - interfaces/network-control: remove incorrect rules for tun
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Oct 2017 23:25:46 +0200
++
++snapd (2.28.4) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - interfaces/opengl: don't udev tag nvidia devices and use snap-
++ confine instead
++ - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 19:40:57 +0200
++
++snapd (2.28.3) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - interfaces/lxd: lxd slot implementation can also be an app
++ snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 Oct 2017 08:20:26 +0200
++
++snapd (2.28.2) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - interfaces: fix udev rules for tun
++ - release,cmd,dirs: Redo the distro checks to take into account
++ distribution families
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 10 Oct 2017 18:39:58 +0200
++
++snapd (2.28.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - snap-confine: update apparmor rules for fedora based basesnaps
++ - snapstate: rename refresh hook to post-refresh for consistency
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Sep 2017 17:59:49 -0400
++
++snapd (2.28) xenial; urgency=medium
++
++ * New upstream release, LP: #1714984
++ - hooks: rename refresh to after-refresh
++ - snap-confine: bind mount /usr/lib/snapd relative to snap-confine
++ - cmd,dirs: treat "liri" the same way as "arch"
++ - snap-confine: fix base snaps on core
++ - hooks: substitute env vars when executing hooks
++ - interfaces: updates for default, browser-support, desktop, opengl,
++ upower and stub-resolv.conf
++ - cmd,dirs: treat manjaro the same as arch
++ - systemd: do not run auto-import and repair services on classic
++ - packaging/fedora: Ensure vendor/ is empty for builds and fix spec
++ to build current master
++ - many: fix TestSetConfNumber missing an Unlock and other fragility
++ improvements
++ - osutil: adjust StreamCommand tests for golang 1.9
++ - daemon: allow polkit authorisation to install/remove snaps
++ - tests: make TestCmdWatch more robust
++ - debian: improve package description
++ - interfaces: add netlink kobject uevent to hardware observe
++ - debian: update trusted account-keys check on 14.04 packaging
++ - interfaces/network-{control,observe}: allow receiving
++ kobject_uevent() messages
++ - tests: fix lxd test for external backend
++ - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
++ go1.7,ppc64
++ - corecfg: mock "systemctl" in all corecfg tests
++ - tests: fix unit tests on Ubuntu 14.04
++ - debian: add missing flags when building static snap-exec
++ - many: end-to-end support for the bare base snap
++ - overlord/snapstate: SetRootDir from SetUpTest, not in just some
++ tests
++ - store: have an ad-hoc method on cfg to get its list of uris for
++ tests
++ - daemon: let client decide whether to allow interactive auth via
++ polkit
++ - client,daemon,snap,store: add license field
++ - overlord/snapstate: rename HasCurrent to IsInstalled, remove
++ superfluous/misleading check from All
++ - cmd/snap: SetRootDir from SetUpTest, not in just some individual
++ tests.
++ - systemd: rename snap-repair.{service,timer} to snapd.snap-
++ repair.{service,timer}
++ - snap-seccomp: remove use of x/net/bpf from tests
++ - httputil: more naive per go version way to recreate a default
++ transport for tls reconfig
++ - cmd/snap-seccomp/main_test.go: add one more syscall for arm64
++ - interfaces/opengl: use == to compare, not =
++ - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
++ - cmd/snap-repair: track and use a lower bound for the time for
++ TLSÂ checks
++ - interfaces: expose bluez interface on classic OS
++ - snap-seccomp: add in-kernel bpf tests
++ - overlord: always try to get a serial, lazily on classic
++ - tests: add nmcli regression test
++ - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
++ - tests: add autopilot-introspection interface test
++ - vendor: fix artifact from manually editing vendor/vendor.json
++ - tests: rename complexion to test-snapd-complexion
++ - interfaces: add desktop and desktop-legacy
++ interfaces/desktop: add new 'desktop' interface for modern DEs
++ interfaces/builtin/desktop_test.go: use modern testing techniques
++ interfaces/wayland: allow read on /etc/drirc for Plasma desktop
++ interfaces/desktop-legacy: add new 'legacy' interface (currently
++ for a11y and input)
++ - tests: fix race in snap userd test
++ - devices/iio: add read/write for missing sysfs entries
++ - spread: don't set HTTPS?_PROXY for linode
++ - cmd/snap-repair: check signatures of repairs from Next
++ - env: set XDG_DATA_DIRS for wayland et.al.
++ - interfaces/{default,account-control}: Use username/group instead
++ of uid/gid
++ - interfaces/builtin: use udev tagging more broadly
++ - tests: add basic lxd test
++ - wrappers: ensure bash completion snaps install on core
++ - vendor: use old golang.org/x/crypto/ssh/terminal to build on
++ powerpc again
++ - docs: add PULL_REQUEST_TEMPLATE.md
++ - interfaces: fix network-manager plug
++ - hooks: do not error out when hook is optional and no hook handler
++ is registered
++ - cmd/snap: add userd command to replace snapd-xdg-open
++ - tests: new regex used to validate the core version on extra snaps
++ ass...
++ - snap: add new `snap switch` command
++ - tests: wait more and more debug info about fakestore start issues
++ - apparmor,release: add better apparmor detection/mocking code
++ - interfaces/i2c: adjust sysfs rule for alternate paths
++ - interfaces/apparmor: add missing call to dirs.SetRootDir
++ - cmd: "make hack" now also installs snap-update-ns
++ - tests: copy files with less verbosity
++ - cmd/snap-confine: allow using additional libraries required by
++ openSUSE
++ - packaging/fedora: Merge changes from Fedora Dist-Git
++ - snapstate: improve the error message when classic confinement is
++ not supported
++ - tests: add test to ensure amd64 can run i386 syscall binaries
++ - tests: adding extra info for fakestore when fails to start
++ - tests: install most important snaps
++ - cmd/snap-repair: more test coverage of filtering
++ - squashfs: remove runCommand/runCommandWithOutput as we do not need
++ it
++ - cmd/snap-repair: ignore superseded revisions, filter on arch and
++ models
++ - hooks: support for refresh hook
++ - Partial revert "overlord/devicestate, store: update device auth
++ endpoints URLs"
++ - cmd/snap-confine: allow reading /proc/filesystems
++ - cmd/snap-confine: genearlize apparmor profile for various lib
++ layout
++ - corecfg: fix proxy.* writing and add integration test
++ - corecfg: deal with system.power-key-action="" correctly
++ - vendor: update vendor.json after (presumed) manual edits
++ - cmd/snap: in `snap info`, don't print a newline between tracks
++ - daemon: add polkit support to /v2/login
++ - snapd,snapctl: decode json using Number
++ - client: fix go vet 1.7 errors
++ - tests: make 17.04 shellcheck clean
++ - tests: remove TestInterfacesHelp as it breaks when go-flags
++ changes
++ - snapstate: undo a daemon restart on classic if needed
++ - cmd/snap-repair: recover brand/model from
++ /var/lib/snapd/seed/assertions checking signatures and brand
++ account
++ - spread: opt into unsafe IO during spread tests
++ - snap-repair: update snap-repair/runner_test.go for API change in
++ makeMockServer
++ - cmd/snap-repair: skeleton code around actually running a repair
++ - tests: wait until the port is listening after start the fake store
++ - corecfg: fix typo in tests
++ - cmd/snap-repair: test that redirects works during fetching
++ - osutil: honor SNAPD_UNSAFE_IO for testing
++ - vendor: explode and make more precise our golang.go/x/crypto deps,
++ use same version as Debian unstable
++ - many: sanitize NewStoreStack signature, have shared default store
++ test private keys
++ - systemd: disable `Nice=-5` to fix error when running inside lxd
++ - spread.yaml: update delta ref to 2.27
++ - cmd/snap-repair: use E-Tags when refetching a repair to retry
++ - interfaces/many: updates based on chromium and mrrescue denials
++ - cmd/snap-repair: implement most logic to get the next repair to
++ run/retry in a brand sequence
++ - asserts/assertstest: copy headers in SigningDB.Sign
++ - interfaces: convert uhid to common interface and test cases
++ improvement for time_control and opengl
++ - many tests: move all panicing fake store methods to a common place
++ - asserts: add store assertion type
++ - interfaces: don't crash if content slot has no attributes
++ - debian: do not build with -buildmode=pie on i386
++ - wrappers: symlink completion snippets when symlinking binaries
++ - tests: adding more debug information for the interfaces-cups-
++ control …
++ - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
++ - many: allow and support serials signed by the 'generic' authority
++ instead of the brand
++ - corecfg: add proxy configuration via `snap set core
++ proxy.{http,https,ftp}=...`
++ - interfaces: a bunch of interfaces test improvement
++ - tests: enable regression and completion suites for opensuse
++ - tests: installing snapd for nested test suite
++ - interfaces: convert lxd_support to common iface
++ - interfaces: add missing test for camera interface.
++ - snap: add support for parsing snap layout section
++ - cmd/snap-repair: like for downloads we cannot have a timeout (at
++ least for now), less aggressive retry strategies
++ - overlord: rely on more conservative ensure interval
++ - overlord,store: no piles of return args for methods gathering
++ device session request params
++ - overlord,store: send model assertion when setting up device
++ sessions
++ - interfaces/misc: updates for unity7/x11, browser-
++ support, network-control and mount-observe
++ interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
++ interfaces/browser-support: update sysfs reads for
++ newer browser versions, interfaces/network-control: rw for
++ ieee80211 advanced wireless interfaces/mount-observe: allow read
++ on sysfs entries for block devices
++ - tests: use dnf --refresh install to avert stale cache
++ - osutil: ensure TestLockUnlockWorks uses supported flock
++ - interfaces: convert lxd to common iface
++ - tests: restart snapd to ensure re-exec settings are applied
++ - tests: fix interfaces-cups-control test
++ - interfaces: improve and tweak bunch of interfaces test cases.
++ - tests: adding extra worker for fedora
++ - asserts,overlord/devicestate: support predefined assertions that
++ don't establish foundational trust
++ - interfaces: convert two hardware_random interfaces to common iface
++ - interfaces: convert io_ports_control to common iface
++ - tests: fix for upgrade test on fedora
++ - daemon, client, cmd/snap: implement snap start/stop/restart
++ - cmd/snap-confine: set _FILE_OFFSET_BITS to 64
++ - interfaces: covert framebuffer to commonInterface
++ - interfaces: convert joystick to common iface
++ - interfaces/builtin: add the spi interface
++ - wrappers, overlord/snapstate/backend: make link-snap clean up on
++ failure.
++ - interfaces/wayland: add wayland interface
++ - interfaces: convert kvm to common iface
++ - tests: extend upower-observe test to cover snaps providing slots
++ - tests: enable main suite for opensuse
++ - interfaces: convert physical_memory_observe to common iface
++ - interfaces: add missing test for optical_drive interface.
++ - interfaces: convert physical_memory_control to common iface
++ - interfaces: convert ppp to common iface
++ - interfaces: convert time-control to common iface
++ - tests: fix failover test
++ - interfaces/builtin: rework for avahi interface
++ - interfaces: convert broadcom-asic-control to common iface
++ - snap/snapenv: document the use of CoreSnapMountDir for SNAP
++ - packaging/arch: drop patches merged into master
++ - cmd: fix mustUnsetenv docstring (thanks to Chipaca)
++ - release: remove default from VERSION_ID
++ - tests: enable regression, upgrade and completion test suites for
++ fedora
++ - tests: restore interfaces-account-control properly
++ - overlord/devicestate, store: update device auth endpoints URLs
++ - tests: fix install-hook test failure
++ - tests: download core and ubuntu-core at most once
++ - interfaces: add common support for udev
++ - overlord/devicestate: fix, don't assume that the serial is backed
++ by a 1-key chain
++ - cmd/snap-confine: don't share /etc/nsswitch from host
++ - store: do not resume a download when we already have the whole
++ thing
++ - many: implement "snap logs"
++ - store: don't call useDeltas() twice in quick succession
++ - interfaces/builtin: add kvm interface
++ - snap/snapenv: always expect /snap for $SNAP
++ - cmd: mark arch as non-reexecing distro
++ - cmd: fix tests that assume /snap mount
++ - gitignore: ignore more build artefacts
++ - packaging: add current arch packaging
++ - interfaces/unity7: allow receiving media key events in (at least)
++ gnome-shell
++ - interfaces/many, cmd/snap-confine: miscellaneous policy updates
++ - interfaces/builtin: implement broadcom-asic-control interface
++ - interfaces/builtin: reduce duplication and remove cruft in
++ Sanitize{Plug,Slot}
++ - tests: apply underscore convention for SNAPMOUNTDIR variable
++ - interfaces/greengrass-support: adjust accesses now that have
++ working snap
++ - daemon, client, cmd/snap: implement "snap services"
++ - tests: fix refresh tests not stopping fake store for fedora
++ - many: add the interface command
++ - overlord/snapstate/backend: some copydata improvements
++ - many: support querying and completing assertion type names
++ - interfaces/builtin: discard empty Validate{Plug,Slot}
++ - cmd/snap-repair: start of Runner, implement first pass of Peek
++ and Fetch
++ - tests: enable main suite on fedora
++ - snap: do not always quote the snap info summary
++ - vendor: update go-flags to address crash in "snap debug"
++ - interfaces: opengl support pci device and vendor
++ - many: start implenting "base" snap type on the snapd side
++ - arch,release: map armv6 correctly
++ - many: expose service status in 'snap info'
++ - tests: add browser-support interface test
++ - tests: disable snapd-notify for the external backend
++ - interfaces: Add /run/uuid/request to openvswitch
++ - interfaces: add password-manager-service implicit classic
++ interface
++ - cmd: rework reexec detection
++ - cmd: fix re-exec bug when starting from snapd 2.21
++ - tests: dependency packages installed during prepare-project
++ - tests: remove unneeded check for re-exec in InternalToolPath()
++ - cmd,tests: fix classic confinement confusing re-execution code
++ - store: configurable base api
++ - tests: fix how package lists are updated for opensuse and fedora
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 25 Sep 2017 12:07:34 -0400
++
++snapd (2.27.6-2) unstable; urgency=medium
++
++ * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch
++ to fix FTBFS with Go 1.9. (Closes: #876867)
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org> Tue, 26 Sep 2017 13:41:53 -0400
++
++snapd (2.27.6-1) unstable; urgency=medium
++
++ * New upstream release, LP: #1703798:
++ - interfaces: add udev netlink support to hardware-observe
++ - interfaces/network-{control,observe}: allow receiving
++ kobject_uevent() messages
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Fri, 08 Sep 2017 00:03:18 +0200
++
++snapd (2.27.5-1) unstable; urgency=medium
++
++ * New upstream release.
++ - interfaces: fix network-manager plug regression
++ - hooks: do not error when hook handler is not registered
++ - interfaces/alsa,pulseaudio: allow read on udev data for sound
++ - interfaces/optical-drive: read access to udev data for /dev/scd*
++ - interfaces/browser-support: read on /proc/vmstat and misc udev data
++
++ -- Zygmunt Krynicki <me@zygoon.pl> Thu, 31 Aug 2017 10:11:20 +0200
++
++snapd (2.27.4-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Enable seccomp.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 24 Aug 2017 22:12:52 +1200
++
++snapd (2.27.2-2) unstable; urgency=medium
++
++ * Fix re-exec test failure.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:37:47 +1200
++
++snapd (2.27.2-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Stop using single-debian-patch, split delta into separate patches.
++ * Allow confining snap-confine even when --disable-apparmor is used.
++ * Pass --enable-static-libcap to cmd/configure, as was always the intention.
++ * Disable re-exec on Debian until core snap can cope with a partial apparmor
++ implementation. (Closes: #851473)
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Fri, 18 Aug 2017 11:00:31 +1200
++
++snapd (2.27.1-1) unstable; urgency=medium
++
++ * New upstream release. (Closes: #868959, #869268, #872071)
++ * New changes to upstream sources:
++ - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of
++ golang/x/net.
++ - Use upstream version of libseccomp-golang.
++ * Do not install ancient ubuntu-core-launcher symlink.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 14 Aug 2017 21:53:09 +1200
++
++snapd (2.27.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1703798:
++ - tests: use dnf --refresh install to avert stale cache
++ - tests: fix test failure on 14.04 due to old version of
++ flock
++ - updates for unity7/x11, browser-support, network-control,
++ mount-observe
++ - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
++ - interfaces/browser-support: update sysfs reads for
++ newer browser versions
++ - interfaces/network-control: rw for ieee80211 advanced wireless
++ - interfaces/mount-observe: allow read on sysfs entries for block
++ devices
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 14 Aug 2017 08:02:17 +0200
++
++snapd (2.27) xenial; urgency=medium
++
++ * New upstream release, LP: #1703798
++ - fix build failure on 32bit fedora
++ - interfaces: add password-manager-service implicit classic interface
++ - interfaces/greengrass-support: adjust accesses now that have working
++ snap
++ - interfaces/many, cmd/snap-confine: miscellaneous policy updates
++ - interfaces/unity7: allow receiving media key events in (at least)
++ gnome-shell
++ - cmd: fix re-exec bug when starting from snapd 2.21
++ - tests: restore interfaces-account-control properly
++ - cmd: fix tests that assume /snap mount
++ - cmd: mark arch as non-reexecing distro
++ - snap-confine: don't share /etc/nsswitch from host
++ - store: talk to api.snapcraft.io for purchases
++ - hooks: support for install and remove hooks
++ - packaging: fix Fedora support
++ - tests: add bluetooth-control interface test
++ - store: talk to api.snapcraft.io for assertions
++ - tests: remove snapd before building from branch
++ - tests: add avahi-observe interface test
++ - store: orders API now checks if customer is ready
++ - cmd/snap: snap find only searches stable
++ - interfaces: updates default, mir, optical-observe, system-observe,
++ screen-inhibit-control and unity7
++ - tests: speedup prepare statement part 1
++ - store: do not send empty refresh requests
++ - asserts: fix error handling in snap-developer consistency check
++ - systemd: add explicit sync to snapd.core-fixup.sh
++ - snapd: generate snap cookies on startup
++ - cmd,client,daemon: expose "force devmode" in sysinfo
++ - many: introduce and use strutil.ListContains and also
++ strutil.SortedListContains
++ - assserts,overlord/assertstate: test we don't accept chains of
++ assertions founded on a self-signed key coming externally
++ - interfaces: enable access to bridge settings
++ - interfaces: fix copy-pasted iio vs io in io-ports-control
++ - cmd/snap-confine: various small fixes and tweaks to seccomp
++ support code
++ - interfaces: bring back seccomp argument filtering
++ - systemd, osutil: rework systemd logs in preparation for services
++ commands
++ - tests: store /etc/systemd/system/snap-*core*.mount in snapd-
++ state.tar.gz
++ - tests: shellcheck improvements for tests/main tasks - first set of
++ tests
++ - cmd/snap: `--last` for abort and watch, and aliases
++ (search→find, change→tasks)
++ - tests: shellcheck improvements for tests/lib scripts
++ - tests: create ramdisk if it's not present
++ - tests: shellcheck improvements for nightly upgrade and regressions
++ tests
++ - snapd: fix for snapctl get panic on null config values.
++ - tests: fix for rng-tools service not restarting
++ - systemd: add snapd.core-fixup.service unit
++ - cmd: avoid using current symlink in InternalToolPath
++ - tests: fix timeout issue for test refresh core with hanging …
++ - intefaces: control bridged vlan/ppoe-tagged traffic
++ - cmd/snap: include snap type in notes
++ - overlord/state: Abort() only visits each task once
++ - tests: extend find-private test to cover more cases
++ - snap-seccomp: skip socket() tests on systems that use socketcall()
++ instead of socket()
++ - many: support snap title as localized/title-cased name
++ - snap-seccomp: deal with mknod on aarch64 in the seccomp tests
++ - interfaces: put base policy fragments inside each interface
++ - asserts: introduce NewDecoderWithTypeMaxBodySize
++ - tests: fix snapd-notify when it takes more time to restart
++ - snap-seccomp: fix snap-seccomp tests in artful
++ - tests: fix for create-key task to avoid rng-tools service ramains
++ alive
++ - snap-seccomp: make sure snap-seccomp writes the bpf file
++ atomically
++ - tests: do not disable ipv6 on core systems
++ - arch: the kernel architecture name is armv7l instead of armv7
++ - snap-confine: ensure snap-confine waits some seconds for seccomp
++ security profiles
++ - tests: shellcheck improvements for tests/nested tasks
++ - wrappers: add SyslogIdentifier to the service unit files.
++ - tests: shellcheck improvements for unit tasks
++ - asserts: implement FindManyTrusted as well
++ - asserts: open up and optimize Encoder to help avoiding unnecessary
++ copying
++ - interfaces: simplify snap-confine by just loading pre-generated
++ bpf code
++ - tests: restart rng-tools services after few seconds
++ - interfaces, tests: add mising dbus abstraction to system-observe
++ and extend spread test
++ - store: change main store host to api.snapcraft.io
++ - overlord/cmdstate: new package for running commands as tasks.
++ - spread: help libapt resolve installing libudev-dev
++ - tests: show the IP from .travis.yaml
++ - tests/main: use pkgdb function in more test cases
++ - cmd,daemon: add debug command for displaying the base policy
++ - tests: prevent quoting error on opensuse
++ - tests: fix nightly suite
++ - tests: add linode-sru backend
++ - snap-confine: validate SNAP_NAME against security tag
++ - tests: fix ipv6 disable for ubuntu-core
++ - tests: extend core-revert test to cover bluez issues
++ - interfaces/greengrass-support: add support for Amazon Greengrass
++ as a snap
++ - asserts: support timestamp and optional disabled header on repair
++ - tests: reboot after upgrading to snapd on the -proposed pocket
++ - many: fix test cases to work with different DistroLibExecDir
++ - tests: reenable help test on ubuntu and debian systems
++ - packaging/{opensuse,fedora}: allow package build with testkeys
++ included
++ - tests/lib: generalize RPM build support
++ - interfaces/builtin: sync connected slot and permanent slot snippet
++ - tests: fix snap create-key by restarting automatically rng-tools
++ - many: switch to use http numeric statuses as agreed
++ - debian: add missing Type=notify in 14.04 packaging
++ - tests: mark interfaces-openvswitch as manual due to prepare errors
++ - debian: unify built_using between the 14.04 and 16.04 packaging
++ branch
++ - tests: pull from urandom when real entropy is not enough
++ - tests/main/manpages: install missing man package
++ - tests: add refresh --time output check
++ - debian: add missing "make -C data/systemd clean"
++ - tests: fix for upgrade test when it is repeated
++ - tests/main: use dir abstraction in a few more test cases
++ - tests/main: check for confinement in a few more interface tests
++ - spread: add fedora snap bin dir to global PATH
++ - tests: check that locale-control is not present on core
++ - many: snapctl outside hooks
++ - tests: add whoami check
++ - interfaces: compose the base declaration from interfaces
++ - tests: fix spread flaky tests linode
++ - tests,packaging: add package build support for openSUSE
++ - many: slight improvement of some snap error messaging
++ - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
++ err reports
++ - tests: fix for the test postrm-purge
++ - tests: restoring the /etc/environment and service units config for
++ each test
++ - daemon: make snapd a "Type=notify" daemon and notify when startup
++ is done
++ - cmd/snap-confine: add support for --base snap
++ - many: derive implicit slots from interface meta-data
++ - tests: add core revert test
++ - tests,packaging: add package build support for Fedora for our
++ spread setup
++ - interfaces: move base declaration to the policy sub-package
++ - tests: fix for snapd-reexec test cheking for restart info on debug
++ log
++ - tests: show available entropy on error
++ - tests: clean journalctl logs on trusty
++ - tests: fix econnreset on staging
++ - tests: modify core before calling set
++ - tests: add snap-confine privilege test
++ - tests: add staging snap-id
++ - interfaces/builtin: silence ptrace denial for network-manager
++ - tests: add alsa interface spread test
++ - tests: prefer ipv4 over ipv6
++ - tests: fix for econnreset test checking that the download already
++ started
++ - httputil,store: extract retry code to httputil, reorg usages
++ - errtracker: report if snapd did re-execute itself
++ - errtracker: include bits of snap-confine apparmor profile
++ - tests: take into account staging snap-ids for snap-info
++ - cmd: add stub new snap-repair command and add timer
++ - many: stop "snap refresh $x --channel invalid" from working
++ - interfaces: revert "interfaces: re-add reverted ioctl and quotactl
++ - snapstate: consider connect/disconnect tasks in
++ CheckChangeConflict.
++ - interfaces: disable "mknod |N" in the default seccomp template
++ again
++ - interfaces,overlord/ifacestate: make sure installing slots after
++ plugs works similarly to plugs after slots
++ - interfaces/seccomp: add bind() syscall for forced-devmode systems
++ - packaging/fedora: Sync packaging from Fedora Dist-Git
++ - tests: move static and unit tests to spread task
++ - many: error types should be called FooError, not ErrFoo.
++ - partition: add directory sync to the save uboot.env file code
++ - cmd: test everything (100% coverage \o/)
++ - many: make shell scripts shellcheck-clean
++ - tests: remove additional setup for docker on core
++ - interfaces: add summary to each interface
++ - many: remove interface meta-data from list of connections
++ - logger (& many more, to accommodate): drop explicit syslog.
++ - packaging: import packaging bits for opensuse
++ - snapstate,many: implement snap install --unaliased
++ - tests/lib: abstract build dependency installation a bit more
++ - interfaces, osutil: move flock code from interfaces/mount to
++ osutil
++ - cmd: auto import assertions only from ext4,vfat file systems
++ - many: refactor in preparation for 'snap start'
++ - overlord/snapstate: have an explicit code path last-refresh
++ unset/zero => immediately refresh try
++ - tests: fixes for executions using the staging store
++ - tests: use pollinate to seed the rng
++ - cmd/snap,tests: show the sha3-384 of the snap for snap info
++ --verbose SNAP-FILE
++ - asserts: simplify and adjust repair assertion definition
++ - cmd/snap,tests: show the snap id if available in snap info
++ - daemon,overlord/auth: store from model assertion wins
++ - cmd/snap,tests/main: add confinement switch instead of spread
++ system blacklisting
++ - many: cleanup MockCommands and don't leave a process around after
++ hookstate tests
++ - tests: update listing test to the core version number schema
++ - interfaces: allow snaps to use the timedatectl utility
++ - packaging: Add Fedora packaging files
++ - tests/libs: add distro_auto_remove_packages function
++ - cmd/snap: correct devmode note for anomalous state
++ - tests/main/snap-info: use proper pkgdb functions to install distro
++ packages
++ - tests/lib: use mktemp instead of tempfile to work cross-distro
++ - tests: abstract common dirs which differ on distributions
++ - many: model and expose interface meta-data.
++ - overlord: make config defaults from gadget work also at first boot
++ - interfaces/log-observe: allow using journalctl from hostfs for
++ classic distro
++ - partition,snap: add support for android boot
++ - errtracker: small simplification around readMachineID
++ - snap-confine: move rm_rf_tmp to test-utils.
++ - tests/lib: introduce pkgdb helper library
++ - errtracker: try multiple paths to read machine-id
++ - overlord/hooks: make sure only one hook for given snap is executed
++ at a time.
++ - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
++ confinement env
++ - tests: bump kill-timeout and remove quiet call on build
++ - tests/lib/snaps: add a test store snap with a passthrough
++ configure hook
++ - daemon: teach the daemon to wait on active connections when
++ shutting down
++ - tests: remove unit tests task
++ - tests/main/completion: source from /usr/share/bash-completion
++ - assertions: add "repair" assertion
++ - interfaces/seccomp: document Backend.NewSpecification
++ - wrappers: make StartSnapServices cleanup any services that were
++ added if a later one fails
++ - overlord/snapstate: avoid creating command aliases for daemons
++ - vendor: remove unused packages
++ - vendor,partition: fix panics from uenv
++ - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
++ core if possible
++ - daemon: do not allow to install ubuntu-core anymore
++ - wrappers: service start/stop were inconsistent
++ - tests: fix failing tests (snap core version, syslog changes)
++ - cmd/snap-update-ns: add actual implementation
++ - tests: improve entropy also for ubuntu
++ - cmd/snap-confine: use /etc/ssl from the core snap
++ - wrappers: don't convert between []byte and string needlessly.
++ - hooks: default timeout
++ - overlord/snapstate: Enable() was ignoring the flags from the
++ snap's state, resulting in losing "devmode" on disable/enable.
++ - difs,interfaces/mount: add support for locking namespaces
++ - interfaces/mount: keep track of kept mount entries
++ - tests/main: move a bunch of greps over to MATCH
++ - interfaces/builtin: make all interfaces private
++ - interfaces/mount: spell unmount correctly
++ - tests: allow 16-X.Y.Z version of core snap
++ - the timezone_control interface only allows changing /etc/timezone
++ and /etc/writable/timezone. systemd-timedated also updated the
++ link of /etc/localtime and /etc/writable/localtime ... allow
++ access to this file too
++ - cmd/snap-confine: aggregate operations holding global lock
++ - api, ifacestate: resolve disconnect early
++ - interfaces/builtin: ensure we don't register interfaces twice
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Aug 2017 12:43:16 +0200
++
++snapd (2.26.14) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - cmd: fix incorrect re-exec when starting from snapd 2.21
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 20 Jul 2017 13:52:05 +0200
++
++snapd (2.26.13) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - cmd,tests: fix classic confinement confusing re-execution code
++ - cmd: fix incorrect check check for re-exec in InternalToolPath()
++ - snap-seccomp: add secondary arch for unrestricted snaps as well
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 18 Jul 2017 20:34:33 +0200
++
++snapd (2.26.10) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 17 Jul 2017 11:58:22 +0200
++
++snapd (2.26.9) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - statically link libseccomp in snap-seccomp to fix refresh issue
++ on trusty
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Jul 2017 08:27:14 +0200
++
++snapd (2.26.8) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
++ - add snapd.core-fixup.service unit
++ - ensure re-exec uses the right internal tools
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 05 Jul 2017 07:48:22 +0200
++
++snapd (2.26.6) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - interfaces: allow snaps to use the timedatectl utility in
++ time-control
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 27 Jun 2017 08:36:23 +0100
++
++snapd (2.26.5) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - backport of seccomp-bpf branch to the 2.26 release to ensure snap
++ revert with new seccomp syntax works correctly
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 26 Jun 2017 15:30:15 +0100
++
++snapd (2.26.4) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - partly revert aace15ab53 to unbreak core reverts
++ - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
++ - Disable "mknod |N" in the default seccomp template
++ reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
++ - errtracker: include bits of snap-confine apparmor profile
++ - errtracker: report if snapd did re-execute itself
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Jun 2017 18:50:52 +0200
++
++snapd (2.26.3) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
++ sure the image tests are updated for the changes in the
++ `snap info core` output and the removal of the rsyslog
++ package from core.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 17 May 2017 11:31:56 +0200
++
++snapd (2.26.2) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - cherry pick d444728 to make the uboot.env file parsing more
++ robust
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 16 May 2017 18:37:07 +0200
++
++snapd (2.26.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - store: fix panic error in auth
++ - tests: the new ubuntu-image snap needs classic confinement, adjust
++ tests
++ - cmd/snap-confine: don't fail on pre 3.8 kernel
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 21:44:27 +0200
++
++snapd (2.26) xenial; urgency=medium
++
++ * New upstream release, LP: #1690083
++ - timeutil: avoid panicking when the window is very small
++ - image: fix go vet issue
++ - overlord/ifacestate: don't spam logs with harmless auto-connect
++ messages
++ - interfaces/builtin: add network-status interface
++ - interfaces/builtin: add online-accounts-service interface
++ - interfaces/builtin: distribute code of touching allInterfaces
++ - interfaces: API additions for interface hooks
++ - interfaces/builtin: add storage-framework-service interface
++ - tests: disable create-key test on ppc64el for artful (expect not
++ working)
++ - snap: make `snap prepare-image --extra-snaps` derive side info
++ - tests: unify tests/{main/completion,completion}/lib.exp0
++ - cmd/snap: tweak info channels output
++ - interfaces: ensure that legacy interface methods are unused
++ - packaging: cleanup how built-using is generated
++ - tests: extend kernel-module-control interface test
++ - interfaces/network: workaround Go's need for NETLINK_ROUTE with
++ 'net'.
++ - cmd/snap-confine: use defensive argument parser
++ - tests: add test for empty snap name on revert
++ - overlord/hookstate: remove unused Context.timeout
++ - tests: additional setup in docker test for core systems
++ - configstate: return error if patch is invalid
++ - interfaces: add random interface
++ - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
++ - cmd/snap, client: add "whoami" command
++ - cmd/snap: iterate interface tab completion
++ - snap: move locale-control to only be present on classic
++ - interfaces/browser-support: deny read on squashfs backing files
++ and LVM vg names
++ - tests: wait for the docker socket to be listening
++ - snap: add `snap refresh --time` option
++ - tests: re-enable and moderninze /media sharing test
++ - cmd: make rst2man optional
++ - tests: remove quoting from [[ ]] when globs
++ - interfaces: allow plugging DBus clients to introspect the slot
++ service
++ - packaging/ubuntu*/changelog: drop extra dash
++ - snap-confine: init the ENTRY variable, coverity is unhappy
++ otherwise
++ - cmd/snap-confine/spread-tests: discard useless --version test
++ - spread: add spread target qemu:debian-9-64
++ - interfaces: mediate netlink sockets via seccomp
++ - tests,cmd/snap-confine: port older snapd-discard-ns tests
++ - cmd/snap-confine/tests: fix shellcheck on recently added files
++ - tests/upgrade: force install core snap from beta for debian
++ - overlord/snapstate/backend,interfaces/mount: move ns management
++ code.
++ - tests: extend network-control spread test to cope with network
++ namespaces
++ - tests: fail early in the spread suite if trying to run it inside a
++ container
++ - tests: set ownership of $PROJECT_PATH for the external backend
++ - tests: specify the auto-refreshable snap being tested
++ - many: fix tests with go1.8 / artful
++ - fix for tests: debian does not have /snap/bin in secure_path so
++ sudo
++ - snap: support for snap tasks --last=...
++ - cmd/snap-confine: remove obsolete debug message
++ - address review feedback, add a lot of comments :-), call
++ shellcheck on the completion scripts, fix a bug in compopt
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 May 2017 10:05:44 +0200
++
++snapd (2.25) xenial; urgency=medium
++
++ * New upstream release, LP: #1686713
++ - interfaces/default: allow mknod for regular files, pipes and
++ sockets
++ - many: use "SNAP.APP as ALIAS" instead of => when listing
++ added/removed aliases
++ - cmd/snap-confine: write current mount profile
++ - cmd/snap-discard-ns: remove current profile when cleaning up
++ - many: support debian in our CI
++ - tests: tweak time for econnreset test a bit more
++ - cmd/snap-confine: re-enable re-assciate fix for CE
++ - many: aliases v2 cleanups
++ - cmd/snap-confine: don't use apparmor if it is disabled on boot
++ - many: implement `snap prefer <snap>` (aliases v2)
++ - many: adjust /aliases and "snap aliases" to aliases v2, also some
++ cleanup
++ - snapstate: normalize gadget defaults
++ - many: allow core refresh.schedule setting
++ - many: show alias changes on snap alias/unalias (aliases v2)
++ - client,cmd/snap: improve messaging on --devmode and --classic
++ - many: implement `snap unalias <alias-or-snap>` (aliases v2)
++ - store: retry on connection reset
++ - interfaces/mount: add Change.Perform
++ - tests: add openvswitch interface spread test
++ - interfaces/i2c: allow modifying device-specific sysfs entries
++ - interfaces: allow writing to /run/systemd/journal/stdout by
++ default
++ - tests: ensure travis fails early if static checks fail
++ - store,daemon: make store interpret channel="" as stable in most
++ cases
++ - overlord/snapstate: make UpdateAliases idempotent, simplify the
++ backend interface bits for aliases not used anymore (aliases v2)
++ - many: implement snap alias <snap.app> <alias> (aliases v2)
++ - snap-confine: add code to ensure that / or /snap is mounted
++ "shared"
++ - many: show available "tracks" in `snap info`
++ - cmd/snap: make users Xauthority file available in snap environment
++ - interfaces/mount: write current fstab files with mode 0644
++ - overlord: switch to aliases v2 tasks for install/refresh etc ops
++ plus transition
++ - tests: parameterize gadget snap channel (#3117)
++ - tests: copy .real profile as .real
++ - tests: add empty initrd failover test
++ - many: mount squashfs as read-only
++ - cmd: make locking around namespaces explicit
++ - tests: address review comments from #3186
++ - tests: add dbus interface spread test
++ - interfaces/mount: add ReadMountInfo and LoadMountInfo
++ - snap: require snap name for 'revert'
++ - overlord: maintain per-revision snapshots of snap configuration
++ - tests: relax network-bind interface regexps
++ - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
++ - store: retry once on hashsum mismatches in a Download()
++ - interfaces/builtin: don't panic if content plug has nil attrs
++ - interfaces/mount: pass mount.Profile to mount.NeededChanges
++ - packaging: add `built-using` header for 16.04 packaging
++ - interfaces: add media-hub interface
++ - interfaces/builtin: allow full access to properties iface of the
++ udisks service
++ - tests: handle case when both .real and plain are present
++ - interfaces/mount: add Change.String for readable output
++ - tests: ensure we mock force dev mode as well to fix FTBFS in
++ sbuild
++ - store: add more logs around retry in download
++ - interfaces/mount: add stub Change.{Needed,Perform}
++ - tests: allow installing snapd from -proposed for SRU validation
++ - interfaces/mount: parse mount options to map[string]string
++ - snap: added tasks subcommand
++ - tests: copy snap-confine apparmor profile into testbed
++ - interfaces/mount: improve go identifier names of mountinfo, parse
++ optional fields
++ - Arch Linux wants to respect FHS
++ (https://bugs.archlinux.org/task/53656),
++ - daemon: do not set RemoveSnapPath flag when doing a try
++ - debian: add maintscript helper to remove usr.lib.snapd.snap-
++ confine in snap-confine
++ - cmd/snap-confine: don't use plain "classic" term
++ - cmd/snap-confine: set TMPDIR and TEMPDIR each time
++ - many: fixes for `go vet` in go 1.7
++ - tests: add kernel-module-control interface test
++ - overlord/snapstate: introduce tasks for aliases v2 semantics with
++ temporary names for now (aliases v2)
++ - overlord/devicestate: switch to ssh-keygen for device key
++ generation
++ - snap: skip /dev/ram from auto-import assertions to make it less
++ noisy (#3010)
++ - interfaces: add kubernetes-support interface and adjust related
++ interfaces (LP: #1664638)
++ - tests: download previous snapd package from published versions
++ instead of specific PPA
++ - snap: run snap-confine from core if snap is also running from core
++ - overlord/ifacestate: automatically rename connections on core snap
++ - many: break the /aliases mutation API with a clean 400 (aliases
++ v2)
++ - interfaces/builting: allow read-only access to /sys/module
++ - tests: add extra test after the core transition for snap get/set
++ core
++ - store: misc cleanups in tests
++ - interfaces/mount: add parser for mountinfo entries
++ - store: tests for unexpected EOF
++ - tests: fix unity test
++ - interfaces,overlord: log interface auto-connection failures
++ - cmd/snap-update-ns: add C preamble for setns
++ - interfaces: validate plug/slot uniqueness
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 28 Apr 2017 07:57:49 +0200
++
++snapd (2.24.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1681799:
++ - fix autopkgtest failures with stable core snap
++ - ensure the snap-confine transitional package cleans up
++ the no-longer-used apparmor profile to fix the kernels
++ autopkgtest failures
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 19 Apr 2017 11:54:33 +0200
++
++snapd (2.24) xenial; urgency=medium
++
++ * New upstream release, LP: #1681799:
++ - interfaces/mount: add InfoEntry type
++ - many: fix plug auto-connect during core transition
++ - interfaces: fold network bind into core support with tests
++ - .travis.yml: add option to make raw log less noisy
++ - interfaces: adjust shm accesses to use 'm' for updated mmap kernel
++ mediation
++ - many: rename two core plugs that clash with slot names
++ - snap-confine,browser-support: /dev/tty for snap-confine, misc
++ browser-support for gnome-shell
++ - store: add download test with EOF in the middle
++ - tests: adjust to look for network-bind-plug
++ - store: make hash error message more accurate
++ - overlord/snapstate: simplify AliasesStatus down to just an
++ AutoAliasesDisabled bool flag (aliases v2)
++ - errtracker: never send errtracker reports when running under
++ SNAPPY_TESTING
++ - interfaces/repo: validate slot/plug names
++ - daemon: Give the snap directories via GET /v2/system-info
++ - interfaces/unity7: support unity messaging menu
++ - interfaces/mount: add high-level Profile functions
++ - git: ignore only the cmd/Makefile{,.in}
++ - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
++ support
++ - daemon: add desktop file location for app to the API
++ - overlord,release: disable classic snap support when not possible
++ - overlord: fix TestEnsureLoopPrune not to be so racy
++ - many: abstract path to /bin/{true,false}
++ - data/systemd: tweak data/systemd/Makefile to be slightly simpler
++ - store: handle EOF via url.Error check
++ - packaging: use templates for relevant systemd units
++ - tests: run gccgo only on ubuntu-16.04-64
++ - .travis.yml: remove travis matrix and do a single sequential run
++ - overlord/state: make sure that setting to nil a state key is
++ equivalent to deleting it
++ - tests: fix incorrect shell expression
++ - interfaces/mount: add OptsToFlags for converting arguments to
++ syscall…
++ - interfaces: add a joystick interface
++ - tests: enable docker test for more ubuntu-core systems
++ - tests: download and install additional dependencies when using
++ prepackaged snapd
++ - many: add support for partially static builds
++ - interfaces: allow slot to introspect dbus-daemon in dbus
++ interface, allow /usr/bin/arch by default
++ - interfaces/mount: fix golint issues
++ - interfaces/mount: add function for saving fstab-like file
++ - osutil: introducing GetenvInt64, like GetenvBool but Int64er.
++ - interfaces: drop udev tagging from framebuffer interface
++ - snapstate: more helpers to work with aliases state (aliases
++ v2)
++ - interfaces/mount: add function for parsing fstab-like file
++ - cmd: disable the re-associate fix as requested by jdstrand
++ - overlord/snapstate: unlock/relock the state less, especially not
++ across mutating the SnapState of a snap
++ - interfaces: allow executing ld.so (needed with new AppArmor base
++ abstraction)
++ - interfaces/mount: add function for parsing mount entries
++ - cmd: rework header check for xfs/xqm.h
++ - cmd: add poky to the list of distros which don't support reexec
++ - overlord: finish reorg, revert "be more conservative until we have
++ cut 2.23.x"
++ - cmd: select what socket to use in cmd/snap{,ctl}
++ - overlord: remove snap config values when snap is removed
++ - snapstate: introduce helper to apply to disk a alias states change
++ for a snap (aliases v2)
++ - configstate,hookstate: timeout the configure hook after 5 mins,
++ report failures to the errtracker
++ - interfaces/seccomp: add bind as part of the default seccomp policy
++ for hooks
++ - cmd: discard the C implementation of snap-update-ns
++ - tests: remove stale apt proxy leftover from cloud-init
++ - tests: move unity test to nightly suite
++ - interfaces: add support for location-observe for
++ dbus::ObjectManager session paths
++ - boot: log error in KernelOrOsRebootRequired
++ - interfaces: remove old API
++ - interfaces: use udev spec
++ - interfaces: convert systemd backend to new APIs
++ - osutil: add BootID
++ - tests: move docker test to new nightly suite
++ - interfaces/mount: compute mount changes required to transition
++ mount profiles
++ - data/selinux: add context definition for snapctl
++ - overlord: clean up organization under state packages
++ - overlord: make sure all managers packages have *state.go with the
++ main state manipulation/query APIs
++ - interfaces: use spec in the dbus backend
++ - store: download from authenticated URL if there is a device
++ session set
++ - tests: remove core_name variable
++ - interfaces: rename thumbnailer to thumbnailer-service
++ - interfaces: add chroot to base templates
++ - asserts: remove some unused things
++ - systemd: mount the squashfs with nodev
++ - overlord: when shutting down assume errors might be due to
++ cancellation so retry
++ - cmd: rename all unit tests to $command/unit-test
++ - cmd/snap: fix help string for version command
++ - asserts: don't allow revocations with other items for the same
++ developer
++ - tests: skip lp-1644439 test on older kernels
++ - interfaces: allow "sync" to be used by core support
++ - assertstate,snapstate: have assertstate.AutoAliases use the
++ "aliases" header
++ - interfaces: allow writing config.txt.tmp in the core-support
++ interface
++ - tests: adjust network-bind test
++ - interfaces: dbus backend spec
++ - asserts: introduce a snap-declaration "aliases" header to list
++ auto aliases with explicit targets
++ - cmd: enable large file support
++ - cmd/snap: handle missing snap-confine
++ - cmd/snap-confine: re-associate with pid-1 mount namespace if
++ required
++ - cmd/libsnap: make mountinfo structures public
++ - tests: fix interfaces-cups-control for zesty
++ - misc: revert "Log if the system goes into ForceDevMode"
++ - interfaces: seccomp tests cleanup
++ - cmd: validate SNAP_NAME
++ - interfaces: log if the system goes into ForceDevMode
++ - tests: fix classic-ubuntu-core-transition race
++ - interfaces: use apparmor spec in the apparmor backend
++ - interfaces: alphabetize framebuffer in base decl and add it to
++ all_test.go
++ - tests: add ubuntu-core-16-32 system to the external backend and
++ fix docker test
++ - cmd/libsnap: simplify sc_string_quote default case
++ - osutil: fix double expand in environment map code and add test
++ - interfaces: extend location-control out-of-process provider
++ support
++ - cmd/snap-update-ns: use bidirectional lists for mount entries
++ - tests: prevent automatic transition before setting the initial
++ state of the test
++ - release: detect if we are in ForcedDevMode by inspecting the
++ kernel
++ - tests: add core-snap-refresh test
++ - interfaces: add maliit input method interface
++ - interfaces: seccomp spec API tweaks for better tests
++ - interfaces: updates for mir-kiosk in browser-support, mir, opengl,
++ unity7
++ - testutils: address review feedback from PR#2997
++ - tests: specify the core version to be unsquashfs'ed in the
++ failover tests
++ - interfaces: use MockInfo in tests
++ - cmd/libsnap: add sc_quote_string
++ - cmd/snap-confine: use sc_do_umount everywhere
++ - interfaces: add unity8 plug permissions
++ - timeutil: a few helpers for the recurring events
++ - asserts: implement snap-developer type
++ - partition: deal with grub{,2}-editenv in tests
++ - many: add new (hidden) `snap debug ensure-state-soon` command and
++ use in tests
++ - interfaces/builtin: small refactor of dbus tests
++ - packaging, tests: use "systemctl list-unit-files --full"
++ everywhere
++ - many: some opensuse patches that are ready to go into master
++ - packaging: add opensuse permissions files
++ - client, daemon: move "snap list" name filtering into snapd.
++ - interfaces: use seccomp specs
++ - overlord/snapstate: small cleanup of
++ ensureForceDevmodeDropsDevmodeFromState
++ - interfaces/builtin/alsa: add read access to alsa state dir
++ - interfaces: use spec in kmod backend, updated firewall_control,
++ openvswitch_support, ppp
++ - cmd/snap-confine: use sc_do_mount everywhere
++ - tests: remove workaround for docker again, snap-declaration is
++ fixed now
++ - interfaces: interface to allow autopilot introspection
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 11 Apr 2017 13:31:46 +0200
++
++snapd (2.23.6) xenial; urgency=medium
++
++ * New upstream release, LP: #1673568
++ - cmd: use the most appropriate snap/snapctl sockets
++ - tests: fix interfaces-cups-control for zesty
++ - configstate,hookstate: timeout the configure hook after 5 mins,
++ report failures
++ - packaging: rename the file shipping snap-confine AA profile to
++ workaround dpkg bug #858004
++ - many: ignore configure hook failures on core refresh to ensure
++ upgrades are always possible
++ - snapstate: restart as needed if we undid unlinking aka relinked
++ core or kernel snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Mar 2017 15:30:35 +0200
++
++snapd (2.23.5) xenial; urgency=medium
++
++ * New upstream release, LP: #1673568
++ - allow "sync" in core-support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 18:13:43 +0100
++
++snapd (2.23.4) xenial; urgency=medium
++
++ * New upstream release, LP: #1673568
++ - fix core-support interface for the new pi-config options
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Mar 2017 16:05:57 +0100
++
++snapd (2.23.3) xenial; urgency=medium
++
++ * FTBFS due to missing files in vendor/
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:56:55 +0100
++
++snapd (2.23.2) xenial; urgency=medium
++
++ * New upstream release, LP: #1673568
++ - cmd/snap: handle missing snap-confine (#3041)
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Thu, 16 Mar 2017 19:38:24 +0100
++
++snapd (2.23.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1665608
++ - packaging, tests: use "systemctl list-unit-files --full"
++ everywhere
++ - interfaces: fix default content attribute value
++ - tests: do not nuke the entire snapd.conf.d dir when changing
++ store settings
++ - hookstate: run the right "snap" command in the hookmanager
++ - snapstate: revert PR#2958, run configure hook again everywhere
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Mar 2017 14:29:56 +0100
++
++snapd (2.23) xenial; urgency=medium
++
++ * New upstream release, LP: #1665608
++ - overlord: phase 2 with 2nd setup-profiles and hook done after
++ restart for core installation
++ - data: re-add snapd.refresh.{timer,service} with weekly schedule
++ - interfaces: allow 'getent' by default with some missing dbs to
++ various interfaces
++ - overlord/snapstate: drop forced devmode
++ - snapstate: disable running the configure hook on classic for the
++ core snap
++ - ifacestate: re-generate apparmor in InterfaceManager.initialize()
++ - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
++ - interfaces/bluez,network-manager: implement ConnectedSlot policy
++ - cmd: add helpers for mounting / unmounting
++ - snapstate: error in LinkSnap() if revision is unset
++ - release: add linuxmint 18 to the non-devmode distros
++ - cmd: fixes to run correctly on opensuse
++ - interfaces: consistently use 'const' instead of 'var' for security
++ policy
++ - interfaces: miscellaneous policy updates for unity7, udisks2 and
++ browser-support
++ - interfaces/apparmor: compensate for kernel behavior change
++ - many: only tweak core config if hook exists
++ - overlord/hookstate: don't report a run hook output error without
++ any context
++ - cmd/snap-update-ns: move test data and helpers to new module
++ - vet: fix vet error on mount test.
++ - tests: empty init (systemd) failover test
++ - cmd: add .indent.pro file to the tree
++ - interfaces: specs for apparmor, seccomp, udev
++ - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
++ cmds
++ - tests: several improvements to the nested suite
++ - tests: do not use core for "All snaps up to date" check
++ - cmd/snap-update-ns: add function for sorting mount entries
++ - httputil: copy some headers over redirects
++ - data/selinux: merge SELinux policy module
++ - kmod: added Specification for kmod security backend
++ - tests: failover test for rc.local crash
++ - debian/tests: map snapd deb pockets to core snap channels for
++ autopkgtest
++ - many: switch channels on refresh if needed
++ - interfaces/builtin: add /boot/uboot/config.txt access to core-
++ support
++ - release: assume higher version of supported distros will still
++ work
++ - cmd/snap-update-ns: add compare function for mount entries
++ - tests: enable docker test
++ - tests: bail out if core snap is not installed
++ - interfaces: use mount.Entry instead of string snippets.
++ - osutil: trivial tweaks to build ID support
++ - many: display kernel version in 'snap version'
++ - osutil: add package for reading Build-ID
++ - snap: error when `snap list foo` is run and no snap is installed
++ - cmd/snap-confine: don't crash if nvidia module is loaded but
++ drivers are not available
++ - tests: update listing test for latest core snap version update
++ - overlord/hookstate/ctlcmd: helper function for creating a deep
++ copy of interface attributes
++ - interfaces: add a linux framebuffer interface
++ - cmd/snap, store: change error messages to reflect latest UX doc
++ - interfaces: initial unity8 interface
++ - asserts: improved information about assertions format in the
++ Decode doc comment
++ - snapstate: ensure snapstate.CanAutoRefresh is nil in tests
++ - mkversion.sh: Add support for taking the version as a parameter
++ - interfaces: add an interface for use by thumbnailer
++ - cmd/snap-confine: ensure that hostfs is root owned.
++ - screen-inhibit-control: add methods for delaying screensavers
++ - overlord: optional device registration and gadget support on
++ classic
++ - overlord: make seeding work also on classic, optionally
++ - image,cmd/snap: refactoring and initial envvar support to use
++ stores needing auth
++ - tests: add libvirt interface spread test
++ - cmd/libsnap: add helper for dropping permissions
++ - interfaces: misc updates for network-control, firewall-control,
++ unity7 and default policy
++ - interfaces: allow recv* and send* by default, accept4 with accept
++ and other cleanups
++ - interfaces/builtin: add classic-support interface
++ - store: use xdelta3 from core if available and not on the regular
++ system
++ - snap: add contact: line in `snap info`
++ - interfaces/builtin: add network-setup-control which allows rw
++ access to netplan
++ - unity7: support missing signals and methods for status icons
++ - cmd: autoconf for RHEL
++ - cmd/snap-confine: look for PROCFS_SUPER_MAGIC
++ - dirs: use the right snap mount dir for the distribution
++ - many: differentiate between "distro" and "core" libexecdir
++ - cmd: don't reexec on RHEL family
++ - config: make helpers reusable
++ - snap-exec: support nested environment variables in environment
++ - release: add galliumos support
++ - interfaces/builtin: more path options for serial
++ - i18n: look into core snaps when checking for translations
++ - tests: nested image testing
++ - tests: add basic test for docker
++ - hookstate,ifacestate: support snapctl set/get slot and plug attrs
++ (step 3)
++ - cmd/snap: add shell completion to connect
++ - cmd: add functions to load/save fstab-like files
++ - snap run: create "current" symlink in user data dir
++ - cmd: autoconf for centos
++ - tests: add more debug if ubuntu-core-upgrade fails
++ - tests: increase service retries
++ - packaging/ubuntu-14.04: inform user how to extend PATH with
++ /snap/bin.
++ - cmd: add helpers for working with mount/umount commands
++ - overlord/snapstate: prepare for using snap-update-ns
++ - cmd: use per-snap mount profile to populate the mount namespace
++ - overlord/ifacestate: setup seccomp security on startup
++ - interface/seccomp: sort combined snippets
++ - release: don't force devmode on LinuxMint "serena"
++ - tests: filter ubuntu-core systems for authenticated find-private
++ test
++ - interfaces/builtin/core-support: Allow modifying logind
++ configuration from the core snap
++ - tests: fix "snap managed" output check and suppress output from
++ expect in the authenticated login tests
++ - interfaces: shutdown: also allow shutdown/reboot/suspend via
++ logind
++ - cmd/snap-confine-tests: reformat test to pass shellcheck
++ - cmd: add sc_is_debug_enabled
++ - interfaces/mount: add dedicated mount entry type
++ - interfaces/core-support: allow modifying systemd-timesyncd and
++ sysctl configuration
++ - snap: improve message after `snap refresh pkg1 pkg2`
++ - tests: improve snap-env test
++ - interfaces/io-ports-control: use /dev/port, not /dev/ports
++ - interfaces/mount-observe: add quotactl with arg filtering (LP:
++ #1626359)
++ - interfaces/mount: generate per-snap mount profile
++ - tests: add spread test for delta downloads
++ - daemon: show "$snapname (delta)" in progress when downloading
++ deltas
++ - cmd: use safer functions in sc_mount_opt2str
++ - asserts: introduce a variant of model assertions for classic
++ systems
++ - interfaces/core-support: allow modifying snap rsyslog
++ configuration
++ - interfaces: remove some syscalls already in the default policy
++ plus comment cleanups
++ - interfaces: miscellaneous updates for hardware-observe, kernel-
++ module-control, unity7 and default
++ - snap-confine: add the key for which hsearch_r fails
++ - snap: improve the error message for `snap try`
++ - tests: fix pattern and use MATCH in find-private
++ - tests: stop tying setting up staging store access to the setup of
++ the state tarball
++ - tests: add regression spread test for #1660941
++ - interfaces/default: don't allow TIOCSTI ioctl
++ - interfaces: allow nice/setpriority to 0-19 values for calling
++ process by default
++ - tests: improve debug when the core transition test hangs
++ - tests: disable ubuntu-core->core transition on ppc64el (its just
++ too slow)
++ - snapstate: move refresh from a systemd timer to the internal
++ snapstate Ensure()
++ - tests/lib/fakestore/refresh: some more info when we fail to copy
++ asserts
++ - overlord/devicestate: backoff between retries if the server seems
++ to have refused the serial-request
++ - image: check kernel/gadget publisher vs model brand, warn on store
++ disconnected snaps
++ - vendor: move gettext.go back to github.com/ojii/gettext.go
++ - store: retry on 502 http response as well
++ - tests: increase snap-service kill-timeout
++ - store,osutil: use new osutil.ExecutableExists(exe) check to only
++ use deltas if xdelta3 is present
++ - cmd: fix autogen.sh on fedora
++ - overlord/devicemgr: fix test: setup account-key before using the
++ key for signing
++ - cmd: add /usr/local/* to PATH
++ - cmd: add sc_string_append
++ - asserts: support for correctly suggesting format 2 for snap-
++ declaration
++ - interfaces: port mount backend to new APIs, unify content of per
++ app/hook profiles
++ - overlord/devicestate: implement policy about gadget and kernel
++ matching the model
++ - interfaces: allow sched_setscheduler again by default
++ - debian: update breaks/replaces for snap-confine->snapd
++ - debian: move the snap-confine packaging into snapd
++ - 14.04/integrationtests: rely on upstart to restart ssh.
++ - store: enable download deltas on classic by default
++ - spread: add unit suite
++ - snapctl: add config in client to disable auth and use it in
++ snapctl
++ - overlord/ifacestate: register all security backends with the
++ repository
++ - overlord,tests: have enable/disable affect security profiles
++ - tests: install ubuntu-core from the same channel as core
++ - overlord: move configstate.Transaction into config package
++ - seccomp-support.c: add PF_* domains which can be used instead of
++ AF_*
++ - store: always log retry summary when SNAPD_DEBUG is set
++ - tests: parameterize kernel snap channel
++ - snapenv: do not append ":" to the SNAP_LIBRARY_PATH
++ - interfaces/builtin: refine the content interface rules using $SLOT
++ - asserts,interfaces/policy: add support for
++ $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
++ support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
++ constraints in plugs and slots rules in snap-declarations:
++ - cmd/snap-confine: add snap-confine command line parser module
++ - tests: remove (some) garbage files found by restore cleanup
++ analysis
++ - cmd: fix issues uncovered by valgrind
++ - tests: fix typo in systems name
++ - cmd: collect string utilities in one module, add missing tests
++ - cmd: rename mountinfo to sc_mountinfo
++ - tests: allow to install snapd debs from a ppa instead of building
++ them
++ - spread: remove state tar on project restore
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 12:21:42 +0100
++
++snapd (2.22.7) xenial; urgency=medium
++
++ * New upstream release:
++ - errtracker,overlord/snapstate: more info in errtracker reports
++ - interfaces/apparmor: compensate for kernel behavior change
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 24 Feb 2017 19:24:11 +0100
++
++snapd (2.22.6) xenial; urgency=medium
++
++ * New upstream release, LP: #1667105
++ - overlord/ifacestate: don't fail if affected snap is gone
++ - revert #2910: osutil: add package for reading Build-ID (#2918)
++ - errtracker: include the build-id of host and core snapd (#2912)
++ - errtracker: include the number of ubuntu-core -> core retries
++ (#2915)
++ - snapstate: retry ubuntu-core -> core transition every 6h (#2914)
++ - osutil: add package for reading Build-ID (#2910)
++ - errtracker: include kernel version in error reports (#2905)
++ - release: return "unknown" if uname fails
++ - many: rebased uname branch for 2.22
++ - errtracker: include snapd version in err reports
++ - overlord/ifacestate: don't unconditionally retry stuff (#2906)
++ - snapstate: fix incorrect cut of the timestamps for the error
++ reports (#2908)
++ - tests: update listing test for latest core snap version update
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Wed, 22 Feb 2017 23:34:23 +0100
++
++snapd (2.22.5) xenial; urgency=medium
++
++ * Fix FTBFS due to machine-id file
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 21 Feb 2017 09:43:42 +0100
++
++snapd (2.22.4) xenial; urgency=medium
++
++ * New bugfix release:
++ - errtracker: add support for error reporting via daisy.ubuntu.com
++ - snapstate: allow for 6 retries for the core transition
++ - httputils: ensure User-Agent works across redirects
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 21 Feb 2017 09:07:10 +0100
++
++snapd (2.22.3) xenial; urgency=medium
++
++ * New bugfix release, LP: #1665729:
++ - Limit the number of retries for the ubuntu-core -> core
++ transition to fix possible store overload.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Feb 2017 18:58:34 +0100
++
++snapd (2.22.2) xenial; urgency=medium
++
++ * New upstream release, LP: #1659522
++ - cherry pick fix for sched_setscheduler regression
++ (LP: #1661265)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Feb 2017 17:13:51 +0100
++
++snapd (2.22.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1659522
++ - cherry pick fix for snapctl auth.json handling
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Feb 2017 17:09:31 +0100
++
++snapd (2.22) xenial; urgency=medium
++
++ * New upstream release, LP: #1659522
++ - many: make ubuntu-core-launcher mostly go
++ - interfaces/builtin: add account-control interface
++ - interfaces/builtin: add missing syscalls to core-support needed
++ for systemctl
++ - interfaces/builtin: rework core-support to only allow full access
++ to systemctl
++ - debian/tests: drop stale autopkgtest dependencies.
++ - tests: make the debugging of c-unit-tests more useful
++ - store: retry auth-related requests
++ - tests: integration test for system reload
++ - snap: be more helpful in the `snap install <already-installed>`
++ error message
++ - tests: set SNAPPY_USE_STAGING_STORE in su call
++ - tests: use test snap
++ - spread: set SNAPD_DEBUG=1 in the core snap as well
++ - tests: add extra debugging to security-setuid-root test
++ - cmd,snap,wrappers: systemd reload command support
++ - interfaces: builtin: mir: Allow recv and send
++ - overlord/ifacestate: use ParseConnRef
++ - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
++ -> core transition
++ - debian: remove aliases as well in snapd.postrm
++ - many: change interfaces.ParseID to return value
++ - interfaces/opengl: allow access to the nvidia abstract socket
++ - overlord, daemon: flag failures feature fancy forms.
++ - many: add --classic support to try and revert, and make missing
++ these things a little harder
++ - interfaces: allow reading non-PCI-attached usb devices via raw-usb
++ - many: rename snap-alter-ns to snap-update-ns
++ - interfaces/builtin: add core-support
++ - store: increase the retry.LimitTime()
++ - debian: move the packaging out into package/$id-$version_id
++ - overlord/stapstate: don't use unkeyed fields
++ - many: add stub implementation of snap-alter-ns
++ - asserts: improve error message when key is not valid at the given
++ time
++ - snapstate, ifacestate: add snapstate.CheckChangeConflict() to
++ ifacestate.{Connect,Disconnect}
++ - debian: remove trusty specific bits
++ - docs: Add a note about building snapd.
++ - interfaces: miscellaneous updates for default and network-control
++ - daemon: bubble out store.ErrSnapNotFound in the findOne codepath
++ - store: add retry logging into download as well
++ - snap: show price in `snap info`
++ - cmd: add fault injection support code
++ - interfaces: network-manager: allow rw access to /etc/netplan
++ - debian: move systemd files out of ./debian and into ./data/systemd
++ - asserts: implement SuggestFormat to help avoid specifying the
++ wrong format iteration for an assertion
++ - many: detect potentially insecure use of snap-confine
++ - interfaces: allow querying added security backends
++ - cmd: ensure that all .c files have a -test.c file
++ - asserts: don't use 'context' for the path of attributes, want to
++ reuse the concept for something else
++ - interfaces: abbreviate ConnRef construction
++ - tests: ensure systemd override directory is available before using
++ it
++ - cmd: more build system cleanups and a small fix
++ - tests: increase retries for service up
++ - cmd: move seccomp cleanup function to seccomp-support
++ - many: auto-connect plugs and slots symmetrically
++ - overlord: use a ticker for the pruning
++ - interfaces/builtin: add uhid interface
++ - cmd/snap-confine: add shutdown helper
++ - tests: fix path used when debugging
++ - cmd: switch to non-recursive make
++ - overlord/ifacestate: setup security of snaps affected by auto-
++ connection
++ - spread: refresh apt cache before first install
++ - overlord: allow max 500 changes in "ready" state to avoid growing
++ changes for 24h
++ - snap: add {Plug,Slot}Info.SecurityTags
++ - cmd: move snap-discard-ns to dedicated directory
++ - tests: skip i18n test when no "snappy.mo" file is available
++ - interfaces,overlord/ifacestate: small refactor around reference
++ methods
++ - tests: remove the snapd dirs last (should fix random test errors)
++ - interfaces: mm: permissions for protocol proxies
++ - interfaces/builtin: add evolution interfaces
++ - many: extract the logging http client and user-agent handling for
++ use in devicestate
++ - interfaces: unity8-download-manager is the chosen name for this
++ interface.
++ - tests: add "quiet" wrapper function that only prints output on
++ failure
++ - tests: fix failing snapd-reexec test
++ - docs: simplify HACKING.md that snapd itself supports setting up
++ the sockets
++ - overlord: flag required-snaps from model as required and prevent
++ removing them
++ - spread: exclude .o and .a files
++ - tests: parameterize remote store
++ - cmd: fix hardcoded paths to rst2man and support rst2man.py
++ - tests: improve debug output when reexec is used
++ - tests: disable ipv6 before unpacking delta
++ - interfaces: add new interface API
++ - tests: change TRUST_TEST_KEYS to be controlled from the host
++ - spread: add boilerplate for Linode delta uploads
++ - wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
++ extension
++ - partition: add support for native grubenv read/write and use it
++ - tests: add test ensuring manual pages are shipped
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 27 Jan 2017 23:18:57 +0100
++
++snapd (2.21-2) unstable; urgency=medium
++
++ * Modify snap-confine's apparmor rules to work on Debian when apparmor is
++ enabled on the kernel command line.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Wed, 25 Jan 2017 10:26:51 +1300
++
++snapd (2.21-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Disable i18n so the package can build in stretch without new packages.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 16 Jan 2017 11:15:32 +1300
++
++snapd (2.21) xenial; urgency=medium
++
++ * New upstream release, LP: #1656382
++ - daemon: re-enable reexec
++ - interfaces: allow reading installed files from previous revisions
++ by default
++ - daemon: make activation optional
++ - tests: run all snap-confine tests in c-unit-tests task
++ - many: fix abbreviated forms of disconnect
++ - tests: switch more tests to MATCH
++ - store: export userAgent. daemon: print store.UserAgent() on
++ startup.
++ - tests: test classic confinement `snap list` and `snap info`
++ output
++ - debian: skip snap-confine unit tests on nocheck
++ - overlord/snapstate: share code between Update and UpdateMany, so
++ that it deals with auto-aliases correctly
++ - interfaces: upower-observe: refactor to allow snaps to provide a
++ slot
++ - tests: add end-to-end store test for classic confinement
++ - overlord,overlord/snapstate: have UpdateMany retire/enable auto-
++ aliases even without new revision
++ - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
++ /run/udev
++ - interfaces/builtin: add physical-memory-* and io-ports-control
++ - interfaces: allow getsockopt by default since it is so commonly
++ used
++ - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
++ refresh" of a classic snap
++ - interfaces: allow read/write access of real-time clock with time-
++ control interface
++ - store: request no CDN via a header using SNAPPY_STORE_NO_CDN
++ envvar
++ - snap: add information about tracking channel (not just actual
++ channel)
++ - interfaces: use fewer dot imports
++ - overlord/snapstate: remove restrictions on ResetAliases
++ - overlord, store: move confinement filtering to the overlord (from
++ The Store)
++ - many: move interface test helpers to ifacetest package
++ - many: implement 'snap aliases'
++ - vet: fix for unkeyed fields error on aliases_test.go
++ - interfaces: miscellaneous policy updates for network-control,
++ unity7, pulseaudio, default and home
++ - tests: test for auto-aliases
++ - interface hooks: connect plug slot hooks (step 2)
++ - cmd/snap: fix internal naming in snap connect
++ - snap: use "size" as the json tag in snap.ChannelSnapInfo
++ - tests: restore the missing initialization of iface manager causing
++ race
++ - snap: fix missing sizes in `snap info <remote-snap>`
++ - tests: improve cleanup for c-unit-tests
++ - cmd/snap-confine: build non-installed libsnap-confine-private.a
++ - cmd/snap-confine: small tweaks to seccomp support code
++ - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
++ - many: obtain installed snaps developer/publisher username through
++ assertions
++ - store: setting of fields for details endpoint
++ - cmd/snap-confine: check for rst2man on configure
++ - snap: show `snap --help` output when just running `snap`
++ - interface/builtin: drop the obsolete checks in udisks2
++ SanitizeSlot
++ - cmd/snap: remove currency switch following UX review
++ - spread: find top-level directory before running generate-
++ packaging-dir
++ - interface hooks: prepare plug slot hooks (step 1)
++ - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
++ cgo
++ - many: put a marker in the User-Agent sent by snapd/snap when under
++ testingThe User-Agent will look like:
++ - tests: fix -reuse and -resend when govendor is missing
++ - snap: provide friendlier `snap find` message when no snaps are
++ found
++ - tests: fix mkversions.sh failure on zesty
++ - spread: install build-essential unconditionally
++ - spread: improve qemu ubuntu-14.04-{32,64} support
++ - overlord/snapstate,daemon: implement GET /v2/aliases handling
++ - store: retry user info request
++ - tests: port more snap-confine regression tests
++ - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
++ and restore state
++ - tests: debug zesty autopkgtest failures
++ - overlord/snapstate: use keyed fields on literals
++ - tests: use MATCH in install-remove-multi
++ - tests: increase wait time for service to be up
++ - tests: make debug-each succeed if DENIED doesn't match
++ - tests: skip packaging dir generation for non-git based autopkgtest
++ runs
++ - tests: port refresh-all-undo to MATCH
++ - tests: improve snap connect test
++ - tests: port additional snap-confine regression tests
++ - tests: show --version when it matches unknown
++ - tests: optionally use apt proxy for qemu
++ - tests: add hello-classic test
++ - many: behave more consistently when pointed to staging and
++ possibly the fake store
++ - overlord/ifacestate: remove stale comments
++ - interfaces/apparmor: ignore snippets in classic confinement
++ - tests: port first regression test from snap-confine
++ - cmd/snap-confine: disable old tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 Jan 2017 19:39:51 +0100
++
++snapd (2.20.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1648520
++ - tests: enable the ppc64el tests again
++ - tests: add classic confinement test
++ - tests: run snap confine tests in debian/rules already
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Dec 2016 11:53:29 +0100
++
++snapd (2.20-2) unstable; urgency=medium
++
++ * Replace unversioned Conflicts on snap package with versioned
++ Breaks/Replaces, now that snap has dropped /usr/bin/snap.
++ Closes: #849162.
++
++ -- Steve Langasek <vorlon@debian.org> Sun, 25 Dec 2016 17:50:25 -0600
++
++snapd (2.20-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer
++ golang-go-flags-dev in unstable.
++ * Explicitly include 'udev' in Build-Depends.
++ * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754)
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Mon, 19 Dec 2016 11:43:55 +1300
++
++snapd (2.20) xenial; urgency=medium
++
++ * New upstream release, LP: #1648520
++ - many: implement "snap alias --reset" using snapstate.ResetAliases
++ - debian: use a packaging branch for 14.04
++ - store: retry downloads on io.Copy errors and sha3 checksum errors
++ - snap: show apps in `snap info`
++ - store: send an explicit X-Ubuntu-Classic header to the store
++ - overlord/snapstate: implement snapstate.ResetAliases
++ - interfaces/builtin: add dbus interface
++ - tests: fix tests on 17.04
++ - store: use mocked retry strategy to make store tests faster
++ - overlord: apply auto-aliases information from the snap-declaration
++ on install or refresh
++ - many: prepare landing on trusty
++ - many: implement snap unalias using snapstate.Unalias
++ - overlord/snapstate: fixing the placement/grouping of some
++ functions
++ - interfaces: support network namespaces via 'ip netns' in network-
++ control
++ - interfaces/builtin: fix pulseaudio apparmor rules
++ - interfaces/builtin: add iio interface
++ - tests: update custom core snap with the freshly build snap-confine
++ - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
++ - overlord,overlord/snapstate: implement snapstate.Unalias by
++ generalizing the "alias" task
++ - interfaces: misc openstack snap enablement
++ - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
++ - notifications, daemon: kill the unsupported events endpoint
++ - client: only allow Dangerous option in InstallPath
++ - overlord/ifacestate: no interface checks if no snap id
++ - many: implement alias command
++ - snap: tweak snap install output as designed by Mark
++ - debian: fix Pre-Depends on dpkg
++ - tests: check if snap-confine --version is unknown
++ - cmd/snap-confine: allow content interface mounts
++ - tests: remove ppa:snappy-dev/image again
++ - interfaces/apparmor: allow access to core snap
++ - tests: remove snap-confine/ubuntu-core-launcher after the tests
++ - overlord,overlord/snapstate: implement snapstate.Alias
++ - cmd/snap: reject "snap disconnect foo"
++ - debian: add split ubuntu-core-launcher and snap-confine packages
++ - cmd: fix mkversion.sh and add regression test
++ - overlord/snapstate: setup/remove aliases as we link/unlink snaps
++ - cmd/snap,tests: alias support in snap run
++ - snap/snapenv: don't obscure HOME if snap uses classic confinement
++ - store: decode response.Body json inside retry loops
++ - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
++ - vendor: update tomb package fixing context support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 15 Dec 2016 22:07:08 +0100
++
++snapd (2.19) xenial; urgency=medium
++
++ * New upstream release, LP: #1648520
++ - cmd/snap-confine: disable support for XDG_RUNTIME_DIR
++ - cmd/snap-confine/tests: fix stale path after move to snapd
++ - cmd/snap-confine: don't use __attribute__((nonull))
++ - snap: add description to `snap info`
++ - snap: show last refresh time
++ - store: switch default delta format from xdelta to xdelta3
++ - interfaces: fix system-observe interface to work with ps_mem
++ - debian: add missing ca-certificates dependency
++ - cmd/snap-confine: add support for classic confinement
++ - snapstate/backend: add backend methods to manage aliases
++ - tests: re-enable snap-confine unit tests via spread
++ - many: merge snap-confine into snapd
++ - many: add support for classic confinement
++ - snap: abort install with ctrl+c
++ - cmd/snap: change terms accept URL following UX review
++ - interfaces/apparmor: use distinct apparmor template for classic
++ - snap: add snap size to `snap info`
++ - interfaces: add unconfined access to modem-manager
++ - snap: support for parsing and exposing on snap.Info aliases
++ - debian: disable autopkgtests on ppc64el
++ - snap: disable support for socket activation
++ - tests: fix incorrect restore of the current symlink
++ - asserts: introduce auto-aliases header in snap-declaration
++ - interfaces/seccomp: add support for classic confinement
++ - tests: do not use external snaps
++ - daemon: close the dup()ed file descriptor to not leak it
++ - overlord, daemon, progress: enable building snapd without CGO
++ - daemon, store: let snap info find things in any channel
++ - store: retry tweaks and logging
++ - snap: Improve `snap --help` output as designed by Mark
++ - interfaces/builtin: fix incorrect udev rule in i2c
++ - overlord: increase test timeout and improve failure message
++ - snap: remove unused experimental command
++ - debian: remove unneeded conflict against the "snappy" package
++ - daemon, strutil: move daemon.quotedNames to strutil.Quoted
++ - docs: document SNAP_DEBUG_HTTP in HACKING.md
++ - cmd/snap: have some completers
++ - snap: support "daemon: notify" in snap.yaml
++ - snap: fix try command when daemon linie is added
++ - interfaces: apparmor support for classic confinement
++ - debian/rules: build with -buildoptions=pie
++ - tests: include /boot in saved state (including bootenv and any
++ kernels)
++ - daemon: ensure `snap try` installs core if it's missing
++ - tests: save/restore /snap/core/current symlink
++ - tests: decrease the number of expected featured apps
++ - tests: add set -e to the prepare ssh script
++ - cmd/snap: add tests for section completion; fix bugs.
++ - cmd/snap: document 'snap list --all'
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Dec 2016 16:16:04 +0100
++
++snapd (2.18.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1644625
++ - daemon: fix crash when `snap refresh` contains a single update
++ - fix unhandled error from io.Copy() in download()
++ - interfaces/builtin: fix incorrect udev rule in i2c
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 05 Dec 2016 15:04:13 +0100
++
++snapd (2.18) xenial; urgency=medium
++
++ * New upstream release, LP: #1644625
++ - store: retry on io.EOF
++ - tests: skip pty tests on ppc64el and powerpc
++ - client, cmd/snap: introducing "snap info"
++ - snap: do exit 0 on install/remove if that snap is already
++ installed or already removed
++ - snap: add `snap watch <change-id>` to attach to a running change
++ - store: retry downloads using retry loop
++ - snap: try doesn't require snap-dir when run in snap's directory
++ - daemon: show what will change in the "refresh-all" changes
++ - tests: disable autorefresh for the external backend
++ - snap: add `snap list -a` to show all snaps (even inactive ones)
++ - many: unify boolean env var handling
++ - overlord/ifacestate: don't setup jailmode snaps with devmode
++ confinement
++ - snapstate: do not garbage collect the snaps used by the bootenv
++ - debian: drop hard xdelta dependency for now
++ - snap: make `snap login` ask for email if not given as argument
++ - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
++ go-arch)
++ - many: rename DevmodeConfinement to DevModeConfinement
++ - store: resp.Body.Close() missing in ReadyToBuy
++ - many: use ConfinementOptions instead of ConfinementType
++ - snap, daemon, store: fake the channel map in the REST API
++ - misc: run github.com/gordonklaus/ineffassign as part of the static
++ checks
++ - docs: add goreportcard badge and remove coveralls badge
++ - tests: force gofmt -s in static checks
++ - many: run gofmt -s -w on all the code
++ - store: DRY actual retry code
++ - many: fix various errors uncovered by goreportcard.com
++ - interfaces/builtin: allow additional shared memory for webkit
++ - many: some more missing snapState->snapst
++ - asserts: introduce an optional freeform display-name for model
++ - interfaces/builtin: rename usb-raw to raw-usb
++ - progress: init pbar with correct total value
++ - daemon/api.go: add quotedNames() helper
++ - interfaces: add ConfinementOptions type
++ - tests: add a test about the extra bits that prepare-device can
++ specify for device registration
++ - tests: check that gpio device nodes are exported after reboot
++ - tests: parameterize core channel with env var for classic too
++ - many: rename variable "ss" to "snapsup" or "snapst" or "st"
++ (depending on context)
++ - tests: do not use external snaps in spread
++ - store: retry buy request
++ - store: retry store.Find
++ - store: retry assertion store call
++ - store: retry call for snap details
++ - many: use snap.ConfinementType rather than bool devmode
++ - daemon: if a bad snap is posted it is not an internal error but a
++ bad request
++ - client: add "Snap.Screenshots" to the client API
++ - interfaces: update base declaration documentation and policy for
++ on-classic and snap-type
++ - store: check payment method before TOS for a better UX
++ - interfaces: allow sched_setaffinity in process-control
++ - tests: parameterize core channel with env var
++ - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
++ - interfaces: fcitx also listens on the session bus for Qt apps
++ - store: retry ListRefresh
++ - snap: use "Password of <email>:" in the `snap login`
++ - many: reshuffle how we load/inject tests keys so image doesn't
++ need assertstate anymore
++ - store: use range requests if we have a local file already
++ - dirs,interfaces,overlord,snap,snapenv,test: export per-snap
++ XDG_RUNTIME_DIR per user
++ - osutil: make RealUser only look at SUDO_USER when uid==0
++ - tests: do not use the ppa:snappy-dev/image in the tests
++ - store: retry readyToBuy request
++ - tests: increase `expect` timeouts
++ - static tests: add spell check
++ - tests: add debug to all flaky expect tests
++ - systemd: correct the mount arguments when mounting with squashfuse
++ - interfaces: add avahi-observe
++ - store: bring delta downloads back
++ - interfaces: add alsa
++ - interfaces/builtin: fix a broken test that snuck into master
++ - osutil: add chattr funcs
++ - image: init "snap_mode" on image creation time to avoid ugly
++ messages
++ - tests: test-snapd-fuse-consumer needs python-fuse as a build-
++ package
++ - interfaces/builtin: add i2c interface
++ - interfaces: add ofono interface
++ - tests: do not use hello-world in our tests
++ - snap: add support for classic confinement
++ - interfaces: remove LegacyAutoConnect() from the interfaces
++ - interfaces: miscellaneous policy updates
++ - tests: run autopkgtests in the autopkgtest.ubuntu.com
++ infrastructure
++ - Implement lxd-client interface exposing the lxd snap
++ - asserts: validate optional account username
++ - many: remove unnecessary snap name parameter from buying endpoint
++ - tests: do not hardcode the size of /dev/ram0
++ - tests: add test that ensures the right content for /etc/os-release
++ - spread tests: fix snap mode check
++ - docs: fix path for source files location in HACKING.md
++ - interfaces/builtin/mir: allow slot to make recvfrom syscalls
++ - store: sections/featured snaps store support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 24 Nov 2016 19:43:08 +0100
++
++snapd (2.17.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1637215:
++ - release: os-release on core has changed
++ - tests: /dev/ptmx does not work on powerpc, skip here
++ - docs: moved to github.com/snapcore/snapd/wiki (#2258)
++ - debian: golang is not installable on powerpc, use golang-any
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Nov 2016 18:13:10 +0200
++
++snapd (2.17) xenial; urgency=medium
++
++ * New upstream release, LP: #1637215:
++ - overlord/ifacestate: add unit tests for undo of setup-snap-
++ security (#2243)
++ - daemon,overlord,snap,tests: download to .partial in final dir
++ (#2237)
++ - overlord/state: marshaling tests for lanes (#2245)
++ - overlord/state: introduce state lanes (#2241)
++ - overlord/snapstate: fix revert+refresh (#2224)
++ - interfaces/sytemd: enable/disable generated service units (#2229)
++ - many: fix incorrect security files generation on undo
++ - overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
++ - interfaces: network-manager: give slot full read-write access to
++ /run/NetworkManager
++ - docs: update the name of the command for the cross-build
++ - overlord/snapstate: fix missing argument to Noticef
++ - snapstate: ensure gadget/core/kernel can not be disabled (#2218)
++ - asserts: limit to 1y only if len(models) == 0 (#2219)
++ - debian: only install share/locale if available (missing on
++ powerpc)
++ - overlrod/snapstate: fix revert followed by refresh to old-current
++ (#2214)
++ - interfaces/builtin: network-manager and bluez can change hostname
++ (#2204)
++ - snap: switch the auto-import dir to /run/snapd/auto-import
++ - docs: less details about cloud.cfg as requested in trello (#2206)
++ - spread.yaml: Ensure ubuntu user has passwordless sudo for
++ autopkgtests (#2201)
++ - interfaces/builtin: add dcdbas-control interface
++ - boot: do not set boot to try mode if the revision is unchanged
++ - interfaces: add shutdown interface (#2162)
++ - interfaces: add system-power-control interface
++ - many: use the new systemd backend for configuring GPIOs
++ - overlord/ifacestate: setup security for slots before plugs
++ - snap: spool assertion candidates if snapd is not up yet
++ - store,daemon,overlord: download things to a partials dir
++ - asserts,daemon: implement system-user-authority header/concept
++ - interfaces/builtin: home base declaration rule using on-classic
++ for its policy
++ - interfaces/builtin: finish decl based checks
++ - asserts: bump snap-declaration to allow signing with new-style
++ plugs and slots
++ - overlord: checks for kernel installation/refresh based on model
++ assertion and previous kernel
++ - tests/lib/fakestore: fix logic to distinguish assertion not found
++ errors
++ - client: add a few explicit error types (around the request cycle)
++ - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
++ - overlord/snapstate: two bugs for one
++ - snappy: disable auto-import of assertions on classic (#2122)
++ - overlord/snapstate: move trash cleanup to a cleanup handler
++ (#2173)
++ - daemon: make create-user --known fail on classic without --force-
++ managed (#2123)
++ - asserts,interfaces/policy: implement on-classic plug/slot
++ constraints
++ - overlord: check that the first installed gadget matches the model
++ assertion
++ - tests: use the snapd-control-consumer snap from the store
++ - cmd/snap: make snap run not talk to snapd for finding the revision
++ - snap/squashfs: try to hard link instead of copying. Also, switch
++ to osutil.CopyFile for cp invocation.
++ - store: send supported max-format when retrieving assertions
++ - snapstate, devicestate: do not remove seed
++ - boot,image,overlord,partition: read/write boot variables in single
++ operation
++ - tests: reenable ubuntu-core tests on qemu
++ - asserts,interfaces/policy: allow OR-ing of subrule constraints in
++ plug/slot rules
++ - many: move from flags as ints to flags as structs-of-bools (#2156)
++ - many: add supports for keeping and finding assertions with
++ different format iterations
++ - snap: stop using ubuntu-core-launcher, use snap-confine
++ - many: introduce an assertion format iteration concept, refuse to
++ add unsupported assertion
++ - interfaces: tweak wording and comment
++ - spread.yaml: dump apparmor denials on spread failure
++ - tests: unflake ubuntu-core-reboot (#2150)
++ - cmd/snap: tweak unknown command error message (#2139)
++ - client,daemon,cmd: add payment-declined error kind (#2107)
++ - cmd/snap: update remove command help (#2145)
++ - many: removed frameworks target and fixed service files (#2138)
++ - asserts,snap: validate attributes to a JSON-compatible type subset
++ (#2140)
++ - asserts: remove unused serial-proof type
++ - tests: skip auto-import tests on systems without test keys (#2142)
++ - overlord/devicestate: don't spam the debug log on classic (#2141)
++ - cmd/snap: simplify auto-import mountinfo parsing (#2135)
++ - tests: run ubuntu-core upgrades on isolated machine (#2137)
++ - overlord/devicestate: recover seeding from old external approach
++ (#2134)
++ - overlord: merge overlord/boot pkg into overlord/devicestate
++ (#2118)
++ - daemon: add postCreateUserSuite test suite (#2124)
++ - tests: abort tests if an update process is scheduled (#2119)
++ - snapstate: avoid reboots if nothing in the boot setup has changed
++ (#2117)
++ - cmd/snap: do not auto-import from loop or non-dev devices (#2121)
++ - tests: add spread test for `snap auto-import` (#2126)
++ - tests: add test for auto-mount assertion import (#2127)
++ - osutil: add missing unit tests for IsMounted (#2133)
++ - tests: check for failure creating user on managed ubuntu-core
++ systems (#2096)
++ - snap: ignore /dev/loop addings from udev (#2111)
++ - tests: remove snapd.boot-ok reference (#2109)
++ - tests: enable tests related to the home interface in all-snaps
++ (#2106)
++ - snapstate: only import defaults from gadget on install (#2105)
++ - many: move firstboot code into the snapd daemon (#2033)
++ - store: send correct JSON type of string for expected payment
++ amount (#2103)
++ - cmd/snap: rename is-managed to managed and tune (#2102)
++ - interfaces,overlord/ifacestate: initial cleaning up of no arg
++ AutoConnect related bits (#2090)
++ - client, cmd: prompt for password when buying (#2086)
++ - snapstate: fix hanging `snap remove` if snap is no longer mounted
++ - image: support gadget specific cloud.conf file (#2101)
++ - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
++ - store: local users download from the anonymous url (#2100)
++ - docs/hooks.md: fix typos (#2099)
++ - many: check installation of slots and plugs against declarations
++ - docs: fix missing "=" in the systemd-active docs
++ - store: do not set store auth for local users (#2092)
++ - interfaces,overlord/ifacestate: use declaration-based checking for
++ auto-connect (#2071)
++ - overlord, daemon, snap: support gadget config defaults (#2082)The
++ main semantic changes are:
++ - tests: fix snap-disconnect tests after core rename (#2088)
++ - client,daemon,overlord,cmd: add /v2/users and create-user on auto-
++ import (#2074)
++ - many: abbreviated forms of disconnect (#2066)
++ - asserts: require lowercase model until insensitive matching is
++ ready (#2076)
++ - cmd/snap: add version command, same as --version (#2075)
++ - all: use "core" by default but allow "ubuntu-core" still (#2070)
++ - overlord/devicestate, docs/hooks.md: nest prepare-device
++ configuration options
++ - daemon: fix login API to return local macaroons (#2078)
++ - daemon: do not hardcode UID in userLookup (#2080)
++ - client, cmd: connect fixes (#2026)
++ - many: preparations for switching most of autoconnect to use the
++ declarationsfor now:
++ - overlord/auth: update CheckMacaroon to verify local snapd
++ macaroons (#2069)
++ - cmd/snap: trivial auto-import and download tweaks (#2067)
++ - interfaces: add repo.ResolveConnect that handles name resolution
++ - interfaces/policy: introduce InstallCandidate and its checks
++ - interfaces/policy,overlord: check connection requests against the
++ declarations in ifacestate
++ - many: setup snapd macaroon for local users (#2051)Next step: do
++ snapd macaroons verification.
++ - interfaces/policy: implement snap-id/publisher-id checks
++ - many: change Connect to take ConnRef instead of strings (#2060)
++ - snap: auto mount block devices and import assertions (#2047)
++ - daemon: add `snap create-user --force-managed` support (#2041)
++ - docs: remove references to removed buying features (#2057)
++ - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
++ iface (#2063)
++ - interfaces: add Plug/Slot/Connection reference helpers (#2056)
++ - client,daemon,cmd/snap: improve create-user APIs (#2054)
++ - many: introduce snap refresh --ignore-validation <snap> to
++ override refresh validation (#2052)
++ - daemon: add support for `snap create-user --known` (#2040)
++ - interfaces/policy: start of interface policy checking code based
++ on declarations (#2050)
++ - overlord/configstate: support nested configuration (#2039)
++ - asserts,interfaces/builtin,overlord/assertstate: introduce base-
++ declaration (#2037)
++ - interfaces: builtin: Allow writing DHCP lease files to
++ /run/NetworkManager/dhcp (#2049)
++ - many: remove all traces of the /v2/buy/methods endpoint (#2045)
++ - tests: add external spread backend (#1918)
++ - asserts: parse the slot rules in snap-declarations (#2035)
++ - interfaces: allow read of /etc/ld.so.preload by default for armhf
++ on series 16 (#2048)
++ - store: change purchase to order and store clean up first pass
++ (#2043)
++ - daemon, store: switch to new store APIs in snapd (#2036)
++ - many: add email to UserState (#2038)
++ - asserts: support parsing the plugs stanza i.e. plug rules in snap-
++ declarations (#2027)
++ - store: apply deltas if explicitly enabled (#2031)
++ - tests: fix create-key/snap-sign test isolation (#2032)
++ - snap/implicit: don't restrict the camera iface to classic (#2025)
++ - client, cmd: change buy command to match UX document (#2011)
++ - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
++ - store: download deltas if explicitly enabled (#2017)
++ - many: allow use of the system user assertion with create-user
++ (#1990)
++ - asserts,overlord,snap: add prepare-device hook for device
++ registration (#2005)
++ - debian: adjust packaging for trusty/deputy systemd (#2003)
++ - asserts: introduce AttributeConstraints (#2015)
++ - interface/builtin: access system bus on screen-inhibit-control
++ - tests: add firewall-control interface test (#2009)
++ - snapstate: pass errors from ListRefresh in updateInfo (#2018)
++ - README: add links to IRC, mailing list and social media (#2022)
++ - docs: add `configure` hook to hooks list (#2024)LP: #1596629
++ - cmd/snap,configstate: rename apply-config variables to configure.
++ (#2023)
++ - store: retry download on 500 (#2019)
++ - interfaces/builtin: support time and date settings via
++ 'org.freedesktop.timedate1 (#1832)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Nov 2016 01:17:36 +0200
++
++snapd (2.16-1) unstable; urgency=medium
++
++ [ Michael Hudson-Doyle ]
++ * New upstream release.
++ * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb.
++ * Switch to unconditional conflict against `snap` (Closes: #826884)
++ * Update Vcs-Git and Vcs-Browser to point to alioth.
++
++ [ Steve Langasek ]
++ * Remove govendor from gbp.conf, and import Ubuntu tarball as our
++ orig.tar.gz (switching our packaging to non-native).
++ * Add Uploaders.
++ * Drop lintian overrides not used in Debian because we dynamically link
++ against golang-yaml.v2.
++ * Bump standards-version, no changes required.
++ * Add/fix various lintian overrides.
++
++ -- Steve Langasek <vorlon@debian.org> Wed, 02 Nov 2016 12:14:52 +0000
++
++snapd (2.16) xenial; urgency=medium
++
++ * New upstream release, LP: #1628425
++ - overlord/state: prune old empty changes
++ - interfaces: ppp: load needed kernel module (#2007)
++ - interfaces/builtin: add missing rule to allow run-parts to
++ execute all resolvconf scripts
++ - many: rename apply-config hook to configure
++ - tests: use new spread `debug` feature
++ - many: finish `snap set` API.
++ - overlord: fix and simplify configstate.Transaction
++ - assertions: add system-user assertion
++ - snap: add `snap known --remote`
++ - tests: replace systemd-run with on-the-fly generation of units.
++ - overlord/boot: switch to using assertstate.Batch
++ - snap, daemon, store: pass through screenshots from store
++ - image: add meta/gadget.yaml infrastructure
++ - tests: add test benchmark script
++ - daemon: add the actual ssh keys that got added to the create-user
++ response
++ - daemon: add REST API behind `snap get`
++ - debian: re-add golang-github-gosexy-gettext-dev
++ - tests: added install_local function
++ - interfaces/builtin: fix resolvconf permissions for network-manager
++ interface
++ - tests: use apt as compatible with trusty
++ - many: discard preserved namespace after removing snap
++ - daemon, overlord, store: add ReadyToBuy API to snapd
++ - many: add support for installing/removing multiple snaps
++ - progress: use New64 and fix output newline
++ - interfaces/builtin: allow network-manager to access netplan conf
++ files
++ - tests: build once and install test snap from cache
++ - overlord/state: introduce cleanup support
++ - snap: move/clarify Info.Broken
++ - ctlcmd: add snapctl get.
++ - overlord,store: clean up serial-proof plumbing code
++ - interfaces/builtin: add network-setup-observe interface
++ - daemon,overlord/assertstate: support streams of assertions with
++ snap ack
++ - snapd: kmod backend
++ - tests: ensure HOME is also set correctly
++ - configstate,hookstate: add snapctl set
++ - tests: disable broken create-key test
++ - interfaces: adjust bluetooth-control to allow getsockopt (LP:
++ #1613572)
++ - tests: add a test for core about device initialization and device
++ registration and auth
++ - many: show snap name before the download progress bar
++ - interfaces/builtin: add rcvfrom for client connected plugs to mir
++ interface
++ - asserts: support for maps in assertions
++ - tests: increase timeout for key generation in create-key test
++ - many: validate refreshes against validation assertions by gating
++ snaps
++ - interfaces/apparmor: allow 'm' in default policy for snap-exec
++ - many: avoid snap.InfoFromSnapYaml in tests
++ - interfaces/builtin: allow /dev/net/tun with network-control
++ - tests: add spread test for snap create-key/snap sign
++ - tests: add missing quotes in security-device-cgroups/task.yaml
++ - interfaces: drop ErrUnknownSecurity
++ - store: add "ready to buy" method
++ - snap/snapenv, tests: use root's data dirs when running via sudo
++ - interfaces/builtin: add initial docker interface
++ - snap: remove extra newline after progress is done
++ - docs: fix formating of HACKING.md "Testing snapd"
++ - store : add requestOptions.ExtraHeaders so that individual
++ requests can customise headers.
++ - many: use unique plug/slot names in tests
++ - tests: add tests for the classic dimension
++ - many: add vendoring of dependencies by default
++ - tests: use in-tree snap{ctl,-exec} for all tests
++ - many: support snapctl -h
++ - tests: adjust regex after changes in stat output
++ - store,snap: initial support for delta downloads
++ - interfaces/builtin: add run/udev/data paths to mir interface
++ - snap: lessen annoyance of implicit interface tests
++ - tests: ensure http{,s}_proxy is defined inside the fake-store
++ - interfaces: allow xdg-open in unity7, unity7 cleanups
++ - daemon,store: move store login user logic to store
++ - tests: replace realpath with readlink -f for trusty support.
++ - tests: add https_proxy into environment as well
++ - interfaces/builtin: allow mmaping pulseaudio buffers
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 28 Sep 2016 11:09:27 +0200
++
++snapd (2.15.2ubuntu1) xenial; urgency=medium
++
++ * New upstream release, LP: #1623579
++ - snap/snapenv, tests: use root's data dirs when running via sudo
++ (cherry pick PR: #1857)
++ - tests: add https_proxy into environment
++ (cherry pick PR: #1926)
++ - interfaces: allow xdg-open in unity7, unity7 cleanups
++ (cherry pick PR: #1946)
++ - tests: ensure http{,s}_proxy is defined inside the fake-store
++ (cherry pick PR: #1949)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 21 Sep 2016 17:21:12 +0200
++
++snapd (2.15.2) xenial; urgency=medium
++
++ * New upstream release, LP: #1623579
++ - asserts: define a bit less terse Ref.String
++ - interfaces: disable auto-connect in libvirt interface
++ - asserts: check that validation assertions are signed by the
++ publisher of the gating snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 10:42:29 +0200
++
++snapd (2.15.1) xenial; urgency=medium
++
++ * New upstream release, LP: #1623579
++ - image: ensure local snaps are put last in seed.yaml
++ - asserts: revert change that made the account-key's name mandatory.
++ - many: refresh all snap decls
++ - interfaces/apparmor: allow reading /etc/environment
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 19 Sep 2016 09:19:44 +0200
++
++snapd (2.15) xenial; urgency=medium
++
++ * New upstream release, LP: #1623579
++ - tests: disable prepare-image-grub test in autopkgtest
++ - interfaces: allow special casing for auto-connect until we have
++ assertions
++ - docs: add a little documentation on hooks.
++ - hookstate,daemon: don't mock HookRunner, mock command.
++ - tests: add http_proxy to /etc/environment in the autopkgtest
++ environment
++ - backends: first bits of kernel-module security backend
++ - tests: ensure openssh-server is installed in autopkgtest
++ - tests: make ubuntu-core tests more robust
++ - many: mostly work to support ABA upgrades
++ - cmd/snap: do runtime linting of descriptions
++ - spread.yaml: don't assume LANG is set
++ - snap: fix SNAP* environment merging in `snap run`
++ - CONTRIBUTING.md: remove integration-tests, include spread
++ - store: don't discard error body from request device session call
++ - docs: add create-user documentation
++ - cmd/snap: match UX document for message when buying without login
++ - firstboot: do not overwrite any existing netplan config
++ - tests: add debug output to ubuntu-core-update-rollback-
++ stresstest:
++ - tests/lib/prepare.sh: test that classic does not setting bootvars
++ - snap: run all tests with gpg2
++ - asserts: basic support for validation assertion and refresh-
++ control
++ - interfaces: miscellaneous policy updates for default, browser-
++ support and camera
++ - snap: (re)add --force-dangerous compat option
++ - tests: ensure SUDO_{USER,GID} is unset in the spread tests
++ - many: clean out left over references to integration tests
++ - overlord/auth,store: fix raciness in updating device/user in state
++ through authcontext and other issuesbonus fixes:
++ - tests: fix spread tests on yakkety
++ - store: refactor auth/refresh tests
++ - asserts: use gpg --fixed-list-mode to be compatible with both gpg1
++ and gpg2
++ - cmd/snap: i18n option descriptions
++ - asserts: required account key name header
++ - tests: add yakkety test host
++ - packaging: make sure debhelper-generated snippet is invoked on
++ postrm
++ - snap,store: capture newest digest from the store, make it
++ DownloadInfo only
++ - tests: add upower-observe spread test
++ - Merge github.com:snapcore/snapd
++ - tests: fixes to actually run the spread tests inside autopkgtest
++ - cmd/snap: make "snap find" error nicer.
++ - tests: get the gadget name from snap list
++ - cmd/snap: tweak help of 'snap download'
++ - cmd/snap,image: teach snap download to download also assertions
++ - interfaces/builtin: tweak opengl interface
++ - interfaces: serial-port use udevUsbDeviceSnippet
++ - store: ensure the payment methods method handles auth failure
++ - overlord/snapstate: support revert flags
++ - many: add snap configuration to REST API
++ - tests: use ubuntu-image for the ubuntu-core-16 image creation
++ - cmd/snap: serialise empty keys list as [] rather than null
++ - cmd/snap,client: add snap set and snap get commands
++ - asserts: update trusted account-key asserts with names
++ - overlord/snapstate: misc fixes/tweaks/cleanups
++ - image: have prepare-image set devmode correctly
++ - overlord/boot: have firstboot support assertion files with
++ multiple assertions
++ - daemon: bail from enable and disable if revision given, and from
++ multi-op if unsupported optons given
++ - osutil: call sync after cp if
++ requested.overlord/snapstate/backend: switch to use osutil instead
++ of another buggy call to cp
++ - cmd/snap: generate account-key-request "since" header in UTC
++ - many: use symlinks instead of wrappers
++ - tests: remove silly [Service] entry from snapd.socket.d/local.conf
++ - store: switch device session to use device-session-request
++ assertion
++ - snap: ensure that plug and slot names are unique
++ - cmd/snap: fix test suite (no Exit(0) on tests!)
++ - interfaces: add interface for hidraw devices
++ - tests: use the real model assertion when creating the core test
++ image
++ - interfaces/builtin: add udisks2 and removable-media interfaces
++ - interface: network_manager: enable resolvconf
++ - interfaces/builtin: usb serial-port support via udev
++ - interfaces/udev: support noneSecurityTag keyed snippets
++ - snap: switch to the new agreed regexp for snap names
++ - tests: adjust test setup after ubuntu user removal
++ - many: start services only after the snap is fully ready (link-snap
++ was run)
++ - asserts: don't have Add/Check panic in the face of unsupported no-
++ authority assertions
++ - asserts: initial support to generate/sign snap-build assertions
++ - asserts: support checking account-key-request assertions
++ - overlord: introduce AuthContext.DeviceSessionRequest with support
++ in devicestate
++ - overlord/state: fix for reloaded task/change crashing on Set if
++ checkpointed w. no custom data yet
++ - snapd.refresh.service: require snap.socket and /snap/*/current.
++ - many: spell --force-dangerous as just --dangerous, devmode should
++ imply it
++ - overlord/devicestate: try to fetch/refresh the signing key of
++ serial (also in case is not there yet)
++ - image,overlord/boot,snap: metadata from asserts for image snaps
++ - many: automatically restart all-snap devices after os/kernel
++ updates
++ - interfaces: modem-manager: ignore camera
++ - firstboot: only configure en* and eth* interfaces by default
++ - interfaces: fix interface handling on no-app snaps
++ - snap: set user variables even if HOME is unset (like with systemd
++ services)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 16 Sep 2016 07:46:22 +0200
++
++snapd (2.14.2~16.04) xenial; urgency=medium
++
++ * New upstream release: LP: #1618095
++ - tests: use the spread tests with the adhoc interface inside
++ autopkgtest
++ - interfaces: add fwupd interface
++ - asserts,cmd/snap: add "name" header to account-key(-request)
++ - client,cmd/snap: display os-release data only on classic
++ - asserts/tool,cmd/snap: introduce hidden "snap sign"
++ - many: when installing snap file derive metadata from assertions
++ unless --force-dangerous
++ - osutil: tweak the createUserTests a bit and extract common code
++ - debian: umount --lazy before rm on snapd.postrm
++ - interfaces: updates to default policy, browser-support, and x11
++ - store: set initial device session
++ - interfaces: add upower-observe interface (LP: #1595813)
++ - tests: use beta u-d-f in test by default
++ - interfaces/builtin: allow writing on /dev/vhci in bluetooth-
++ control
++ - interfaces/builtin: allow /dev/vhci on bluetooth-control
++ - tests: port integration tests to spread
++ - snapstate: use umount --lazy when removing the mount units
++ - spread: enable halt-timeout, tweak image selection
++ - tests: fix firstboot-assertions to actually be runnable on classic
++ again
++ - asserts: introduce device-session-request
++ - interfaces: add screen-inhibit-control interface (LP: #1604880)
++ - firstboot: change location of netplan config
++ - overlord/devicestate: some cleanups and solving a couple todos
++ - daemon,overlord: add subcommand handling to snapctl
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Sep 2016 18:52:05 +0200
++
++snapd (2.14.1) xenial; urgency=medium
++
++ * New upstream release: LP: #1618095
++ - snap-exec: add support for commands with internal args in snap-
++ exec
++ - store: refresh expired device sessions
++ - debian: re-add ubuntu-core-snapd-units as a transitional package
++ - image: snap assertions into image
++ - overlord/assertstate,asserts/snapasserts: give snap assertions
++ helpers a package, introduce ReconstructSideInfo
++ - docs/interfaces: Add empty line after lxd-support title
++ - README: cover the new /run/snapd-snap.socket
++ - daemon: make socket split backward-compatible.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 30 Aug 2016 16:43:29 +0200
++
++snapd (2.14) xenial; urgency=medium
++
++ * New upstream release: LP: #1618095
++ - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
++ - osutil: fix create-user on classic
++ - firstboot: disable firstboot on classic for now
++ - cmd/snap: add export-key --account= option
++ - many: split public snapd REST API into separate socket.
++ - many: drop ubuntu-core-snapd-units package, use release.OnClassic
++ instead
++ - tests: add content-shareing binary test that excersises snap-
++ confine
++ - snap: use "up to date" instead of "up-to-date"
++ - asserts: add an account-key-request assertion
++ - asserts: fix GPG key generation parameters
++ - tests, integration-tests: implement the cups-control manual test
++ as a spread test
++ - many: clarify/tie down model assertion
++ - cmd/snap: add "snap download" command
++ - integration-tests: remove them in favour of the spread tests
++ - tests: test all snap ubuntu core upgrade
++ - many: support install and remove by revision
++ - overlord/state: prevent change ready => unready
++ - tests: fixes to make the ubuntu-core-16 image usable with
++ -keep/-reuse
++ - asserts: authority-id and brand-id of serial must match
++ - firstboot: generate netplan config rather than ifupdown
++ - store: request device session macaroon from store
++ - tests: add workaround for u-d-f to unblock all-snap image tests
++ - tests: the stable ubuntu-core snap has snap run support now
++ - many: use make StripGlobalRootDir public
++ - asserts: add some stricter checks around format
++ - many: have AuthContext expose device store-id, serial and serial-
++ proof signing to the store
++ - tests: fix "tests/main/ack" to not break if asserts are alreay
++ there
++ - tests/main/ack: fix test/style
++ - snap: add key management commands
++ - firstboot: add firstboot assertions importing
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 29 Aug 2016 17:07:20 +0200
++
++snapd (2.13) xenial; urgency=medium
++
++ * New upstream release: LP: #1616157
++ - many: respect dirs.SnapSnapsDir in tests
++ - tests: update listing test for latest stable image
++ - many: hook in start of code to fetch/check assertions when
++ installing snap from store
++ - boot: add missing udevadm mock to fix FTBFS
++ - interfaces: add lxd-support interface
++ - dirs,snap: handle empty root directory in SetRootDir
++ - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
++ - tests: spread all-snap test cleanup
++ - tests: add all-snap spread image tests
++ - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
++ control talking to staging
++ - overlord/hookstate: use snap run posix parameters.
++ - interfaces/builtin: allow bind in the network interface
++ - asserts,overlord/devicestate: simplify private key/key pairs APIs,
++ they take just key ids
++ - dependencies: update godeps
++ - boot: add support for "devmode: {true,false}" in seed.yaml
++ - many: teach prepare-image to copy the model assertion (and
++ prereqs) into the seed area of the image
++ - tests: start teaching the fakestore about assertions
++ - asserts/sysdb: embed the new format official root/trusted
++ assertions
++ - overlord/devicestate: first pass at device registration logic
++ - tests: add process-control interface spread test
++ - tests: disable unity test
++ - tests: adapt to new spread version
++ - asserts: add serial-proof device assertion
++ - client, cmd/snap: use the new multi-refresh endpoint
++ - many: preparations for image code to fetch model prereqs
++ - debian: add extra checks when debian/snapd.postrm purge is run
++ - overlord/snapstate, daemon: support for multi-snap refresh
++ - tests: do not leave "squashfs-root" around
++ - snap-exec: Fix broken `snap run --shell` and add test
++ - overlord/snapstate: check changes to SnapState for conflicts also.
++ - docs/interfaces: change snappy command to snap
++ - tests: test `snap run --hook` using in-tree snap-exec.
++ - partition: ensure that snap_{kernel,core} is not overridden with an
++ empty value
++ - asserts,overlord/assertstate: introduce an assertstate task
++ handler to fetch snap assertions
++ - spread: disable re-exec to always test development tree.
++ - interfaces: implement a fuse interface
++ - interfaces/hardware-observe.go: re-add /run/udev/data
++ - overlord/assertstate,daemon: reorg how the assert manager exposes
++ the assertion db and adding to it
++ - release: Remove "UBUNTU_CODENAME" from the test data
++ - many: implement snapctl command.
++ - interfaces: mpris updates (fix unconfined introspection, add name
++ attribute)
++ - asserts: export DecodePublicKey
++ - asserts: introduce support for assertions with no authority,
++ implement serial-request
++ - interfaces: bluez: add a few more tests to verify interface
++ connection works
++ - interfaces: bluez: add missing mount security snippet case
++ - interfaces: add kernel-module interface for module insertion.
++ - integration-tests: look for ubuntu-device-flash on PATH before
++ calling sudo
++ - client, cmd, daemon, osutil: support --yaml and --sudoer flags for
++ create-user
++ - spread: use snap-confine from ppa:snappy-dev/image for the tests
++ - many: move to purely hash based key lookup and to new
++ key/signature format (v1)
++ - spread: Use /home/gopath in spread.yaml
++ - tests: base security spread tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 24 Aug 2016 14:48:28 +0200
++
++snapd (2.12) xenial; urgency=medium
++
++ * New upstream release: LP: #1612362
++ - many: do not require root for `snap prepare-image`
++ - tests: prevent restore error on test failure
++ - osutil: change escaping for create-user's sudoers
++ - docs: private flag doesn't exist on /v2/find (it's select)
++ - snap: do not sort the result of `snap find`
++ - interfaces/builtin: add gpio interface
++ - partition: fix cleaning of the boot variables on the second good
++ boot
++ - tests: add udev rules spread test
++ - docs: fix references to refresh action
++ - interfaces/udev,osutil: avoid doubled rules and put all in a per
++ snap file
++ - store: minor store improvements from previous reviews
++ - many: support interactive payments in snapd, filter from command
++ line
++ - docs/interfaces.md: improve interfaces documentation
++ - overlord,store: set store device authorization header
++ - store: add device nonce API support
++ - many: various fixes around the `create-user` command
++ - client, osutil: chown the auth file
++ - interfaces/builtin: add transitional browser-support interface
++ - snap: don't load unsupported implicit hooks.
++ - cmd/snap,cmd/snap-exec: support hooks again.
++ - interfaces/builtin: improve pulseaudio interface
++ - asserts: make account-key's `until` optional to represent a never-
++ expiring key
++ - store: refactor newRequest/doRequest to take requestOptions
++ - tests: allow-downgrades on upgrade test to prevent version errors
++ - daemon: stop using group membership as succedaneous of running
++ things with sudo
++ - interfaces: add bluetooth-control interfaces
++ - many: remove integration-test coverage metrics
++ - daemon,docs: drop license docs and error kind
++ - tests: add network-control interface spread test
++ - tests: add hardware-observe spread test
++ - interfaces: add system-trace interface LP: #1600085
++ - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
++ - store: soft-refresh discharge macaroon from store when required
++ - partition: clear snap_try_{kernel,core} on success
++ - tests: add snapd-control interface spread test
++ - tests: add locale-control write spread test
++ - store: fix buy method after some refactoring broke it
++ - interfaces/builtin: read perms for network devices in network-
++ observe
++ - interfaces: also allow rfkill in network_control
++ - snapstate: remove artifacts from a snap try dir that vanished
++ - client, cmd/snap: better errors for empty snap list result
++ - wrappers: set BAMF_DESKTOP_FILE_HINT for unity
++ - many: cleanup/update rest.md; improve auth errors
++ - interfaces: miscelleneous policy updates for default, log-observe,
++ mount-observe, opengl, pulseaudio, system-observe and unity7
++ - interfaces: add process-control interface (LP: #1598225)
++ - osutil: support both "nobody" and "nogroup" for grpnam tests
++ - cmd: support defaulting to the user's preferred payment method
++ - overlord: actually run hooks.
++ - overlord/state,overlord/ifacestate: define basic infrastructure
++ for and then setting up serialising of interface mgr tasks
++ - asserts: add Assertion.Prerequisites and SigningKey, Ref and
++ FindTrusted
++ - overlord/snapstate: ensure calls to store are done without the
++ state lock held
++ - asserts,client: switch snap-build and snap-revision to be indexed
++ by snap-sha3-384
++ - many: make seed.yaml on firstboot mandatory and include sideInfo
++ - asserts,many: start supporting structured headers using the new
++ parseHeaders
++ - many: update code for the new snap_mode
++ - tests: added spread find private test
++ - store: deal with 404 froms the SSO store properly
++ - snap: remove meta/kernel.yaml again
++ - daemon: always mock release info in tests
++ - snapstate: drop revisions after "current" on refresh
++ - asserts: introduce new parseHeadersThis introduces the new
++ parseHeaders returning map[string]interface{} and capable of
++ accepting:
++ - asserts: remove/disable comma separated lists and their uses
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 11 Aug 2016 19:30:36 +0200
++
++snapd (2.11) xenial; urgency=medium
++
++ * New upstream release: LP: #1605303
++ - increase version number to reflect the nature of the update
++ better
++ - store, daemon, client, cmd/snap, docs/rest.md: adieu search
++ grammar
++ - debian: move snapd.refresh.timer into timers.target
++ - snapstate: add daemon-reload to fix autopkgtest on yakkety
++ - Interfaces: hardware-observe
++ - snap: rework the output after a snap operation
++ - daemon, cmd/snap: refresh --devmode
++ - store, daemon, client, cmd/snap: implement `snap find --private`
++ - tests: add network-observe interface spread test
++ - interfaces/builtin: allow getsockopt for connected x11 plugs
++ - osutil: check for nogrup instead of adm
++ - store: small cleanups (more needed)
++ - snap/squashfs: fix test not to hardcode snap size
++ - client,cmd/snap: cleanup cmd/snap test suite, add extra args
++ testThis cleans up the cmd/snap test suite:
++ - wrappers: map "never" restart condition to "no."
++ - wrappers: run update-desktop-database after add/remove of desktop
++ files
++ - release: work around elementary mistake
++ - many: remove all traces of channel from the buying codepath
++ - store: kill setUbuntuStoreHeaders
++ - docs: add payment methods documentation
++ - many: present user with a choice of payment backends
++ - asserts: add cross checks for snap asserts
++ - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
++ - tests: improve snap run symlink tests
++ - tests: add content sharing interface spread test
++ - store & many: a mechanical branch shortening store names
++ - snappy: remove old snappy pkg
++ - overlord/snapstate: kill flagscompat
++ - overlord/snapstate, daemon, client, cmd/snap: devmode override
++ (aka confined)
++ - tests: extend refresh test to talk to the staging and production
++ stores
++ - asserts,daemon: cross checks for account and account-key
++ assertions
++ - client: existing JSON fixtures uses tabs for indentation
++ - snap-exec: add proper integration test for snap-exec
++ - spread.yaml, tests: replace hello-world with test-snapd-tools
++ - tests: add locale-control interface spread test
++ - tests: add mount-observe interface spread test
++ - tests: add system-observe interface spread test
++ - many: add AuthContext to mediate user updates to the state
++ - store/auth: add helper for the macaroon refresh endpoint
++ - cmd: add buy command
++ - overlord: switch snapstate.Update to use ListRefresh (aka
++ /snaps/metadata)
++ - snap-exec: fix silly off-by-one error
++ - tests: stop using hello-world.echo in the tests
++ - tests: add env command to test-snapd-tools
++ - classic: remove (most of) "classic" mode, this is implemented as a
++ snap now
++ - many: remove snapstate.Candidate and other cleanups
++ - many: removed authenticator, store gets a user instead
++ - asserts: fix minor doc comment typo
++ - snap: ensure unknown arguments to `snap run` are ignored
++ - overlord/auth: add Device/SetDevice to persist device identity in
++ state
++ - overlord: make SyncBoot work again
++ - tests: add -y flag to apt autoremove command in unity task restore
++ - many: migrate SnapSetup and SideInfo to use RealName
++ - daemon: drop auther()
++ - client: improve error from client.do() on json decode failures
++ - tests: readd the fake store tests
++ - many: allow removal of broken snaps, add spread test
++ - overlord: implement &Retry{After: duration} support for handlers
++ - interface: add new interfaces.all.SecurityBackends
++ - integration-tests: remove login tests
++ - cmd,interfaces,snap: implement hook whitelist.
++ - daemon,overlord/auth,store: update macaroon authentication to use
++ the new endpoints
++ - daemon, overlord: add buy endpoint to REST API
++ - tests: use systemd-run for starting and stopping the unity app
++ - tests, integration-tests: port systemd service check test to
++ spread
++ - store: switch search to new snap-specific endpoint
++ - store, many: start using the new details endpoint
++ - tests, integration-tests: port unity test to spread
++ - tests: add spread test for tried snaps removal
++ - tests, integration-tests: port auth errors test to spread
++ - snapstate: rename OfficialName to RealName in the new tests
++ - many: rename SideInfo.OfficialName to SideInfo.RealName
++ - snapstate: use snapstate.Type in backend.RemoveSnapFiles
++ - many: add `snap enable/disable` commands
++ - tests, integration-tests: port refresh all test to spread
++ - snap: add `snap run --shell`
++ - tests: set yaml indentation to 4 spaces
++ - snapstate: cleanup downloaded temp snap files
++ - overlord: make patch1_test more robust
++ - debian: add snapd.postrm that purges
++ - integration-tests: drop already covered refresh app test
++ - many: add concept of "broken" snaps
++ - tests, integration-tests: port remove errors tests to spread
++ - tests, integration-tests: port revert test to spread
++ - debian: fix snapbuild path
++ - overlord: fix access to the state without lock in firstboot.go and
++ add test
++ - snapstate: add very simple garbage collection on upgrade
++ - asserts: introduce assertstest with helpers to test code involving
++ assertions
++ - tests, integration tests: port undone failed install test to
++ spread
++ - snap,store: switch to the new snaps/metadata endpoint, introduce
++ and start capturing DeveloperID
++ - tests, integration-tests: port the op remove retry test to spread
++ - po: remove snappy.pot from git, it will be generated at build time
++ - many: add some missing tests, clarify some things and nitpicks as
++ follow up to `snap revert`
++ - snapstate: when doing snapsate.Update|Install, talk to the store
++ early
++ - tests, integration-tests: port the op remove test to spread
++ - interfaces: allow /usr/bin/locale in default policy
++ - many: add `snap revert`
++ - overlord/auth,store: add macaroon serialization/deserialization
++ helpers
++ - many: embed main store trusted assertions in snapd, way to have
++ test ones, spread tests for ack and known
++ - overlord/snapstate,daemon: clarify active vs current, add
++ SnapState.HasCurrent,CurrentInfo
++ - tests: do not search for a specific snap (we hit 100 items) and
++ pagination kicks in
++ - tests: use printf instead of echo where we need portability
++ - tests: rename and generalize basic-binaries to test-snapd-tools
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 26 Jul 2016 15:49:04 +0200
++
++snapd (2.0.10) xenial; urgency=medium
++
++ * New upstream release: LP: #1597329
++ - interfaces: also allow @{PROC}/@{pid}/mountinfo and
++ @{PROC}/@{pid}/mountstats
++ - interfaces: allow read access to /etc/machine-id and
++ @{PROC}/@{pid}/smaps
++ - interfaces: miscelleneous policy updates for default, log-observe
++ and system-observe
++ - snapstate: add logging after a successful doLinkSnap
++ - tests, integration-tests: port try tests to spread
++ - store, cmd/snapd: send a basic user-agent to the store
++ - store: add buy method
++ - client: retry on failed GETs
++ - tests: actual refresh test
++ - docs: REST API update
++ - interfaces: add mount support for hooks.
++ - interfaces: add udev support for hooks.
++ - interfaces: add dbus support for hooks.
++ - tests, integration-tests: port refresh test to spread
++ - tests, integration-tests: port change errors test to spread
++ - overlord/ifacestate: don't retry snap security setup
++ - integration-tests: remove unused file
++ - tests: manage the socket unit when reseting state
++ - overlord: improve organization of state patches
++ - tests: wait for snapd listening after reset
++ - interfaces/builtin: allow other sr*/scd* optical devices
++ - systemd: add support for squashfuse
++ - snap: make snaps vanishing less fatal for the system
++ - snap-exec: os.Exec() needs argv0 in the args[] slice too
++ - many: add new `create-user` command
++ - interfaces: auto-connect content interfaces with the same content
++ and developer
++ - snapstate: add Current revision to SnapState
++ - readme: tweak readme blurb
++ - integration-tests: wait for listening port instead of active
++ service reported by systemd
++ - many: rename Current -> {CurrentSideInfo,CurrentInfo}
++ - spread: fix home interface test after suite move
++ - many: name unversioned data.
++ - interfaces: add "content" interface
++ - overlord/snapstate: defaultBackend can go away now
++ - debian: comment to remember why the timer is setup like it is
++ - tests,spread.yaml: introduce an upgrade test, support/split into
++ two suites for this
++ - overlord,overlord/snapstate: ensure we keep snap type in snapstate
++ of each snap
++ - many: rework the firstboot support
++ - integration-tests: fix test failure
++ - spread: keep core on suite restore
++ - tests: temporary fix for state reset
++ - overlord: add infrastructure for simple state format/content
++ migrations
++ - interfaces: add seccomp support for hooks.
++ - interfaces: allow gvfs shares in home and temporarily allow
++ socketcall by default (LP: #1592901, LP: #1594675)
++ - tests, integration-tests: port network-bind interface tests to
++ spread
++ - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
++ and remove MockSnapWithHooks
++ - interfaces: add mpris interface
++ - tests: enable `snap run` on i386
++ - tests, integration-tests: port network interface test to spread
++ - tests, integration-tests: port interfaces cli to spread
++ - tests, integration-tests: port leftover install tests to spread
++ - interfaces: add apparmor support for hooks.
++ - tests, integration-tests: port log-observe interface tests to
++ spread
++ - asserts: improve Decode doc comment about assertion format
++ - tests: moved snaps to lib
++ - many: add the camera interface
++ - many: add optical-drive interface
++ - interfaces: auto-connect home if running on classic
++ - spread: bump gccgo test timeout
++ - interfaces: use security tags to index security snippets.
++ - daemon, overlord/snapstate, store: send confinement header to the
++ store for install
++ - spread: run tests on 16.04 i386 concurrently
++ - tests,integration-tests: port install error tests to spread
++ - interfaces: add a serial-port interface
++ - tests, integration-tests, debian: port sideload install tests to
++ spread
++ - interfaces: add new bind security backend and refactor
++ backendtests
++ - snap: load and validate implicit hooks.
++ - tests: add a build/run test for gccgo in spread
++ - cmd/snap/cmd_login: Adjust message after adding support for wheel
++ group
++ - tests, integration-tests: ported install from store tests to
++ spread
++ - snap: make `snap change <taskid>` show task progress
++ - tests, integration-tests: port search tests to spread
++ - overlord/state,daemon: make abort proceed immediately, fix doc
++ comment, improve tests
++ - daemon: extend privileged access to users in "wheel" group
++ - snap: tweak `snap refresh` and `snap refresh --list` outputTiny
++ branch that does three things:
++ - interfaces: refactor auto-connection candidate check
++ - snap: add support for snap {install,refresh}
++ --{edge,beta,candidate,stable}
++ - release: don't force KDE Neon into devmode.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Jun 2016 21:02:39 +0200
++
++snapd (2.0.9) xenial; urgency=medium
++
++ * New upstream release: LP: #1593201
++ - snap: add the magic redirect part of `snap run`
++ - tests, integration-tests: port server related tests to spread
++ - overlord/snapstate: log restarting in the task
++ - daemon: test restart wiring, fix setup/teardown
++ - cmd: don't show the price if a snap has already been purchased
++ - tests, integration-tests: port listing tests to spread
++ - integration-tests: do not try to kill ubuntu-clock-app.clock (no
++ longer a process)
++ - several: tie up overlord's restart handler into daemon; adjust
++ snap to cope
++ - tests, integration-tests: port abort tests to spread
++ - integration-tests: fix flaky TestRemoveBusyRetries
++ - testutils: refactor/mock exec
++ - snap,cmd: add hook support to snap run.
++ - overlord/snapstate: remove Download from backend
++ - store: use a custom logging transport
++ - overlord/hookstate: implement basic HookManager.
++ - spread: move the suite restore to restore-each
++ - asserts: turn model os into model core field, making it also more
++ like the kernel and gadget fields
++ - asserts: / is not allowed in primary key headers, follow the store
++ in this
++ - release: enable full confinement on Elementary 0.4
++ - integration-tests: fix another i386 autopkgtest failure.
++ - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
++ - many: have the installation of the core snap request a restart (on
++ classic)
++ - asserts: allow to load also account assertions into the trusted
++ set
++ - many: install snaps in devmode on distributions without complete
++ apparmor and seccomp support
++ - spread: run on travis
++ - snapenv: do not hardcode amd64 in tests
++ - spread: initial harness and first test
++ - interfaces: miscelleneous policy updates for chromium, x86,
++ opengl, etc
++ - integration-tests: remove daemon to use the log-observe interface
++ - client: remove client.Revision and import snap.Revision instead
++ - integration-tests: wait for network-bind service in try test
++ - many: move over from snappy to snapstate/backend SetupSnap and
++ related code
++ - integration-tests: add interfaces cli tests
++ - snapenv: cleanup snapenv.{Basic,User}
++ - cmd/snap: also print slots that connect to the wanted snap (LP:
++ #1590704)
++ - asserts: error style, use "cannot" instead of "failed to"
++ following the main decided style
++ - integration-tests: wait until the network-bind service is up
++ before testing
++ - many: add new `snap run` command
++ - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
++ - many: add some shared testing helpers to snap/snaptest and to
++ boot/boottest
++ - rest-api: support to send apps per snap (LP: #1564076)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 16 Jun 2016 13:56:12 +0200
++
++snapd (2.0.8.1) UNRELEASED; urgency=medium
++
++ * New upstream release
++ - Cherry pick four commits that show snaps as installed in devmode on
++ distributions without full confinement dependencies available:
++
++ 25634d3364a46b5e9147e4466932c59b1b572d35
++ 53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
++ 38771f4cc324ad9dd4aa48b03108d13a2c361aad
++ c46e069351c61e45c338c98ab12689a319790bd5
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com> Tue, 14 Jun 2016 15:55:30 +0200
++
++snapd (2.0.8+1) unstable; urgency=medium
++
++ * New upstream release.
++ * Update lintian-overrides for new paths.
++ * debian/copyright: fix a typo (thanks, lintian!)
++
++ -- Steve Langasek <vorlon@debian.org> Fri, 10 Jun 2016 23:17:22 +0000
++
++snapd (2.0.8) xenial; urgency=medium
++
++ * New upstream release: LP: #1589534
++ - debian: make `snap refresh` times more random (LP: #1537793)
++ - cmd: ExecInCoreSnap looks in "core" snap first, and only in
++ "ubuntu-core" snap if rev>125.
++ - cmd/snap: have 'snap list' display helper message on stderr
++ (LP: #1587445)
++ - snap: make app names more restrictive.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 08 Jun 2016 07:56:58 +0200
++
++snapd (2.0.7) xenial; urgency=medium
++
++ * New upstream release: LP: #1589534
++ - debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
++ - debian: fix snapd.refresh.service install and usage (LP: #1588977)
++ - ovlerlord/state: actually support task setting themself as
++ done/undone
++ - snap: do not use "." import in revision_test.go, as this breaks
++ gccgo-6 (fix build failure on powerpc)
++ - interfaces: add fcitx and mozc input methods to unity7
++ - interfaces: add global gsettings interfaces
++ - interfaces: autoconnect home and doc updates (LP: #1588886)
++ - integration-tests: remove
++ abortSuite.TestAbortWithValidIdInDoingStatus
++ - many: adding backward compatible code to upgrade SnapSetup.Flags
++ - overlord/snapstate: handle sideloading over an old sideloaded snap
++ without panicing
++ - interfaces: add socketcall() to the network/network-bind
++ interfaces (LP: #1588100)
++ - overlord/snapstate,snappy: move over CanRemoveThis moves over the
++ CanRemove check to snapstate itself.overlord/snapstate
++ - snappy: move over CanRemove
++ - overlord/snapstate,snappy: move over CopyData and Remove*Data code
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 06 Jun 2016 16:35:50 +0200
++
++snapd (2.0.6) xenial; urgency=medium
++
++ * New upstream release: LP: #1588052:
++ - many: repository moved to snapcore/snapd
++ - debian: add transitional pkg for the github location change
++ - snap: ensure `snap try` work with relative paths
++ - debian: drop run/build dependency on lsb-release
++ - asserts/tool: gpg key pair manager
++ - many: add new snap-exec
++ - many: implement `snap refresh --list` and `snap refresh`
++ - snap: add parsing support for hooks.
++ - many: add the cups interface
++ - interfaces: misc policy fixes (LP: #1583794)
++ - many: add `snap try`
++ - interfaces: allow using sysctl and scmp_sys_resolver for parsing
++ kernel logs
++ - debian: make snapd get its environ from /etc/environment
++ - daemon,client,snap: revisions are now strings
++ - interfaces: allow access to new ibus abstract socket path
++ LP: #1580463
++ - integration-tests: add remove tests
++ - asserts: stronger crypto choices and follow better latest designs
++ - snappy,daemon: hollow out more of snappy (either removing or not
++ exporting stuff on its way out), snappy/gadget.go is gone
++ - asserts: rename device-serial to serial
++ - asserts: rename identity to account (and username access)
++ - integration-tests: add changes tests
++ - backend: add tests for environment wrapper generation
++ - interfaces/builtin: add location-control interface
++ - overlord/snapstate: move over check snap logic from snappy
++ - release: use os-release instead of lsb-release for cross-distro
++ use
++ - asserts: allow empty snap-name for snap-declaration
++ - interfaces/builtin,docs,snap: add the pulseaudio interface
++ - many: add support for an environment map inside snap.yaml
++ - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
++ with sanity unit tests
++ - snap: parse epoch property
++ - snappy: do nothing in SetNextBoot when running on classic
++ - snap: validate snap type
++ - integration-tests: extend find command tests
++ - asserts: extend tests to cover mandatory and empty headers
++ - tests: stop the update-pot check in run-checks
++ - snap: parse confinement property.
++ - store: change applyUbuntuStoreHeaders to not take accept, and to
++ take a channel
++ - many: struct-based revisions, new representation
++ - interfaces: remove 'audit deny' rules from network_control.go
++ - interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7
++ interface
++ - interfaces: firewall-control can access xtables lock file
++ - interfaces: allow unity7 AppMenu
++ - interfaces: allow unity7 launcher API
++ - interfaces/builtin: add location-observe interface
++ - snap: fixed snap empty list text LP: #1587445
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Jun 2016 08:23:50 +0200
++
++snapd (2.0.5+1) unstable; urgency=medium
++
++ * Initial Debian upload. Closes: #824943.
++ * release/release{,_test}.go: use /etc/os-release, which is guaranteed to
++ be part of base-files on both Ubuntu and Debian, instead of
++ /etc/lsb-release which doesn't exist at all on Debian.
++ * drop transitional packages, not needed in Debian.
++ * Add lintian overrides for false-positive detection of embedded libyaml.
++ * Update Vcs-* fields to point at maintainer's branch.
++ * Add a further lintian override for the /snap directory so that the
++ package is not automatically rejected by the NEW queue; this directory
++ location is certainly subject to discussion for Debian, but let's have
++ the discussion rather than blocking the package at the archive level.
++
++ -- Steve Langasek <vorlon@debian.org> Mon, 23 May 2016 00:36:06 +0000
++
++snapd (2.0.5) xenial; urgency=medium
++
++ * New upstream release: LP: #1583085
++ - interfaces: add dbusmenu, freedesktop and kde notifications to
++ unity7 (LP: #1573188)
++ - daemon: make localSnapInfo return SnapState
++ - cmd: make snap list with no snaps not special
++ - debian: workaround for XDG_DATA_DIRS issues
++ - cmd,po: fix conflicts, apply review from #1154
++ - snap,store: load and store the private flag sent by the store in
++ SideInfo
++ - interfaces/apparmor/template.go: adjust /dev/shm to be more usable
++ - store: use purchase decorator in Snap and FindSnaps
++ - interfaces: first version of the networkmanager interface
++ - snap, snappy: implement the new (minmimal) kernel spec
++ - cmd/snap, debian: move manpage generation to depend on an environ
++ key; also, fix completion
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 May 2016 15:29:16 +0200
++
++snapd (2.0.4) xenial; urgency=medium
++
++ * New upstream release:
++ - interfaces: cleanup explicit denies
++ - integration-tests: remove the ancient integration daemon tests
++ - integration-tests: add network-bind interface test
++ - integration-tests: add actual checks for undoing install
++ - integration-tests: add store login test
++ - snap: add certain implicit slots only on classic
++ - integration-tests: add coverage flags to snapd.service ExecStart
++ setting when building from branch
++ - integration-tests: remove the tests for features removed in 16.04.
++ - daemon, overlord/snapstate: "(de)activate" is no longer a thing
++ - docs: update meta.md and security.md for current snappy
++ - debian: always start snapd
++ - integration-tests: add test for undoing failed install
++ - overlord: handle ensureNext being in the past
++ - overlord/snapstate,overlord/snapstate/backend,snappy: start
++ backend porting LinkSnap and UnlinkSnap
++ - debian/tests: add reboot capability to autopkgtest and execute
++ snapPersistsSuite
++ - daemon,snappy,progress: drop license agreement broken logic
++ - daemon,client,cmd/snap: nice access denied message
++ (LP: #1574829)
++ - daemon: add user parameter to all commands
++ - snap, store: rework purchase methods into decorators
++ - many: simplify release package and add OnClassic
++ - interfaces: miscellaneous policy updates
++ - snappy,wrappers: move desktop files handling to wrappers
++ - snappy: remove some obviously dead code
++ - interfaces/builtin: quote apparmor label
++ - many: remove the gadget yaml support from snappy
++ - snappy,systemd,wrappers: move service units generation to wrappers
++ - store: add method to determine if a snap must be bought
++ - store: add methods to read purchases from the store
++ - wrappers,snappy: move binary wrapper generation to new package
++ wrappers
++ - snap: add `snap help` command
++ - integration-tests: remove framework-test data and avoid using
++ config-snap for now
++ - add integration test to verify fix for LP: #1571721
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 13 May 2016 17:19:37 -0700
++
++snapd (2.0.3) xenial; urgency=medium
++
++ * New upstream micro release:
++ - integration-tests, debian/tests: add unity snap autopkg test
++ - snappy: introduce first feature flag for assumes: common-data-dir
++ - timeout,snap: add YAML unmarshal function for timeout.Timeout
++ - many: go into state.Retry state when unmounting a snap fails.
++ (LP: #1571721, #1575399)
++ - daemon,client,cmd/snap: improve output after snap
++ install/refresh/remove (LP: #1574830)
++ - integration-tests, debian/tests: add test for home interface
++ - interfaces,overlord: support unversioned data
++ - interfaces/builtin: improve the bluez interface
++ - cmd: don't include the unit tests when building with go test -c
++ for integration tests
++ - integration-tests: teach some new trick to the fake store,
++ reenable the app refresh test
++ - many: move with some simplifications test snap building to
++ snap/snaptest
++ - asserts: define type for revision related errors
++ - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
++ mocking snaps behind MockSnap
++ - snappy: fix openSnapFile's handling of sideInfo
++ - daemon: improve snap sideload form handling
++ - snap: add short and long description to the man-page
++ (LP: #1570280)
++ - snappy: remove unused SetProperty
++ - snappy: use more accurate test data
++ - integration-tests: add a integration test about remove removing
++ all revisions
++ - overlord/snapstate: make "snap remove" remove all revisions of a
++ snap (LP: #1571710)
++ - integration-tests: re-enable a bunch of integration tests
++ - snappy: remove unused dbus code
++ - overlord/ifacestate: fix setup-profiles to use new snap revision
++ for setup (LP: #1572463)
++ - integration-tests: add regression test for auth bug LP:#1571491
++ - client, snap: remove obsolete TypeCore which was used in the old
++ SystemImage days
++ - integration-tests: add apparmor test
++ - cmd: don't perform type assertion when we know error to be nil
++ - client: list correct snap types
++ - intefaces/builtin: allow getsockname on connected x11 plugs
++ (LP: #1574526)
++ - daemon,overlord/snapstate: read name out of sideloaded snap early,
++ improved change summary
++ - overlord: keep tasks unlinked from a change hidden, prune them
++ - integration-tests: snap list on fresh boot is good again
++ - integration-tests: add partial term to the find test
++ - integration-tests: changed default release to 16
++ - integration-tests: add regression test for snaps not present after
++ reboot
++ - integration-tests: network interface
++ - integration-tests: add proxy related environment variables to
++ snapd env file
++ - README.md: snappy => snap
++ - etc: trivial typo fix (LP:#1569892)
++ - debian: remove unneeded /var/lib/snapd/apparmor/additional
++ directory (LP: #1569577)
++ - builtin/unity7.go: allow using gmenu. LP: #1576287
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 03 May 2016 07:51:57 +0200
++
++snapd (2.0.2) xenial; urgency=medium
++
++ * New upstream release:
++ - systemd: add multi-user.target (LP: #1572125)
++ - release: our series is 16
++ - integration-tests: fix snapd binary path for mounting the daemon
++ built from branch
++ - overlord,snap: add firstboot state sync
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 19 Apr 2016 16:02:44 +0200
++
++snapd (2.0.1) xenial; urgency=medium
++
++ * client,daemon,overlord: fix authentication:
++ - fix incorrect authenication check (LP: #1571491)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 18 Apr 2016 07:24:33 +0200
++
++snapd (2.0) xenial; urgency=medium
++
++ * New upstream release:
++ - debian: put snapd in /usr/lib/snapd/
++ - cmd/snap: minor polishing
++ - cmd,client,daemon: add snap abort command
++ - overlord: don't hold locks when callling backends
++ - release,store,daemon: no more default-channel, release=>series
++ - many: drop support for deprecated environment variables
++ (SNAP_APP_*)
++ - many: support individual ids in changes cmd
++ - overlord/state: use numeric change and task ids
++ - overlord/auth,daemon,client,cmd/snap: logout
++ - daemon: don't install ubuntu-core twice
++ - daemon,client,overlord/state,cmd: add changes command
++ - interfaces/dbus: drop superfluous backslash from template
++ - daemon, overlord/snapstate: updates are users too!
++ - cmd/snap,daemon,overlord/ifacestate: add support for developer
++ mode
++ - daemon,overlord/snapstate: on refresh use the remembered channel,
++ default to stable channel otherwise
++ - cmd/snap: improve UX of snap interfaces when there are no results
++ - overlord/state: include time in task log messages
++ - overlord: prune and abort old changes and tasks
++ - overlord/ifacestate: add implicit slots in setup-profiles
++ - daemon,overlord: setup authentication for store downloads
++ - daemon: macaroon-authed users are like root, and sudoers can login
++ - daemon,client,docs: send install options to daemon
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Sat, 16 Apr 2016 22:15:40 +0200
++
++snapd (1.9.4) xenial; urgency=medium
++
++ * New upstream release:
++ - etc: fix desktop file location
++ - overlord/snapstate: stop an update once download sees the revision
++ is already installed
++ - overlord: make SnapState.DevMode a method, store flags
++ - snappy: no more snapYaml in snappy.Snap
++ - daemon,cmd,dirs,lockfile: drop all lockfiles
++ - debian: use sudo in setup of the proxy environment
++ - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
++ environment
++ - snap: validate similarly to what we did with old snapYaml info
++ from squashfs snaps
++ - daemon,store: plug in authentication for store search/details
++ - overlord/snapstate: fix JSON name of SnapState.Candidate
++ - overlord/snapstate: start using revisions higher than 100000 for
++ local installs (sideloads)
++ - interfaces,overlorf/ifacestate: honor user choice and don't auto-
++ connect disconnected plugs
++ - overlord/auth,daemon,client: hide user ids again
++ - daemon,overlord/snapstate: back /snaps (and so snap list) using
++ state
++ - daemon,client,overlord/auth: rework state auth data
++ - overlord/snapstate: disable Activate and Deactivate
++ - debian: fix silly typo in autopkgtest setup
++ - overlord/ifacestate: remove connection state with discard-conns
++ task, on the removal of last snap
++ - daemon,client: rename API update action to refresh
++ - cmd/snap: rework login to be more resilient
++ - overlord/snapstate: deny two changes on one snap
++ - snappy: fix crash on certain snap.yaml
++ - systemd: use native systemctl enable instead of our own
++ implementation
++ - store: add workaround for misbehaving store
++ - debian: make autopkgtest use the right env vars
++ - state: log do/undo status too when a task is run
++ - docs: update rest.md with price information
++ - daemon: only include price property if the snap is non-free
++ - daemon, client, cmd/snap: connect/disconnect now async
++ - snap,snappy: allow snaps to require system features
++ - integration-tests: fix report of skips in SetUpTest method
++ - snappy: clean out major bits (still using Installed) now
++ unreferenced as cmd/snappy is gone
++ - daemon/api,overlord/auth: add helper to get UserState from a
++ client request
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Apr 2016 23:30:00 +0200
++
++snapd (1.9.3) xenial; urgency=medium
++
++ * New upstream release:
++ - many: prepare for opengl support on classic
++ - interfaces/apparmor: load all apparmor profiles on snap setup
++ - daemon,client: move async resource to change in meta
++ - debian: disable autopilot
++ - snap: add basic progress reporting
++ - client,cmd,daemon,snap,store: show the price of snaps in the cli
++ - state: add minimal taskrunner logging
++ - daemon,snap,overlord/snapstate: in the API get the snap icon using
++ state
++ - client,daemon,overlord: don't guess snap file vs. name
++ - overlord/ifacestate: reload snap connections when setting up
++ security for a given snap
++ - snappy: remove cmd/snappy (superseded in favour of cmd/snap)
++ - interfaecs/apparmor: remove all traces of old-security from
++ apparmor backend
++ - interfaces/builtin: add bluez interface
++ - overlord/ifacestate: don't crash if connection cannot be reloaded
++ - debian: add searchSuite to autopkgtest
++ - client, daemon, cmd/snap: no more tasks; everything is changes
++ - client: send authorization header in client requests
++ - client, daemon: marshal suggested currency over REST
++ - docs, snap: enumerate snap types correctly in docs and comments
++ - many: add store authenticator parameter
++ - overlord/ifacestate,daemon: setup security on conect and
++ disconnect
++ - interfaces/apparmor: remove unused apparmor variables
++ - snapstate: add missing "TaskProgressAdapter.Write()" for working
++ progress reporting
++ - many: clean out snap config related code not for OS
++ - daemon,client,cmd: return snap list from /v2/snaps
++ - docs: update `/v2/snaps` endpoint documentation
++ - interfaces: rename developerMode to devMode
++ - daemon,client,overlord: progress current => done
++ - daemon,client,cmd/snap: move query metadata to top-level doc
++ - interfaces: add TestSecurityBackend
++ - many: replace typographic quotes with ASCII
++ - client, daemon: rework rest changes to export "ready" and "err"
++ - overlord/snapstate,snap,store: track snap-id in side-info and
++ therefore in state
++ - daemon: improve mocking of interfaces API tests
++ - integration-tests: remove origins in default snap names for udf
++ call
++ - integration-test: use "snap list" in GetCurrentVersion
++ - many: almost no more NewInstalledSnap reading manifest from
++ snapstate and backend
++ - daemon: auto install ubuntu-core if missing
++ - oauth,store: remove OAuth authentication logic
++ - overlord/ifacestate: simplify some tests with implicit manager
++ initialization
++ - store, snappy: move away from hitting details directly
++ - overlord/ifacestate: reload connections when restarting the
++ manager
++ - overlord/ifacestate: increase flexibility of unit tests
++ - overlord: use state to discover all installed snaps
++ - overlord/ifacestate: track connections in the state
++ - many: separate copy-data from unlinking of current snap
++ - overlord/auth,store/auth: add macaroon authenticator to UserState
++ - client: support for /v2/changes and /v2/changes/{id}
++ - daemon/api,overlord/auth: rework authenticated users information
++ in state
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 14 Apr 2016 23:29:43 +0200
++
++snapd (1.9.2) xenial; urgency=medium
++
++ * New upstream release:
++ - cmd/snap,daemon,store: rework login command to use daemon login
++ API
++ - store: cache suggested currency from the store
++ - overlord/ifacestate: modularize and extend tests
++ - integration-tests: reenable failure tests
++ - daemon: include progress in rest changes
++ - daemon, overlord/state: expose individual changes
++ - overlord/ifacestate: drop duplicate package comment
++ - overlord/ifacestate: allow tests to override security backends
++ - cmd/snap: install *.snap and *.snap.* as files too
++ - interfaces/apparmor: replace /var/lib/snap with /var/snap
++ - daemon,overlord/ifacestate: connect REST API to interfaces in the
++ overlord
++ - debian: remove unneeded dependencies from snapd
++ - overlord/state: checkpoint on final progress only
++ - osutil: introduce IsUIDInAny
++ - overlord/snapstate: rename GetSnapState to Get, SetSnapState to
++ Set
++ - daemon: add id to changes json
++ - overlord/snapstate: SetSnapState() needs locks
++ - overlord: fix broken tests
++ - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
++ Info) actually using the state
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Apr 2016 17:27:00 +0200
++
++snapd (1.9.1.1) xenial; urgency=medium
++
++ * debian/tests/control:
++ - add git to make autopkgtest work
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 17:19:19 +0200
++
++snapd (1.9.1) xenial; urgency=medium
++
++ * Add warning about installing ubuntu-core-snapd-units on Desktop systems.
++ * Add ${misc:Depends} to ubuntu-core-snapd-units.
++ * interfaces,overlord: add support for auto-connecting plugs on
++ install
++ * fix sideloading snaps and (re)add tests for this
++ * add `ca-certificates` to the test-dependencies to fix autopkgtest
++ failure on armhf
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 14:39:57 +0200
++
++snapd (1.9) xenial; urgency=medium
++
++ * rename source and binary package to "snapd"
++ * update directory layout to final 16.04 layout
++ * use `snap` command instead of the previous `snappy`
++ * use `interface` based security
++ * use new state engine for install/update/remove
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 Apr 2016 01:05:09 +0200
++
++ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium
++
++ - debian: update versionized ubuntu-core-launcher dependency
++ - debian: tweak desktop file dir, ship Xsession.d snip for seamless
++ integration
++ - snappy: fix hw-assign to work with per-app udev tags
++ - snappy: use $snap.$app as per-app udev tag
++ - snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
++ - snappy: add mksquashfs --no-xattrs parameter
++ - snap,snappy,systemd: kill SNAP_FULLNAME
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 10 Mar 2016 09:26:20 +0100
++
++ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium
++
++ - snappy,snap: move icon under meta/gui/
++ - debian: add snap.8 manpage
++ - debian: move snapd to /usr/lib/snappy/snapd
++ - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
++ - snappy,dirs: add support to use desktop files from inside snaps
++ - daemon: snapd API events endpoint redux
++ - interfaces/builtin: add "network" interface
++ - overlord/state: do small fixes (typo, id clashes paranoia)
++ - overlord: add first pass of the logic in StateEngine itself
++ - overlord/state: introduce Status/SetStatus on Change
++ - interfaces: support permanent security snippets
++ - overlord/state: introduce Status/SetStatus and
++ Progress/SetProgress on Task
++ - overlord/state: introduce Task and Change.NewTask
++ - many: selectively swap semantics of plugs and slots
++ - client,cmd/snap: remove useless indirection in Interfaces
++ - interfaces: maintain Plug and Slot connection details
++ - client,daemon,cmd/snap: change POST /2.0/interfaces to work with
++ lists
++ - overlord/state: introduce Change and NewChange on state to create
++ them
++ - snappy: bugfix for snap.yaml parsing to be more consistent with
++ the spec
++ - snappy,systemd: remove "ports" from snap.yaml
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 08 Mar 2016 11:24:09 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium
++
++ * rename:
++ debian/golang-snappy-dev.install ->
++ debian/golang-github-ubuntu-core-snappy-dev.install:
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:29:16 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium
++
++ * really fix typo in dependency name
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:21:39 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium
++
++ * fix typo in dependency name
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 12:05:36 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium
++
++ - debian: update build-depends for MIR
++ - many: implement new REST API: GET /2.0/interfaces
++ - integration-tests: properly stop snapd from branch
++ - cmd/snap: update tests for go-flags changes
++ - overlord/state: implement Lock/Unlock with implicit checkpointing
++ - overlord: split out the managers and State to their own
++ subpackages of overlord
++ - snappy: rename "migration-skill" to "old-security" and use new
++ interface names instead of skills
++ - client,cmd/snap: clarify name ambiguity in Plug or Slot
++ - overlord: start working on state engine along spec v2, have the
++ main skeleton follow that
++ - classic, oauth: update tests for change in MakeRandomString()
++ - client,cmd/snap: s/add/install/:-(
++ - interfaces,daemon: specialize Name to either Plug or Slot
++ - interfaces,interfaces/types: unify security snippet functions
++ - snapd: close the listener on Stop, to force the http.Serve loop to
++ exit
++ - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
++ explicit channel selection to rest api
++ - interfaces,daemon: rename package holding built-in interfaces
++ - integration-tests: add the first classic dimension tests
++ - client,deaemon,docs: rename skills to interfaces on the wire
++ - asserts: add identity assertion type
++ - integration-tests: add the no_proxy env var
++ - debian: update build-depends for new package names
++ - oauth: fix oauth & quoting in the oauth_signature
++ - integration-tests: remove unused field
++ - integration-tests: add the http proxy argument
++ - interfaces,interfaces/types,deamon: mass internal rename to
++ interfaces
++ - client,cmd/snap: rename skills to interfaces (part 2)
++ - arch: fix missing mapping for powerpc
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2016 11:00:19 +0100
++
++ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium
++
++ - integration-tests: always use the built snapd when compiling
++ binaries from branch
++ - cmd/snap: rename skills to interfaces
++ - testutil,skills/types,skills,daemon: tweak discovery of know skill
++ types
++ - docs: add docs for arm64 cross building
++ - overlord: implement basic ReadState/WriteState
++ - overlord: implement Get/Set/Copy on State
++ - integration-tests: fix dd output check
++ - integration-tests: add fromBranch config field
++ - integration-tests: use cli pkg methods in hwAssignSuite
++ - debian: do not create the snappypkg user, we don't need it anymore
++ - arch: fix build failure on s390x
++ - classic: cleanup downloaded lxd tarball
++ - cmd/snap,client,integration-tests: rename snap subcmds
++ 'assert'=>'ack', 'asserts'=>'known'
++ - skills: fix broken tests builds
++ - skills,skills/types: pass slot to SlotSecuritySnippet()
++ - skills/types: teach bool-file about udev security
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 25 Feb 2016 16:17:19 +0100
++
++ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium
++
++ * New git snapshot:
++ - asserts: introduce snap-declaration
++ - cmd/snap: fix integration tests for the "cmd_asserts"
++ - integration-tests: fix fanctl output check
++ - cmd/snap: fix test failure after merging 23a64e6
++ - cmd/snap: replace skip-help with empty description
++ - docs: update security.md to match current migration-skill
++ semantics
++ - snappy: treat commands with 'daemon' field as services
++ - asserts: use more consistent names for receivers in
++ snap_asserts*.go
++ - debian: add missing golang-websocket-dev build-dependency
++ - classic: if classic fails to get created, undo the bind mounts
++ - snappy: never return nil in NewLocalSnapRepository()
++ - notifications: A simple notification system
++ - snappy: when using staging, authenticate there instead
++ - integration-tests/snapd: fix the start of the test snapd socket
++ - skills/types: use CamelCase for security names
++ - skills: add support for implicit revoke
++ - skills: add security layer
++ - integration-tests: use exec.Command wrapper for updates
++ - cmd/snap: add 'snap skills'
++ - cms/snap: add 'snap revoke'
++ - docs: add docs for skills API
++ - cmd/snap: add 'snap grant'
++ - cmd/snappy, coreconfig, daemon, snappy: move config to always be
++ bytes (in and out)
++ - overlord: start with a skeleton and stubs for Overlord,
++ StateEngine, StateJournal and managers
++ - integration-tests: skip tests affected by LP: #1544507
++ - skills/types: add bool-file
++ - po: refresh translation templates
++ - cmd/snap: add 'snap experimental remove-skill-slot'
++ - asserts: introduce device assertion
++ - cmd/snap: implemented add, remove, purge, refresh, rollback,
++ activate, deactivate
++ - cmd/snap: add 'snap experimental add-skill-slot'
++ - cmd/snap: add 'snap experimental remove-skill'
++ - cmd/snap: add tests for common skills code
++ - cmd/snap: add 'snap experimental add-skill'
++ - asserts: make assertion checkers used by db.Check modular and
++ pluggable
++ - cmd,client,daemon,caps,docs,po: remove capabilities
++ - scripts: move the script to get dependencies to a separate file
++ - asserts: make the disk layout compatible for storing more than one
++ revision
++ - cmd/snap: make the assert command options exported
++ - integration-tests: Remove the target release and channel
++ - asserts: introduce model assertion
++ - integration-tests: add exec.Cmd wrapper
++ - cmd/snap: add client test support methods
++ - cmd/snap: move key=value attribute parsing to commmon
++ - cmd/snap: apply new style consistency to "snap" commands.
++ - cmd/snap: support redirecting the client for testing
++ - cmd/snap: support testing command output
++ - snappy,daemon: remove the meta repositories abstractions
++ - cmd: add support for experimental commands
++ - cmd/snappy,daemon,snap,snappy: remove SetActive from parts
++ - cmd/snappy,daemon,snappy,snap: remove config from parts interface
++ - client: improve test data
++ - cmd: allow to construct a fresh parser
++ - cmd: don't treat help as an error
++ - cmd/snappy,snappy: remove "Details" from the repository interface
++ - asserts: check that primary keys are set when
++ Decode()ing/assembling assertions
++ - snap,snappy: refactor to remove "Install" from the Part interface
++ - client,cmd: make client.New() configurable
++ - client: enable retrieving asynchronous operation information with
++ `Client.Operation`.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 23 Feb 2016 11:28:18 +0100
++
++ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium
++
++ * New git snapshot:
++ - integration-tests: fix the rollback error messages
++ - integration-test: use the common cli method when trying to install
++ an unexisting snap
++ - integration-tests: rename snap find test
++ - daemon: refactor makeErrorResponder()
++ - integration: add regression test for LP: #1541317
++ - integration-tests: reenable TestRollbackMustRebootToOtherVersion
++ - asserts: introduce "snap asserts" subcmd to show assertions in the
++ system db
++ - docs: fix parameter style
++ - daemon: use underscore in JSON interface
++ - client: add skills API
++ - asserts,docs/rest.md: change Encoder not to add extra newlines at
++ the end of the stream
++ - integration-tests: "snappy search" is no more, its "snap search"
++ now
++ - README, integration-tests/tests: chmod snapd.socket after manual
++ start.
++ - snappy: add default security profile if none is specified
++ - skills,daemon: add REST APIs for skills
++ - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
++ - The first step towards REST world domination: search is now done
++ via
++ - debian: remove obsolete /etc/grub.d/09_snappy on upgrade
++ - skills: provide different security snippets for skill and slot
++ side
++ - osutil: make go vet happy again
++ - snappy,systemd: use Type field in systemd.ServiceDescription
++ - skills: add basic grant-revoke methods
++ - client,daemon,asserts: expose the ability to query assertions in
++ the system db
++ - skills: add basic methods for slot handling
++ - snappy,daemon,snap: move "Uninstall" into overlord
++ - snappy: move SnapFile.Install() into Overlord.Install()
++ - integration-tests: re-enable some failover tests
++ - client: remove snaps
++ - asserts: uniform searching across trusted (account keys) and main
++ backstore
++ - asserts: introduce Decoder to parse streams of assertions and
++ Encoder to build them
++ - client: filter snaps with a search query
++ - client: pass query as well as path in client internals
++ - skills: provide different security snippets for skill and slot
++ side
++ - snappy: refactor snapYaml to remove methods on snapYaml type
++ - snappy: remove unused variable from test
++ - skills: add basic methods for skill handing
++ - snappy: remove support for meta/package.yaml and implement new
++ meta/snap.yaml
++ - snappy: add new overlord type responsible for
++ Installed/Install/Uninstall/SetActive and stub it out
++ - skills: add basic methods for type handling
++ - daemon, snappy: add find (aka search)
++ - client: filter snaps by type
++ - skills: tweak valid names and error messages
++ - skills: add special skill type for testing
++ - cmd/snapd,daemon: filter snaps by type
++ - partition: remove obsolete uEnv.txt
++ - skills: add Type interface
++ - integration-tests: fix the bootloader path
++ - asserts: introduce a memory backed assertion backstore
++ - integration-tests: get name of OS snap from bootloader
++ - cmd/snapd,daemon: filter snaps by source
++ - asserts,daemon: bump some copyright years for things that have
++ been touched in the new year
++ - skills: add the initial Repository type
++ - skills: add a name validation function
++ - client: filter snaps by source
++ - snappy: unmount the squashfs snap again if it fails to install
++ - snap: make a copy of the search uri before mutating it
++ Closes: LP#1537005
++ - cmd/snap,client,daemon,asserts: introduce "assert " snap
++ subcommand
++ - cmd/snappy, snappy: fix failover handling of the "active"
++ kernel/os snap
++ - daemon, client, docs/rest.md, snapd integration tests: move to the
++ new error response
++ - asserts: change Backstore interface, backstores can now access
++ primary key names from types
++ - asserts: make AssertionType into a real struct exposing the
++ metadata Name and PrimaryKey
++ - caps: improve bool-file sanitization
++ - asserts: fixup toolbelt to use exposed key ID.
++ - client: return by reference rather than by value
++ - asserts: exported filesystem backstores + explicit backstores
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 04 Feb 2016 16:35:31 +0100
++
++ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium
++
++ * New git snapshot
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Jan 2016 11:25:40 +0100
++
++ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium
++
++ * New upstream release:
++ - bin-path integration
++ - assertions/capability work
++ - fix squashfs based snap building
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Dec 2015 08:46:35 +0100
++
++ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium
++
++ * New upstream release:
++ - fix dependencies
++ - fix armhf builds
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 02 Dec 2015 07:46:07 +0100
++
++ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium
++
++ * New upstream release:
++ - kernel/os snap support
++ - squashfs snap support
++ - initial capabilities work
++ - initial assertitions work
++ - rest API support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 18 Nov 2015 19:59:51 +0100
++
++ubuntu-snappy (1.6ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
++ - Fix handleAssets name normalization
++ - Run boot-ok job late (LP: #1476129)
++ - Add support for systemd socket files
++ - Add "snappy service" command
++ - Documentation improvements
++ - Many test improvements (unit and integration)
++ - Override sideload versions
++ - Go1.5 fixes
++ - Add i18n
++ - Add man-page
++ - Add .snapignore
++ - Run services that uses external ports only after the network is up
++ - Bufix in Synbootloader (LP: 1474125)
++ - Use uboot.env for boot state tracking
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 09 Sep 2015 14:20:22 +0200
++
++ubuntu-snappy (1.5ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Use O_TRUNC when copying files
++ - Added path redefinition to include test's binaries location
++ - Don't run update-grub, instead use grub.cfg from the oem
++ package
++ - Do network configuration from first boot
++ - zero size systemd of new partition made executable to
++ prevent unrecoverable boot failure
++ - Close downloaded files
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Mon, 06 Jul 2015 15:14:37 -0300
++
++ubuntu-snappy (1.4ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Allow to run the integration tests using snappy from branch
++ - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
++ - add a bunch of missing i18n.G() now that we have gettext
++ - Generate only the translators comments that start with
++ TRANSLATORS
++ - Try both clickpkg and snappypkg when dropping privs
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 02 Jul 2015 16:21:53 -0300
++
++ubuntu-snappy (1.3ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - gettext support
++ - use snappypkg user for the installed snaps
++ - switch to system-image-3.x as the system-image backend
++ - more reliable developer mode detection
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 01 Jul 2015 10:37:05 +0200
++
++ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Consider the root directory when installing and removing policies
++ - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
++ before creating the partition type
++ - In the PartitionTestSuite, remove the unnecessary patches for
++ defaultCacheDir
++ - Fix the help output of "snappy install -h"
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 17 Jun 2015 11:42:47 -0300
++
++ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Remove compatibility for click-bin-path in generated exec-wrappers
++ - Release the readme.md after parsing it
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Thu, 11 Jun 2015 23:42:49 -0300
++
++ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium
++
++ * New upstream release, including the following changes:
++ - Set all app services to restart on failure
++ - Fixes the missing oauth quoting and makes the code a bit nicer
++ - Added integrate() to set Integration to default values needed for
++ integration
++ - Moved setActivateClick to be a method of SnapPart
++ - Make unsetActiveClick a method of SnapPart
++ - Check the package.yaml for the required fields
++ - Integrate lp:snappy/selftest branch into snappy itself
++ - API to record information about the image and to check if the kernel was
++ sideloaded.
++ - Factor out update from cmd
++ - Continue updating when a sideload error is returned
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com> Wed, 10 Jun 2015 15:54:12 -0300
++
++ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low
++
++ * New wily upload with fix for go 1.4 syscall.Setgid() breakage
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 09 Jun 2015 10:02:04 +0200
++
++ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low
++
++ * fix symlink unpacking
++ * fix typo in apparmor rules generation
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 16:09:56 +0200
++
++ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low
++
++ * 15.04 archive upload
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 23 Apr 2015 11:08:22 +0200
++
++ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium
++
++ * initial ubuntu archive upload
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Mon, 13 Apr 2015 22:48:13 -0500
++
++ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low
++
++ * new snapshot
++
++ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Feb 2015 13:51:22 +0100
++
++ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium
++
++ * Initial packaging
++
++ -- Sergio Schvezov <sergio.schvezov@canonical.com> Fri, 06 Feb 2015 02:25:43 -0200
--- /dev/null
--- /dev/null
++Index: snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c
++===================================================================
++--- snapd-2.49.orig/cmd/libsnap-confine-private/apparmor-support.c
+++++ snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c
++@@ -20,6 +20,8 @@
++ #endif
++
++ #include "apparmor-support.h"
+++#include "string-utils.h"
+++#include "utils.h"
++
++ #include <string.h>
++ #include <errno.h>
++@@ -53,18 +55,24 @@ void sc_init_apparmor_support(struct sc_
++ debug
++ ("apparmor is available on the system but has been disabled at boot");
++ break;
++- case ENOENT:
++- debug
++- ("apparmor is available but the interface but the interface is not available");
++- break;
++ case EPERM:
++ // NOTE: fall-through
++ case EACCES:
++ debug
++ ("insufficient permissions to determine if apparmor is enabled");
++- break;
+++ // since snap-confine is setuid root this should
+++ // never happen so likely someone is trying to
+++ // manipulate our execution environment - fail hard
+++
+++ // fall-through
+++ case ENOENT:
+++ case ENOMEM:
++ default:
++- debug("apparmor is not enabled: %s", strerror(errno));
+++ // this shouldn't happen under normal usage so it
+++ // is possible someone is trying to manipulate our
+++ // execution environment - fail hard
+++ die("aa_is_enabled() failed unexpectedly (%s)",
+++ strerror(errno));
++ break;
++ }
++ apparmor->is_confined = false;
++@@ -81,13 +89,13 @@ void sc_init_apparmor_support(struct sc_
++ }
++ debug("apparmor label on snap-confine is: %s", label);
++ debug("apparmor mode is: %s", mode);
++- // The label has a special value "unconfined" that is applied to all
++- // processes without a dedicated profile. If that label is used then the
++- // current process is not confined. All other labels imply confinement.
++- if (label != NULL && strcmp(label, SC_AA_UNCONFINED_STR) == 0) {
++- apparmor->is_confined = false;
++- } else {
+++ // expect to be confined by a profile with the name of a valid
+++ // snap-confine binary since if not we may be executed under a
+++ // profile with more permissions than expected
+++ if (label != NULL && sc_streq(mode, SC_AA_ENFORCE_STR) && sc_is_expected_path(label)) {
++ apparmor->is_confined = true;
+++ } else {
+++ apparmor->is_confined = false;
++ }
++ // There are several possible results for the confinement type (mode) that
++ // are checked for below.
++Index: snapd-2.49/cmd/libsnap-confine-private/tool.c
++===================================================================
++--- snapd-2.49.orig/cmd/libsnap-confine-private/tool.c
+++++ snapd-2.49/cmd/libsnap-confine-private/tool.c
++@@ -110,7 +110,7 @@ void sc_call_snap_update_ns_as_user(int
++ snap_name);
++
++ const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR");
++- char xdg_runtime_dir_env[PATH_MAX + strlen("XDG_RUNTIME_DIR=")];
+++ char xdg_runtime_dir_env[PATH_MAX + sizeof("XDG_RUNTIME_DIR=")] = { 0 };
++ if (xdg_runtime_dir != NULL) {
++ sc_must_snprintf(xdg_runtime_dir_env,
++ sizeof(xdg_runtime_dir_env),
++@@ -163,14 +163,21 @@ static int sc_open_snapd_tool(const char
++ // want to store the terminating '\0'. The readlink system call doesn't add
++ // terminating null, but our initialization of buf handles this for us.
++ char buf[PATH_MAX + 1] = { 0 };
++- if (readlink("/proc/self/exe", buf, sizeof buf) < 0) {
+++ if (readlink("/proc/self/exe", buf, sizeof(buf) - 1) < 0) {
++ die("cannot readlink /proc/self/exe");
++ }
++ if (buf[0] != '/') { // this shouldn't happen, but make sure have absolute path
++ die("readlink /proc/self/exe returned relative path");
++ }
+++ // as we are looking up other tools relative to our own path, check
+++ // we are located where we think we should be - otherwise we
+++ // may have been hardlink'd elsewhere and then may execute the
+++ // wrong tool as a result
+++ if (!sc_is_expected_path(buf)) {
+++ die("running from unexpected location: %s", buf);
+++ }
++ char *dir_name = dirname(buf);
++- int dir_fd SC_CLEANUP(sc_cleanup_close) = 1;
+++ int dir_fd SC_CLEANUP(sc_cleanup_close) = -1;
++ dir_fd = open(dir_name, O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
++ if (dir_fd < 0) {
++ die("cannot open path %s", dir_name);
++Index: snapd-2.49/cmd/libsnap-confine-private/utils-test.c
++===================================================================
++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils-test.c
+++++ snapd-2.49/cmd/libsnap-confine-private/utils-test.c
++@@ -71,6 +71,37 @@ static void test_parse_bool(void)
++ g_assert_cmpint(errno, ==, EFAULT);
++ }
++
+++static void test_sc_is_expected_path(void)
+++{
+++ struct {
+++ const char *path;
+++ bool expected;
+++ } test_cases[] = {
+++ {"/tmp/snap-confine", false},
+++ {"/tmp/foo", false},
+++ {"/home/ ", false},
+++ {"/usr/lib/snapd/snap-confine1", false},
+++ {"/usr/lib/snapd/snap—confine", false},
+++ {"/snap/core/usr/lib/snapd/snap-confine", false},
+++ {"/snap/core/x1x/usr/lib/snapd/snap-confine", false},
+++ {"/snap/core/z1/usr/lib/snapd/snap-confine", false},
+++ {"/snap/cꓳre/1/usr/lib/snapd/snap-confine", false},
+++ {"/snap/snapd1/1/usr/lib/snapd/snap-confine", false},
+++ {"/snap/core/current/usr/lib/snapd/snap-confine", false},
+++ {"/usr/lib/snapd/snap-confine", true},
+++ {"/usr/libexec/snapd/snap-confine", true},
+++ {"/snap/core/1/usr/lib/snapd/snap-confine", true},
+++ {"/snap/core/x1/usr/lib/snapd/snap-confine", true},
+++ {"/snap/snapd/1/usr/lib/snapd/snap-confine", true},
+++ {"/snap/snapd/1/usr/libexec/snapd/snap-confine", false},
+++ };
+++ size_t i;
+++ for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
+++ bool result = sc_is_expected_path(test_cases[i].path);
+++ g_assert_cmpint(result, ==, test_cases[i].expected);
+++ }
+++}
+++
++ static void test_die(void)
++ {
++ if (g_test_subprocess()) {
++@@ -194,6 +225,7 @@ static void test_sc_nonfatal_mkpath__abs
++ static void __attribute__((constructor)) init(void)
++ {
++ g_test_add_func("/utils/parse_bool", test_parse_bool);
+++ g_test_add_func("/utils/sc_is_expected_path", test_sc_is_expected_path);
++ g_test_add_func("/utils/die", test_die);
++ g_test_add_func("/utils/die_with_errno", test_die_with_errno);
++ g_test_add_func("/utils/sc_nonfatal_mkpath/relative",
++Index: snapd-2.49/cmd/libsnap-confine-private/utils.c
++===================================================================
++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.c
+++++ snapd-2.49/cmd/libsnap-confine-private/utils.c
++@@ -16,6 +16,7 @@
++ */
++ #include <errno.h>
++ #include <fcntl.h>
+++#include <regex.h>
++ #include <stdarg.h>
++ #include <stdio.h>
++ #include <stdlib.h>
++@@ -237,3 +238,15 @@ int sc_nonfatal_mkpath(const char *const
++ }
++ return 0;
++ }
+++
+++bool sc_is_expected_path(const char *path)
+++{
+++ const char *expected_path_re =
+++ "^(/snap/(snapd|core)/x?[0-9]+/usr/lib|/usr/lib(exec)?)/snapd/snap-confine$";
+++ regex_t re;
+++ if (regcomp(&re, expected_path_re, REG_EXTENDED | REG_NOSUB) != 0)
+++ die("can not compile regex %s", expected_path_re);
+++ int status = regexec(&re, path, 0, NULL, 0);
+++ regfree(&re);
+++ return status == 0;
+++}
++Index: snapd-2.49/cmd/libsnap-confine-private/utils.h
++===================================================================
++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.h
+++++ snapd-2.49/cmd/libsnap-confine-private/utils.h
++@@ -101,4 +101,10 @@ void write_string_to_file(const char *fi
++ **/
++ __attribute__((warn_unused_result))
++ int sc_nonfatal_mkpath(const char *const path, mode_t mode);
+++
+++/**
+++ * Return true if path is a valid path for the snap-confine binary
+++ **/
+++__attribute__((warn_unused_result))
+++bool sc_is_expected_path(const char *path);
++ #endif
++Index: snapd-2.49/cmd/snap-confine/mount-support-test.c
++===================================================================
++--- snapd-2.49.orig/cmd/snap-confine/mount-support-test.c
+++++ snapd-2.49/cmd/snap-confine/mount-support-test.c
++@@ -21,6 +21,7 @@
++ #include "mount-support-nvidia.c"
++
++ #include <glib.h>
+++#include <glib/gstdio.h>
++
++ static void replace_slashes_with_NUL(char *path, size_t len)
++ {
++@@ -91,10 +92,50 @@ static void test_is_subdir(void)
++ g_assert_false(is_subdir("/", ""));
++ }
++
+++static void test_must_mkdir_and_open_with_perms(void)
+++{
+++ // make a directory with some contents and check we can
+++ // must_mkdir_and_open_with_perms() to get control of it
+++ GError *error = NULL;
+++ GStatBuf st;
+++ gchar *test_dir = g_dir_make_tmp("test-mkdir-XXXXXX", &error);
+++ g_assert_no_error(error);
+++ g_assert_nonnull(test_dir);
+++ g_assert_cmpint(chmod(test_dir, 0755), ==, 0);
+++ g_assert_true(g_file_test
+++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
+++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0);
+++ g_assert_true(st.st_uid == getuid());
+++ g_assert_true(st.st_gid == getgid());
+++ g_assert_true(st.st_mode == (S_IFDIR | 0755));
+++
+++ gchar *test_subdir = g_build_filename(test_dir, "foo", NULL);
+++ g_assert_cmpint(g_mkdir_with_parents(test_dir, 0755), ==, 0);
+++ g_file_test(test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR);
+++
+++ // take over dir
+++ int fd =
+++ must_mkdir_and_open_with_perms(test_dir, getuid(), getgid(), 0700);
+++ // check can unlink dir itself with no contents successfully and it
+++ // still exists
+++ g_assert_cmpint(fd, >=, 0);
+++ g_assert_false(g_file_test
+++ (test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
+++ g_assert_true(g_file_test
+++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR));
+++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0);
+++ g_assert_true(st.st_uid == getuid());
+++ g_assert_true(st.st_gid == getgid());
+++ g_assert_true(st.st_mode == (S_IFDIR | 0700));
+++ close(fd);
+++}
+++
++ static void __attribute__((constructor)) init(void)
++ {
++ g_test_add_func("/mount/get_nextpath/typical",
++ test_get_nextpath__typical);
++ g_test_add_func("/mount/get_nextpath/weird", test_get_nextpath__weird);
++ g_test_add_func("/mount/is_subdir", test_is_subdir);
+++ g_test_add_func("/mount/must_mkdir_and_open_with_perms",
+++ test_must_mkdir_and_open_with_perms);
++ }
++Index: snapd-2.49/cmd/snap-confine/mount-support.c
++===================================================================
++--- snapd-2.49.orig/cmd/snap-confine/mount-support.c
+++++ snapd-2.49/cmd/snap-confine/mount-support.c
++@@ -14,6 +14,7 @@
++ * along with this program. If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
+++
++ #ifdef HAVE_CONFIG_H
++ #include "config.h"
++ #endif
++@@ -51,6 +52,91 @@
++
++ static void sc_detach_views_of_writable(sc_distro distro, bool normal_mode);
++
+++static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid,
+++ mode_t mode)
+++{
+++ int retries = 10;
+++ int fd;
+++
+++ mkdir:
+++ if (--retries == 0) {
+++ die("lost race to create dir %s too many times", dir);
+++ }
+++ // Ignore EEXIST since we want to reuse and we will open with
+++ // O_NOFOLLOW, below.
+++ if (mkdir(dir, 0700) < 0 && errno != EEXIST) {
+++ die("cannot create directory %s", dir);
+++ }
+++ fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
+++ if (fd < 0) {
+++ // if is not a directory then remove it and try again
+++ if (errno == ENOTDIR && unlink(dir) == 0) {
+++ goto mkdir;
+++ }
+++ die("cannot open directory %s", dir);
+++ }
+++ // ensure base_dir has the expected permissions since it may have
+++ // already existed
+++ struct stat st;
+++ if (fstat(fd, &st) < 0) {
+++ die("cannot stat base directory %s", dir);
+++ }
+++ if (st.st_uid != uid || st.st_gid != gid
+++ || st.st_mode != (S_IFDIR | mode)) {
+++ unsigned char random[10] = { 0 };
+++ char random_dir[MAX_BUF] = { 0 };
+++ int offset;
+++ size_t i;
+++
+++ // base_dir isn't what we expect - create a random
+++ // directory name and rename the existing erroneous
+++ // base_dir to this then try recreating it again - NOTE we
+++ // don't use mkdtemp() here since we don't want to actually
+++ // create the directory yet as we want rename() to do that
+++ // for us
+++#ifdef SYS_getrandom
+++ // use syscall(SYS_getrandom) since getrandom() is
+++ // not available on older glibc
+++ if (syscall(SYS_getrandom, random, sizeof(random), 0) !=
+++ sizeof(random)) {
+++ die("cannot get random bytes");
+++ }
+++#else
+++ // use /dev/urandom on older systems which don't support
+++ // SYS_getrandom
+++ int rfd = open("/dev/urandom", O_RDONLY);
+++ if (rfd < 0) {
+++ die("cannot open /dev/urandom");
+++ }
+++ if (read(rfd, random, sizeof(random)) != sizeof(random)) {
+++ die("cannot get random bytes");
+++ }
+++ close(rfd);
+++#endif
+++ offset =
+++ sc_must_snprintf(random_dir, sizeof(random_dir), "%s.",
+++ dir);
+++ for (i = 0; i < sizeof(random); i++) {
+++ offset +=
+++ sc_must_snprintf(random_dir + offset,
+++ sizeof(random_dir) - offset,
+++ "%02x", (unsigned int)random[i]);
+++ }
+++ // try and get dir which we own by renaming it to something
+++ // else then creating it again
+++
+++ // TODO - change this to use renameat2(RENAME_EXCHANGE)
+++ // once we can use a newer version of glibc for snapd
+++ if (rename(dir, random_dir) < 0) {
+++ die("cannot rename base_dir to random_dir '%s'",
+++ random_dir);
+++ }
+++ close(fd);
+++ goto mkdir;
+++ }
+++ return fd;
+++}
+++
++ // TODO: simplify this, after all it is just a tmpfs
++ // TODO: fold this into bootstrap
++ static void setup_private_mount(const char *snap_name)
++@@ -86,29 +172,8 @@ static void setup_private_mount(const ch
++ /* Switch to root group so that mkdir and open calls below create filesystem
++ * elements that are not owned by the user calling into snap-confine. */
++ sc_identity old = sc_set_effective_identity(sc_root_group_identity());
++- // Create /tmp/snap.$SNAP_NAME/ 0700 root.root. Ignore EEXIST since we want
++- // to reuse and we will open with O_NOFOLLOW, below.
++- if (mkdir(base_dir, 0700) < 0 && errno != EEXIST) {
++- die("cannot create base directory %s", base_dir);
++- }
++- base_dir_fd = open(base_dir,
++- O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
++- if (base_dir_fd < 0) {
++- die("cannot open base directory %s", base_dir);
++- }
++- /* This seems redundant on first read but it has the non-obvious
++- * property of changing existing directories that have already existed
++- * but had incorrect ownership or permission. This is possible due to
++- * earlier bugs in snap-confine and due to the fact that some systems
++- * use persistent /tmp directory and may not clean up leftover files
++- * for arbitrarily long. This comment applies the following two pairs
++- * of fchmod and fchown. */
++- if (fchmod(base_dir_fd, 0700) < 0) {
++- die("cannot chmod base directory %s to 0700", base_dir);
++- }
++- if (fchown(base_dir_fd, 0, 0) < 0) {
++- die("cannot chown base directory %s to root.root", base_dir);
++- }
+++ // Create /tmp/snap.$SNAP_NAME/ 0700 root.root.
+++ base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700);
++ // Create /tmp/snap.$SNAP_NAME/tmp 01777 root.root Ignore EEXIST since we
++ // want to reuse and we will open with O_NOFOLLOW, below.
++ if (mkdirat(base_dir_fd, "tmp", 01777) < 0 && errno != EEXIST) {
++@@ -120,14 +185,14 @@ static void setup_private_mount(const ch
++ if (tmp_dir_fd < 0) {
++ die("cannot open private tmp directory %s/tmp", base_dir);
++ }
++- if (fchmod(tmp_dir_fd, 01777) < 0) {
++- die("cannot chmod private tmp directory %s/tmp to 01777",
++- base_dir);
++- }
++ if (fchown(tmp_dir_fd, 0, 0) < 0) {
++ die("cannot chown private tmp directory %s/tmp to root.root",
++ base_dir);
++ }
+++ if (fchmod(tmp_dir_fd, 01777) < 0) {
+++ die("cannot chmod private tmp directory %s/tmp to 01777",
+++ base_dir);
+++ }
++ sc_do_mount(tmp_dir, "/tmp", NULL, MS_BIND, NULL);
++ sc_do_mount("none", "/tmp", NULL, MS_PRIVATE, NULL);
++ }
++@@ -448,7 +513,8 @@ static void sc_bootstrap_mount_namespace
++ sc_identity old = sc_set_effective_identity(sc_root_group_identity());
++ if (mkdir(SC_HOSTFS_DIR, 0755) < 0) {
++ if (errno != EEXIST) {
++- die("cannot perform operation: mkdir %s", SC_HOSTFS_DIR);
+++ die("cannot perform operation: mkdir %s",
+++ SC_HOSTFS_DIR);
++ }
++ }
++ (void)sc_set_effective_identity(old);
++Index: snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in
++===================================================================
++--- snapd-2.49.orig/cmd/snap-confine/snap-confine.apparmor.in
+++++ snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in
++@@ -41,6 +41,17 @@
++
++ @LIBEXECDIR@/snap-confine mr,
++
+++ # This rule is needed when executing from a "base: core" devmode snap on
+++ # UC18 and newer where the /usr/lib/snapd/snap-confine inside the
+++ # "base: core" mount namespace always comes from the snapd snap, and thus
+++ # we will execute snap-confine via this path, and thus need to be able to
+++ # read this path when executing. It's also necessary on classic where both
+++ # the snapd and the core snap are installed at the same time.
+++ # TODO: remove this rule when we stop supporting executing other snaps from
+++ # inside devmode snaps, ideally even in the short term we would only include
+++ # this rule on core only, and specifically uc18 and newer where we need it
+++ #@VERBATIM_LIBEXECDIR_SNAP_CONFINE@ mr,
+++
++ /dev/null rw,
++ /dev/full rw,
++ /dev/zero rw,
++@@ -376,10 +387,10 @@
++ # stacked filesystems generally.
++ # encrypted ~/.Private and old-style encrypted $HOME
++ @{HOME}/.Private/ r,
++- @{HOME}/.Private/** mrixwlk,
+++ @{HOME}/.Private/** mrwlk,
++ # new-style encrypted $HOME
++ @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
++- @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
+++ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
++
++ # Allow snap-confine to move to the void, creating it if necessary.
++ /var/lib/snapd/void/ rw,
++Index: snapd-2.49/interfaces/apparmor/apparmor.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/apparmor.go
+++++ snapd-2.49/interfaces/apparmor/apparmor.go
++@@ -38,17 +38,6 @@ import (
++ "github.com/snapcore/snapd/osutil"
++ )
++
++-// ValidateNoAppArmorRegexp will check that the given string does not
++-// contain AppArmor regular expressions (AARE), double quotes or \0.
++-func ValidateNoAppArmorRegexp(s string) error {
++- const AARE = `?*[]{}^"` + "\x00"
++-
++- if strings.ContainsAny(s, AARE) {
++- return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE)
++- }
++- return nil
++-}
++-
++ type aaParserFlags int
++
++ const (
++Index: snapd-2.49/interfaces/apparmor/apparmor_test.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/apparmor_test.go
+++++ snapd-2.49/interfaces/apparmor/apparmor_test.go
++@@ -217,22 +217,6 @@ func (s *appArmorSuite) TestLoadedApparm
++ c.Check(profiles, IsNil)
++ }
++
++-func (s *appArmorSuite) TestValidateFreeFromAAREUnhappy(c *C) {
++- var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"}
++-
++- for _, s := range testCases {
++- c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s))
++- }
++-}
++-
++-func (s *appArmorSuite) TestValidateFreeFromAAREhappy(c *C) {
++- var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a<b", "a|b"}
++-
++- for _, s := range testCases {
++- c.Check(apparmor.ValidateNoAppArmorRegexp(s), IsNil, Commentf("%q raised an error but shouldn't", s))
++- }
++-}
++-
++ func (s *appArmorSuite) TestMaybeSetNumberOfJobs(c *C) {
++ var cpus int
++ restore := apparmor.MockRuntimeNumCPU(func() int {
++Index: snapd-2.49/interfaces/apparmor/backend.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/backend.go
+++++ snapd-2.49/interfaces/apparmor/backend.go
++@@ -69,6 +69,9 @@ var (
++ // Backend is responsible for maintaining apparmor profiles for snaps and parts of snapd.
++ type Backend struct {
++ preseed bool
+++
+++ coreSnap *snap.Info
+++ snapdSnap *snap.Info
++ }
++
++ // Name returns the name of the backend.
++@@ -81,6 +84,11 @@ func (b *Backend) Initialize(opts *inter
++ if opts != nil && opts.Preseed {
++ b.preseed = true
++ }
+++
+++ if opts != nil {
+++ b.coreSnap = opts.CoreSnapInfo
+++ b.snapdSnap = opts.SnapdSnapInfo
+++ }
++ // NOTE: It would be nice if we could also generate the profile for
++ // snap-confine executing from the core snap, right here, and not have to
++ // do this in the Setup function below. I sadly don't think this is
++@@ -211,7 +219,16 @@ func snapConfineFromSnapProfile(info *sn
++ patchedProfileText := bytes.Replace(
++ vanillaProfileText, []byte("/usr/lib/snapd/snap-confine"), []byte(snapConfineInCore), -1)
++
++- // We need to add a uniqe prefix that can never collide with a
+++ // Also replace the test providing access to verbatim
+++ // /usr/lib/snapd/snap-confine, which is necessary because to execute snaps
+++ // from strict snaps, we need to be able read and map
+++ // /usr/lib/snapd/snap-confine from inside the strict snap mount namespace,
+++ // even though /usr/lib/snapd/snap-confine from inside the strict snap mount
+++ // namespace is actually a bind mount to the "snapConfineInCore"
+++ patchedProfileText = bytes.Replace(
+++ patchedProfileText, []byte("#@VERBATIM_LIBEXECDIR_SNAP_CONFINE@"), []byte("/usr/lib/snapd/snap-confine"), -1)
+++
+++ // We need to add a unique prefix that can never collide with a
++ // snap on the system. Using "snap-confine.*" is similar to
++ // "snap-update-ns.*" that is already used there
++ //
++@@ -564,12 +581,12 @@ func (b *Backend) deriveContent(spec *Sp
++ // Add profile for each app.
++ for _, appInfo := range snapInfo.Apps {
++ securityTag := appInfo.SecurityTag()
++- addContent(securityTag, snapInfo, appInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
+++ b.addContent(securityTag, snapInfo, appInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
++ }
++ // Add profile for each hook.
++ for _, hookInfo := range snapInfo.Hooks {
++ securityTag := hookInfo.SecurityTag()
++- addContent(securityTag, snapInfo, "hook."+hookInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
+++ b.addContent(securityTag, snapInfo, "hook."+hookInfo.Name, opts, spec.SnippetForTag(securityTag), content, spec)
++ }
++ // Add profile for snap-update-ns if we have any apps or hooks.
++ // If we have neither then we don't have any need to create an executing environment.
++@@ -610,7 +627,7 @@ func addUpdateNSProfile(snapInfo *snap.I
++ }
++ }
++
++-func addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts interfaces.ConfinementOptions, snippetForTag string, content map[string]osutil.FileState, spec *Specification) {
+++func (b *Backend) addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts interfaces.ConfinementOptions, snippetForTag string, content map[string]osutil.FileState, spec *Specification) {
++ // If base is specified and it doesn't match the core snaps (not
++ // specifying a base should use the default core policy since in this
++ // case, the 'core' snap is used for the runtime), use the base
++@@ -638,6 +655,151 @@ func addContent(securityTag string, snap
++ }
++ policy = templatePattern.ReplaceAllStringFunc(policy, func(placeholder string) string {
++ switch placeholder {
+++ case "###DEVMODE_SNAP_CONFINE###":
+++ if !opts.DevMode {
+++ // nothing to add if we are not in devmode
+++ return ""
+++ }
+++
+++ // otherwise we need to generate special policy to allow executing
+++ // snap-confine from inside a devmode snap
+++
+++ // TODO: we should deprecate this and drop it in a future release
+++
+++ // assumes coreSnapInfo is not nil
+++ coreProfileTarget := func() string {
+++ return fmt.Sprintf("/snap/core/%s/usr/lib/snapd/snap-confine", b.coreSnap.SnapRevision().String())
+++ }
+++
+++ // assumes snapdSnapInfo is not nil
+++ snapdProfileTarget := func() string {
+++ return fmt.Sprintf("/snap/snapd/%s/usr/lib/snapd/snap-confine", b.snapdSnap.SnapRevision().String())
+++ }
+++
+++ // There are 3 main apparmor exec transition rules we need to
+++ // generate:
+++ // * exec( /usr/lib/snapd/snap-confine ... )
+++ // * exec( /snap/snapd/<rev>/usr/lib/snapd/snap-confine ... )
+++ // * exec( /snap/core/<rev>/usr/lib/snapd/snap-confine ... )
+++
+++ // The latter two can always transition to their respective
+++ // revisioned profiles unambiguously if each snap is installed.
+++
+++ // The former rule for /usr/lib/snapd/snap-confine however is
+++ // more tricky. First, we can say that if only the snapd snap is
+++ // installed, to just transition to that profile and be done. If
+++ // just the core snap is installed, then we can deduce this
+++ // system is either UC16 or a classic one, in both cases though
+++ // we have /usr/lib/snapd/snap-confine defined as the profile to
+++ // transition to.
+++ // If both snaps are installed however, then we need to branch
+++ // and pick a profile that exists, we can't just arbitrarily
+++ // pick one profile because not all profiles will exist on all
+++ // systems actually, for example the snap-confine profile from
+++ // the core snap will not be generated/installed on UC18+. We
+++ // can simplify the logic however by realizing that no matter
+++ // the relative version numbers of snapd and core, when
+++ // executing a snap with base other than core (i.e. base core18
+++ // or core20), the snapd snap's version of snap-confine will
+++ // always be used for various reasons. This is also true for
+++ // base: core snaps, but only on non-classic systems. So we
+++ // essentially say that /usr/lib/snapd/snap-confine always
+++ // transitions to the snapd snap profile if the base is not
+++ // core or if the system is not classic. If the base is core and
+++ // the system is classic, then the core snap profile will be
+++ // used.
+++
+++ usrLibSnapdConfineTransitionTarget := ""
+++ switch {
+++ case b.coreSnap != nil && b.snapdSnap == nil:
+++ // only core snap - use /usr/lib/snapd/snap-confine always
+++ usrLibSnapdConfineTransitionTarget = "/usr/lib/snapd/snap-confine"
+++ case b.snapdSnap != nil && b.coreSnap == nil:
+++ // only snapd snap - use snapd snap version
+++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget()
+++ case b.snapdSnap != nil && b.coreSnap != nil:
+++ // both are installed - need to check which one to use
+++ // TODO: is snapInfo.Base sometimes unset for snaps w/o bases
+++ // these days? maybe this needs to be this instead ?
+++ // if release.OnClassic && (snapInfo.Base == "core" || snapInfo.Base == "")
+++ if release.OnClassic && snapInfo.Base == "core" {
+++ // use the core snap as the target only if we are on
+++ // classic and the base is core
+++ usrLibSnapdConfineTransitionTarget = coreProfileTarget()
+++ } else {
+++ // otherwise always use snapd
+++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget()
+++ }
+++
+++ default:
+++ // neither of the snaps are installed
+++
+++ // TODO: this panic is unfortunate, but we don't have time
+++ // to do any better for this security release
+++ // It is actually important that we panic here, the only
+++ // known circumstance where this happens is when we are
+++ // seeding during first boot of UC16 with a very new core
+++ // snap (i.e. with the security fix of 2.54.3) and also have
+++ // a devmode confined snap in the seed to prepare. In this
+++ // situation, when we panic(), we force snapd to exit, and
+++ // systemd will restart us and we actually recover the
+++ // initial seed change and continue on. This code will be
+++ // removed/adapted before it is merged to the main branch,
+++ // it is only meant to exist on the security release branch.
+++ msg := fmt.Sprintf("neither snapd nor core snap available while preparing apparmor profile for devmode snap %s, panicing to restart snapd to continue seeding", snapInfo.InstanceName())
+++ panic(msg)
+++ }
+++
+++ // We use Pxr for all these rules since the snap-confine profile
+++ // is not a child profile of the devmode complain profile we are
+++ // generating right now.
+++ usrLibSnapdConfineTransitionRule := fmt.Sprintf("/usr/lib/snapd/snap-confine Pxr -> %s,\n", usrLibSnapdConfineTransitionTarget)
+++
+++ coreSnapConfineSnippet := ""
+++ if b.coreSnap != nil {
+++ coreSnapConfineSnippet = fmt.Sprintf("/snap/core/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", coreProfileTarget())
+++ }
+++
+++ snapdSnapConfineSnippet := ""
+++ if b.snapdSnap != nil {
+++ snapdSnapConfineSnippet = fmt.Sprintf("/snap/snapd/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", snapdProfileTarget())
+++ }
+++
+++ nonBaseCoreTransitionSnippet := coreSnapConfineSnippet + "\n" + snapdSnapConfineSnippet
+++
+++ // include both rules for the core snap and the snapd snap since
+++ // we can't know which one will be used at runtime (for example
+++ // SNAP_REEXEC could be set which affects which one is used)
+++ return fmt.Sprintf(`
+++ # allow executing the snap command from either the rootfs (for base: core) or
+++ # from the system snaps (all other bases) - this is very specifically only to
+++ # enable proper apparmor profile transition to snap-confine below, if we don't
+++ # include these exec rules, then when executing the snap command, apparmor
+++ # will create a new, unique sub-profile which then cannot be transitioned from
+++ # to the actual snap-confine profile
+++ /usr/bin/snap ixr,
+++ /snap/{snapd,core}/*/usr/bin/snap ixr,
+++
+++ # allow transitioning to snap-confine to support executing strict snaps from
+++ # inside devmode confined snaps
+++
+++ # this first rule is to handle the case of exec()ing
+++ # /usr/lib/snapd/snap-confine directly, the profile we transition to depends
+++ # on whether we are classic or not, what snaps (snapd or core) are installed
+++ # and also whether this snap is a base: core snap or a differently based snap.
+++ # see the comment in interfaces/backend/apparmor.go where this snippet is
+++ # generated for the full context
+++ %[1]s
+++
+++ # the second (and possibly third if both core and snapd are installed) rule is
+++ # to handle direct exec() of snap-confine from the respective snaps directly,
+++ # this happens mostly on non-core based snaps, wherein the base snap has a
+++ # symlink from /usr/bin/snap -> /snap/snapd/current/usr/bin/snap, which makes
+++ # the snap command execute snap-confine directly from the associated system
+++ # snap in /snap/{snapd,core}/<rev>/usr/lib/snapd/snap-confine
+++ %[2]s
+++`, usrLibSnapdConfineTransitionRule, nonBaseCoreTransitionSnippet)
+++
++ case "###VAR###":
++ return templateVariables(snapInfo, securityTag, cmdName)
++ case "###PROFILEATTACH###":
++Index: snapd-2.49/interfaces/apparmor/backend_test.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/backend_test.go
+++++ snapd-2.49/interfaces/apparmor/backend_test.go
++@@ -169,6 +169,9 @@ func (s *backendSuite) SetUpTest(c *C) {
++ s.parserCmd = testutil.MockCommand(c, "apparmor_parser", fakeAppArmorParser)
++
++ apparmor.MockRuntimeNumCPU(func() int { return 99 })
+++
+++ err = s.Backend.Initialize(ifacetest.DefaultInitializeOpts)
+++ c.Assert(err, IsNil)
++ }
++
++ func (s *backendSuite) TearDownTest(c *C) {
++@@ -1352,7 +1355,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer cmd.Restore()
++
++ // Setup generated policy for snap-confine.
++- err := (&apparmor.Backend{}).Initialize(nil)
+++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++ c.Assert(cmd.Calls(), HasLen, 0)
++
++@@ -1408,7 +1411,7 @@ func (s *backendSuite) testSetupSnapConf
++ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil)
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++
++ // Because NFS is being used, we have the extra policy file.
++@@ -1461,7 +1464,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer restore()
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++
++ // Because NFS is being used, we have the extra policy file.
++@@ -1506,7 +1509,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer restore()
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ // NOTE: Errors in determining NFS are non-fatal to prevent snapd from
++ // failing to operate. A warning message is logged but system operates as
++ // if NFS was not active.
++@@ -1543,7 +1546,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer restore()
++
++ // Setup generated policy for snap-confine.
++- err := (&apparmor.Backend{}).Initialize(nil)
+++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, ErrorMatches, "cannot read .*corrupt-proc-self-exe: .*")
++
++ // We didn't create the policy file.
++@@ -1582,7 +1585,7 @@ func (s *backendSuite) TestSetupSnapConf
++ c.Assert(ioutil.WriteFile(filepath.Join(apparmor_sandbox.ConfDir, "usr.lib.snapd.snap-confine"), []byte(""), 0644), IsNil)
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, ErrorMatches, "cannot reload snap-confine apparmor profile: .*\n.*\ntesting\n")
++
++ // While created the policy file initially we also removed it so that
++@@ -1598,13 +1601,15 @@ func (s *backendSuite) TestSetupSnapConf
++ // Test behavior when MkdirAll fails
++ func (s *backendSuite) TestSetupSnapConfineGeneratedPolicyError4(c *C) {
++ // Create a file where we would expect to find the local policy.
++- err := os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755)
+++ err := os.RemoveAll(filepath.Dir(dirs.SnapConfineAppArmorDir))
+++ c.Assert(err, IsNil)
+++ err = os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755)
++ c.Assert(err, IsNil)
++ err = ioutil.WriteFile(dirs.SnapConfineAppArmorDir, []byte(""), 0644)
++ c.Assert(err, IsNil)
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, ErrorMatches, "*.: not a directory")
++ }
++
++@@ -1651,7 +1656,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer os.Chmod(dirs.SnapConfineAppArmorDir, 0755)
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, ErrorMatches, `cannot synchronize snap-confine policy: remove .*/generated-test: permission denied`)
++
++ // The policy directory was unchanged.
++@@ -1677,7 +1682,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer cmd.Restore()
++
++ // Setup generated policy for snap-confine.
++- err := (&apparmor.Backend{}).Initialize(nil)
+++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++ c.Assert(cmd.Calls(), HasLen, 0)
++
++@@ -1730,7 +1735,7 @@ func (s *backendSuite) testSetupSnapConf
++ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil)
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++
++ // Because overlay is being used, we have the extra policy file.
++@@ -1782,7 +1787,7 @@ func (s *backendSuite) TestSetupSnapConf
++ defer restore()
++
++ // Setup generated policy for snap-confine.
++- err = (&apparmor.Backend{}).Initialize(nil)
+++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts)
++ c.Assert(err, IsNil)
++
++ // Because overlay is being used, we have the extra policy file.
++@@ -2240,7 +2245,10 @@ func (s *backendSuite) TestSetupManyInPr
++ aa, ok := s.Backend.(*apparmor.Backend)
++ c.Assert(ok, Equals, true)
++
++- opts := interfaces.SecurityBackendOptions{Preseed: true}
+++ opts := interfaces.SecurityBackendOptions{
+++ Preseed: true,
+++ CoreSnapInfo: ifacetest.DefaultInitializeOpts.CoreSnapInfo,
+++ }
++ c.Assert(aa.Initialize(&opts), IsNil)
++
++ for _, opts := range testedConfinementOpts {
++Index: snapd-2.49/interfaces/apparmor/spec.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/spec.go
+++++ snapd-2.49/interfaces/apparmor/spec.go
++@@ -293,30 +293,30 @@ func (spec *Specification) AddLayout(si
++ case l.Bind != "":
++ bind := si.ExpandSnapVariables(l.Bind)
++ // Allow bind mounting the layout element.
++- emit(" mount options=(rbind, rw) %s/ -> %s/,\n", bind, path)
++- emit(" mount options=(rprivate) -> %s/,\n", path)
++- emit(" umount %s/,\n", path)
+++ emit(" mount options=(rbind, rw) \"%s/\" -> \"%s/\",\n", bind, path)
+++ emit(" mount options=(rprivate) -> \"%s/\",\n", path)
+++ emit(" umount \"%s/\",\n", path)
++ // Allow constructing writable mimic in both bind-mount source and mount point.
++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
++ GenWritableProfile(emit, bind, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION
++ case l.BindFile != "":
++ bindFile := si.ExpandSnapVariables(l.BindFile)
++ // Allow bind mounting the layout element.
++- emit(" mount options=(bind, rw) %s -> %s,\n", bindFile, path)
++- emit(" mount options=(rprivate) -> %s,\n", path)
++- emit(" umount %s,\n", path)
+++ emit(" mount options=(bind, rw) \"%s\" -> \"%s\",\n", bindFile, path)
+++ emit(" mount options=(rprivate) -> \"%s\",\n", path)
+++ emit(" umount \"%s\",\n", path)
++ // Allow constructing writable mimic in both bind-mount source and mount point.
++ GenWritableFileProfile(emit, path, 2) // At least / and /some-top-level-directory
++ GenWritableFileProfile(emit, bindFile, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION
++ case l.Type == "tmpfs":
++- emit(" mount fstype=tmpfs tmpfs -> %s/,\n", path)
++- emit(" mount options=(rprivate) -> %s/,\n", path)
++- emit(" umount %s/,\n", path)
+++ emit(" mount fstype=tmpfs tmpfs -> \"%s/\",\n", path)
+++ emit(" mount options=(rprivate) -> \"%s/\",\n", path)
+++ emit(" umount \"%s/\",\n", path)
++ // Allow constructing writable mimic to mount point.
++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
++ case l.Symlink != "":
++ // Allow constructing writable mimic to symlink parent directory.
++- emit(" %s rw,\n", path)
+++ emit(" \"%s\" rw,\n", path)
++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory
++ }
++ }
++@@ -370,7 +370,7 @@ func GenWritableMimicProfile(emit func(f
++ emit(" # .. permissions for traversing the prefix that is assumed to exist\n")
++ for iter.Next() {
++ if iter.Depth() < assumedPrefixDepth {
++- emit(" %s r,\n", iter.CurrentPath())
+++ emit(" \"%s\" r,\n", iter.CurrentPath())
++ }
++ }
++
++@@ -388,33 +388,33 @@ func GenWritableMimicProfile(emit func(f
++ mimicAuxPath := filepath.Join("/tmp/.snap", iter.CurrentPath()) + "/"
++ emit(" # .. variant with mimic at %s\n", mimicPath)
++ emit(" # Allow reading the mimic directory, it must exist in the first place.\n")
++- emit(" %s r,\n", mimicPath)
+++ emit(" \"%s\" r,\n", mimicPath)
++ emit(" # Allow setting the read-only directory aside via a bind mount.\n")
++- emit(" %s rw,\n", mimicAuxPath)
++- emit(" mount options=(rbind, rw) %s -> %s,\n", mimicPath, mimicAuxPath)
+++ emit(" \"%s\" rw,\n", mimicAuxPath)
+++ emit(" mount options=(rbind, rw) \"%s\" -> \"%s\",\n", mimicPath, mimicAuxPath)
++ emit(" # Allow mounting tmpfs over the read-only directory.\n")
++- emit(" mount fstype=tmpfs options=(rw) tmpfs -> %s,\n", mimicPath)
+++ emit(" mount fstype=tmpfs options=(rw) tmpfs -> \"%s\",\n", mimicPath)
++ emit(" # Allow creating empty files and directories for bind mounting things\n" +
++ " # to reconstruct the now-writable parent directory.\n")
++- emit(" %s*/ rw,\n", mimicAuxPath)
++- emit(" %s*/ rw,\n", mimicPath)
++- emit(" mount options=(rbind, rw) %s*/ -> %s*/,\n", mimicAuxPath, mimicPath)
++- emit(" %s* rw,\n", mimicAuxPath)
++- emit(" %s* rw,\n", mimicPath)
++- emit(" mount options=(bind, rw) %s* -> %s*,\n", mimicAuxPath, mimicPath)
+++ emit(" \"%s*/\" rw,\n", mimicAuxPath)
+++ emit(" \"%s*/\" rw,\n", mimicPath)
+++ emit(" mount options=(rbind, rw) \"%s*/\" -> \"%s*/\",\n", mimicAuxPath, mimicPath)
+++ emit(" \"%s*\" rw,\n", mimicAuxPath)
+++ emit(" \"%s*\" rw,\n", mimicPath)
+++ emit(" mount options=(bind, rw) \"%s*\" -> \"%s*\",\n", mimicAuxPath, mimicPath)
++ emit(" # Allow unmounting the auxiliary directory.\n" +
++ " # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)\n")
++- emit(" mount options=(rprivate) -> %s,\n", mimicAuxPath)
++- emit(" umount %s,\n", mimicAuxPath)
+++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicAuxPath)
+++ emit(" umount \"%s\",\n", mimicAuxPath)
++ emit(" # Allow unmounting the destination directory as well as anything\n" +
++ " # inside. This lets us perform the undo plan in case the writable\n" +
++ " # mimic fails.\n")
++- emit(" mount options=(rprivate) -> %s,\n", mimicPath)
++- emit(" mount options=(rprivate) -> %s*,\n", mimicPath)
++- emit(" mount options=(rprivate) -> %s*/,\n", mimicPath)
++- emit(" umount %s,\n", mimicPath)
++- emit(" umount %s*,\n", mimicPath)
++- emit(" umount %s*/,\n", mimicPath)
+++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicPath)
+++ emit(" mount options=(rprivate) -> \"%s*\",\n", mimicPath)
+++ emit(" mount options=(rprivate) -> \"%s*/\",\n", mimicPath)
+++ emit(" umount \"%s\",\n", mimicPath)
+++ emit(" umount \"%s*\",\n", mimicPath)
+++ emit(" umount \"%s*/\",\n", mimicPath)
++ }
++ }
++
++@@ -425,9 +425,9 @@ func GenWritableFileProfile(emit func(f
++ }
++ if isProbablyWritable(path) {
++ emit(" # Writable file %s\n", path)
++- emit(" %s rw,\n", path)
+++ emit(" \"%s\" rw,\n", path)
++ for p := parent(path); !isProbablyPresent(p); p = parent(p) {
++- emit(" %s/ rw,\n", p)
+++ emit(" \"%s/\" rw,\n", p)
++ }
++ } else {
++ parentPath := parent(path)
++@@ -443,7 +443,7 @@ func GenWritableProfile(emit func(f stri
++ if isProbablyWritable(path) {
++ emit(" # Writable directory %s\n", path)
++ for p := path; !isProbablyPresent(p); p = parent(p) {
++- emit(" %s/ rw,\n", p)
+++ emit(" \"%s/\" rw,\n", p)
++ }
++ } else {
++ parentPath := parent(path)
++@@ -537,9 +537,9 @@ func (spec *Specification) UpdateNS() []
++ func snippetFromLayout(layout *snap.Layout) string {
++ mountPoint := layout.Snap.ExpandSnapVariables(layout.Path)
++ if layout.Bind != "" || layout.Type == "tmpfs" {
++- return fmt.Sprintf("# Layout path: %s\n%s{,/**} mrwklix,", mountPoint, mountPoint)
+++ return fmt.Sprintf("# Layout path: %s\n\"%s{,/**}\" mrwklix,", mountPoint, mountPoint)
++ } else if layout.BindFile != "" {
++- return fmt.Sprintf("# Layout path: %s\n%s mrwklix,", mountPoint, mountPoint)
+++ return fmt.Sprintf("# Layout path: %s\n\"%s\" mrwklix,", mountPoint, mountPoint)
++ }
++ return fmt.Sprintf("# Layout path: %s\n# (no extra permissions required for symlink)", mountPoint)
++ }
++Index: snapd-2.49/interfaces/apparmor/spec_test.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/spec_test.go
+++++ snapd-2.49/interfaces/apparmor/spec_test.go
++@@ -284,72 +284,72 @@ func (s *specSuite) TestApparmorSnippets
++ s.spec.AddLayout(snapInfo)
++ c.Assert(s.spec.Snippets(), DeepEquals, map[string][]string{
++ "snap.vanguard.vanguard": {
++- "# Layout path: /etc/foo.conf\n/etc/foo.conf mrwklix,",
++- "# Layout path: /usr/foo\n/usr/foo{,/**} mrwklix,",
+++ "# Layout path: /etc/foo.conf\n\"/etc/foo.conf\" mrwklix,",
+++ "# Layout path: /usr/foo\n\"/usr/foo{,/**}\" mrwklix,",
++ "# Layout path: /var/cache/mylink\n# (no extra permissions required for symlink)",
++- "# Layout path: /var/tmp\n/var/tmp{,/**} mrwklix,",
+++ "# Layout path: /var/tmp\n\"/var/tmp{,/**}\" mrwklix,",
++ },
++ })
++ updateNS := s.spec.UpdateNS()
++
++ profile0 := ` # Layout /etc/foo.conf: bind-file $SNAP/foo.conf
++- mount options=(bind, rw) /snap/vanguard/42/foo.conf -> /etc/foo.conf,
++- mount options=(rprivate) -> /etc/foo.conf,
++- umount /etc/foo.conf,
+++ mount options=(bind, rw) "/snap/vanguard/42/foo.conf" -> "/etc/foo.conf",
+++ mount options=(rprivate) -> "/etc/foo.conf",
+++ umount "/etc/foo.conf",
++ # Writable mimic /etc
++ # .. permissions for traversing the prefix that is assumed to exist
++- / r,
+++ "/" r,
++ # .. variant with mimic at /etc/
++ # Allow reading the mimic directory, it must exist in the first place.
++- /etc/ r,
+++ "/etc/" r,
++ # Allow setting the read-only directory aside via a bind mount.
++- /tmp/.snap/etc/ rw,
++- mount options=(rbind, rw) /etc/ -> /tmp/.snap/etc/,
+++ "/tmp/.snap/etc/" rw,
+++ mount options=(rbind, rw) "/etc/" -> "/tmp/.snap/etc/",
++ # Allow mounting tmpfs over the read-only directory.
++- mount fstype=tmpfs options=(rw) tmpfs -> /etc/,
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/etc/",
++ # Allow creating empty files and directories for bind mounting things
++ # to reconstruct the now-writable parent directory.
++- /tmp/.snap/etc/*/ rw,
++- /etc/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/etc/*/ -> /etc/*/,
++- /tmp/.snap/etc/* rw,
++- /etc/* rw,
++- mount options=(bind, rw) /tmp/.snap/etc/* -> /etc/*,
+++ "/tmp/.snap/etc/*/" rw,
+++ "/etc/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/etc/*/" -> "/etc/*/",
+++ "/tmp/.snap/etc/*" rw,
+++ "/etc/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/etc/*" -> "/etc/*",
++ # Allow unmounting the auxiliary directory.
++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
++- mount options=(rprivate) -> /tmp/.snap/etc/,
++- umount /tmp/.snap/etc/,
+++ mount options=(rprivate) -> "/tmp/.snap/etc/",
+++ umount "/tmp/.snap/etc/",
++ # Allow unmounting the destination directory as well as anything
++ # inside. This lets us perform the undo plan in case the writable
++ # mimic fails.
++- mount options=(rprivate) -> /etc/,
++- mount options=(rprivate) -> /etc/*,
++- mount options=(rprivate) -> /etc/*/,
++- umount /etc/,
++- umount /etc/*,
++- umount /etc/*/,
+++ mount options=(rprivate) -> "/etc/",
+++ mount options=(rprivate) -> "/etc/*",
+++ mount options=(rprivate) -> "/etc/*/",
+++ umount "/etc/",
+++ umount "/etc/*",
+++ umount "/etc/*/",
++ # Writable mimic /snap/vanguard/42
++- /snap/ r,
++- /snap/vanguard/ r,
+++ "/snap/" r,
+++ "/snap/vanguard/" r,
++ # .. variant with mimic at /snap/vanguard/42/
++- /snap/vanguard/42/ r,
++- /tmp/.snap/snap/vanguard/42/ rw,
++- mount options=(rbind, rw) /snap/vanguard/42/ -> /tmp/.snap/snap/vanguard/42/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/,
++- /tmp/.snap/snap/vanguard/42/*/ rw,
++- /snap/vanguard/42/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/*/ -> /snap/vanguard/42/*/,
++- /tmp/.snap/snap/vanguard/42/* rw,
++- /snap/vanguard/42/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/* -> /snap/vanguard/42/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/,
++- umount /tmp/.snap/snap/vanguard/42/,
++- mount options=(rprivate) -> /snap/vanguard/42/,
++- mount options=(rprivate) -> /snap/vanguard/42/*,
++- mount options=(rprivate) -> /snap/vanguard/42/*/,
++- umount /snap/vanguard/42/,
++- umount /snap/vanguard/42/*,
++- umount /snap/vanguard/42/*/,
+++ "/snap/vanguard/42/" r,
+++ "/tmp/.snap/snap/vanguard/42/" rw,
+++ mount options=(rbind, rw) "/snap/vanguard/42/" -> "/tmp/.snap/snap/vanguard/42/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/",
+++ "/tmp/.snap/snap/vanguard/42/*/" rw,
+++ "/snap/vanguard/42/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/*/" -> "/snap/vanguard/42/*/",
+++ "/tmp/.snap/snap/vanguard/42/*" rw,
+++ "/snap/vanguard/42/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/*" -> "/snap/vanguard/42/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/",
+++ umount "/tmp/.snap/snap/vanguard/42/",
+++ mount options=(rprivate) -> "/snap/vanguard/42/",
+++ mount options=(rprivate) -> "/snap/vanguard/42/*",
+++ mount options=(rprivate) -> "/snap/vanguard/42/*/",
+++ umount "/snap/vanguard/42/",
+++ umount "/snap/vanguard/42/*",
+++ umount "/snap/vanguard/42/*/",
++ `
++ // Find the slice that describes profile0 by looking for the first unique
++ // line of the next profile.
++@@ -358,49 +358,49 @@ func (s *specSuite) TestApparmorSnippets
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0)
++
++ profile1 := ` # Layout /usr/foo: bind $SNAP/usr/foo
++- mount options=(rbind, rw) /snap/vanguard/42/usr/foo/ -> /usr/foo/,
++- mount options=(rprivate) -> /usr/foo/,
++- umount /usr/foo/,
+++ mount options=(rbind, rw) "/snap/vanguard/42/usr/foo/" -> "/usr/foo/",
+++ mount options=(rprivate) -> "/usr/foo/",
+++ umount "/usr/foo/",
++ # Writable mimic /usr
++ # .. variant with mimic at /usr/
++- /usr/ r,
++- /tmp/.snap/usr/ rw,
++- mount options=(rbind, rw) /usr/ -> /tmp/.snap/usr/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /usr/,
++- /tmp/.snap/usr/*/ rw,
++- /usr/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/usr/*/ -> /usr/*/,
++- /tmp/.snap/usr/* rw,
++- /usr/* rw,
++- mount options=(bind, rw) /tmp/.snap/usr/* -> /usr/*,
++- mount options=(rprivate) -> /tmp/.snap/usr/,
++- umount /tmp/.snap/usr/,
++- mount options=(rprivate) -> /usr/,
++- mount options=(rprivate) -> /usr/*,
++- mount options=(rprivate) -> /usr/*/,
++- umount /usr/,
++- umount /usr/*,
++- umount /usr/*/,
+++ "/usr/" r,
+++ "/tmp/.snap/usr/" rw,
+++ mount options=(rbind, rw) "/usr/" -> "/tmp/.snap/usr/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/usr/",
+++ "/tmp/.snap/usr/*/" rw,
+++ "/usr/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/usr/*/" -> "/usr/*/",
+++ "/tmp/.snap/usr/*" rw,
+++ "/usr/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/usr/*" -> "/usr/*",
+++ mount options=(rprivate) -> "/tmp/.snap/usr/",
+++ umount "/tmp/.snap/usr/",
+++ mount options=(rprivate) -> "/usr/",
+++ mount options=(rprivate) -> "/usr/*",
+++ mount options=(rprivate) -> "/usr/*/",
+++ umount "/usr/",
+++ umount "/usr/*",
+++ umount "/usr/*/",
++ # Writable mimic /snap/vanguard/42/usr
++ # .. variant with mimic at /snap/vanguard/42/usr/
++- /snap/vanguard/42/usr/ r,
++- /tmp/.snap/snap/vanguard/42/usr/ rw,
++- mount options=(rbind, rw) /snap/vanguard/42/usr/ -> /tmp/.snap/snap/vanguard/42/usr/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/usr/,
++- /tmp/.snap/snap/vanguard/42/usr/*/ rw,
++- /snap/vanguard/42/usr/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/usr/*/ -> /snap/vanguard/42/usr/*/,
++- /tmp/.snap/snap/vanguard/42/usr/* rw,
++- /snap/vanguard/42/usr/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/usr/* -> /snap/vanguard/42/usr/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/usr/,
++- umount /tmp/.snap/snap/vanguard/42/usr/,
++- mount options=(rprivate) -> /snap/vanguard/42/usr/,
++- mount options=(rprivate) -> /snap/vanguard/42/usr/*,
++- mount options=(rprivate) -> /snap/vanguard/42/usr/*/,
++- umount /snap/vanguard/42/usr/,
++- umount /snap/vanguard/42/usr/*,
++- umount /snap/vanguard/42/usr/*/,
+++ "/snap/vanguard/42/usr/" r,
+++ "/tmp/.snap/snap/vanguard/42/usr/" rw,
+++ mount options=(rbind, rw) "/snap/vanguard/42/usr/" -> "/tmp/.snap/snap/vanguard/42/usr/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/usr/",
+++ "/tmp/.snap/snap/vanguard/42/usr/*/" rw,
+++ "/snap/vanguard/42/usr/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/usr/*/" -> "/snap/vanguard/42/usr/*/",
+++ "/tmp/.snap/snap/vanguard/42/usr/*" rw,
+++ "/snap/vanguard/42/usr/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/usr/*" -> "/snap/vanguard/42/usr/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/usr/",
+++ umount "/tmp/.snap/snap/vanguard/42/usr/",
+++ mount options=(rprivate) -> "/snap/vanguard/42/usr/",
+++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*",
+++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*/",
+++ umount "/snap/vanguard/42/usr/",
+++ umount "/snap/vanguard/42/usr/*",
+++ umount "/snap/vanguard/42/usr/*/",
++ `
++ // Find the slice that describes profile1 by looking for the first unique
++ // line of the next profile.
++@@ -409,46 +409,46 @@ func (s *specSuite) TestApparmorSnippets
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1)
++
++ profile2 := ` # Layout /var/cache/mylink: symlink $SNAP_DATA/link/target
++- /var/cache/mylink rw,
+++ "/var/cache/mylink" rw,
++ # Writable mimic /var/cache
++ # .. variant with mimic at /var/
++- /var/ r,
++- /tmp/.snap/var/ rw,
++- mount options=(rbind, rw) /var/ -> /tmp/.snap/var/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /var/,
++- /tmp/.snap/var/*/ rw,
++- /var/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/var/*/ -> /var/*/,
++- /tmp/.snap/var/* rw,
++- /var/* rw,
++- mount options=(bind, rw) /tmp/.snap/var/* -> /var/*,
++- mount options=(rprivate) -> /tmp/.snap/var/,
++- umount /tmp/.snap/var/,
++- mount options=(rprivate) -> /var/,
++- mount options=(rprivate) -> /var/*,
++- mount options=(rprivate) -> /var/*/,
++- umount /var/,
++- umount /var/*,
++- umount /var/*/,
+++ "/var/" r,
+++ "/tmp/.snap/var/" rw,
+++ mount options=(rbind, rw) "/var/" -> "/tmp/.snap/var/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/",
+++ "/tmp/.snap/var/*/" rw,
+++ "/var/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/var/*/" -> "/var/*/",
+++ "/tmp/.snap/var/*" rw,
+++ "/var/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/var/*" -> "/var/*",
+++ mount options=(rprivate) -> "/tmp/.snap/var/",
+++ umount "/tmp/.snap/var/",
+++ mount options=(rprivate) -> "/var/",
+++ mount options=(rprivate) -> "/var/*",
+++ mount options=(rprivate) -> "/var/*/",
+++ umount "/var/",
+++ umount "/var/*",
+++ umount "/var/*/",
++ # .. variant with mimic at /var/cache/
++- /var/cache/ r,
++- /tmp/.snap/var/cache/ rw,
++- mount options=(rbind, rw) /var/cache/ -> /tmp/.snap/var/cache/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /var/cache/,
++- /tmp/.snap/var/cache/*/ rw,
++- /var/cache/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/var/cache/*/ -> /var/cache/*/,
++- /tmp/.snap/var/cache/* rw,
++- /var/cache/* rw,
++- mount options=(bind, rw) /tmp/.snap/var/cache/* -> /var/cache/*,
++- mount options=(rprivate) -> /tmp/.snap/var/cache/,
++- umount /tmp/.snap/var/cache/,
++- mount options=(rprivate) -> /var/cache/,
++- mount options=(rprivate) -> /var/cache/*,
++- mount options=(rprivate) -> /var/cache/*/,
++- umount /var/cache/,
++- umount /var/cache/*,
++- umount /var/cache/*/,
+++ "/var/cache/" r,
+++ "/tmp/.snap/var/cache/" rw,
+++ mount options=(rbind, rw) "/var/cache/" -> "/tmp/.snap/var/cache/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/cache/",
+++ "/tmp/.snap/var/cache/*/" rw,
+++ "/var/cache/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/var/cache/*/" -> "/var/cache/*/",
+++ "/tmp/.snap/var/cache/*" rw,
+++ "/var/cache/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/var/cache/*" -> "/var/cache/*",
+++ mount options=(rprivate) -> "/tmp/.snap/var/cache/",
+++ umount "/tmp/.snap/var/cache/",
+++ mount options=(rprivate) -> "/var/cache/",
+++ mount options=(rprivate) -> "/var/cache/*",
+++ mount options=(rprivate) -> "/var/cache/*/",
+++ umount "/var/cache/",
+++ umount "/var/cache/*",
+++ umount "/var/cache/*/",
++ `
++ // Find the slice that describes profile2 by looking for the first unique
++ // line of the next profile.
++@@ -457,9 +457,9 @@ func (s *specSuite) TestApparmorSnippets
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2)
++
++ profile3 := ` # Layout /var/tmp: type tmpfs, mode: 01777
++- mount fstype=tmpfs tmpfs -> /var/tmp/,
++- mount options=(rprivate) -> /var/tmp/,
++- umount /var/tmp/,
+++ mount fstype=tmpfs tmpfs -> "/var/tmp/",
+++ mount options=(rprivate) -> "/var/tmp/",
+++ umount "/var/tmp/",
++ # Writable mimic /var
++ `
++ // Find the slice that describes profile2 by looking till the end of the list.
++Index: snapd-2.49/interfaces/apparmor/template.go
++===================================================================
++--- snapd-2.49.orig/interfaces/apparmor/template.go
+++++ snapd-2.49/interfaces/apparmor/template.go
++@@ -453,6 +453,9 @@ var templateCommon = `
++ /run/lock/ r,
++ /run/lock/snap.@{SNAP_INSTANCE_NAME}/ rw,
++ /run/lock/snap.@{SNAP_INSTANCE_NAME}/** mrwklix,
+++
+++
+++ ###DEVMODE_SNAP_CONFINE###
++ `
++
++ var templateFooter = `
++Index: snapd-2.49/interfaces/backend.go
++===================================================================
++--- snapd-2.49.orig/interfaces/backend.go
+++++ snapd-2.49/interfaces/backend.go
++@@ -70,6 +70,12 @@ type ConfinementOptions struct {
++ type SecurityBackendOptions struct {
++ // Preseed flag is set when snapd runs in preseed mode.
++ Preseed bool
+++ // CoreSnapInfo is the current revision of the core snap (if it is
+++ // installed)
+++ CoreSnapInfo *snap.Info
+++ // SnapdSnapInfo is the current revision of the snapd snap (if it is
+++ // installed)
+++ SnapdSnapInfo *snap.Info
++ }
++
++ // SecurityBackend abstracts interactions between the interface system and the
++Index: snapd-2.49/interfaces/builtin/common_files.go
++===================================================================
++--- snapd-2.49.orig/interfaces/builtin/common_files.go
+++++ snapd-2.49/interfaces/builtin/common_files.go
++@@ -27,6 +27,7 @@ import (
++
++ "github.com/snapcore/snapd/interfaces"
++ "github.com/snapcore/snapd/interfaces/apparmor"
+++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
++ "github.com/snapcore/snapd/snap"
++ )
++
++@@ -110,7 +111,7 @@ func (iface *commonFilesInterface) valid
++ if strings.Contains(p, "~") {
++ return fmt.Errorf(`%q cannot contain "~"`, p)
++ }
++- if err := apparmor.ValidateNoAppArmorRegexp(p); err != nil {
+++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(p); err != nil {
++ return err
++ }
++
++Index: snapd-2.49/interfaces/builtin/content.go
++===================================================================
++--- snapd-2.49.orig/interfaces/builtin/content.go
+++++ snapd-2.49/interfaces/builtin/content.go
++@@ -29,6 +29,7 @@ import (
++ "github.com/snapcore/snapd/interfaces/apparmor"
++ "github.com/snapcore/snapd/interfaces/mount"
++ "github.com/snapcore/snapd/osutil"
+++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
++ "github.com/snapcore/snapd/snap"
++ )
++
++@@ -68,6 +69,16 @@ func cleanSubPath(path string) bool {
++ return filepath.Clean(path) == path && path != ".." && !strings.HasPrefix(path, "../")
++ }
++
+++func validatePath(path string) error {
+++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(path); err != nil {
+++ return fmt.Errorf("content interface path is invalid: %v", err)
+++ }
+++ if ok := cleanSubPath(path); !ok {
+++ return fmt.Errorf("content interface path is not clean: %q", path)
+++ }
+++ return nil
+++}
+++
++ func (iface *contentInterface) BeforePrepareSlot(slot *snap.SlotInfo) error {
++ content, ok := slot.Attrs["content"].(string)
++ if !ok || len(content) == 0 {
++@@ -102,8 +113,8 @@ func (iface *contentInterface) BeforePre
++ paths := rpath
++ paths = append(paths, wpath...)
++ for _, p := range paths {
++- if !cleanSubPath(p) {
++- return fmt.Errorf("content interface path is not clean: %q", p)
+++ if err := validatePath(p); err != nil {
+++ return err
++ }
++ }
++ return nil
++@@ -122,8 +133,8 @@ func (iface *contentInterface) BeforePre
++ if !ok || len(target) == 0 {
++ return fmt.Errorf("content plug must contain target path")
++ }
++- if !cleanSubPath(target) {
++- return fmt.Errorf("content interface target path is not clean: %q", target)
+++ if err := validatePath(target); err != nil {
+++ return err
++ }
++
++ return nil
++@@ -224,13 +235,13 @@ func (iface *contentInterface) AppArmorC
++ # directory.
++ `)
++ for i, w := range writePaths {
++- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n",
+++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n",
++ resolveSpecialVariable(w, slot.Snap()))
++ source, target := sourceTarget(plug, slot, w)
++ emit(" # Read-write content sharing %s -> %s (w#%d)\n", plug.Ref(), slot.Ref(), i)
++- emit(" mount options=(bind, rw) %s/ -> %s{,-[0-9]*}/,\n", source, target)
++- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target)
++- emit(" umount %s{,-[0-9]*}/,\n", target)
+++ emit(" mount options=(bind, rw) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target)
+++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target)
+++ emit(" umount \"%s{,-[0-9]*}/\",\n", target)
++ // TODO: The assumed prefix depth could be optimized to be more
++ // precise since content sharing can only take place in a fixed
++ // list of places with well-known paths (well, constrained set of
++@@ -249,15 +260,15 @@ func (iface *contentInterface) AppArmorC
++ # read-only.
++ `)
++ for i, r := range readPaths {
++- fmt.Fprintf(contentSnippet, "%s/** mrkix,\n",
+++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrkix,\n",
++ resolveSpecialVariable(r, slot.Snap()))
++
++ source, target := sourceTarget(plug, slot, r)
++ emit(" # Read-only content sharing %s -> %s (r#%d)\n", plug.Ref(), slot.Ref(), i)
++- emit(" mount options=(bind) %s/ -> %s{,-[0-9]*}/,\n", source, target)
++- emit(" remount options=(bind, ro) %s{,-[0-9]*}/,\n", target)
++- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target)
++- emit(" umount %s{,-[0-9]*}/,\n", target)
+++ emit(" mount options=(bind) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target)
+++ emit(" remount options=(bind, ro) \"%s{,-[0-9]*}/\",\n", target)
+++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target)
+++ emit(" umount \"%s{,-[0-9]*}/\",\n", target)
++ // Look at the TODO comment above.
++ apparmor.GenWritableProfile(emit, source, 1)
++ apparmor.GenWritableProfile(emit, target, 1)
++@@ -281,7 +292,7 @@ func (iface *contentInterface) AppArmorC
++ `)
++ for _, w := range writePaths {
++ _, target := sourceTarget(plug, slot, w)
++- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n",
+++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n",
++ target)
++ }
++ }
++Index: snapd-2.49/interfaces/builtin/content_test.go
++===================================================================
++--- snapd-2.49.orig/interfaces/builtin/content_test.go
+++++ snapd-2.49/interfaces/builtin/content_test.go
++@@ -194,7 +194,22 @@ plugs:
++ `
++ info := snaptest.MockInfo(c, mockSnapYaml, nil)
++ plug := info.Plugs["content-plug"]
++- c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface target path is not clean:.*")
+++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface path is not clean:.*")
+++}
+++
+++func (s *ContentSuite) TestSanitizePlugApparmorInterpretedChar(c *C) {
+++ const mockSnapYaml = `name: content-slot-snap
+++version: 1.0
+++plugs:
+++ content-plug:
+++ interface: content
+++ content: mycont
+++ target: foo"bar
+++`
+++ info := snaptest.MockInfo(c, mockSnapYaml, nil)
+++ plug := info.Plugs["content-plug"]
+++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches,
+++ `content interface path is invalid: "foo\\"bar" contains a reserved apparmor char.*`)
++ }
++
++ func (s *ContentSuite) TestSanitizePlugNilAttrMap(c *C) {
++@@ -223,6 +238,22 @@ apps:
++ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches, "read or write path must be set")
++ }
++
+++func (s *ContentSuite) TestSanitizeSlotApparmorInterpretedChar(c *C) {
+++ const mockSnapYaml = `name: content-slot-snap
+++version: 1.0
+++slots:
+++ content-plug:
+++ interface: content
+++ source:
+++ read: [$SNAP/shared]
+++ write: ["$SNAP_DATA/foo}bar"]
+++`
+++ info := snaptest.MockInfo(c, mockSnapYaml, nil)
+++ slot := info.Slots["content-plug"]
+++ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches,
+++ `content interface path is invalid: "\$SNAP_DATA/foo}bar" contains a reserved apparmor char.*`)
+++}
+++
++ func (s *ContentSuite) TestResolveSpecialVariable(c *C) {
++ info := snaptest.MockInfo(c, "{name: name, version: 0}", &snap.SideInfo{Revision: snap.R(42)})
++ c.Check(builtin.ResolveSpecialVariable("$SNAP/foo", info), Equals, filepath.Join(dirs.CoreSnapMountDir, "name/42/foo"))
++@@ -310,143 +341,143 @@ slots:
++ # In addition to the bind mount, add any AppArmor rules so that
++ # snaps may directly access the slot implementation's files
++ # read-only.
++-/snap/producer/5/export/** mrkix,
+++"/snap/producer/5/export/**" mrkix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
++
++ updateNS := apparmorSpec.UpdateNS()
++ profile0 := ` # Read-only content sharing consumer:content -> producer:content (r#0)
++- mount options=(bind) /snap/producer/5/export/ -> /snap/consumer/7/import{,-[0-9]*}/,
++- remount options=(bind, ro) /snap/consumer/7/import{,-[0-9]*}/,
++- mount options=(rprivate) -> /snap/consumer/7/import{,-[0-9]*}/,
++- umount /snap/consumer/7/import{,-[0-9]*}/,
+++ mount options=(bind) "/snap/producer/5/export/" -> "/snap/consumer/7/import{,-[0-9]*}/",
+++ remount options=(bind, ro) "/snap/consumer/7/import{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/snap/consumer/7/import{,-[0-9]*}/",
+++ umount "/snap/consumer/7/import{,-[0-9]*}/",
++ # Writable mimic /snap/producer/5
++ # .. permissions for traversing the prefix that is assumed to exist
++ # .. variant with mimic at /
++ # Allow reading the mimic directory, it must exist in the first place.
++- / r,
+++ "/" r,
++ # Allow setting the read-only directory aside via a bind mount.
++- /tmp/.snap/ rw,
++- mount options=(rbind, rw) / -> /tmp/.snap/,
+++ "/tmp/.snap/" rw,
+++ mount options=(rbind, rw) "/" -> "/tmp/.snap/",
++ # Allow mounting tmpfs over the read-only directory.
++- mount fstype=tmpfs options=(rw) tmpfs -> /,
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/",
++ # Allow creating empty files and directories for bind mounting things
++ # to reconstruct the now-writable parent directory.
++- /tmp/.snap/*/ rw,
++- /*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/,
++- /tmp/.snap/* rw,
++- /* rw,
++- mount options=(bind, rw) /tmp/.snap/* -> /*,
+++ "/tmp/.snap/*/" rw,
+++ "/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/",
+++ "/tmp/.snap/*" rw,
+++ "/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*",
++ # Allow unmounting the auxiliary directory.
++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
++- mount options=(rprivate) -> /tmp/.snap/,
++- umount /tmp/.snap/,
+++ mount options=(rprivate) -> "/tmp/.snap/",
+++ umount "/tmp/.snap/",
++ # Allow unmounting the destination directory as well as anything
++ # inside. This lets us perform the undo plan in case the writable
++ # mimic fails.
++- mount options=(rprivate) -> /,
++- mount options=(rprivate) -> /*,
++- mount options=(rprivate) -> /*/,
++- umount /,
++- umount /*,
++- umount /*/,
+++ mount options=(rprivate) -> "/",
+++ mount options=(rprivate) -> "/*",
+++ mount options=(rprivate) -> "/*/",
+++ umount "/",
+++ umount "/*",
+++ umount "/*/",
++ # .. variant with mimic at /snap/
++- /snap/ r,
++- /tmp/.snap/snap/ rw,
++- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/,
++- /tmp/.snap/snap/*/ rw,
++- /snap/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/,
++- /tmp/.snap/snap/* rw,
++- /snap/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/,
++- umount /tmp/.snap/snap/,
++- mount options=(rprivate) -> /snap/,
++- mount options=(rprivate) -> /snap/*,
++- mount options=(rprivate) -> /snap/*/,
++- umount /snap/,
++- umount /snap/*,
++- umount /snap/*/,
+++ "/snap/" r,
+++ "/tmp/.snap/snap/" rw,
+++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/",
+++ "/tmp/.snap/snap/*/" rw,
+++ "/snap/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/",
+++ "/tmp/.snap/snap/*" rw,
+++ "/snap/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/",
+++ umount "/tmp/.snap/snap/",
+++ mount options=(rprivate) -> "/snap/",
+++ mount options=(rprivate) -> "/snap/*",
+++ mount options=(rprivate) -> "/snap/*/",
+++ umount "/snap/",
+++ umount "/snap/*",
+++ umount "/snap/*/",
++ # .. variant with mimic at /snap/producer/
++- /snap/producer/ r,
++- /tmp/.snap/snap/producer/ rw,
++- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/,
++- /tmp/.snap/snap/producer/*/ rw,
++- /snap/producer/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/,
++- /tmp/.snap/snap/producer/* rw,
++- /snap/producer/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/producer/,
++- umount /tmp/.snap/snap/producer/,
++- mount options=(rprivate) -> /snap/producer/,
++- mount options=(rprivate) -> /snap/producer/*,
++- mount options=(rprivate) -> /snap/producer/*/,
++- umount /snap/producer/,
++- umount /snap/producer/*,
++- umount /snap/producer/*/,
+++ "/snap/producer/" r,
+++ "/tmp/.snap/snap/producer/" rw,
+++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/",
+++ "/tmp/.snap/snap/producer/*/" rw,
+++ "/snap/producer/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/",
+++ "/tmp/.snap/snap/producer/*" rw,
+++ "/snap/producer/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/",
+++ umount "/tmp/.snap/snap/producer/",
+++ mount options=(rprivate) -> "/snap/producer/",
+++ mount options=(rprivate) -> "/snap/producer/*",
+++ mount options=(rprivate) -> "/snap/producer/*/",
+++ umount "/snap/producer/",
+++ umount "/snap/producer/*",
+++ umount "/snap/producer/*/",
++ # .. variant with mimic at /snap/producer/5/
++- /snap/producer/5/ r,
++- /tmp/.snap/snap/producer/5/ rw,
++- mount options=(rbind, rw) /snap/producer/5/ -> /tmp/.snap/snap/producer/5/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/5/,
++- /tmp/.snap/snap/producer/5/*/ rw,
++- /snap/producer/5/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/producer/5/*/ -> /snap/producer/5/*/,
++- /tmp/.snap/snap/producer/5/* rw,
++- /snap/producer/5/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/producer/5/* -> /snap/producer/5/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/producer/5/,
++- umount /tmp/.snap/snap/producer/5/,
++- mount options=(rprivate) -> /snap/producer/5/,
++- mount options=(rprivate) -> /snap/producer/5/*,
++- mount options=(rprivate) -> /snap/producer/5/*/,
++- umount /snap/producer/5/,
++- umount /snap/producer/5/*,
++- umount /snap/producer/5/*/,
+++ "/snap/producer/5/" r,
+++ "/tmp/.snap/snap/producer/5/" rw,
+++ mount options=(rbind, rw) "/snap/producer/5/" -> "/tmp/.snap/snap/producer/5/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/5/",
+++ "/tmp/.snap/snap/producer/5/*/" rw,
+++ "/snap/producer/5/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/5/*/" -> "/snap/producer/5/*/",
+++ "/tmp/.snap/snap/producer/5/*" rw,
+++ "/snap/producer/5/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/producer/5/*" -> "/snap/producer/5/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/5/",
+++ umount "/tmp/.snap/snap/producer/5/",
+++ mount options=(rprivate) -> "/snap/producer/5/",
+++ mount options=(rprivate) -> "/snap/producer/5/*",
+++ mount options=(rprivate) -> "/snap/producer/5/*/",
+++ umount "/snap/producer/5/",
+++ umount "/snap/producer/5/*",
+++ umount "/snap/producer/5/*/",
++ # Writable mimic /snap/consumer/7
++ # .. variant with mimic at /snap/consumer/
++- /snap/consumer/ r,
++- /tmp/.snap/snap/consumer/ rw,
++- mount options=(rbind, rw) /snap/consumer/ -> /tmp/.snap/snap/consumer/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/,
++- /tmp/.snap/snap/consumer/*/ rw,
++- /snap/consumer/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/consumer/*/ -> /snap/consumer/*/,
++- /tmp/.snap/snap/consumer/* rw,
++- /snap/consumer/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/consumer/* -> /snap/consumer/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/consumer/,
++- umount /tmp/.snap/snap/consumer/,
++- mount options=(rprivate) -> /snap/consumer/,
++- mount options=(rprivate) -> /snap/consumer/*,
++- mount options=(rprivate) -> /snap/consumer/*/,
++- umount /snap/consumer/,
++- umount /snap/consumer/*,
++- umount /snap/consumer/*/,
+++ "/snap/consumer/" r,
+++ "/tmp/.snap/snap/consumer/" rw,
+++ mount options=(rbind, rw) "/snap/consumer/" -> "/tmp/.snap/snap/consumer/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/",
+++ "/tmp/.snap/snap/consumer/*/" rw,
+++ "/snap/consumer/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/*/" -> "/snap/consumer/*/",
+++ "/tmp/.snap/snap/consumer/*" rw,
+++ "/snap/consumer/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/*" -> "/snap/consumer/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/",
+++ umount "/tmp/.snap/snap/consumer/",
+++ mount options=(rprivate) -> "/snap/consumer/",
+++ mount options=(rprivate) -> "/snap/consumer/*",
+++ mount options=(rprivate) -> "/snap/consumer/*/",
+++ umount "/snap/consumer/",
+++ umount "/snap/consumer/*",
+++ umount "/snap/consumer/*/",
++ # .. variant with mimic at /snap/consumer/7/
++- /snap/consumer/7/ r,
++- /tmp/.snap/snap/consumer/7/ rw,
++- mount options=(rbind, rw) /snap/consumer/7/ -> /tmp/.snap/snap/consumer/7/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/7/,
++- /tmp/.snap/snap/consumer/7/*/ rw,
++- /snap/consumer/7/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/consumer/7/*/ -> /snap/consumer/7/*/,
++- /tmp/.snap/snap/consumer/7/* rw,
++- /snap/consumer/7/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/consumer/7/* -> /snap/consumer/7/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/consumer/7/,
++- umount /tmp/.snap/snap/consumer/7/,
++- mount options=(rprivate) -> /snap/consumer/7/,
++- mount options=(rprivate) -> /snap/consumer/7/*,
++- mount options=(rprivate) -> /snap/consumer/7/*/,
++- umount /snap/consumer/7/,
++- umount /snap/consumer/7/*,
++- umount /snap/consumer/7/*/,
+++ "/snap/consumer/7/" r,
+++ "/tmp/.snap/snap/consumer/7/" rw,
+++ mount options=(rbind, rw) "/snap/consumer/7/" -> "/tmp/.snap/snap/consumer/7/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/7/",
+++ "/tmp/.snap/snap/consumer/7/*/" rw,
+++ "/snap/consumer/7/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/7/*/" -> "/snap/consumer/7/*/",
+++ "/tmp/.snap/snap/consumer/7/*" rw,
+++ "/snap/consumer/7/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/7/*" -> "/snap/consumer/7/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/7/",
+++ umount "/tmp/.snap/snap/consumer/7/",
+++ mount options=(rprivate) -> "/snap/consumer/7/",
+++ mount options=(rprivate) -> "/snap/consumer/7/*",
+++ mount options=(rprivate) -> "/snap/consumer/7/*/",
+++ umount "/snap/consumer/7/",
+++ umount "/snap/consumer/7/*",
+++ umount "/snap/consumer/7/*/",
++ `
++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
++ }
++@@ -493,25 +524,25 @@ slots:
++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
++ # are needed for using named sockets within the exported
++ # directory.
++-/var/snap/producer/5/export/** mrwklix,
+++"/var/snap/producer/5/export/**" mrwklix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
++
++ updateNS := apparmorSpec.UpdateNS()
++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
++- mount options=(bind, rw) /var/snap/producer/5/export/ -> /var/snap/consumer/7/import{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/7/import{,-[0-9]*}/,
++- umount /var/snap/consumer/7/import{,-[0-9]*}/,
+++ mount options=(bind, rw) "/var/snap/producer/5/export/" -> "/var/snap/consumer/7/import{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/7/import{,-[0-9]*}/",
+++ umount "/var/snap/consumer/7/import{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/5/export
++- /var/snap/producer/5/export/ rw,
++- /var/snap/producer/5/ rw,
++- /var/snap/producer/ rw,
+++ "/var/snap/producer/5/export/" rw,
+++ "/var/snap/producer/5/" rw,
+++ "/var/snap/producer/" rw,
++ # Writable directory /var/snap/consumer/7/import
++- /var/snap/consumer/7/import/ rw,
++- /var/snap/consumer/7/ rw,
++- /var/snap/consumer/ rw,
+++ "/var/snap/consumer/7/import/" rw,
+++ "/var/snap/consumer/7/" rw,
+++ "/var/snap/consumer/" rw,
++ # Writable directory /var/snap/consumer/7/import-[0-9]*
++- /var/snap/consumer/7/import-[0-9]*/ rw,
+++ "/var/snap/consumer/7/import-[0-9]*/" rw,
++ `
++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
++ }
++@@ -558,25 +589,25 @@ slots:
++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
++ # are needed for using named sockets within the exported
++ # directory.
++-/var/snap/producer/common/export/** mrwklix,
+++"/var/snap/producer/common/export/**" mrwklix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
++
++ updateNS := apparmorSpec.UpdateNS()
++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
++- mount options=(bind, rw) /var/snap/producer/common/export/ -> /var/snap/consumer/common/import{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import{,-[0-9]*}/,
+++ mount options=(bind, rw) "/var/snap/producer/common/export/" -> "/var/snap/consumer/common/import{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/common/export
++- /var/snap/producer/common/export/ rw,
++- /var/snap/producer/common/ rw,
++- /var/snap/producer/ rw,
+++ "/var/snap/producer/common/export/" rw,
+++ "/var/snap/producer/common/" rw,
+++ "/var/snap/producer/" rw,
++ # Writable directory /var/snap/consumer/common/import
++- /var/snap/consumer/common/import/ rw,
++- /var/snap/consumer/common/ rw,
++- /var/snap/consumer/ rw,
+++ "/var/snap/consumer/common/import/" rw,
+++ "/var/snap/consumer/common/" rw,
+++ "/var/snap/consumer/" rw,
++ # Writable directory /var/snap/consumer/common/import-[0-9]*
++- /var/snap/consumer/common/import-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import-[0-9]*/" rw,
++ `
++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0)
++ }
++@@ -650,34 +681,34 @@ slots:
++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
++ # are needed for using named sockets within the exported
++ # directory.
++-/var/snap/producer/common/write-common/** mrwklix,
++-/var/snap/producer/2/write-data/** mrwklix,
+++"/var/snap/producer/common/write-common/**" mrwklix,
+++"/var/snap/producer/2/write-data/**" mrwklix,
++
++ # In addition to the bind mount, add any AppArmor rules so that
++ # snaps may directly access the slot implementation's files
++ # read-only.
++-/var/snap/producer/common/read-common/** mrkix,
++-/var/snap/producer/2/read-data/** mrkix,
++-/snap/producer/2/read-snap/** mrkix,
+++"/var/snap/producer/common/read-common/**" mrkix,
+++"/var/snap/producer/2/read-data/**" mrkix,
+++"/snap/producer/2/read-snap/**" mrkix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
++
++ updateNS := apparmorSpec.UpdateNS()
++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0)
++- mount options=(bind, rw) /var/snap/producer/common/write-common/ -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import/write-common{,-[0-9]*}/,
+++ mount options=(bind, rw) "/var/snap/producer/common/write-common/" -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import/write-common{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/common/write-common
++- /var/snap/producer/common/write-common/ rw,
++- /var/snap/producer/common/ rw,
++- /var/snap/producer/ rw,
+++ "/var/snap/producer/common/write-common/" rw,
+++ "/var/snap/producer/common/" rw,
+++ "/var/snap/producer/" rw,
++ # Writable directory /var/snap/consumer/common/import/write-common
++- /var/snap/consumer/common/import/write-common/ rw,
++- /var/snap/consumer/common/import/ rw,
++- /var/snap/consumer/common/ rw,
++- /var/snap/consumer/ rw,
+++ "/var/snap/consumer/common/import/write-common/" rw,
+++ "/var/snap/consumer/common/import/" rw,
+++ "/var/snap/consumer/common/" rw,
+++ "/var/snap/consumer/" rw,
++ # Writable directory /var/snap/consumer/common/import/write-common-[0-9]*
++- /var/snap/consumer/common/import/write-common-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import/write-common-[0-9]*/" rw,
++ `
++ // Find the slice that describes profile0 by looking for the first unique
++ // line of the next profile.
++@@ -686,16 +717,16 @@ slots:
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0)
++
++ profile1 := ` # Read-write content sharing consumer:content -> producer:content (w#1)
++- mount options=(bind, rw) /var/snap/producer/2/write-data/ -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import/write-data{,-[0-9]*}/,
+++ mount options=(bind, rw) "/var/snap/producer/2/write-data/" -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import/write-data{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/2/write-data
++- /var/snap/producer/2/write-data/ rw,
++- /var/snap/producer/2/ rw,
+++ "/var/snap/producer/2/write-data/" rw,
+++ "/var/snap/producer/2/" rw,
++ # Writable directory /var/snap/consumer/common/import/write-data
++- /var/snap/consumer/common/import/write-data/ rw,
+++ "/var/snap/consumer/common/import/write-data/" rw,
++ # Writable directory /var/snap/consumer/common/import/write-data-[0-9]*
++- /var/snap/consumer/common/import/write-data-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import/write-data-[0-9]*/" rw,
++ `
++ // Find the slice that describes profile1 by looking for the first unique
++ // line of the next profile.
++@@ -704,16 +735,16 @@ slots:
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1)
++
++ profile2 := ` # Read-only content sharing consumer:content -> producer:content (r#0)
++- mount options=(bind) /var/snap/producer/common/read-common/ -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
++- remount options=(bind, ro) /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import/read-common{,-[0-9]*}/,
+++ mount options=(bind) "/var/snap/producer/common/read-common/" -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
+++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import/read-common{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/common/read-common
++- /var/snap/producer/common/read-common/ rw,
+++ "/var/snap/producer/common/read-common/" rw,
++ # Writable directory /var/snap/consumer/common/import/read-common
++- /var/snap/consumer/common/import/read-common/ rw,
+++ "/var/snap/consumer/common/import/read-common/" rw,
++ # Writable directory /var/snap/consumer/common/import/read-common-[0-9]*
++- /var/snap/consumer/common/import/read-common-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import/read-common-[0-9]*/" rw,
++ `
++ // Find the slice that describes profile2 by looking for the first unique
++ // line of the next profile.
++@@ -722,16 +753,16 @@ slots:
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2)
++
++ profile3 := ` # Read-only content sharing consumer:content -> producer:content (r#1)
++- mount options=(bind) /var/snap/producer/2/read-data/ -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
++- remount options=(bind, ro) /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import/read-data{,-[0-9]*}/,
+++ mount options=(bind) "/var/snap/producer/2/read-data/" -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
+++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import/read-data{,-[0-9]*}/",
++ # Writable directory /var/snap/producer/2/read-data
++- /var/snap/producer/2/read-data/ rw,
+++ "/var/snap/producer/2/read-data/" rw,
++ # Writable directory /var/snap/consumer/common/import/read-data
++- /var/snap/consumer/common/import/read-data/ rw,
+++ "/var/snap/consumer/common/import/read-data/" rw,
++ # Writable directory /var/snap/consumer/common/import/read-data-[0-9]*
++- /var/snap/consumer/common/import/read-data-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import/read-data-[0-9]*/" rw,
++ `
++ // Find the slice that describes profile3 by looking for the first unique
++ // line of the next profile.
++@@ -740,102 +771,102 @@ slots:
++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile3)
++
++ profile4 := ` # Read-only content sharing consumer:content -> producer:content (r#2)
++- mount options=(bind) /snap/producer/2/read-snap/ -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
++- remount options=(bind, ro) /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
++- umount /var/snap/consumer/common/import/read-snap{,-[0-9]*}/,
+++ mount options=(bind) "/snap/producer/2/read-snap/" -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
+++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
+++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
+++ umount "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/",
++ # Writable mimic /snap/producer/2
++ # .. permissions for traversing the prefix that is assumed to exist
++ # .. variant with mimic at /
++ # Allow reading the mimic directory, it must exist in the first place.
++- / r,
+++ "/" r,
++ # Allow setting the read-only directory aside via a bind mount.
++- /tmp/.snap/ rw,
++- mount options=(rbind, rw) / -> /tmp/.snap/,
+++ "/tmp/.snap/" rw,
+++ mount options=(rbind, rw) "/" -> "/tmp/.snap/",
++ # Allow mounting tmpfs over the read-only directory.
++- mount fstype=tmpfs options=(rw) tmpfs -> /,
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/",
++ # Allow creating empty files and directories for bind mounting things
++ # to reconstruct the now-writable parent directory.
++- /tmp/.snap/*/ rw,
++- /*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/,
++- /tmp/.snap/* rw,
++- /* rw,
++- mount options=(bind, rw) /tmp/.snap/* -> /*,
+++ "/tmp/.snap/*/" rw,
+++ "/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/",
+++ "/tmp/.snap/*" rw,
+++ "/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*",
++ # Allow unmounting the auxiliary directory.
++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)
++- mount options=(rprivate) -> /tmp/.snap/,
++- umount /tmp/.snap/,
+++ mount options=(rprivate) -> "/tmp/.snap/",
+++ umount "/tmp/.snap/",
++ # Allow unmounting the destination directory as well as anything
++ # inside. This lets us perform the undo plan in case the writable
++ # mimic fails.
++- mount options=(rprivate) -> /,
++- mount options=(rprivate) -> /*,
++- mount options=(rprivate) -> /*/,
++- umount /,
++- umount /*,
++- umount /*/,
+++ mount options=(rprivate) -> "/",
+++ mount options=(rprivate) -> "/*",
+++ mount options=(rprivate) -> "/*/",
+++ umount "/",
+++ umount "/*",
+++ umount "/*/",
++ # .. variant with mimic at /snap/
++- /snap/ r,
++- /tmp/.snap/snap/ rw,
++- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/,
++- /tmp/.snap/snap/*/ rw,
++- /snap/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/,
++- /tmp/.snap/snap/* rw,
++- /snap/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/,
++- umount /tmp/.snap/snap/,
++- mount options=(rprivate) -> /snap/,
++- mount options=(rprivate) -> /snap/*,
++- mount options=(rprivate) -> /snap/*/,
++- umount /snap/,
++- umount /snap/*,
++- umount /snap/*/,
+++ "/snap/" r,
+++ "/tmp/.snap/snap/" rw,
+++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/",
+++ "/tmp/.snap/snap/*/" rw,
+++ "/snap/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/",
+++ "/tmp/.snap/snap/*" rw,
+++ "/snap/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/",
+++ umount "/tmp/.snap/snap/",
+++ mount options=(rprivate) -> "/snap/",
+++ mount options=(rprivate) -> "/snap/*",
+++ mount options=(rprivate) -> "/snap/*/",
+++ umount "/snap/",
+++ umount "/snap/*",
+++ umount "/snap/*/",
++ # .. variant with mimic at /snap/producer/
++- /snap/producer/ r,
++- /tmp/.snap/snap/producer/ rw,
++- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/,
++- /tmp/.snap/snap/producer/*/ rw,
++- /snap/producer/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/,
++- /tmp/.snap/snap/producer/* rw,
++- /snap/producer/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/producer/,
++- umount /tmp/.snap/snap/producer/,
++- mount options=(rprivate) -> /snap/producer/,
++- mount options=(rprivate) -> /snap/producer/*,
++- mount options=(rprivate) -> /snap/producer/*/,
++- umount /snap/producer/,
++- umount /snap/producer/*,
++- umount /snap/producer/*/,
+++ "/snap/producer/" r,
+++ "/tmp/.snap/snap/producer/" rw,
+++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/",
+++ "/tmp/.snap/snap/producer/*/" rw,
+++ "/snap/producer/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/",
+++ "/tmp/.snap/snap/producer/*" rw,
+++ "/snap/producer/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/",
+++ umount "/tmp/.snap/snap/producer/",
+++ mount options=(rprivate) -> "/snap/producer/",
+++ mount options=(rprivate) -> "/snap/producer/*",
+++ mount options=(rprivate) -> "/snap/producer/*/",
+++ umount "/snap/producer/",
+++ umount "/snap/producer/*",
+++ umount "/snap/producer/*/",
++ # .. variant with mimic at /snap/producer/2/
++- /snap/producer/2/ r,
++- /tmp/.snap/snap/producer/2/ rw,
++- mount options=(rbind, rw) /snap/producer/2/ -> /tmp/.snap/snap/producer/2/,
++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/2/,
++- /tmp/.snap/snap/producer/2/*/ rw,
++- /snap/producer/2/*/ rw,
++- mount options=(rbind, rw) /tmp/.snap/snap/producer/2/*/ -> /snap/producer/2/*/,
++- /tmp/.snap/snap/producer/2/* rw,
++- /snap/producer/2/* rw,
++- mount options=(bind, rw) /tmp/.snap/snap/producer/2/* -> /snap/producer/2/*,
++- mount options=(rprivate) -> /tmp/.snap/snap/producer/2/,
++- umount /tmp/.snap/snap/producer/2/,
++- mount options=(rprivate) -> /snap/producer/2/,
++- mount options=(rprivate) -> /snap/producer/2/*,
++- mount options=(rprivate) -> /snap/producer/2/*/,
++- umount /snap/producer/2/,
++- umount /snap/producer/2/*,
++- umount /snap/producer/2/*/,
+++ "/snap/producer/2/" r,
+++ "/tmp/.snap/snap/producer/2/" rw,
+++ mount options=(rbind, rw) "/snap/producer/2/" -> "/tmp/.snap/snap/producer/2/",
+++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/2/",
+++ "/tmp/.snap/snap/producer/2/*/" rw,
+++ "/snap/producer/2/*/" rw,
+++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/2/*/" -> "/snap/producer/2/*/",
+++ "/tmp/.snap/snap/producer/2/*" rw,
+++ "/snap/producer/2/*" rw,
+++ mount options=(bind, rw) "/tmp/.snap/snap/producer/2/*" -> "/snap/producer/2/*",
+++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/2/",
+++ umount "/tmp/.snap/snap/producer/2/",
+++ mount options=(rprivate) -> "/snap/producer/2/",
+++ mount options=(rprivate) -> "/snap/producer/2/*",
+++ mount options=(rprivate) -> "/snap/producer/2/*/",
+++ umount "/snap/producer/2/",
+++ umount "/snap/producer/2/*",
+++ umount "/snap/producer/2/*/",
++ # Writable directory /var/snap/consumer/common/import/read-snap
++- /var/snap/consumer/common/import/read-snap/ rw,
+++ "/var/snap/consumer/common/import/read-snap/" rw,
++ # Writable directory /var/snap/consumer/common/import/read-snap-[0-9]*
++- /var/snap/consumer/common/import/read-snap-[0-9]*/ rw,
+++ "/var/snap/consumer/common/import/read-snap-[0-9]*/" rw,
++ `
++ // Find the slice that describes profile4 by looking till the end of the list.
++ start = end
++@@ -911,13 +942,13 @@ slots:
++ # In addition to the bind mount, add any AppArmor rules so that
++ # snaps may directly access the slot implementation's files
++ # read-only.
++-/snap/plugin-one/1/plugin/** mrkix,
+++"/snap/plugin-one/1/plugin/**" mrkix,
++
++
++ # In addition to the bind mount, add any AppArmor rules so that
++ # snaps may directly access the slot implementation's files
++ # read-only.
++-/snap/plugin-two/1/plugin/** mrkix,
+++"/snap/plugin-two/1/plugin/**" mrkix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.app.app"), Equals, expected)
++ }
++@@ -975,12 +1006,12 @@ slots:
++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these
++ # are needed for using named sockets within the exported
++ # directory.
++-/var/snap/producer/2/directory/** mrwklix,
+++"/var/snap/producer/2/directory/**" mrwklix,
++
++ # In addition to the bind mount, add any AppArmor rules so that
++ # snaps may directly access the slot implementation's files
++ # read-only.
++-/var/snap/producer/2/directory/** mrkix,
+++"/var/snap/producer/2/directory/**" mrkix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected)
++ }
++@@ -1017,7 +1048,7 @@ apps:
++ # implementation to access the slot's exported files at the plugging
++ # snap's mountpoint to accommodate software where the plugging app
++ # tells the slotting app about files to share.
++-/var/snap/consumer/common/import/** mrwklix,
+++"/var/snap/consumer/common/import/**" mrwklix,
++ `
++ c.Assert(apparmorSpec.SnippetForTag("snap.producer.app"), Equals, expected)
++ }
++Index: snapd-2.49/interfaces/builtin/daemon_notify.go
++===================================================================
++--- snapd-2.49.orig/interfaces/builtin/daemon_notify.go
+++++ snapd-2.49/interfaces/builtin/daemon_notify.go
++@@ -26,6 +26,7 @@ import (
++
++ "github.com/snapcore/snapd/interfaces"
++ "github.com/snapcore/snapd/interfaces/apparmor"
+++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor"
++ )
++
++ const daemonNotifySummary = `allows sending daemon status changes to service manager`
++@@ -64,7 +65,7 @@ func (iface *daemoNotifyInterface) AppAr
++ // must be an absolute path or an abstract socket path
++ return fmt.Errorf("cannot use %q as notify socket path: not absolute", notifySocket)
++ }
++- if err := apparmor.ValidateNoAppArmorRegexp(notifySocket); err != nil {
+++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(notifySocket); err != nil {
++ return fmt.Errorf("cannot use %q as notify socket path: %s", notifySocket, err)
++ }
++
++Index: snapd-2.49/interfaces/ifacetest/backendtest.go
++===================================================================
++--- snapd-2.49.orig/interfaces/ifacetest/backendtest.go
+++++ snapd-2.49/interfaces/ifacetest/backendtest.go
++@@ -42,7 +42,15 @@ type BackendSuite struct {
++ testutil.BaseTest
++ }
++
+++// CoreSnapInfo is set in SetupSuite
+++var DefaultInitializeOpts = &interfaces.SecurityBackendOptions{}
+++
++ func (s *BackendSuite) SetUpTest(c *C) {
+++ coreSnapPlaceInfo := snap.MinimalPlaceInfo("core", snap.Revision{N: 123})
+++ snInfo, ok := coreSnapPlaceInfo.(*snap.Info)
+++ c.Assert(ok, Equals, true)
+++ DefaultInitializeOpts.CoreSnapInfo = snInfo
+++
++ // Isolate this test to a temporary directory
++ s.RootDir = c.MkDir()
++ dirs.SetRootDir(s.RootDir)
++Index: snapd-2.49/interfaces/seccomp/backend_test.go
++===================================================================
++--- snapd-2.49.orig/interfaces/seccomp/backend_test.go
+++++ snapd-2.49/interfaces/seccomp/backend_test.go
++@@ -175,7 +175,7 @@ fi`)
++ c.Check(s.snapSeccomp.Calls(), HasLen, 0)
++ // ensure the snap-seccomp from the core snap was used instead
++ c.Check(snapSeccompOnCore.Calls(), DeepEquals, [][]string{
++- {"snap-seccomp", "version-info"},
+++ {"snap-seccomp", "version-info"}, // from Initialize()
++ {"snap-seccomp", "compile", profile + ".src", profile + ".bin"},
++ })
++ raw, err := ioutil.ReadFile(profile + ".src")
++Index: snapd-2.49/overlord/devicestate/firstboot_test.go
++===================================================================
++--- snapd-2.49.orig/overlord/devicestate/firstboot_test.go
+++++ snapd-2.49/overlord/devicestate/firstboot_test.go
++@@ -24,6 +24,7 @@ import (
++ "io/ioutil"
++ "os"
++ "path/filepath"
+++ "runtime"
++ "strconv"
++ "strings"
++ "time"
++@@ -76,6 +77,11 @@ type firstBootBaseTest struct {
++ func (t *firstBootBaseTest) setupBaseTest(c *C, s *seedtest.SeedSnaps) {
++ t.BaseTest.SetUpTest(c)
++
+++ // TODO: temporary: skip due to timeouts on riscv64
+++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" {
+++ c.Skip("skipping slow test")
+++ }
+++
++ tempdir := c.MkDir()
++ dirs.SetRootDir(tempdir)
++ t.AddCleanup(func() { dirs.SetRootDir("/") })
++Index: snapd-2.49/overlord/ifacestate/helpers.go
++===================================================================
++--- snapd-2.49.orig/overlord/ifacestate/helpers.go
+++++ snapd-2.49/overlord/ifacestate/helpers.go
++@@ -67,7 +67,39 @@ func (m *InterfaceManager) addInterfaces
++ }
++
++ func (m *InterfaceManager) addBackends(extra []interfaces.SecurityBackend) error {
++- opts := interfaces.SecurityBackendOptions{Preseed: m.preseed}
+++ // get the snapd snap info if it is installed
+++ var snapdSnap snapstate.SnapState
+++ var snapdSnapInfo *snap.Info
+++ err := snapstate.Get(m.state, "snapd", &snapdSnap)
+++ if err != nil && err != state.ErrNoState {
+++ return fmt.Errorf("cannot access snapd snap state: %v", err)
+++ }
+++ if err == nil {
+++ snapdSnapInfo, err = snapdSnap.CurrentInfo()
+++ if err != nil && err != snapstate.ErrNoCurrent {
+++ return fmt.Errorf("cannot access snapd snap info: %v", err)
+++ }
+++ }
+++
+++ // get the core snap info if it is installed
+++ var coreSnap snapstate.SnapState
+++ var coreSnapInfo *snap.Info
+++ err = snapstate.Get(m.state, "core", &coreSnap)
+++ if err != nil && err != state.ErrNoState {
+++ return fmt.Errorf("cannot access core snap state: %v", err)
+++ }
+++ if err == nil {
+++ coreSnapInfo, err = coreSnap.CurrentInfo()
+++ if err != nil && err != snapstate.ErrNoCurrent {
+++ return fmt.Errorf("cannot access core snap info: %v", err)
+++ }
+++ }
+++
+++ opts := interfaces.SecurityBackendOptions{
+++ Preseed: m.preseed,
+++ CoreSnapInfo: coreSnapInfo,
+++ SnapdSnapInfo: snapdSnapInfo,
+++ }
++ for _, backend := range backends.All {
++ if err := backend.Initialize(&opts); err != nil {
++ return err
++Index: snapd-2.49/overlord/managers_test.go
++===================================================================
++--- snapd-2.49.orig/overlord/managers_test.go
+++++ snapd-2.49/overlord/managers_test.go
++@@ -34,6 +34,7 @@ import (
++ "net/url"
++ "os"
++ "path/filepath"
+++ "runtime"
++ "sort"
++ "strings"
++ "time"
++@@ -140,6 +141,11 @@ func verifyLastTasksetIsRerefresh(c *C,
++ func (s *baseMgrsSuite) SetUpTest(c *C) {
++ s.BaseTest.SetUpTest(c)
++
+++ // TODO: temporary: skip due to timeouts on riscv64
+++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" {
+++ c.Skip("skipping slow tests")
+++ }
+++
++ s.tempdir = c.MkDir()
++ dirs.SetRootDir(s.tempdir)
++ s.AddCleanup(func() { dirs.SetRootDir("") })
++Index: snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests
++===================================================================
++--- snapd-2.49.orig/packaging/ubuntu-16.04/tests/integrationtests
+++++ snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests
++@@ -74,6 +74,9 @@ backends:
++ - adt-local:
++ username: ubuntu
++ password: ubuntu
+++prepare: |
+++ # Copy external tools from the subtree to the "$TESTSLIB"/tools directory
+++ cp -f "$TESTSLIB"/external/snapd-testing-tools/tools/* "$TESTSTOOLS"
++ suites:
++ tests/smoke/:
++ summary: Essenial system level tests for snapd
++Index: snapd-2.49/sandbox/apparmor/apparmor.go
++===================================================================
++--- snapd-2.49.orig/sandbox/apparmor/apparmor.go
+++++ snapd-2.49/sandbox/apparmor/apparmor.go
++@@ -35,6 +35,19 @@ import (
++ "github.com/snapcore/snapd/strutil"
++ )
++
+++// ValidateNoAppArmorRegexp will check that the given string does not
+++// contain AppArmor regular expressions (AARE), double quotes or \0.
+++// Note that to check the inverse of this, that is that a string has
+++// valid AARE, one should use interfaces/utils.NewPathPattern().
+++func ValidateNoAppArmorRegexp(s string) error {
+++ const AARE = `?*[]{}^"` + "\x00"
+++
+++ if strings.ContainsAny(s, AARE) {
+++ return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE)
+++ }
+++ return nil
+++}
+++
++ // LevelType encodes the kind of support for apparmor
++ // found on this system.
++ type LevelType int
++Index: snapd-2.49/sandbox/apparmor/apparmor_test.go
++===================================================================
++--- snapd-2.49.orig/sandbox/apparmor/apparmor_test.go
+++++ snapd-2.49/sandbox/apparmor/apparmor_test.go
++@@ -303,3 +303,19 @@ func (s *apparmorSuite) TestFeaturesProb
++ _, err = apparmor.ParserFeatures()
++ c.Assert(err, IsNil)
++ }
+++
+++func (s *apparmorSuite) TestValidateFreeFromAAREUnhappy(c *C) {
+++ var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"}
+++
+++ for _, s := range testCases {
+++ c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s))
+++ }
+++}
+++
+++func (s *apparmorSuite) TestValidateFreeFromAAREhappy(c *C) {
+++ var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a<b", "a|b"}
+++
+++ for _, s := range testCases {
+++ c.Check(apparmor.ValidateNoAppArmorRegexp(s), IsNil, Commentf("%q raised an error but shouldn't", s))
+++ }
+++}
++Index: snapd-2.49/snap/validate.go
++===================================================================
++--- snapd-2.49.orig/snap/validate.go
+++++ snapd-2.49/snap/validate.go
++@@ -31,6 +31,7 @@ import (
++ "unicode/utf8"
++
++ "github.com/snapcore/snapd/osutil"
+++ "github.com/snapcore/snapd/sandbox/apparmor"
++ "github.com/snapcore/snapd/snap/naming"
++ "github.com/snapcore/snapd/spdx"
++ "github.com/snapcore/snapd/strutil"
++@@ -422,6 +423,9 @@ func ValidateLayoutAll(info *Info) error
++ // Validate that each source path is not a new top-level directory
++ for _, layout := range info.Layout {
++ cleanPathSrc := info.ExpandSnapVariables(filepath.Clean(layout.Path))
+++ if err := apparmor.ValidateNoAppArmorRegexp(layout.Path); err != nil {
+++ return fmt.Errorf("invalid layout path: %v", err)
+++ }
++ elems := strings.SplitN(cleanPathSrc, string(os.PathSeparator), 3)
++ switch len(elems) {
++ // len(1) is either relative path or empty string, will be validated
++@@ -1005,6 +1009,10 @@ func ValidateLayout(layout *Layout, cons
++ !strings.HasPrefix(mountSource, si.ExpandSnapVariables("$SNAP_COMMON")) {
++ return fmt.Errorf("layout %q uses invalid bind mount source %q: must start with $SNAP, $SNAP_DATA or $SNAP_COMMON", layout.Path, mountSource)
++ }
+++ // Ensure that the path does not express an AppArmor pattern
+++ if err := apparmor.ValidateNoAppArmorRegexp(mountSource); err != nil {
+++ return fmt.Errorf("layout %q uses invalid mount source: %s", layout.Path, err)
+++ }
++ }
++
++ switch layout.Type {
++@@ -1032,6 +1040,10 @@ func ValidateLayout(layout *Layout, cons
++ !strings.HasPrefix(oldname, si.ExpandSnapVariables("$SNAP_COMMON")) {
++ return fmt.Errorf("layout %q uses invalid symlink old name %q: must start with $SNAP, $SNAP_DATA or $SNAP_COMMON", layout.Path, oldname)
++ }
+++ // Ensure that the path does not express an AppArmor pattern
+++ if err := apparmor.ValidateNoAppArmorRegexp(oldname); err != nil {
+++ return fmt.Errorf("layout %q uses invalid symlink: %s", layout.Path, err)
+++ }
++ }
++
++ // When new users and groups are supported those must be added to interfaces/mount/spec.go as well.
++Index: snapd-2.49/snap/validate_test.go
++===================================================================
++--- snapd-2.49.orig/snap/validate_test.go
+++++ snapd-2.49/snap/validate_test.go
++@@ -963,6 +963,21 @@ func (s *ValidateSuite) TestValidateLayo
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/tmp", Type: "tmpfs"}, nil),
++ ErrorMatches, `layout "/tmp" in an off-limits area`)
++
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Bind: "$SNAP/dev/sda[0123]"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/dev/sda\[0123\]" contains a reserved apparmor char.*`)
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Bind: "$SNAP/*"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/\*" contains a reserved apparmor char.*`)
+++
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", BindFile: "$SNAP/a\"quote"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/a\\"quote" contains a reserved apparmor char.*`)
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", BindFile: "$SNAP/^invalid"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid mount source: "/snap/foo/unset/\^invalid" contains a reserved apparmor char.*`)
+++
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Symlink: "$SNAP/{here,there}"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid symlink: "/snap/foo/unset/{here,there}" contains a reserved apparmor char.*`)
+++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "$SNAP/evil", Symlink: "$SNAP/**"}, nil),
+++ ErrorMatches, `layout "\$SNAP/evil" uses invalid symlink: "/snap/foo/unset/\*\*" contains a reserved apparmor char.*`)
+++
++ // Several valid layouts.
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/foo", Type: "tmpfs", Mode: 01755}, nil), IsNil)
++ c.Check(ValidateLayout(&Layout{Snap: si, Path: "/usr", Bind: "$SNAP/usr"}, nil), IsNil)
++@@ -1247,6 +1262,7 @@ layout:
++ symlink: $SNAP/existent-dir
++ `
++
+++ // TODO: merge with the block below
++ for _, testCase := range []struct {
++ str string
++ topLevelDir string
++@@ -1265,6 +1281,24 @@ layout:
++ c.Assert(err, ErrorMatches, fmt.Sprintf(`layout %q defines a new top-level directory %q`, testCase.str, testCase.topLevelDir))
++ }
++
+++ for _, testCase := range []struct {
+++ str string
+++ expectedError string
+++ }{
+++ {"$SNAP/with\"quote", "invalid layout path: .* contains a reserved apparmor char.*"},
+++ {"$SNAP/myDir[0123]", "invalid layout path: .* contains a reserved apparmor char.*"},
+++ {"$SNAP/here{a,b}", "invalid layout path: .* contains a reserved apparmor char.*"},
+++ {"$SNAP/anywhere*", "invalid layout path: .* contains a reserved apparmor char.*"},
+++ } {
+++ // Layout adding a new top-level directory
+++ strk = NewScopedTracker()
+++ yaml14 := fmt.Sprintf(yaml14Pattern, testCase.str)
+++ info, err = InfoFromSnapYamlWithSideInfo([]byte(yaml14), &SideInfo{Revision: R(42)}, strk)
+++ c.Assert(err, IsNil)
+++ c.Assert(info.Layout, HasLen, 1)
+++ err = ValidateLayoutAll(info)
+++ c.Assert(err, ErrorMatches, testCase.expectedError, Commentf("path: %s", testCase.str))
+++ }
++ }
++
++ func (s *YamlSuite) TestValidateAppStartupOrder(c *C) {
++Index: snapd-2.49/spread.yaml
++===================================================================
++--- snapd-2.49.orig/spread.yaml
+++++ snapd-2.49/spread.yaml
++@@ -210,6 +210,10 @@ backends:
++ image: ubuntu-16.04-64
++ username: ubuntu
++ password: ubuntu
+++ - ubuntu-core-18-32:
+++ image: ubuntu-18.04-32
+++ username: ubuntu
+++ password: ubuntu
++ - ubuntu-core-18-64:
++ image: ubuntu-16.04-64
++ username: ubuntu
++Index: snapd-2.49/tests/lib/state.sh
++===================================================================
++--- snapd-2.49.orig/tests/lib/state.sh
+++++ snapd-2.49/tests/lib/state.sh
++@@ -132,3 +132,9 @@ restore_snapd_lib() {
++ fi
++ rsync -av --delete "$SNAPD_STATE_PATH"/snapd-lib/cache /var/lib/snapd
++ }
+++
+++remove_disabled_snaps() {
+++ snap list --all | grep disabled | while read -r name _ revision _ ; do
+++ snap remove "$name" --revision="$revision"
+++ done
+++}
++Index: snapd-2.49/tests/main/docker-smoke/task.yaml
++===================================================================
++--- snapd-2.49.orig/tests/main/docker-smoke/task.yaml
+++++ snapd-2.49/tests/main/docker-smoke/task.yaml
++@@ -14,3 +14,5 @@ execute: |
++ # the retry here is because there's a race between installing the docker snap
++ # and dockerd to be "ready" enough such that docker can talk to it properly
++ retry -n 30 --wait 1 docker run hello-world | MATCH "installation appears to be working correctly"
+++
+++
++Index: snapd-2.49/tests/main/snap-confine-tmp-mount/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/main/snap-confine-tmp-mount/task.yaml
++@@ -0,0 +1,59 @@
+++summary: ensure snap-confine controls private mount namespace
+++
+++details: |
+++ Ensure that when creating the private mount namespace for a snap that
+++ if it already exists but is not owned by root then any existing
+++ contents within the private mount directory is first removed before the
+++ mount is created.
+++
+++# ubuntu-14.04: the test sets up a user session, which requires more recent systemd
+++systems: [-ubuntu-14.04-*]
+++
+++prepare: |
+++ echo "Install a helper snap"
+++ "$TESTSTOOLS"/snaps-state install-local test-snapd-sh
+++
+++ tests.session -u test prepare
+++
+++restore: |
+++ tests.session -u test restore
+++
+++execute: |
+++ rm -rf /tmp/snap.test-snapd-sh
+++ # create /tmp/snap.test-snapd-sh as a regular user
+++ tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh"
+++ test_umask=$(tests.session -u test exec sh -c "umask")
+++ # check permissions are as expected
+++ expected=$(printf "%o" $((0777-test_umask)))
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "test test $expected"
+++ # and place other contents there
+++ tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh/tmp"
+++ tests.session -u test exec sh -c "touch /tmp/snap.test-snapd-sh/tmp/foo"
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "test test $expected"
+++ expected=$(printf "%o" $((0666-test_umask)))
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp/foo | MATCH "test test $expected"
+++
+++ # then execute snap-confine - this should take over our imposter base
+++ # dir but execute id successfully - snap-confine outputs to stderr and
+++ # id will output to stdout so capture each separately
+++ SNAP_CONFINE=$(os.paths libexec-dir)/snapd/snap-confine
+++ if os.query is-core; then
+++ # on Ubuntu Core we need to use the correct path to ensure it is
+++ # appropriately confined by apparmor as it may be from the snapd
+++ # snap
+++ SNAP_CONFINE=$(aa-status | grep "snap-confine$")
+++ fi
+++ tests.session -u test exec sh -c "env -i SNAPD_DEBUG=1 SNAP_INSTANCE_NAME=test-snapd-sh $SNAP_CONFINE --base core snap.test-snapd-sh.sh /bin/bash -c id 1>/tmp/snap-confine-stdout.log 2>/tmp/snap-confine-stderr.log"
+++ tests.cleanup defer rm -f /tmp/snap-confine-stdout.log /tmp/snap-confine-stderr.log
+++
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700"
+++
+++ # contents should have been removed and tmp dir recreated with root
+++ # ownership but foo file should have been removed
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "root root 1777"
+++ [ -f /tmp/snap.test-snapd-sh/tmp/foo ] && exit 1
+++ # actual dir should be owned by root now
+++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700"
+++ # and snap-confine should ensure the target binary is executed as the test user
+++ MATCH "uid=12345\(test\) gid=12345\(test\)" /tmp/snap-confine-stdout.log
+++
++Index: snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml
++@@ -0,0 +1,35 @@
+++summary: ensure snap-confine denies operation when not in expected location
+++
+++details: |
+++ Ensure that when running from an unexpected location, snap-confine will
+++ not execute the snap-discard-ns helper from the same location since
+++ this may not be the one which is expected.
+++
+++environment:
+++ SNAP_CONFINE: $(os.paths libexec-dir)/snapd/snap-confine
+++
+++prepare: |
+++ echo "Install a helper snap"
+++ "$TESTSTOOLS"/snaps-state install-local test-snapd-sh
+++
+++execute: |
+++ # copy snap-confine with full permissions to /tmp - ideally we would do
+++ # this by hardlinking snap-confine into /tmp to make this a more
+++ # realistic test (as this is something a regular user could do assuming
+++ # fs.protected_hardlinks is disabled) but some spread systems have /tmp
+++ # on a tmpfs and hence a different mount point so instead copy it as
+++ # root for the test
+++ echo "Copying snap-confine to /tmp"
+++
+++ cp -a "$SNAP_CONFINE" /tmp
+++ tests.cleanup defer rm -f /tmp/snap-confine
+++ # ensure has the correct permissions
+++ diff <(stat -c "%U %G %a" "$SNAP_CONFINE") <(stat -c "%U %G %a" /tmp/snap-confine)
+++
+++ # then execute /tmp/snap-confine - this should fail since snap-confine
+++ # is not in the location it expects to be when it goes to find the
+++ # snap-discard-ns etc helper binaries
+++ env -i SNAP_INSTANCE_NAME=test-snapd-sh /tmp/snap-confine --base snapd snap.test-snapd-sh.sh /nonexistent 2>/tmp/snap-confine-output.txt && exit 1
+++ tests.cleanup defer rm -f /tmp/snap-confine-output.txt
+++ MATCH "running from unexpected location: /tmp/snap-confine" /tmp/snap-confine-output.txt
+++
++Index: snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml
++@@ -0,0 +1,202 @@
+++summary: Ensure snap run inside a devmode snap works (for now)
+++
+++details: |
+++ This test ensures inside a devmode snap the "snap run" command
+++ works.
+++
+++ Because of historic mistakes we allowed this and until we properly
+++ deprecated it we need to ensure it works. We really do not want to
+++ support running other snaps from devmode snaps as the use-case for
+++ devmode is to get help on the way to confined snaps. But snaps can
+++ not run other snaps so this does not make sense.
+++
+++systems:
+++ # run the classic test on xenial so that we can build the snapd snap
+++ # destructively without needing the lxd snap and thus execute much quicker
+++ # NOTE: if this test is moved to classic impish or later before the snapd
+++ # snap moves off of building based on xenial, then building with LXD will
+++ # not work because xenial containers do not boot/get networking properly
+++ # when the host has cgroupsv2 in it
+++ - ubuntu-16.04-*
+++
+++environment:
+++ # to build natively on the machine rather than with multipass or lxd
+++ SNAPCRAFT_BUILD_ENVIRONMENT: host
+++
+++ # ensure that re-exec is on by default like it should be
+++ SNAP_REEXEC: "1"
+++
+++ SNAP_TO_USE_FIRST/snapd_first: snapd
+++ SNAP_TO_USE_FIRST/core_first: core
+++
+++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for
+++ # testing devmode confinement with base: core
+++ BASE_CORE_DEVMODE_SNAP: godd
+++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18
+++
+++ BASE_CORE_STRICT_SNAP: test-snapd-sh
+++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18
+++
+++prepare: |
+++ # much of what follows is copied from tests/main/snapd-snap
+++
+++ # install snapcraft snap
+++
+++ snap install snapcraft --channel=4.x/candidate --classic
+++ tests.cleanup defer snap remove --purge snapcraft
+++
+++ # shellcheck disable=SC2164
+++ pushd "$PROJECT_PATH"
+++ echo "Build the snap"
+++ snap run snapcraft snap --output snapd-from-branch.snap
+++ popd
+++
+++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap"
+++
+++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c
+++ # with defer, so just put what we want to run in a script and execute that
+++ cat >> snapcraft-cleanup.sh <<EOF
+++ #!/bin/sh
+++ cd $PROJECT_PATH
+++ snap run snapcraft clean
+++ EOF
+++ chmod +x snapcraft-cleanup.sh
+++ tests.cleanup defer sh -c "$PWD/snapcraft-cleanup.sh"
+++
+++ unsquashfs -d snapd-from-branch snapd-from-branch.snap
+++ snapddir=snapd-from-branch
+++
+++ # now repack the core snap with this snapd snap
+++ snap download core --edge --basename=core-from-edge
+++ unsquashfs -d edge-core-snap core-from-edge.snap
+++ coredir=edge-core-snap
+++
+++ # backup the meta dir
+++ mv "$coredir/meta" "$coredir/meta-backup"
+++ # copy everything from the snapd snap into the core snap
+++ cp -ar "$snapddir"/* "$coredir"
+++
+++ # restore the meta dir
+++ rm -r "$coredir/meta"
+++ mv "$coredir/meta-backup" "$coredir/meta"
+++
+++ # set the version for the core snap to be the version from the snapd snap
+++ SNAPD_SNAP_VERSION=$(grep -Po "version: \K.*" "$snapddir/meta/snap.yaml")
+++ CORE_SNAP_VERSION=$(grep -Po "version: \K.*" "$coredir/meta/snap.yaml")
+++ sed -i -e "s/$CORE_SNAP_VERSION/$SNAPD_SNAP_VERSION/" "$coredir/meta/snap.yaml"
+++
+++ # pack the core snap
+++ snap pack --filename=core-from-branch.snap "$coredir"
+++
+++ rm -r "$coredir"
+++ rm -r "$snapddir"
+++
+++execute: |
+++ if [ "$SNAP_TO_USE_FIRST" = "core" ]; then
+++ # first install our core snap because we don't have the snapd snap on
+++ # the system yet, so we don't need to do any shenanigans
+++ snap install --dangerous core-from-branch.snap
+++
+++ snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
+++ snap install "$BASE_CORE_STRICT_SNAP"
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ snap install --dangerous snapd-from-branch.snap
+++
+++ # trigger profile re-generation because the same build-id for snapd is
+++ # in the core and snapd snaps we are using, so profiles won't be
+++ # regenerated when we install the snapd snap above
+++ systemctl stop snapd.socket snapd.service
+++ rm /var/lib/snapd/system-key
+++ systemctl start snapd.socket snapd.service
+++
+++ # also install the non-core base snap, note that we can install and use it
+++ # even without the snapd snap, but we cannot execute other snaps from this
+++ # devmode snap without also installing the snapd snap, as inside non-core
+++ # base snaps, there is a symlink
+++ # /usr/bin/snap -> /snap/snapd/current/usr/bin/snap
+++ # which effectively requires the snapd snap to be installed to execute other
+++ # snaps from inside the devmode non-core based snap
+++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh")
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ elif [ "$SNAP_TO_USE_FIRST" = "snapd" ]; then
+++ # we already had the core snap installed, so we need to purge things
+++ # and then install only the snapd snap to test this scenario
+++
+++ snap remove go snapcraft
+++ snap remove core18
+++ apt remove --purge -y snapd
+++ apt install snapd -y
+++
+++ snap install --dangerous snapd-from-branch.snap
+++
+++ # snaps that don't depend on the core snap
+++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
+++ snap install "$BASE_NON_CORE_STRICT_SNAP"
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" )
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ # now install the core snap and run those tests
+++ echo "install the core snap"
+++ snap install --dangerous core-from-branch.snap
+++
+++ # trigger profile re-generation because the same build-id for snapd is
+++ # in the core and snapd snaps we are using, so profiles won't be
+++ # regenerated when we install the snapd snap above
+++ systemctl stop snapd.socket snapd.service
+++ rm /var/lib/snapd/system-key
+++ systemctl start snapd.socket snapd.service
+++
+++ snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
+++ snap install "$BASE_CORE_STRICT_SNAP"
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh")
+++ if [ "$OUTPUT" != "0022" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ # docker can run from a devmode snap
+++ snap install docker
+++ echo "snap run docker run hello-world" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" | MATCH "Hello from Docker"
+++
+++
+++ # undo the purging
+++ apt install -y "$PROJECT_PATH/../snapd_1337.2.54.2_amd64.deb"
+++
+++ else
+++ echo "unknown variant $SNAP_TO_USE_FIRST"
+++ exit 1
+++ fi
+++
+++
++Index: snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml
++@@ -0,0 +1,22 @@
+++summary: Test that devmode snaps can be installed during seeding.
+++
+++# testing with core16 (no snapd snap) and core18 (with snapd snap) is enough
+++systems: [ubuntu-16.04-64, ubuntu-18.04-64]
+++
+++environment:
+++ NESTED_IMAGE_ID: core-seeding-devmode
+++
+++prepare: |
+++ # seed a devmode snap
+++ snap download --beta godd
+++ GODD_SNAP=$(ls godd_*.snap)
+++ mv "$GODD_SNAP" "$(tests.nested get extra-snaps-path)"
+++
+++ tests.nested build-image core
+++ tests.nested create-vm core
+++
+++execute: |
+++ tests.nested exec "sudo snap wait system seed.loaded"
+++
+++ # godd is installed
+++ tests.nested exec "snap list godd" | MATCH "godd"
++Index: snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml
++@@ -0,0 +1,220 @@
+++summary: |
+++ Test that devmode confined snaps can execute other snaps.
+++
+++systems:
+++ - ubuntu-18.04-64
+++ - ubuntu-16.04-64
+++
+++environment:
+++ # not needed to build snapd from source to use here, we have to manually
+++ # build it ourselves anyways
+++ NESTED_BUILD_SNAPD_FROM_CURRENT: false
+++
+++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for
+++ # testing devmode confinement with base: core
+++ BASE_CORE_DEVMODE_SNAP: godd
+++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18
+++
+++ BASE_CORE_STRICT_SNAP: test-snapd-sh
+++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18
+++
+++ # build the snap with lxd
+++ SNAPCRAFT_BUILD_ENVIRONMENT: lxd
+++
+++prepare: |
+++ # install lxd so we can build the snapd snap
+++ snap install lxd --channel="$LXD_SNAP_CHANNEL"
+++
+++ snap install snapcraft --channel=4.x/candidate --classic
+++ tests.cleanup defer snap remove --purge snapcraft
+++
+++ # much of what follows is copied from tests/main/snapd-snap
+++
+++ echo "Remove any installed debs (some images carry them) to ensure we test the snap"
+++ # apt -v to test if apt is usable
+++ if command -v apt && apt -v; then
+++ # meh trusty's apt doesn't support -y, so use apt-get
+++ apt-get autoremove -y lxd
+++ if ! os.query is-debian-sid; then
+++ # no lxd-client on debian sid
+++ apt-get autoremove -y lxd-client
+++ fi
+++ fi
+++
+++ # load the fuse kernel module before installing lxd
+++ modprobe fuse
+++
+++ snap set lxd waitready.timeout=240
+++ lxd waitready
+++ lxd init --auto
+++
+++ echo "Setting up proxy for lxc"
+++ if [ -n "${http_proxy:-}" ]; then
+++ lxd.lxc config set core.proxy_http "$http_proxy"
+++ fi
+++ if [ -n "${https_proxy:-}" ]; then
+++ lxd.lxc config set core.proxy_https "$http_proxy"
+++ fi
+++
+++ # TODO: do we need to address the spread system prepare shenanigans as
+++ # mentioned in tests/main/snapd-snap ?
+++
+++ # shellcheck disable=SC2164
+++ pushd "$PROJECT_PATH"
+++ echo "Build the snap"
+++ snap run snapcraft snap --output snapd-from-branch.snap
+++ popd
+++
+++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap"
+++
+++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c
+++ # with defer, so just put what we want to run in a script and execute that
+++ cat >> snapcraft-cleanup.sh <<EOF
+++ #!/bin/sh
+++ cd $PROJECT_PATH
+++ snap run snapcraft clean
+++ EOF
+++ chmod +x snapcraft-cleanup.sh
+++ tests.cleanup defer sh -c "$PWD/snapcraft-cleanup.sh"
+++
+++ unsquashfs -d snapd-from-branch snapd-from-branch.snap
+++ snapddir=snapd-from-branch
+++
+++ # now repack the core snap with this snapd snap
+++ snap download core --edge --basename=core-from-edge
+++ unsquashfs -d edge-core-snap core-from-edge.snap
+++ coredir=edge-core-snap
+++
+++ # backup the meta dir
+++ mv "$coredir/meta" "$coredir/meta-backup"
+++ # copy everything from the snapd snap into the core snap
+++ cp -ar "$snapddir"/* "$coredir"
+++
+++ # restore the meta dir
+++ rm -r "$coredir/meta"
+++ mv "$coredir/meta-backup" "$coredir/meta"
+++
+++ # set the version for the core snap to be the version from the snapd snap
+++ SNAPD_SNAP_VERSION=$(grep -Po "version: \K.*" "$snapddir/meta/snap.yaml")
+++ CORE_SNAP_VERSION=$(grep -Po "version: \K.*" "$coredir/meta/snap.yaml")
+++ sed -i -e "s/$CORE_SNAP_VERSION/$SNAPD_SNAP_VERSION/" "$coredir/meta/snap.yaml"
+++
+++ # pack the core snap
+++ snap pack --filename=core-from-branch.snap "$coredir"
+++
+++ rm -r "$coredir"
+++ rm -r "$snapddir"
+++
+++ tests.nested build-image core
+++ tests.nested create-vm core
+++
+++execute: |
+++ # TODO: should we also just test the classic cases on the system that is
+++ # driving the nested VM? That would save some time/resources
+++
+++ # wait for snap seeding to be done
+++ tests.nested wait-for snap-command
+++ tests.nested exec "sudo snap wait system seed.loaded"
+++
+++ # push both snaps to the vm
+++ tests.nested copy core-from-branch.snap
+++
+++ tests.nested copy snapd-from-branch.snap
+++
+++ if os.query is-xenial; then
+++ # on UC16, initially we will only have the core snap installed, run those
+++ # tests first
+++
+++ # this will reboot as we refresh to our core snap
+++ boot_id="$( tests.nested boot-id )"
+++ REMOTE_CHG_ID="$(tests.nested exec sudo snap install --no-wait --dangerous core-from-branch.snap)"
+++ tests.nested wait-for reboot "${boot_id}"
+++ tests.nested exec sudo snap watch "${REMOTE_CHG_ID}"
+++
+++ tests.nested exec sudo snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
+++ tests.nested exec sudo snap install "$BASE_CORE_STRICT_SNAP"
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ # now install the snapd snap and run those tests
+++ echo "install the snapd snap"
+++ tests.nested exec sudo snap install --dangerous snapd-from-branch.snap
+++
+++ # trigger regeneration of profiles
+++ tests.nested exec sudo systemctl stop snapd.socket snapd.service
+++ tests.nested exec sudo rm -f /var/lib/snapd/system-key
+++ tests.nested exec sudo systemctl start snapd.socket snapd.service
+++
+++ # also install the non-core base snap, note that we can install and use it
+++ # even without the snapd snap, but we cannot execute other snaps from this
+++ # devmode snap without also installing the snapd snap, as inside non-core
+++ # base snaps, there is a symlink
+++ # /usr/bin/snap -> /snap/snapd/current/usr/bin/snap
+++ # which effectively requires the snapd snap to be installed to execute other
+++ # snaps from inside the devmode non-core based snap
+++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh")
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ elif os.query is-bionic; then
+++ # on UC18, initially we will only have the snapd snap installed, run those
+++ # tests first
+++ tests.nested exec sudo snap install --dangerous snapd-from-branch.snap
+++
+++ # snaps that don't depend on the core snap
+++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP"
+++ tests.nested exec sudo snap install "$BASE_NON_CORE_STRICT_SNAP"
+++
+++
+++ # umask is the command we execute to avoid yet another layer of quoting
+++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh" )
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ # now install the core snap and run those tests
+++ echo "install the core snap"
+++ tests.nested exec sudo snap install --dangerous core-from-branch.snap
+++
+++ # trigger regeneration of profiles
+++ tests.nested exec sudo systemctl stop snapd.socket snapd.service
+++ tests.nested exec sudo rm -f /var/lib/snapd/system-key
+++ tests.nested exec sudo systemctl start snapd.socket snapd.service
+++
+++ # snap that does depend on the core snap
+++ tests.nested exec sudo snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP"
+++ tests.nested exec sudo snap install "$BASE_CORE_STRICT_SNAP"
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}")
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh")
+++ if [ "$OUTPUT" != "0002" ]; then
+++ echo "test failed"
+++ exit 1
+++ fi
+++
+++ else
+++ echo "unsupported system for this test"
+++ exit 1
+++ fi
++Index: snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml
++@@ -0,0 +1,5 @@
+++name: bad-layout
+++version: 1.0
+++layout:
+++ /var/lib/foo:
+++ bind: "$SNAP_DATA/var/*"
++Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh
++@@ -0,0 +1,3 @@
+++#!/bin/sh
+++PS1='$ '
+++exec /bin/sh "$@"
++Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml
++@@ -0,0 +1,12 @@
+++name: content-consumer
+++version: 1.0
+++apps:
+++ sh:
+++ command: bin/sh
+++plugs:
+++ quoting:
+++ interface: content
+++ target: "$SNAP_DATA/a,comma"
+++ invalid-char:
+++ interface: content
+++ target: "$SNAP_DATA/{this,that}"
++Index: snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml
++@@ -0,0 +1,9 @@
+++name: content-provider
+++version: 1.0
+++slots:
+++ quoting:
+++ interface: content
+++ read: ["$SNAP_DATA/a,comma"]
+++ invalid-char:
+++ interface: content
+++ read: ["$SNAP_DATA/{this,that}"]
++Index: snapd-2.49/tests/regression/lp-1949368/task.yaml
++===================================================================
++--- /dev/null
+++++ snapd-2.49/tests/regression/lp-1949368/task.yaml
++@@ -0,0 +1,35 @@
+++summary: Ensure that AppArmor paths are safe
+++
+++details: |
+++ Some interfaces allow the developer to specify filesystem paths in their
+++ plug sttributes, which then get encoded into the AppArmor profile of the
+++ applications. We need to make sure that these paths are properly quoted,
+++ and that snapd will refuse to connect a plug whose paths include some
+++ invalid characters.
+++
+++prepare: |
+++ echo "Creating the test snaps"
+++ "$TESTSTOOLS"/snaps-state install-local content-provider
+++ "$TESTSTOOLS"/snaps-state install-local content-consumer
+++
+++
+++execute: |
+++ echo "The plug is disconnected by default"
+++ snap interfaces content-provider
+++
+++ echo "Verify that the plug with invalid characters raised a warning"
+++ snap warnings |
+++ tr -d '\n' | # remove newlines
+++ sed -e 's,\s\+, ,g' | # remove any extra spaces
+++ MATCH 'snap "content-consumer" has bad plugs or slots: invalid-char'
+++
+++ echo "Connect a valid plug"
+++ snap connect content-consumer:quoting content-provider:quoting
+++
+++ if [ "$(snap debug confinement)" = "strict" ]; then
+++ echo "Verify that the AppArmor rule has proper quoting"
+++ MATCH '"/var/snap/content-provider/x1/a,comma/\*\*" mrkix,' < /var/lib/snapd/apparmor/profiles/snap.content-consumer.sh
+++ fi
+++
+++ echo "Attempt to install a snap with an invalid layout"
+++ "$TESTSTOOLS"/snaps-state install-local bad-layout 2>&1 |MATCH 'cannot validate snap "bad-layout".*contains a reserved apparmor char'
projects / snapd.git / commitdiff