From: Raspbian automatic forward porter Date: Mon, 6 Sep 2021 20:24:56 +0000 (+0100) Subject: Merge version 2.49-1+rpi1 and 2.51.7-1 to produce 2.51.7-1+rpi1 X-Git-Tag: archive/raspbian/2.51.7-1+rpi1^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=00f65c234c35ee245d3238a5c777a2cf3c4cd20f;p=snapd.git Merge version 2.49-1+rpi1 and 2.51.7-1 to produce 2.51.7-1+rpi1 --- 00f65c234c35ee245d3238a5c777a2cf3c4cd20f diff --cc debian/changelog index 5a74687e,62c802b4..4174ab61 --- a/debian/changelog +++ b/debian/changelog @@@ -1,47 -1,1001 +1,1010 @@@ - snapd (2.49-1+rpi1) bullseye-staging; urgency=medium ++snapd (2.51.7-1+rpi1) bookworm-staging; urgency=medium + + [changes brought forward from 2.27.2-2+rpi1 by Peter Michael Green at Thu, 24 Aug 2017 17:53:18 +0000] + * Treat unknown derivatives the same as Debian. + * Disable testsuite. + * Fix clean target. + - -- Raspbian forward porter Sat, 06 Mar 2021 20:36:56 +0000 ++ -- Raspbian forward porter Mon, 06 Sep 2021 20:24:55 +0000 + - snapd (2.49-1) unstable; urgency=high + snapd (2.51.7-1) unstable; urgency=medium - * New upstream release with security updates: - * SECURITY UPDATE: sandbox escape vulnerability for containers - (LP: #1910456) + * New upstream release, LP: #1929842 + - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp + v2.2.0-428-g5c22d4b1 + - tests: cherry-pick shellcheck fix `bd730fd4` + - interfaces/dsp: add /dev/ambad into dsp interface + - many: shellcheck fixes + - snapstate: abort kernel refresh if no gadget update can be found + - overlord: add manager test for "assumes" checking + - store: deal correctly with "assumes" from the store raw yaml + + -- Michael Vogt Wed, 01 Sep 2021 13:32:06 +0200 + + snapd (2.51.6-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - secboot: use half the mem for KDF in AddRecoveryKey + - secboot: switch main key KDF memory cost to 32KB + + -- Ian Johnson Thu, 19 Aug 2021 15:49:47 -0500 + + snapd (2.51.5-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - snap/squashfs: handle squashfs-tools 4.5+ + - tests/core20-install-device-file-install-via-hook-hack: adjust + test for 2.51 + - o/devicestate/handlers_install.go: add workaround to create dirs + for install + - tests: fix linter warning + - tests: update other spread tests for new behaviour + - tests: ack assertions by default, add --noack option + - release-tools/changelog.py: also fix opensuse changelog date + format + - release-tools/changelog.py: fix typo in function name + - release-tools/changelog.py: fix fedora date format + - release-tools/changelog.py: handle case where we don't have a TZ + - release-tools/changelog.py: fix line length check + - release-tools/changelog.py: specify the LP bug for the release as + an arg too + - interface/modem-manager: add support for MBIM/QMI proxy + clients + - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd + snap + + -- Ian Johnson Mon, 16 Aug 2021 15:02:40 -0500 + + snapd (2.51.4-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - {device,snap}state: skip kernel extraction in seeding + - vendor: move to snapshot-4c814e1 branch and set fixed KDF options + - tests/interfaces/tee: fix HasLen check for udev snippets + - interfaces/tee: add support for Qualcomm qseecom device node + - gadget: check for system-save with multi volumes if encrypting + correctly + - gadget: drive-by: drop unnecessary/supported passthrough in test + gadget.yaml + + -- Ian Johnson Mon, 09 Aug 2021 18:56:18 -0500 + + snapd (2.51.3-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - interfaces/builtin: add sd-control interface + - store: set ResponseHeaderTimeout on the default transport + + -- Ian Johnson Wed, 14 Jul 2021 15:26:54 -0500 + + snapd (2.51.2-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - snapstate: remove temporary snap file for local revisions early + - interface: allows reading sd cards internal info from block- + devices interface + - o/ifacestate: do not visit same halt tasks in waitChainSearch to + avoid slow convergence (or unlikely cycles) + - corecfg: allow using `# snapd-edit: no` header to disable pi- + config + - configcore: ignore system.pi-config.* setting on measured kernels + - many: pass device/model info to configcore via sysconfig.Device + interface + - o/configstate/configcore: support snap set system swap.size=... + - store: make the log with download size a debug one + - interfaces/opengl: add support for Imagination PowerVR + + -- Michael Vogt Wed, 07 Jul 2021 15:35:46 +0200 + + snapd (2.51.1-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - interfaces: add netlink-driver interface + - interfaces: builtin: add dm-crypt interface to support external + storage encryption + - interfaces/dsp: fix typo in udev rule + - overlord/snapstate: lock the mutex before returning from stop + snap services undo + - interfaces: opengl: change path for Xilinx zocl driver + - interfaces/dsp: add /dev/cavalry into dsp interface + - packaging/fedora/snapd.spec: correct date format in changelog + + -- Michael Vogt Tue, 15 Jun 2021 12:45:08 +0200 + + snapd (2.51-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - cmd/snap: stacktraces debug endpoint + - secboot: deactivate volume again when model checker fails + - store: extra log message, a few minor cleanups + - packaging/debian-sid: update systemd patch + - snapstate: adjust update-gadget-assets user visible message + - tests/nested/core/core20-create-recovery: verify that recovery + system can be created at runtime + - gadget: support creating vfat partitions during bootstrap + - daemon/api_quotas.go: support updating quotas with ensure action + - daemon: tighten access to a couple of POST endpoints that should + be really be root-only + - seed/seedtest, overlord/devicestate: move seed validation helper + to seedtest + - overlord/hookstate/ctlcmd: remove unneeded parameter + - snap/quota: add CurrentMemoryUsage for current memory usage of a + quota group + - systemd: add CurrentMemoryUsage to get current memory usage for a + unit + - o/snapstate: introduce minimalInstallInfo interface + - o/hookstate: print pending info (ready, inhibited or none) + - osutil: a helper to find out the total amount of memory in the + system + - overlord, overlord/devicestate: allow for reloading modeenv in + devicemgr when testing + - daemon: refine access testing + - spread: disable unattended-upgrades on debian + - tests/lib/reset: make nc exit after a while when connection is + idle + - daemon: replace access control flags on commands with access + checkers + - release-tools/changelog.py: refactor regexp + file reading/writing + - packaging/debian-sid: update locale patch for the latest master + - overlord/devicestate: tasks for creating recovery systems at + runtime + - release-tools/changelog.py: implement script to update all the + changelog files + - tests: change machine type used for nested testsPrices: + - cmd/snap: include locale when linting description being lower case + - o/servicestate: add RemoveSnapFromQuota + - interfaces/serial-port: add Qualcomm serial port devices to + allowed list + - packaging: merge 2.50.1 changelog back + - interfaces/builtin: introduce raw-input interface + - tests: remove tests.cleanup prepare from nested test + - cmd/snap-update-ns: fix linter errors + - asserts: fix errors reported by linter + - o/hookstate/ctlcmd: allow system-mode for non-root + - overlord/devicestate: comment why explicit system mode check is + needed in ensuring tried recovery systems (#10275) + - overlord/devicesate: observe snap writes when creating recovery + systems + - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 + - tests: moving to tests directories snaps built locally - part 1 + - seed/seedwriter: fail early when system seed directory exists + - o/snapstate: autorefresh phase1 for refresh-control + - c/snap: more precise message for ErrorKindSystemRestart op != + reboot + - tests: simplify the tests.cleanup tool + - boot: helpers for manipulating current and good recovery systems + list + - o/hookstate, o/snapstate: print revision, version, channel with + snapctl --pending + - overlord: unit test tweaks, use well known snap IDs, setup snap + declarations for most common snaps + - tests/nested/manual: add test for install-device + snapctl reboot + - o/servicestate: restart slices + services on modifications + - tests: update mount-ns test to support changes in the distro + - interfaces: fix linter issues + - overlord: mock logger in managers unit tests + - tests: adding support for fedora-34 + - tests: adding support for debian 10 on gce + - boot: reseal given keys when the respective boot chain has changed + - secboot: switch encryption key size to 32 byte (thanks to Chris) + - interfaces/dbus: allow claiming 'well-known' D-Bus names with a + wildcard suffix + - spread: bump delta reference version + - interfaces: builtin: update permitted paths to be compatible with + UC20 + - overlord: fix errors reported by linter + - tests: remove old fedora systems from tests + - tests: update spread url + - interfaces/camera: allow devices in /sys/devices/platform/**/usb* + - interfaces/udisks2: Allow access to the login manager via dbus + - cmd/snap: exit normally if "snap changes" has no changes + (LP #1823974) + - tests: more fixes for spread suite on openSUSE + - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed + - daemon: fix linter errors + - spread: add Fedora 34, leave a TODO about dropping Fedora 32 + - interfaces: fix linter errors + - tests: use op.paths tools instead of dirs.sh helper - part 2 + - client: Fix linter errors + - cmd/snap: Fix errors reported by linter + - cmd/snap-repair: fix linter issues + - cmd/snap-bootstrap: Fix linter errors + - tests: update permission denied message for test-snapd-event on + ubuntu 2104 + - cmd/snap: small tweaks based on previous reviews + - snap/snaptest: helper that mocks both the squashfs file and a snap + directory + - overlord/devicestate: tweak comment about creating recovery + systems, formatting tweaks + - overlord/devicestate: move devicemgr base suite helpers closer to + test suite struct + - overlord/devicestate: keep track of tried recovery system + - seed/seedwriter: clarify in the diagram when SetInfo is called + - overlord/devicestate: add helper for creating recovery systems at + runtime + - snap-seccomp: update syscalls.go list + - boot,image: support image.Customizations.BootFlags + - overlord: support snapctl --halt|--poweroff in gadget install- + device + - features,servicestate: add experimental.quota-groups flag + - o/servicestate: address comments from previous PR + - tests: basic spread test for snap quota commands + - tests: moving the snaps which are not locally built to the store + directory + - image,c/snap: implement prepare-image --customize + - daemon: implement REST API for quota groups (create / list / get) + - cmd/snap, client: snap quotas command + - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods + and snapctl system-mode + - o/servicestate/quota_control.go: introduce (very) basic group + manipulation methods + - cmd/snap, client: snap remove-quota command + - wrappers, quota: implement quota groups slice generation + - snap/quotas: followups from previous PR + - cmd/snap: introduce 'snap quota' command + - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in + uc20 run mode + - o/servicestate: test has internal ordering issues, consider both + cases + - o/servicestate/quotas: add functions for getting and setting + quotas in state + - tests: new buckets for snapd-spread project on gce + - spread.yaml: update the gce project to start using snapd-spread + - quota: new package for managing resource groups + - many: bind and check keys against models when using FDE hooks v2 + - many: move responsibilities down seboot -> kernel/fde and boot -> + secboot + - packaging: add placeholder changelog + - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap + bug + - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu + Core system + - many: hide EncryptionKey size and refactors for fde hook v2 next + steps + - tests: adding debug info for create user tests + - o/hookstate: add "refresh" command to snapctl (hidden, not + complete yet) + - systemd: wait for zfs mounts (LP #1922293) + - testutil: support referencing files in FileEquals checker + - many: refactor to kernel/fde and allow `fde-setup initial-setup` + to return json + - o/snapstate: store refresh-candidates in the state + - o/snapstate: helper for creating gate-auto-refresh hooks + - bootloader/bootloadertest: provide interface implementation as + mixins, provide a mock for recovery-aware-trusted-asses bootloader + - tests/lib/nested: do not compress images, return early when + restored from pristine image + - boot: split out a helper for making recovery system bootable + - tests: update os.query check to match new bullseye codename used + on sid images + - o/snapstate: helper for getting snaps affected by refresh, define + new hook + - wrappers: support in EnsureSnapServices a callback to observe + changes (#10176) + - gadget: multi line support in gadget's cmdline file + - daemon: test that requesting restart from (early) Ensure works + - tests: use op.paths tools instead of dirs.sh helper - part 1 + - tests: add new command to snaps-state to get current core, kernel + and gadget + - boot, gadget: move opening the snap container into the gadget + helper + - tests, overlord: extend unit tests, extend spread tests to cover + full command line support + - interfaces/builtin: introduce dsp interface + - boot, bootloader, bootloader/assets: support for full command line + override from gadget + - overlord/devicestate, overlord/snapstate: add task for updating + kernel command lines from gadget + - o/snapstate: remove unused DeviceCtx argument of + ensureInstallPreconditions + - tests/lib/nested: proper status return for tpm/secure boot checks + - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars + - wrappers/services.go: refactor helper lambda function to separate + function + - boot/flags.go: add HostUbuntuDataForMode + - boot: handle updating of components that contribute to kernel + command line + - tests: add 20.04 to systems for nested/core + - daemon: add new accessChecker implementations + - boot, overlord/devicestate: consider gadget command lines when + updating boot config + - tests: fix prepare-image-grub-core18 for arm devices + - tests: fix gadget-kernel-refs-update-pc test on arm and when + $TRUST_TEST_KEY is false + - tests: enable help test for all the systems + - boot: set extra command line arguments when preparing run mode + - boot: load bits of kernel command line from gadget snaps + - tests: update layout for tests - part 2 + - tests: update layout for tests - part 1 + - tests: remove the snap profiler from the test suite + - boot: drop gadget snap yaml which is already defined elsewhere in + the tests + - boot: set extra kernel command line arguments when making a + recovery system bootable + - boot: pass gadget path to command line helpers, load gadget from + seed + - tests: new os.paths tool + - daemon: make ucrednetGet() return a *ucrednet structure + - boot: derive boot variables for kernel command lines + - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from + initramfs + + -- Ian Johnson Thu, 27 May 2021 11:15:20 -0500 + + snapd (2.50.1-1) unstable; urgency=medium + + * New upstream release, LP: #1926005 + - interfaces: update permitted /lib/.. paths to be compatible with + UC20 + - interfaces: builtin: update permitted paths to be compatible with + UC20 + - interfaces/greengrass-support: delete white spaces at the end of + lines + - snap-seccomp: update syscalls.go list + - many: backport kernel command line for 2.50 + - interfaces/dbus: allow claiming 'well-known' D-Bus names with a + wildcard suffix + - interfaces/camera: allow devices in /sys/devices/platform/**/usb* + - interfaces/builtin: introduce dsp interface + + -- Ian Johnson Wed, 19 May 2021 10:46:02 -0500 + + snapd (2.50-1) unstable; urgency=medium + + * New upstream release, LP: #1926005 + - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu + Core system + - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug + - o/servicestate/servicemgr.go: add ensure loop for snap service + units + - wrappers/services.go: introduce EnsureSnapServices() + - snapstate: add "kernel-assets" to featureSet + - systemd: wait for zfs mounts + - overlord: make servicestate responsible to compute + SnapServiceOptions + - boot,tests: move where we write boot-flags one level up + - o/configstate: don't pass --root=/ when + masking/unmasking/enabling/disabling services + - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to + /run + - gadget: be more flexible with kernel content resolving + - boot, cmd/snap: include extra cmdline args in debug boot-vars + output + - boot: support read/writing boot-flags from userspace/initramfs + - interfaces/pwm: add PWM interface + - tests/lib/prepare-restore.sh: clean out snapd changes and snaps + before purging + - systemd: enrich UnitStatus returned by systemd.Status() with + Installed flag + - tests: updated restore phase of spread tests - part 1 + - gadget: add support for kernel command line provided by the gadget + - tests: Using GO111MODULE: "off" in spread.yaml + - features: add gate-auto-refresh-hook feature flag + - spread: ignore linux kernel upgrade in early stages for arch + preparation + - tests: use snaps-state commands and remove them from the snaps + helper + - o/configstate: fix panic with a sequence of config unset ops over + same path + - api: provide meaningful error message on connect/disconnect for + non-installed snap + - interfaces/u2f-devices: add HyperFIDO Pro + - tests: add simple sanity check for systemctl show + --property=UnitFileState for unknown service + - tests: use tests.session tool on interfaces-desktop-document- + portal test + - wrappers: install D-Bus service activation files for snapd session + tools on core + - many: add x-gvfs-hide option to mount units + - interfaces/builtin/gpio_test.go: actually test the generated gpio + apparmor + - spread: tentative workaround for arch failure caused by libc + upgrade and cgroups v2 + - tests: add spread test for snap validate against store assertions + - tests: remove snaps which are not used in any test + - ci: set the accept-existing-contributors parameter for the cla- + check action + - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and + some apiBaseSuite cosmetics) + - o/devicestate/devicemgr: register install-device hook, run if + present in install + - o/configstate/configcore: simple refactors in preparation for new + function + - tests: unifying the core20 nested suite with the core nested suite + - tests: uboot-unpacked-assets updated to reflect the real path used + to find the kernel + - daemon: switch api_test.go to daemon_test and various other + cleanups + - o/configstate/configcore/picfg.go: add hdmi_cvt support + - interfaces/apparmor: followup cleanups, comments and tweaks + - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 + - overlord/snapstate: skip catalog refresh when snappy testing is + enabled + - overlord/snapstate, overlord/ifacestate: move late security + profile removal to ifacestate + - snap-seccomp: fix seccomp test on ppc64el + - interfaces, interfaces/apparmor, overlord/snapstate: late removal + of snap-confine apparmor profiles + - cmd/snap-bootstrap/initramfs-mounts: move time forward using + assertion times + - tests: reset the system while preparing the test suite + - tests: fix snap-advise-command check for 429 + - gadget: policy for gadget/kernel refreshes + - o/configstate: deal with no longer valid refresh.timer=managed + - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 + - cla-check: Use has-signed-canonical-cla GitHub Action + - tests: validation sets spread test + - tests: simplify the reset.sh logic by removing not needed command + - overlord/snapstate: make sure that snapd current symlink is not + removed during refresh + - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 + - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data + is base64 + - o/devicestate: split off ensuring next boot goes to run mode into + new task + - tests: fix cgroup-tracking test + - boot: export helper for clearing tried system state, add tests + - cmd/snap: use less aggressive client timeouts in unit tests + - daemon: fix signing key validity timestamp in unit tests + - o/{device,hook}state: encode fde-setup-request key as base64 + string + - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ + - cmd/snap/pack: unhide the compression option + - boot: extend set try recovery system unit tests + - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use + secboot's implicit fallback + - o/configstate/configcore: add hdmi_timings to pi-config + - snapstate: reduce reRefreshRetryTimeout to 1/2 second + - interfaces/tee: add TEE/OPTEE interface + - o/snapstate: update validation sets assertions with auto-refresh + - vendor: update go-tpm2/secboot to latest version + - seed: ReadSystemEssentialAndBetterEarliestTime + - tests: replace while commands with the retry tool + - interfaces/builtin: update unit tests to use proper distro's + libexecdir + - tests: run the reset.sh helper and check test invariants while the + test is restored + - daemon: switch preexisting daemon_test tests to apiBaseSuite and + .req + - boot, o/devicestate: split makeBootable20 into two parts + - interfaces/docker-support: add autobind unix rules to docker- + support + - interfaces/apparmor: allow reading + /proc/sys/kernel/random/entropy_avail + - tests: use retry tool instead a loops + - tests/main/uc20-create-partitions: fix tests cleanup + - asserts: mode where Database only assumes cur time >= earliest + time + - daemon: validation sets/api tests cleanup + - tests: improve tests self documentation for nested test suite + - api: local assertion fallback when it's not in the store + - api: validation sets monitor mode + - tests: use fs-state tool in interfaces tests + - daemon: move out /v2/login|logout and errToResponse tests from + api_test.go + - boot: helper for inspecting the outcome of a recovery system try + - o/configstate, o/snapshotstate: fix handling of nil snap config on + snapshot restore + - tests: update documentation and checks for interfaces tests + - snap-seccomp: add new `close_range` syscall + - boot: revert #10009 + - gadget: remove `device-tree{,-origin}` from gadget tests + - boot: simplify systems test setup + - image: write resolved-content from snap prepare-image + - boot: reseal the run key for all recovery systems, but recovery + keys only for the good ones + - interfaces/builtin/network-setup-{control,observe}: allow using + netplan directly + - tests: improve sections prepare and restore - part 1 + - tests: update details on task.yaml files + - tests: revert os.query usage in spread.yaml + - boot: export bootAssetsMap as AssetsMap + - tests/lib/prepare: fix repacking of the UC20 kernel snap for with + ubuntu-core-initramfs 40 + - client: protect against reading too much data from stdin + - tests: improve tests documentation - part 2 + - boot: helper for setting up a try recover system + - tests: improve tests documentation - part 1 + - tests/unit/go: use tests.session wrapper for running tests as a + user + - tests: improvements for snap-seccomp-syscalls + - gadget: simplify filterUpdate (thanks to Maciej) + - tests/lib/prepare.sh: use /etc/group and friends from the core20 + snap + - tests: fix tumbleweed spread tests part 2 + - tests: use new commands of os.query tool on tests + - o/snapshotstate: create snapshots directory on import + - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list + - packaging: drop 99-snapd.conf via dpkg-maintscript-helper + - osutil: add SetTime() w/ 32-bit and 64-bit implementations + - interfaces/wayland: rm Xwayland Xauth file access from wayland + slot + - packaging/ubuntu-16.04/rules: turn modules off explicitly + - gadget,devicestate: perform kernel asset update for $kernel: style + refs + - cmd/recovery: small fix for `snap recovery` tab output + - bootloader/lkenv: add recovery systems related variables + - tests: fix new tumbleweed image + - boot: fix typo, should be systems + - o/devicestate: test that users.create.automatic is configured + early + - asserts: use Fetcher in AddSequenceToUpdate + - daemon,o/c/configcore: introduce users.create.automatic + - client, o/servicestate: expose enabled state of user daemons + - boot: helper for checking and marking tried recovery system status + from initramfs + - asserts: pool changes for validation-sets (#9930) + - daemon: move the last api_foo_test.go to daemon_test + - asserts: include the assertion timestamp in error message when + outside of signing key validity range + - ovelord/snapshotstate: keep a few of the last line tar prints + before failing + - gadget/many: rm, delay sector size + structure size checks to + runtime + - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors + - interfaces: add allegro-vcu and media-control interfaces + - interfaces: opengl: add Xilinx zocl bits + - mkversion: check that version from changelog is set before + overriding the output version + - many: fix new ineffassign warnings + - .github/workflows/labeler.yaml: try work-around to not sync + labels + - cmd/snap, boot: add debug set-boot-vars + - interfaces: allow reading the Xauthority file KDE Plasma writes + for Wayland sessions + - tests/main/snap-repair: test running repair assertion w/ fakestore + - tests: disable lxd tests for 21.04 until the lxd images are + published for the system + - tests/regression/lp-1910456: cleanup the /snap symlink when done + - daemon: move single snap querying and ops to api_snaps.go + - tests: fix for preseed and dbus tests on 21.04 + - overlord/snapshotstate: include the last message printed by tar in + the error + - interfaces/system-observe: Allow reading /proc/zoneinfo + - interfaces: remove apparmor downgrade feature + - snap: fix unit tests on Go 1.16 + - spread: disable Go modules support in environment + - tests: use new path to find kernel.img in uc20 for arm devices + - tests: find files before using cat command when checking broadcom- + asic-control interface + - boot: introduce good recovery systems, provide compatibility + handling + - overlord: add manager gadget refresh test + - tests/lib/fakestore: support repair assertions too + - github: temporarily disable action labeler due to issues with + labels being removed + - o/devicestate,many: introduce DeviceManager.preloadGadget for + EarlyConfig + - tests: enable ubuntu 21.04 for spread tests + - snap: provide a useful error message if gdbserver is not installed + - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 + - tests/lib/prepare.sh: split reflash.sh into two parts + - packaging/opensuse: sync with openSUSE packaging + - packaging: disable Go modules in snapd.mk + - snap: add deprecation noticed to "snap run --gdb" + - daemon: add API for checking and installing available theme snaps + - tests: using labeler action to add automatically a label to run + nested tests + - gadget: improve error handling around resolving content sources + - asserts: repeat the authority cross-check in CheckSignature as + well + - interfaces/seccomp/template.go: allow copy_file_range + - o/snapstate/check_snap.go: add support for many subversions in + assumes snapdX.. + - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go + - wrappers: use proper paths for mocked mount units in tests + - snap: rename gdbserver option to `snap run --gdbserver` + - store: support validation sets with fetch-assertions action + - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky + - packaging/fedora: sync with downstream packaging in Fedora - many: add Delegate=true to generated systemd units for special - interfaces - - interfaces/greengrass-support: back-port interface changes to - 2.48 - - CVE-2020-27352 - * interfaces/builtin/docker-support: allow /run/containerd/s/... - - This is a new path that docker 19.03.14 (with a new version of - containerd) uses to avoid containerd CVE issues around the unix - socket. See also CVE-2020-15257. - * debian/patches/0013-cherry-pick-pr9936.patch: - - cherry pick PR#9936 to use all apparmor available (closes: 923500) - * d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844: - - dropped, applied upstream + interfaces (master) + - boot: use a common helper for mocking boot assets in cache + - api: validate snaps against validation set assert from the store + - wrappers: don't generate an [Install] section for timer or dbus + activated services + - tests/nested/core20/boot-config-update: skip when snapd was not + built with test features + - o/configstate,o/devicestate: introduce devicestate.EarlyConfig + implemented by configstate.EarlyConfig + - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name + - interfaces/builtin: mock distribution in fontconfig cache unit + tests + - tests/lib/prepare.sh: add another console= to the reflash magic + grub entry + - overlord/servicestate: expose dbus activators of a service + - desktop/notification: test against a real session bus and + notification server implementation + - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for + recover+install + - HACKING.md: explain how to run UC20 spread tests with QEMU + - asserts: introduce AtSequence + - overlord/devicestate: task for updating boot configs, spread test + - gadget: fix documentation/typos + - gadget: cleanup MountedFilesystem{Writer,Updater} + - gadget: use ResolvedSource in MountedFilesystemWriter + - snap/info.go: add doc-comment for SortServices + - interfaces: add an optional mount-host-font-cache plug attribute + to the desktop interface + - osutil: skip TestReadBuildGo inside sbuild + - o/hookstate/ctlcmd: add optional --pid and --apparmor-label + arguments to "snapctl is-connected" + - data/env/snapd: use quoting in case PATH contains spaces + - boot: do not observe successful boot assets if not in run mode + - tests: fix umount for snapd snap on fsck-on-boot testumount: + /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount + - misc: little tweaks + - snap/info.go: ignore unknown daemons in SortSnapServices + - devicestate: keep log from install-mode on installed system + - seed: add LoadEssentialMeta to seed16 and allow all of its + implementations to be called multiple times + - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in + seeds + - tests/core/uc20-recovery: move recover mode helpers to generic + testslib script + - interfaces/fwupd: allow any distros to access fw files via fwupd + - store: method for fetching validation set assertion + - store: switch to v2/assertions api + - gadget: add new ResolvedContent and populate from LayoutVolume() + - spread: use full format when listing processes + - osutil/many: make all test pkgs osutil_test instead of "osutil" + - tests/unit/go: drop unused environment variables, skip coverage + - OpenGL interface: Support more Tegra libs + - gadget,overlord: pass kernelRoot to install.Run() + - tests: run unit tests in Focal instead of Xenial + - interfaces/browser-support: allow sched_setaffinity with browser- + sandbox: true + - daemon: move query /snaps/ tests to api_snaps_test.go + - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair + runner + - systemd/systemd.go: support journald JSON messages with arrays for + values + - cmd: make string/error code more robust against errno leaking + - github, run-checks: do not collect coverage data on subsequent + test runs + - boot: boot config update & reseal + - o/snapshotstate: handle conflicts between snapshot forget, export + and import + - osutil/stat.go: add RegularFileExists + - cmd/snapd-generator: don't create mount overrides for snap-try + snaps inside lxc + - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment + - tests: use 6 spread workers for centos8 + - bootloader/assets: support injecting bootloader assets in testing + builds of snapd + - gadget: enable multi-volume uc20 gadgets in + LaidOutSystemVolumeFromGadget; rename too + - overlord/devicestate, sysconfig: do nothing when cloud-init is not + present + - cmd/snap-repair: filter repair assertions based on bases + modes + - snap-confine: make host /etc/ssl available for snaps on classic + + -- Michael Vogt Sat, 24 Apr 2021 12:17:45 +0200 + + snapd (2.49.2-1) unstable; urgency=medium - -- Michael Vogt Wed, 24 Feb 2021 09:23:51 +0100 + * New upstream release, LP: #1915248 + - interfaces/tee: add TEE/OPTEE interface + - o/configstate/configcore: add hdmi_timings to pi-config + - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 + - snap-seccomp: fix seccomp test on ppc64el + - interfaces{,/apparmor}, overlord/snapstate: + late removal of snap-confine apparmor profiles + - overlord/snapstate, wrappers: add dependency on usr-lib- + snapd.mount for services on core with snapd snap + - o/configstate: deal with no longer valid refresh.timer=managed + - overlord/snapstate: make sure that snapd current symlink is not + removed during refresh + - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ + - o/{device,hook}state: encode fde-setup-request key as base64 + - snapstate: reduce reRefreshRetryTimeout to 1/2 second + - tests/main/uc20-create-partitions: fix tests cleanup + - o/configstate, o/snapshotstate: fix handling of nil snap config on + snapshot restore + - snap-seccomp: add new `close_range` syscall - snapd (2.48.2-3) unstable; urgency=medium + -- Michael Vogt Fri, 26 Mar 2021 16:49:46 +0100 - * debian/patches/0012-cherry-pick-pr9844: - - cherry pick PR#9844 to avoid leaking of errno in snap-confine - tests that caused i386 to FTBFS + snapd (2.49.1-1) unstable; urgency=medium - -- Michael Vogt Fri, 22 Jan 2021 10:13:11 +0100 + * New upstream release, LP: #1915248 + - tests: turn modules off explicitly in spread go unti test + - o/snapshotstate: create snapshots directory on import + - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors + - interfaces: add allegro-vcu and media-control interfaces + - interfaces: opengl: add Xilinx zocl bits + - many: fix new ineffassign warnings + - interfaces/seccomp/template.go: allow copy_file_range + - interfaces: allow reading the Xauthority file KDE Plasma writes + for Wayland sessions + - data/selinux: allow system dbus to watch + /var/lib/snapd/dbus-1 + - Remove apparmor downgrade feature + - Support tmp and log dirs on Yocto/Poky - snapd (2.48.2-2) unstable; urgency=medium + -- Michael Vogt Mon, 08 Mar 2021 10:47:05 +0100 - * debian/rules: - - ignore usr/bin/genasset during arch-indep build too + snapd (2.49-1) unstable; urgency=medium + + * New upstream release, LP: #1915248 + - many: add Delegate=true to generated systemd units for special + interfaces + - cmd/snap-bootstrap: rename ModeenvFromModel to + EphemeralModeenvForModel + - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for + recover+install + - osutil: skip TestReadBuildGo inside sbuild + - tests: fix umount for snapd snap on fsck-on-boot test + - snap/info_test.go: add unit test cases for bug + - tests/main/services-after-before: add regression spread test + - snap/info.go: ignore unknown daemons in SortSnapServices + - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in + seeds + - OpenGL interface: Support more Tegra libs + - interfaces/browser-support: allow sched_setaffinity with browser- + sandbox: true + - cmd: make string/error code more robust against errno leaking + - o/snapshotstate: handle conflicts between snapshot forget, export + and import + - cmd/snapd-generator: don't create mount overrides for snap-try + snaps inside lxc + - tests: update test pkg for fedora and centos + - gadget: pass sector size in to mkfs family of functions, use to + select block sz + - o/snapshotstate: fix returning of snap names when duplicated + snapshot is detected + - tests/main/snap-network-errors: skip flushing dns cache on + centos-7 + - interfaces/builtin: Allow DBus property access on + org.freedesktop.Notifications + - cgroup-support.c: fix link to CGROUP DELEGATION + - osutil: update go-udev package + - packaging: fix arch-indep build on debian-sid + - {,sec}boot: pass "key-name" to the FDE hooks + - asserts: sort by revision with Sort interface + - gadget: add gadget.ResolveContentPaths() + - cmd/snap-repair: save base snap and mode in device info; other + misc cleanups + - tests: cleanup the run-checks script + - asserts: snapasserts method to validate installed snaps against + validation sets + - tests: normalize test tools - part 1 + - snapshotstate: detect duplicated snapshot imports + - interfaces/builtin: fix unit test expecting snap-device-helper at + /usr/lib/snapd + - tests: apply workaround done for snap-advise-command to apt-hooks + test + - tests: skip main part of snap-advise test if 429 error is + encountered + - many: clarify gadget role-usage consistency checks for UC16/18 vs + UC20 + - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable + broken tests on sid + - interfaces/builtin: more drive by fixes, import ordering, removing + dead code + - tests: skip interfaces-openvswitch spread test on debian sid + - interfaces/apparmor: drive by comment fix + - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree + usage + - cmd/libsnap-confine-private: make unit tests execute happily in a + container + - interfaces, wrappers: misc comment fixes, etc. + - asserts/repair.go: add "bases" and "modes" support to the repair + assertion + - interfaces/opengl: allow RPi MMAL video decoding + - snap: skip help output tests for go-flags v1.4.0 + - gadget: add validation for "$kernel:ref" style content + - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside + containers + - spdx: update to SPDX license list version: 3.11 2020-11-25 + - tests: improve hotplug test setup on classic + - tests: update check to verify is the current system is arm + - tests: use os-query tool to check debian, trusty and tumbleweed + - daemon: start moving implementation to api_snaps.go + - tests/main/snap-validate-basic: disable test on Fedora due to go- + flags panics + - tests: fix library path used for tests.pkgs + - tests/main/cohorts: replace yq with a Python snippet + - run-checks: update to match new argument syntax of ineffassign + - tests: use apiBaseSuite for snapshots tests, fix import endpoint + path + - many: separate consistency/content validation into + gadget.Validate|Content + - o/{device,snap}state: enable devmode snaps with dangerous model + assertions + secboot: add test for when systemd-run does not honor + RuntimeMaxSec + - secboot: add workaround for snapcore/core-initrd issue #13 + - devicestate: log checkEncryption errors via logger.Noticef + - o/daemon: validation sets api and basic spread test + - gadget: move BuildPartitionList to install and make it unexported + - tests: add nested spread end-to-end test for fde-hooks + - devicestate: implement checkFDEFeatures() + - boot: tweak resealing with fde-setup hooks + - tests: add os query commands for subsystems and architectures + - o/snapshotstate: don't set auto flag in the snapshot file + - tests: use os.query tool instead of comparing the system var + - testutil: use the original environment when calling shellcheck + - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- + init restrict file + - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and + instead set the implicit labels when loading the yaml + - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- + key + - gadget/quantity: introduce Offset, start using it for offset + related fields in the gadget + - gadget: use "sealed-keys" to determine what method to use for + reseal + - tests/main/fake-netplan-apply: disable test on xenial for now + - daemon: start splitting snaps op tests out of api_test.go + - testutil: make DBusTest use a custom bus configuration file + - tests: replace pkgdb.sh (library) with tests.pkgs (program) + - gadget: prepare gadget kernel refs (0/N) + - interfaces/builtin/docker-support: allow /run/containerd/s/... + - cmd/snap-preseed: reset run inhibit locks on --reset. + - boot: add sealKeyToModeenvUsingFdeSetupHook() + - daemon: reorg snap.go and split out sections and icons support + from api.go + - sandbox/seccomp: use snap-seccomp's stdout for getting version + info + - daemon: split find support to its own api_*.go files and move some + helpers + - tests: move snapstate config defaults tests to a separate file. + - bootloader/{lk,lkenv}: followups from #9695 + - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite + - gadget,o/devicestate: set implicit values for schema and role + directly instead of relying on Effective* accessors + - daemon: split aliases support to its own api_*.go files + - gadget: start separating rule/convention validation from basic + soundness + - cmd/snap-update-ns: add better unit test for overname sorting + - secboot: use `fde-reveal-key` if available to unseal key + - tests: fix lp-1899664 test when snapd_x1 is not installed in the + system + - tests: fix the scenario when the "$SRC".orig file does not exist + - cmd/snap-update-ns: fix sorting of overname mount entries wrt + other entries + - devicestate: add runFDESetupHook() helper + - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv + structs + - daemon: split unsupported buy implementation to its own api_*.go + files + - tests: download timeout spread test + - gadget,o/devicestate: hybrid 18->20 ready volume setups should be + valid + - o/devicestate: save model with serial in the device save db + - bootloader: add check for prepare-image time and more tests + validating options + - interfaces/builtin/log_observe.go: allow controlling apparmor + audit levels + - hookstate: refactor around EphemeralRunHook + - cmd/snap: implement 'snap validate' command + - secboot,devicestate: add scaffoling for "fde-reveal-key" support + - boot: observe successful command line update, provide a default + - tests: New queries for the os tools + - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" + as path+"bak" + - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk + iface + - daemon: split out snapctl support and snap configuration support + to their own api_*.go files + - snapshotstate: improve handling of multiple errors + - tests: sign new nested-18|20* models to allow for generic serials + - bootloader: remove installableBootloader interface and methods + - seed: cleanup/drop some no longer valid TODOS, clarify some other + points + - boot: set kernel command line in modeenv during install + - many: rename disks.FindMatching... to FindMatching...WithFsLabel + and err type + - cmd/snap: suppress a case of spurious stdout logging from tests + - hookstate: add new HookManager.EphemeralRunHook() + - daemon: move some more api tests from daemon to daemon_test + - daemon: split apps and logs endpoints to api_apps.go and tests + - interfaces/utf: Add Ledger to U2F devices + - seed/seedwriter: consider modes when checking for deps + availability + - o/devicestate,daemon: fix reboot system action to not require a + system label + - cmd/snap-repair,store: increase initial retry time intervals, + stalling TODOs + - daemon: split interfacesCmd to api_interfaces.go + - github: run nested suite when commit is pushed to release branch + - client: reduce again the /v2/system-info timeout + - tests: reset fakestore unit status + - update-pot: fix typo in plural keyword spec + - tests: remove workarounds that add "ubuntu-save" if missing + - tests: add unit test for auto-refresh with validate-snap failure + - osutil: add helper for getting the kernel command line + - tests/main/uc20-create-partitions: verify ubuntu-save encryption + keys, tweak not MATCH + - boot: add kernel command lines to the modeenv file + - spread: bump delta ref, tweak repacking to make smaller delta + archives + - bootloader/lkenv: add v2 struct + support using it + - snapshotstate: add cleanup of abandonded snapshot imports + - tests: fix uc20-create-parition-* tests for updated gadget + - daemon: split out /v2/interfaces tests to api_interfaces_test.go + - hookstate: implement snapctl fde-setup-{request,result} + - wrappers, o/devicestate: remove EnableSnapServices + - tests: enable nested on 20.10 + - daemon: simplify test helpers Get|PostReq into Req + - daemon: move general api to api_general*.go + - devicestate: make checkEncryption fde-setup hook aware + - client/snapctl, store: fix typos + - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files + before doing apt ops + - cmd/snap-bootstrap: update model cross-check considerations + - client,snapctl: add naive support for "stdin" + - many: add new "install-mode: disable" option + - osutil/disks: allow building on mac os + - data/selinux: update the policy to allow operations on non-tmpfs + /tmp + - boot: add helper for generating candidate kernel lines for + recovery system + - wrappers: generate D-Bus service activation files + - bootloader/many: rm ConfigFile, add Present for indicating + presence of bloader + - osutil/disks: allow mocking DiskFromDeviceName + - daemon: start cleaning up api tests + - packaging/arch: sync with AUR packaging + - bootloader: indicate when boot config was updated + - tests: Fix snap-debug-bootvars test to make it work on arm devices + and core18 + - tests/nested/manual/core20-save: verify handling of ubuntu-save + with different system variants + - snap: use the boot-base for kernel hooks + - devicestate: support "storage-safety" defaults during install + - bootloader/lkenv: mv v1 to separate file, + include/lk/snappy_boot_v1.h: little fixups + - interfaces/fpga: add fpga interface + - store: download timeout + - vendor: update secboot repo to avoid including secboot.test binary + - osutil: add KernelCommandLineKeyValue + - gadget/gadget.go: allow system-recovery-{image,select} as roles in + gadget.yaml + - devicestate: implement boot.HasFDESetupHook + - osutil/disks: add DiskFromName to get a disk using a udev name + - usersession/agent: have session agent connect to the D-Bus session + bus + - o/servicestate: preserve order of services on snap restart + - o/servicestate: unlock state before calling wrappers in + doServiceControl + - spread: disable unattended-upgrades on ubuntu + - tests: testing new fedora 33 image + - tests: fix fsck on boot on arm devices + - tests: skip boot state test on arm devices + - tests: updated the systems to run prepare-image-grub test + - interfaces/raw_usb: allow read access to /proc/tty/drivers + - tests: unmount /boot/efi in fsck-on-boot test + - strutil/shlex,osutil/udev/netlink: minimally import go-check + - tests: fix basic20 test on arm devices + - seed: make a shared seed system label validation helper + - tests/many: enable some uc20 tests, delete old unneeded tests or + TODOs + - boot/makebootable.go: set snapd_recovery_mode=install at image- + build time + - tests: migrate test from boot.sh helper to boot-state tool + - asserts: implement "storage-safety" in uc20 model assertion + - bootloader: use ForGadget when installing boot config + - spread: UC20 no longer needs 2GB of mem + - cmd/snap-confine: implement snap-device-helper internally + - bootloader/grub: replace old reference to Managed...Blr... with + Trusted...Blr... + - cmd/snap-bootstrap: add readme for snap-bootstrap + real state + diagram + - interfaces: fix greengrass attr namingThe flavor attribute names + are now as follows: + - tests/lib/nested: poke the API to get the snap revisions + - tests: compare options of mount units created by snapd and snapd- + generator + - o/snapstate,servicestate: use service-control task for service + actions + - sandbox: track applications unconditionally + - interfaces/greengrass-support: add additional "process" flavor for + 1.11 update + - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test - -- Michael Vogt Fri, 15 Jan 2021 18:32:45 +0100 + -- Michael Vogt Wed, 10 Feb 2021 10:47:17 +0100 snapd (2.48.2-1) unstable; urgency=medium