From: Peter Michael Green Date: Sun, 18 Feb 2018 00:21:21 +0000 (+0000) Subject: Manual merge of version 2.27.6-2+rpi1 and 2.30-5 to produce 2.30-5+rpi1 X-Git-Tag: archive/raspbian/2.30-5+rpi1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=025279c905a63cd212494467a8fb56b0b93718a2;p=snapd.git Manual merge of version 2.27.6-2+rpi1 and 2.30-5 to produce 2.30-5+rpi1 --- 8d4db3f691631e48de60abec93db0ec65bd19d4a diff --cc debian/changelog index 32451e0a,dbff1c4f..e9ad6f37 --- a/debian/changelog +++ b/debian/changelog @@@ -1,11 -1,362 +1,373 @@@ - snapd (2.27.6-2+rpi1) buster-staging; urgency=medium ++conflicts found ++debian/rules ++snapd (2.30-5+rpi1) buster-staging; urgency=medium + + [changes brought forward from 2.27.2-2+rpi1 by Peter Michael Green at Thu, 24 Aug 2017 17:53:18 +0000] + * Treat unknown derivatives the same as Debian. + * Disable testsuite. + * Fix clean target. + - -- Raspbian forward porter Tue, 03 Oct 2017 02:50:40 +0000 ++ -- Raspbian forward porter Sat, 17 Feb 2018 10:25:46 +0000 ++ + snapd (2.30-5) unstable; urgency=medium + + * Team upload. + * add fix-pkg-config-line.patch to fix FTBFS + * Set XS-Go-Import-Path + + -- Michael Stapelberg Sat, 10 Feb 2018 23:18:15 +0100 + + snapd (2.30-4) unstable; urgency=medium + + * Fix Built-Using computation on Debian. + * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable + a flaky test. + + -- Michael Hudson-Doyle Tue, 16 Jan 2018 13:02:31 +1300 + + snapd (2.30-3) unstable; urgency=medium + + * Fix arch builds again, sigh, + + -- Michael Hudson-Doyle Tue, 09 Jan 2018 13:56:48 +1300 + + snapd (2.30-2) unstable; urgency=medium + + * Fix arch-all-only build. (Closes: 886431) + + -- Michael Hudson-Doyle Tue, 09 Jan 2018 10:48:20 +1300 + + snapd (2.30-1) unstable; urgency=medium + + * New upstream release. + * Remove several patches: + - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in + release. + - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream + now implements a better solution to the problem. + - pb.v1-canonical-path.patch: applied upstream. + * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream + + -- Michael Hudson-Doyle Fri, 05 Jan 2018 09:39:07 +1300 + + snapd (2.28.5) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - snap-confine: cleanup broken nvidia udev tags + - cmd/snap-confine: update valid security tag regexp + - overlord/ifacestate: refresh udev backend on startup + - dbus: ensure io.snapcraft.Launcher.service is created on re- + exec + - snap-confine: add support for handling /dev/nvidia-modeset + - interfaces/network-control: remove incorrect rules for tun + + -- Michael Vogt Fri, 13 Oct 2017 23:25:46 +0200 + + snapd (2.28.4) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces/opengl: don't udev tag nvidia devices and use snap- + confine instead + - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!) + + -- Michael Vogt Wed, 11 Oct 2017 19:40:57 +0200 + + snapd (2.28.3) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces/lxd: lxd slot implementation can also be an app + snap + + -- Michael Vogt Wed, 11 Oct 2017 08:20:26 +0200 + + snapd (2.28.2) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces: fix udev rules for tun + - release,cmd,dirs: Redo the distro checks to take into account + distribution families + + -- Michael Vogt Tue, 10 Oct 2017 18:39:58 +0200 + + snapd (2.28.1) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - snap-confine: update apparmor rules for fedora based basesnaps + - snapstate: rename refresh hook to post-refresh for consistency + + -- Michael Vogt Wed, 27 Sep 2017 17:59:49 -0400 + + snapd (2.28) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - hooks: rename refresh to after-refresh + - snap-confine: bind mount /usr/lib/snapd relative to snap-confine + - cmd,dirs: treat "liri" the same way as "arch" + - snap-confine: fix base snaps on core + - hooks: substitute env vars when executing hooks + - interfaces: updates for default, browser-support, desktop, opengl, + upower and stub-resolv.conf + - cmd,dirs: treat manjaro the same as arch + - systemd: do not run auto-import and repair services on classic + - packaging/fedora: Ensure vendor/ is empty for builds and fix spec + to build current master + - many: fix TestSetConfNumber missing an Unlock and other fragility + improvements + - osutil: adjust StreamCommand tests for golang 1.9 + - daemon: allow polkit authorisation to install/remove snaps + - tests: make TestCmdWatch more robust + - debian: improve package description + - interfaces: add netlink kobject uevent to hardware observe + - debian: update trusted account-keys check on 14.04 packaging + - interfaces/network-{control,observe}: allow receiving + kobject_uevent() messages + - tests: fix lxd test for external backend + - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on + go1.7,ppc64 + - corecfg: mock "systemctl" in all corecfg tests + - tests: fix unit tests on Ubuntu 14.04 + - debian: add missing flags when building static snap-exec + - many: end-to-end support for the bare base snap + - overlord/snapstate: SetRootDir from SetUpTest, not in just some + tests + - store: have an ad-hoc method on cfg to get its list of uris for + tests + - daemon: let client decide whether to allow interactive auth via + polkit + - client,daemon,snap,store: add license field + - overlord/snapstate: rename HasCurrent to IsInstalled, remove + superfluous/misleading check from All + - cmd/snap: SetRootDir from SetUpTest, not in just some individual + tests. + - systemd: rename snap-repair.{service,timer} to snapd.snap- + repair.{service,timer} + - snap-seccomp: remove use of x/net/bpf from tests + - httputil: more naive per go version way to recreate a default + transport for tls reconfig + - cmd/snap-seccomp/main_test.go: add one more syscall for arm64 + - interfaces/opengl: use == to compare, not = + - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64 + - cmd/snap-repair: track and use a lower bound for the time for + TLS checks + - interfaces: expose bluez interface on classic OS + - snap-seccomp: add in-kernel bpf tests + - overlord: always try to get a serial, lazily on classic + - tests: add nmcli regression test + - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64 + - tests: add autopilot-introspection interface test + - vendor: fix artifact from manually editing vendor/vendor.json + - tests: rename complexion to test-snapd-complexion + - interfaces: add desktop and desktop-legacy + interfaces/desktop: add new 'desktop' interface for modern DEs + interfaces/builtin/desktop_test.go: use modern testing techniques + interfaces/wayland: allow read on /etc/drirc for Plasma desktop + interfaces/desktop-legacy: add new 'legacy' interface (currently + for a11y and input) + - tests: fix race in snap userd test + - devices/iio: add read/write for missing sysfs entries + - spread: don't set HTTPS?_PROXY for linode + - cmd/snap-repair: check signatures of repairs from Next + - env: set XDG_DATA_DIRS for wayland et.al. + - interfaces/{default,account-control}: Use username/group instead + of uid/gid + - interfaces/builtin: use udev tagging more broadly + - tests: add basic lxd test + - wrappers: ensure bash completion snaps install on core + - vendor: use old golang.org/x/crypto/ssh/terminal to build on + powerpc again + - docs: add PULL_REQUEST_TEMPLATE.md + - interfaces: fix network-manager plug + - hooks: do not error out when hook is optional and no hook handler + is registered + - cmd/snap: add userd command to replace snapd-xdg-open + - tests: new regex used to validate the core version on extra snaps + ass... + - snap: add new `snap switch` command + - tests: wait more and more debug info about fakestore start issues + - apparmor,release: add better apparmor detection/mocking code + - interfaces/i2c: adjust sysfs rule for alternate paths + - interfaces/apparmor: add missing call to dirs.SetRootDir + - cmd: "make hack" now also installs snap-update-ns + - tests: copy files with less verbosity + - cmd/snap-confine: allow using additional libraries required by + openSUSE + - packaging/fedora: Merge changes from Fedora Dist-Git + - snapstate: improve the error message when classic confinement is + not supported + - tests: add test to ensure amd64 can run i386 syscall binaries + - tests: adding extra info for fakestore when fails to start + - tests: install most important snaps + - cmd/snap-repair: more test coverage of filtering + - squashfs: remove runCommand/runCommandWithOutput as we do not need + it + - cmd/snap-repair: ignore superseded revisions, filter on arch and + models + - hooks: support for refresh hook + - Partial revert "overlord/devicestate, store: update device auth + endpoints URLs" + - cmd/snap-confine: allow reading /proc/filesystems + - cmd/snap-confine: genearlize apparmor profile for various lib + layout + - corecfg: fix proxy.* writing and add integration test + - corecfg: deal with system.power-key-action="" correctly + - vendor: update vendor.json after (presumed) manual edits + - cmd/snap: in `snap info`, don't print a newline between tracks + - daemon: add polkit support to /v2/login + - snapd,snapctl: decode json using Number + - client: fix go vet 1.7 errors + - tests: make 17.04 shellcheck clean + - tests: remove TestInterfacesHelp as it breaks when go-flags + changes + - snapstate: undo a daemon restart on classic if needed + - cmd/snap-repair: recover brand/model from + /var/lib/snapd/seed/assertions checking signatures and brand + account + - spread: opt into unsafe IO during spread tests + - snap-repair: update snap-repair/runner_test.go for API change in + makeMockServer + - cmd/snap-repair: skeleton code around actually running a repair + - tests: wait until the port is listening after start the fake store + - corecfg: fix typo in tests + - cmd/snap-repair: test that redirects works during fetching + - osutil: honor SNAPD_UNSAFE_IO for testing + - vendor: explode and make more precise our golang.go/x/crypto deps, + use same version as Debian unstable + - many: sanitize NewStoreStack signature, have shared default store + test private keys + - systemd: disable `Nice=-5` to fix error when running inside lxd + - spread.yaml: update delta ref to 2.27 + - cmd/snap-repair: use E-Tags when refetching a repair to retry + - interfaces/many: updates based on chromium and mrrescue denials + - cmd/snap-repair: implement most logic to get the next repair to + run/retry in a brand sequence + - asserts/assertstest: copy headers in SigningDB.Sign + - interfaces: convert uhid to common interface and test cases + improvement for time_control and opengl + - many tests: move all panicing fake store methods to a common place + - asserts: add store assertion type + - interfaces: don't crash if content slot has no attributes + - debian: do not build with -buildmode=pie on i386 + - wrappers: symlink completion snippets when symlinking binaries + - tests: adding more debug information for the interfaces-cups- + control … + - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set + - many: allow and support serials signed by the 'generic' authority + instead of the brand + - corecfg: add proxy configuration via `snap set core + proxy.{http,https,ftp}=...` + - interfaces: a bunch of interfaces test improvement + - tests: enable regression and completion suites for opensuse + - tests: installing snapd for nested test suite + - interfaces: convert lxd_support to common iface + - interfaces: add missing test for camera interface. + - snap: add support for parsing snap layout section + - cmd/snap-repair: like for downloads we cannot have a timeout (at + least for now), less aggressive retry strategies + - overlord: rely on more conservative ensure interval + - overlord,store: no piles of return args for methods gathering + device session request params + - overlord,store: send model assertion when setting up device + sessions + - interfaces/misc: updates for unity7/x11, browser- + support, network-control and mount-observe + interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT + interfaces/browser-support: update sysfs reads for + newer browser versions, interfaces/network-control: rw for + ieee80211 advanced wireless interfaces/mount-observe: allow read + on sysfs entries for block devices + - tests: use dnf --refresh install to avert stale cache + - osutil: ensure TestLockUnlockWorks uses supported flock + - interfaces: convert lxd to common iface + - tests: restart snapd to ensure re-exec settings are applied + - tests: fix interfaces-cups-control test + - interfaces: improve and tweak bunch of interfaces test cases. + - tests: adding extra worker for fedora + - asserts,overlord/devicestate: support predefined assertions that + don't establish foundational trust + - interfaces: convert two hardware_random interfaces to common iface + - interfaces: convert io_ports_control to common iface + - tests: fix for upgrade test on fedora + - daemon, client, cmd/snap: implement snap start/stop/restart + - cmd/snap-confine: set _FILE_OFFSET_BITS to 64 + - interfaces: covert framebuffer to commonInterface + - interfaces: convert joystick to common iface + - interfaces/builtin: add the spi interface + - wrappers, overlord/snapstate/backend: make link-snap clean up on + failure. + - interfaces/wayland: add wayland interface + - interfaces: convert kvm to common iface + - tests: extend upower-observe test to cover snaps providing slots + - tests: enable main suite for opensuse + - interfaces: convert physical_memory_observe to common iface + - interfaces: add missing test for optical_drive interface. + - interfaces: convert physical_memory_control to common iface + - interfaces: convert ppp to common iface + - interfaces: convert time-control to common iface + - tests: fix failover test + - interfaces/builtin: rework for avahi interface + - interfaces: convert broadcom-asic-control to common iface + - snap/snapenv: document the use of CoreSnapMountDir for SNAP + - packaging/arch: drop patches merged into master + - cmd: fix mustUnsetenv docstring (thanks to Chipaca) + - release: remove default from VERSION_ID + - tests: enable regression, upgrade and completion test suites for + fedora + - tests: restore interfaces-account-control properly + - overlord/devicestate, store: update device auth endpoints URLs + - tests: fix install-hook test failure + - tests: download core and ubuntu-core at most once + - interfaces: add common support for udev + - overlord/devicestate: fix, don't assume that the serial is backed + by a 1-key chain + - cmd/snap-confine: don't share /etc/nsswitch from host + - store: do not resume a download when we already have the whole + thing + - many: implement "snap logs" + - store: don't call useDeltas() twice in quick succession + - interfaces/builtin: add kvm interface + - snap/snapenv: always expect /snap for $SNAP + - cmd: mark arch as non-reexecing distro + - cmd: fix tests that assume /snap mount + - gitignore: ignore more build artefacts + - packaging: add current arch packaging + - interfaces/unity7: allow receiving media key events in (at least) + gnome-shell + - interfaces/many, cmd/snap-confine: miscellaneous policy updates + - interfaces/builtin: implement broadcom-asic-control interface + - interfaces/builtin: reduce duplication and remove cruft in + Sanitize{Plug,Slot} + - tests: apply underscore convention for SNAPMOUNTDIR variable + - interfaces/greengrass-support: adjust accesses now that have + working snap + - daemon, client, cmd/snap: implement "snap services" + - tests: fix refresh tests not stopping fake store for fedora + - many: add the interface command + - overlord/snapstate/backend: some copydata improvements + - many: support querying and completing assertion type names + - interfaces/builtin: discard empty Validate{Plug,Slot} + - cmd/snap-repair: start of Runner, implement first pass of Peek + and Fetch + - tests: enable main suite on fedora + - snap: do not always quote the snap info summary + - vendor: update go-flags to address crash in "snap debug" + - interfaces: opengl support pci device and vendor + - many: start implenting "base" snap type on the snapd side + - arch,release: map armv6 correctly + - many: expose service status in 'snap info' + - tests: add browser-support interface test + - tests: disable snapd-notify for the external backend + - interfaces: Add /run/uuid/request to openvswitch + - interfaces: add password-manager-service implicit classic + interface + - cmd: rework reexec detection + - cmd: fix re-exec bug when starting from snapd 2.21 + - tests: dependency packages installed during prepare-project + - tests: remove unneeded check for re-exec in InternalToolPath() + - cmd,tests: fix classic confinement confusing re-execution code + - store: configurable base api + - tests: fix how package lists are updated for opensuse and fedora + + -- Michael Vogt Mon, 25 Sep 2017 12:07:34 -0400 snapd (2.27.6-2) unstable; urgency=medium diff --cc debian/rules index 50b26979,471d8b26..b2acb556 --- a/debian/rules +++ b/debian/rules @@@ -53,13 -70,17 +70,13 @@@ ifeq ($(shell dpkg-vendor --query Vendo # for stability, predicability and easy of deployment. We need to link some # things dynamically though: udev has no stable IPC protocol between # libudev and udevd so we need to link with it dynamically. - VENDOR_ARGS=--enable-nvidia-ubuntu --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp + VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev + BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) else - VENDOR_ARGS=--disable-apparmor --enable-static-libcap - BUILT_USING_PACKAGES=libcap-dev -ifeq ($(shell dpkg-vendor --query Vendor),Debian) + VENDOR_ARGS=--enable-nvidia-multiarch + BUILT_USING= -else - VENDOR_ARGS=--disable-apparmor -endif endif - BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) %: dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build @@@ -108,63 -143,40 +139,40 @@@ endi cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) $(MAKE) -C cmd all - # Generate the real systemd units out of the available templates - $(MAKE) -C data/systemd all + # Generate the real systemd/dbus/env config files + $(MAKE) -C data all override_dh_auto_test: - dh_auto_test -- $(GCCGOFLAGS) + #dh_auto_test -- $(GCCGOFLAGS) # a tested default (production) build should have no test keys ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) - # check that only the main trusted account-key is included - [ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 1 ] + # check that only the main trusted account-keys are included + [ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ] strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" + strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" + # same for snap-repair + [ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ] + # common with snapd + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" + # repair-root + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$" endif ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) # run the snap-confine tests - $(MAKE) -C cmd check + #$(MAKE) -C cmd check endif - override_dh_systemd_enable: - # enable auto-import - dh_systemd_enable \ - -psnapd \ - data/systemd/snapd.autoimport.service - # we want the auto-update timer enabled by default - dh_systemd_enable \ - -psnapd \ - data/systemd/snapd.refresh.timer - # but the auto-update service disabled - dh_systemd_enable \ - --no-enable \ - -psnapd \ - data/systemd/snapd.refresh.service - # enable snapd - dh_systemd_enable \ - -psnapd \ - data/systemd/snapd.socket - dh_systemd_enable \ - -psnapd \ - data/systemd/snapd.service - - override_dh_systemd_start: - # we want to start the auto-update timer - dh_systemd_start \ - -psnapd \ - data/systemd/snapd.refresh.timer - # but not start the service - dh_systemd_start \ - --no-start \ - -psnapd \ - data/systemd/snapd.refresh.service - # start snapd - dh_systemd_start \ - -psnapd \ - data/systemd/snapd.socket - dh_systemd_start \ - -psnapd \ - data/systemd/snapd.service - - override_dh_install: + override_dh_install-indep: + # we do not need this in the package, its just needed during build + rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go + # toolbelt is not shippable + rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt + # we do not like /usr/bin/snappy anymore + rm -f ${CURDIR}/debian/tmp/usr/bin/snappy + dh_install + + override_dh_install-arch: # we do not need this in the package, its just needed during build rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go # toolbelt is not shippable