From: Michael Vogt Date: Wed, 1 Sep 2021 11:32:06 +0000 (+0100) Subject: snapd (2.51.7-1) unstable; urgency=medium X-Git-Tag: archive/raspbian/2.51.7-1+rpi1^2~9 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0a772b7287108bd0d09ee759bc56ba6d559ff012;p=snapd.git snapd (2.51.7-1) unstable; urgency=medium * New upstream release, LP: #1929842 - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp v2.2.0-428-g5c22d4b1 - tests: cherry-pick shellcheck fix `bd730fd4` - interfaces/dsp: add /dev/ambad into dsp interface - many: shellcheck fixes - snapstate: abort kernel refresh if no gadget update can be found - overlord: add manager test for "assumes" checking - store: deal correctly with "assumes" from the store raw yaml [dgit import unpatched snapd 2.51.7-1] --- 0a772b7287108bd0d09ee759bc56ba6d559ff012 diff --cc debian/README.Source index 00000000,00000000..2a4c1231 new file mode 100644 --- /dev/null +++ b/debian/README.Source @@@ -1,0 -1,0 +1,35 @@@ ++# Overview ++ ++The packaging is maintained in the upstream git repo at ++ ++github.com/snapcore/snapd in the packaging/debian-sid dir ++ ++Please push any debian changes back there to make packaging ++easier. ++ ++## Release a new version ++ ++To release a new upstream version the following steps are ++recommended: ++ ++ # one time setup ++ $ git clone git@salsa.debian.org:debian/snapd ++ $ cd snapd ++ $ git remote add upstream https://github.com/snapcore/snapd ++ ++ # releasing a new version ++ $ git fetch upstream ++ $ git merge upstream/ # e.g. upstream/2.44 ++ $ cp -ar packaging/debian-sid/* debian/ ++ # ensure to git add any new files ++ # set debian/changelog to UNRELEASED ++ $ git commit -a -m 'debian: sync packaging changes from upstream' ++ # update changelog ++ $ debcommit -ar ++ $ gbp buildpackage -S -d ++ # testbuild ++ $ pbuilder-dist sid update ++ $ pbuilder-dist sid build ../build-area/snapd_.dsc ++ $ dput ftp-master ../build-area/snapd__source.changes ++ ++ -- Michael Vogt , Wed, 18 Mar 2020 13:11:03 +0100 diff --cc debian/changelog index 00000000,00000000..62c802b4 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,7261 @@@ ++snapd (2.51.7-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp ++ v2.2.0-428-g5c22d4b1 ++ - tests: cherry-pick shellcheck fix `bd730fd4` ++ - interfaces/dsp: add /dev/ambad into dsp interface ++ - many: shellcheck fixes ++ - snapstate: abort kernel refresh if no gadget update can be found ++ - overlord: add manager test for "assumes" checking ++ - store: deal correctly with "assumes" from the store raw yaml ++ ++ -- Michael Vogt Wed, 01 Sep 2021 13:32:06 +0200 ++ ++snapd (2.51.6-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - secboot: use half the mem for KDF in AddRecoveryKey ++ - secboot: switch main key KDF memory cost to 32KB ++ ++ -- Ian Johnson Thu, 19 Aug 2021 15:49:47 -0500 ++ ++snapd (2.51.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - snap/squashfs: handle squashfs-tools 4.5+ ++ - tests/core20-install-device-file-install-via-hook-hack: adjust ++ test for 2.51 ++ - o/devicestate/handlers_install.go: add workaround to create dirs ++ for install ++ - tests: fix linter warning ++ - tests: update other spread tests for new behaviour ++ - tests: ack assertions by default, add --noack option ++ - release-tools/changelog.py: also fix opensuse changelog date ++ format ++ - release-tools/changelog.py: fix typo in function name ++ - release-tools/changelog.py: fix fedora date format ++ - release-tools/changelog.py: handle case where we don't have a TZ ++ - release-tools/changelog.py: fix line length check ++ - release-tools/changelog.py: specify the LP bug for the release as ++ an arg too ++ - interface/modem-manager: add support for MBIM/QMI proxy ++ clients ++ - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd ++ snap ++ ++ -- Ian Johnson Mon, 16 Aug 2021 15:02:40 -0500 ++ ++snapd (2.51.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - {device,snap}state: skip kernel extraction in seeding ++ - vendor: move to snapshot-4c814e1 branch and set fixed KDF options ++ - tests/interfaces/tee: fix HasLen check for udev snippets ++ - interfaces/tee: add support for Qualcomm qseecom device node ++ - gadget: check for system-save with multi volumes if encrypting ++ correctly ++ - gadget: drive-by: drop unnecessary/supported passthrough in test ++ gadget.yaml ++ ++ -- Ian Johnson Mon, 09 Aug 2021 18:56:18 -0500 ++ ++snapd (2.51.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - interfaces/builtin: add sd-control interface ++ - store: set ResponseHeaderTimeout on the default transport ++ ++ -- Ian Johnson Wed, 14 Jul 2021 15:26:54 -0500 ++ ++snapd (2.51.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - snapstate: remove temporary snap file for local revisions early ++ - interface: allows reading sd cards internal info from block- ++ devices interface ++ - o/ifacestate: do not visit same halt tasks in waitChainSearch to ++ avoid slow convergence (or unlikely cycles) ++ - corecfg: allow using `# snapd-edit: no` header to disable pi- ++ config ++ - configcore: ignore system.pi-config.* setting on measured kernels ++ - many: pass device/model info to configcore via sysconfig.Device ++ interface ++ - o/configstate/configcore: support snap set system swap.size=... ++ - store: make the log with download size a debug one ++ - interfaces/opengl: add support for Imagination PowerVR ++ ++ -- Michael Vogt Wed, 07 Jul 2021 15:35:46 +0200 ++ ++snapd (2.51.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - interfaces: add netlink-driver interface ++ - interfaces: builtin: add dm-crypt interface to support external ++ storage encryption ++ - interfaces/dsp: fix typo in udev rule ++ - overlord/snapstate: lock the mutex before returning from stop ++ snap services undo ++ - interfaces: opengl: change path for Xilinx zocl driver ++ - interfaces/dsp: add /dev/cavalry into dsp interface ++ - packaging/fedora/snapd.spec: correct date format in changelog ++ ++ -- Michael Vogt Tue, 15 Jun 2021 12:45:08 +0200 ++ ++snapd (2.51-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - cmd/snap: stacktraces debug endpoint ++ - secboot: deactivate volume again when model checker fails ++ - store: extra log message, a few minor cleanups ++ - packaging/debian-sid: update systemd patch ++ - snapstate: adjust update-gadget-assets user visible message ++ - tests/nested/core/core20-create-recovery: verify that recovery ++ system can be created at runtime ++ - gadget: support creating vfat partitions during bootstrap ++ - daemon/api_quotas.go: support updating quotas with ensure action ++ - daemon: tighten access to a couple of POST endpoints that should ++ be really be root-only ++ - seed/seedtest, overlord/devicestate: move seed validation helper ++ to seedtest ++ - overlord/hookstate/ctlcmd: remove unneeded parameter ++ - snap/quota: add CurrentMemoryUsage for current memory usage of a ++ quota group ++ - systemd: add CurrentMemoryUsage to get current memory usage for a ++ unit ++ - o/snapstate: introduce minimalInstallInfo interface ++ - o/hookstate: print pending info (ready, inhibited or none) ++ - osutil: a helper to find out the total amount of memory in the ++ system ++ - overlord, overlord/devicestate: allow for reloading modeenv in ++ devicemgr when testing ++ - daemon: refine access testing ++ - spread: disable unattended-upgrades on debian ++ - tests/lib/reset: make nc exit after a while when connection is ++ idle ++ - daemon: replace access control flags on commands with access ++ checkers ++ - release-tools/changelog.py: refactor regexp + file reading/writing ++ - packaging/debian-sid: update locale patch for the latest master ++ - overlord/devicestate: tasks for creating recovery systems at ++ runtime ++ - release-tools/changelog.py: implement script to update all the ++ changelog files ++ - tests: change machine type used for nested testsPrices: ++ - cmd/snap: include locale when linting description being lower case ++ - o/servicestate: add RemoveSnapFromQuota ++ - interfaces/serial-port: add Qualcomm serial port devices to ++ allowed list ++ - packaging: merge 2.50.1 changelog back ++ - interfaces/builtin: introduce raw-input interface ++ - tests: remove tests.cleanup prepare from nested test ++ - cmd/snap-update-ns: fix linter errors ++ - asserts: fix errors reported by linter ++ - o/hookstate/ctlcmd: allow system-mode for non-root ++ - overlord/devicestate: comment why explicit system mode check is ++ needed in ensuring tried recovery systems (#10275) ++ - overlord/devicesate: observe snap writes when creating recovery ++ systems ++ - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 ++ - tests: moving to tests directories snaps built locally - part 1 ++ - seed/seedwriter: fail early when system seed directory exists ++ - o/snapstate: autorefresh phase1 for refresh-control ++ - c/snap: more precise message for ErrorKindSystemRestart op != ++ reboot ++ - tests: simplify the tests.cleanup tool ++ - boot: helpers for manipulating current and good recovery systems ++ list ++ - o/hookstate, o/snapstate: print revision, version, channel with ++ snapctl --pending ++ - overlord: unit test tweaks, use well known snap IDs, setup snap ++ declarations for most common snaps ++ - tests/nested/manual: add test for install-device + snapctl reboot ++ - o/servicestate: restart slices + services on modifications ++ - tests: update mount-ns test to support changes in the distro ++ - interfaces: fix linter issues ++ - overlord: mock logger in managers unit tests ++ - tests: adding support for fedora-34 ++ - tests: adding support for debian 10 on gce ++ - boot: reseal given keys when the respective boot chain has changed ++ - secboot: switch encryption key size to 32 byte (thanks to Chris) ++ - interfaces/dbus: allow claiming 'well-known' D-Bus names with a ++ wildcard suffix ++ - spread: bump delta reference version ++ - interfaces: builtin: update permitted paths to be compatible with ++ UC20 ++ - overlord: fix errors reported by linter ++ - tests: remove old fedora systems from tests ++ - tests: update spread url ++ - interfaces/camera: allow devices in /sys/devices/platform/**/usb* ++ - interfaces/udisks2: Allow access to the login manager via dbus ++ - cmd/snap: exit normally if "snap changes" has no changes ++ (LP #1823974) ++ - tests: more fixes for spread suite on openSUSE ++ - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed ++ - daemon: fix linter errors ++ - spread: add Fedora 34, leave a TODO about dropping Fedora 32 ++ - interfaces: fix linter errors ++ - tests: use op.paths tools instead of dirs.sh helper - part 2 ++ - client: Fix linter errors ++ - cmd/snap: Fix errors reported by linter ++ - cmd/snap-repair: fix linter issues ++ - cmd/snap-bootstrap: Fix linter errors ++ - tests: update permission denied message for test-snapd-event on ++ ubuntu 2104 ++ - cmd/snap: small tweaks based on previous reviews ++ - snap/snaptest: helper that mocks both the squashfs file and a snap ++ directory ++ - overlord/devicestate: tweak comment about creating recovery ++ systems, formatting tweaks ++ - overlord/devicestate: move devicemgr base suite helpers closer to ++ test suite struct ++ - overlord/devicestate: keep track of tried recovery system ++ - seed/seedwriter: clarify in the diagram when SetInfo is called ++ - overlord/devicestate: add helper for creating recovery systems at ++ runtime ++ - snap-seccomp: update syscalls.go list ++ - boot,image: support image.Customizations.BootFlags ++ - overlord: support snapctl --halt|--poweroff in gadget install- ++ device ++ - features,servicestate: add experimental.quota-groups flag ++ - o/servicestate: address comments from previous PR ++ - tests: basic spread test for snap quota commands ++ - tests: moving the snaps which are not locally built to the store ++ directory ++ - image,c/snap: implement prepare-image --customize ++ - daemon: implement REST API for quota groups (create / list / get) ++ - cmd/snap, client: snap quotas command ++ - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods ++ and snapctl system-mode ++ - o/servicestate/quota_control.go: introduce (very) basic group ++ manipulation methods ++ - cmd/snap, client: snap remove-quota command ++ - wrappers, quota: implement quota groups slice generation ++ - snap/quotas: followups from previous PR ++ - cmd/snap: introduce 'snap quota' command ++ - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in ++ uc20 run mode ++ - o/servicestate: test has internal ordering issues, consider both ++ cases ++ - o/servicestate/quotas: add functions for getting and setting ++ quotas in state ++ - tests: new buckets for snapd-spread project on gce ++ - spread.yaml: update the gce project to start using snapd-spread ++ - quota: new package for managing resource groups ++ - many: bind and check keys against models when using FDE hooks v2 ++ - many: move responsibilities down seboot -> kernel/fde and boot -> ++ secboot ++ - packaging: add placeholder changelog ++ - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap ++ bug ++ - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu ++ Core system ++ - many: hide EncryptionKey size and refactors for fde hook v2 next ++ steps ++ - tests: adding debug info for create user tests ++ - o/hookstate: add "refresh" command to snapctl (hidden, not ++ complete yet) ++ - systemd: wait for zfs mounts (LP #1922293) ++ - testutil: support referencing files in FileEquals checker ++ - many: refactor to kernel/fde and allow `fde-setup initial-setup` ++ to return json ++ - o/snapstate: store refresh-candidates in the state ++ - o/snapstate: helper for creating gate-auto-refresh hooks ++ - bootloader/bootloadertest: provide interface implementation as ++ mixins, provide a mock for recovery-aware-trusted-asses bootloader ++ - tests/lib/nested: do not compress images, return early when ++ restored from pristine image ++ - boot: split out a helper for making recovery system bootable ++ - tests: update os.query check to match new bullseye codename used ++ on sid images ++ - o/snapstate: helper for getting snaps affected by refresh, define ++ new hook ++ - wrappers: support in EnsureSnapServices a callback to observe ++ changes (#10176) ++ - gadget: multi line support in gadget's cmdline file ++ - daemon: test that requesting restart from (early) Ensure works ++ - tests: use op.paths tools instead of dirs.sh helper - part 1 ++ - tests: add new command to snaps-state to get current core, kernel ++ and gadget ++ - boot, gadget: move opening the snap container into the gadget ++ helper ++ - tests, overlord: extend unit tests, extend spread tests to cover ++ full command line support ++ - interfaces/builtin: introduce dsp interface ++ - boot, bootloader, bootloader/assets: support for full command line ++ override from gadget ++ - overlord/devicestate, overlord/snapstate: add task for updating ++ kernel command lines from gadget ++ - o/snapstate: remove unused DeviceCtx argument of ++ ensureInstallPreconditions ++ - tests/lib/nested: proper status return for tpm/secure boot checks ++ - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars ++ - wrappers/services.go: refactor helper lambda function to separate ++ function ++ - boot/flags.go: add HostUbuntuDataForMode ++ - boot: handle updating of components that contribute to kernel ++ command line ++ - tests: add 20.04 to systems for nested/core ++ - daemon: add new accessChecker implementations ++ - boot, overlord/devicestate: consider gadget command lines when ++ updating boot config ++ - tests: fix prepare-image-grub-core18 for arm devices ++ - tests: fix gadget-kernel-refs-update-pc test on arm and when ++ $TRUST_TEST_KEY is false ++ - tests: enable help test for all the systems ++ - boot: set extra command line arguments when preparing run mode ++ - boot: load bits of kernel command line from gadget snaps ++ - tests: update layout for tests - part 2 ++ - tests: update layout for tests - part 1 ++ - tests: remove the snap profiler from the test suite ++ - boot: drop gadget snap yaml which is already defined elsewhere in ++ the tests ++ - boot: set extra kernel command line arguments when making a ++ recovery system bootable ++ - boot: pass gadget path to command line helpers, load gadget from ++ seed ++ - tests: new os.paths tool ++ - daemon: make ucrednetGet() return a *ucrednet structure ++ - boot: derive boot variables for kernel command lines ++ - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from ++ initramfs ++ ++ -- Ian Johnson Thu, 27 May 2021 11:15:20 -0500 ++ ++snapd (2.50.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1926005 ++ - interfaces: update permitted /lib/.. paths to be compatible with ++ UC20 ++ - interfaces: builtin: update permitted paths to be compatible with ++ UC20 ++ - interfaces/greengrass-support: delete white spaces at the end of ++ lines ++ - snap-seccomp: update syscalls.go list ++ - many: backport kernel command line for 2.50 ++ - interfaces/dbus: allow claiming 'well-known' D-Bus names with a ++ wildcard suffix ++ - interfaces/camera: allow devices in /sys/devices/platform/**/usb* ++ - interfaces/builtin: introduce dsp interface ++ ++ -- Ian Johnson Wed, 19 May 2021 10:46:02 -0500 ++ ++snapd (2.50-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1926005 ++ - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu ++ Core system ++ - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug ++ - o/servicestate/servicemgr.go: add ensure loop for snap service ++ units ++ - wrappers/services.go: introduce EnsureSnapServices() ++ - snapstate: add "kernel-assets" to featureSet ++ - systemd: wait for zfs mounts ++ - overlord: make servicestate responsible to compute ++ SnapServiceOptions ++ - boot,tests: move where we write boot-flags one level up ++ - o/configstate: don't pass --root=/ when ++ masking/unmasking/enabling/disabling services ++ - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to ++ /run ++ - gadget: be more flexible with kernel content resolving ++ - boot, cmd/snap: include extra cmdline args in debug boot-vars ++ output ++ - boot: support read/writing boot-flags from userspace/initramfs ++ - interfaces/pwm: add PWM interface ++ - tests/lib/prepare-restore.sh: clean out snapd changes and snaps ++ before purging ++ - systemd: enrich UnitStatus returned by systemd.Status() with ++ Installed flag ++ - tests: updated restore phase of spread tests - part 1 ++ - gadget: add support for kernel command line provided by the gadget ++ - tests: Using GO111MODULE: "off" in spread.yaml ++ - features: add gate-auto-refresh-hook feature flag ++ - spread: ignore linux kernel upgrade in early stages for arch ++ preparation ++ - tests: use snaps-state commands and remove them from the snaps ++ helper ++ - o/configstate: fix panic with a sequence of config unset ops over ++ same path ++ - api: provide meaningful error message on connect/disconnect for ++ non-installed snap ++ - interfaces/u2f-devices: add HyperFIDO Pro ++ - tests: add simple sanity check for systemctl show ++ --property=UnitFileState for unknown service ++ - tests: use tests.session tool on interfaces-desktop-document- ++ portal test ++ - wrappers: install D-Bus service activation files for snapd session ++ tools on core ++ - many: add x-gvfs-hide option to mount units ++ - interfaces/builtin/gpio_test.go: actually test the generated gpio ++ apparmor ++ - spread: tentative workaround for arch failure caused by libc ++ upgrade and cgroups v2 ++ - tests: add spread test for snap validate against store assertions ++ - tests: remove snaps which are not used in any test ++ - ci: set the accept-existing-contributors parameter for the cla- ++ check action ++ - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and ++ some apiBaseSuite cosmetics) ++ - o/devicestate/devicemgr: register install-device hook, run if ++ present in install ++ - o/configstate/configcore: simple refactors in preparation for new ++ function ++ - tests: unifying the core20 nested suite with the core nested suite ++ - tests: uboot-unpacked-assets updated to reflect the real path used ++ to find the kernel ++ - daemon: switch api_test.go to daemon_test and various other ++ cleanups ++ - o/configstate/configcore/picfg.go: add hdmi_cvt support ++ - interfaces/apparmor: followup cleanups, comments and tweaks ++ - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 ++ - overlord/snapstate: skip catalog refresh when snappy testing is ++ enabled ++ - overlord/snapstate, overlord/ifacestate: move late security ++ profile removal to ifacestate ++ - snap-seccomp: fix seccomp test on ppc64el ++ - interfaces, interfaces/apparmor, overlord/snapstate: late removal ++ of snap-confine apparmor profiles ++ - cmd/snap-bootstrap/initramfs-mounts: move time forward using ++ assertion times ++ - tests: reset the system while preparing the test suite ++ - tests: fix snap-advise-command check for 429 ++ - gadget: policy for gadget/kernel refreshes ++ - o/configstate: deal with no longer valid refresh.timer=managed ++ - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 ++ - cla-check: Use has-signed-canonical-cla GitHub Action ++ - tests: validation sets spread test ++ - tests: simplify the reset.sh logic by removing not needed command ++ - overlord/snapstate: make sure that snapd current symlink is not ++ removed during refresh ++ - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 ++ - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data ++ is base64 ++ - o/devicestate: split off ensuring next boot goes to run mode into ++ new task ++ - tests: fix cgroup-tracking test ++ - boot: export helper for clearing tried system state, add tests ++ - cmd/snap: use less aggressive client timeouts in unit tests ++ - daemon: fix signing key validity timestamp in unit tests ++ - o/{device,hook}state: encode fde-setup-request key as base64 ++ string ++ - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ ++ - cmd/snap/pack: unhide the compression option ++ - boot: extend set try recovery system unit tests ++ - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use ++ secboot's implicit fallback ++ - o/configstate/configcore: add hdmi_timings to pi-config ++ - snapstate: reduce reRefreshRetryTimeout to 1/2 second ++ - interfaces/tee: add TEE/OPTEE interface ++ - o/snapstate: update validation sets assertions with auto-refresh ++ - vendor: update go-tpm2/secboot to latest version ++ - seed: ReadSystemEssentialAndBetterEarliestTime ++ - tests: replace while commands with the retry tool ++ - interfaces/builtin: update unit tests to use proper distro's ++ libexecdir ++ - tests: run the reset.sh helper and check test invariants while the ++ test is restored ++ - daemon: switch preexisting daemon_test tests to apiBaseSuite and ++ .req ++ - boot, o/devicestate: split makeBootable20 into two parts ++ - interfaces/docker-support: add autobind unix rules to docker- ++ support ++ - interfaces/apparmor: allow reading ++ /proc/sys/kernel/random/entropy_avail ++ - tests: use retry tool instead a loops ++ - tests/main/uc20-create-partitions: fix tests cleanup ++ - asserts: mode where Database only assumes cur time >= earliest ++ time ++ - daemon: validation sets/api tests cleanup ++ - tests: improve tests self documentation for nested test suite ++ - api: local assertion fallback when it's not in the store ++ - api: validation sets monitor mode ++ - tests: use fs-state tool in interfaces tests ++ - daemon: move out /v2/login|logout and errToResponse tests from ++ api_test.go ++ - boot: helper for inspecting the outcome of a recovery system try ++ - o/configstate, o/snapshotstate: fix handling of nil snap config on ++ snapshot restore ++ - tests: update documentation and checks for interfaces tests ++ - snap-seccomp: add new `close_range` syscall ++ - boot: revert #10009 ++ - gadget: remove `device-tree{,-origin}` from gadget tests ++ - boot: simplify systems test setup ++ - image: write resolved-content from snap prepare-image ++ - boot: reseal the run key for all recovery systems, but recovery ++ keys only for the good ones ++ - interfaces/builtin/network-setup-{control,observe}: allow using ++ netplan directly ++ - tests: improve sections prepare and restore - part 1 ++ - tests: update details on task.yaml files ++ - tests: revert os.query usage in spread.yaml ++ - boot: export bootAssetsMap as AssetsMap ++ - tests/lib/prepare: fix repacking of the UC20 kernel snap for with ++ ubuntu-core-initramfs 40 ++ - client: protect against reading too much data from stdin ++ - tests: improve tests documentation - part 2 ++ - boot: helper for setting up a try recover system ++ - tests: improve tests documentation - part 1 ++ - tests/unit/go: use tests.session wrapper for running tests as a ++ user ++ - tests: improvements for snap-seccomp-syscalls ++ - gadget: simplify filterUpdate (thanks to Maciej) ++ - tests/lib/prepare.sh: use /etc/group and friends from the core20 ++ snap ++ - tests: fix tumbleweed spread tests part 2 ++ - tests: use new commands of os.query tool on tests ++ - o/snapshotstate: create snapshots directory on import ++ - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list ++ - packaging: drop 99-snapd.conf via dpkg-maintscript-helper ++ - osutil: add SetTime() w/ 32-bit and 64-bit implementations ++ - interfaces/wayland: rm Xwayland Xauth file access from wayland ++ slot ++ - packaging/ubuntu-16.04/rules: turn modules off explicitly ++ - gadget,devicestate: perform kernel asset update for $kernel: style ++ refs ++ - cmd/recovery: small fix for `snap recovery` tab output ++ - bootloader/lkenv: add recovery systems related variables ++ - tests: fix new tumbleweed image ++ - boot: fix typo, should be systems ++ - o/devicestate: test that users.create.automatic is configured ++ early ++ - asserts: use Fetcher in AddSequenceToUpdate ++ - daemon,o/c/configcore: introduce users.create.automatic ++ - client, o/servicestate: expose enabled state of user daemons ++ - boot: helper for checking and marking tried recovery system status ++ from initramfs ++ - asserts: pool changes for validation-sets (#9930) ++ - daemon: move the last api_foo_test.go to daemon_test ++ - asserts: include the assertion timestamp in error message when ++ outside of signing key validity range ++ - ovelord/snapshotstate: keep a few of the last line tar prints ++ before failing ++ - gadget/many: rm, delay sector size + structure size checks to ++ runtime ++ - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors ++ - interfaces: add allegro-vcu and media-control interfaces ++ - interfaces: opengl: add Xilinx zocl bits ++ - mkversion: check that version from changelog is set before ++ overriding the output version ++ - many: fix new ineffassign warnings ++ - .github/workflows/labeler.yaml: try work-around to not sync ++ labels ++ - cmd/snap, boot: add debug set-boot-vars ++ - interfaces: allow reading the Xauthority file KDE Plasma writes ++ for Wayland sessions ++ - tests/main/snap-repair: test running repair assertion w/ fakestore ++ - tests: disable lxd tests for 21.04 until the lxd images are ++ published for the system ++ - tests/regression/lp-1910456: cleanup the /snap symlink when done ++ - daemon: move single snap querying and ops to api_snaps.go ++ - tests: fix for preseed and dbus tests on 21.04 ++ - overlord/snapshotstate: include the last message printed by tar in ++ the error ++ - interfaces/system-observe: Allow reading /proc/zoneinfo ++ - interfaces: remove apparmor downgrade feature ++ - snap: fix unit tests on Go 1.16 ++ - spread: disable Go modules support in environment ++ - tests: use new path to find kernel.img in uc20 for arm devices ++ - tests: find files before using cat command when checking broadcom- ++ asic-control interface ++ - boot: introduce good recovery systems, provide compatibility ++ handling ++ - overlord: add manager gadget refresh test ++ - tests/lib/fakestore: support repair assertions too ++ - github: temporarily disable action labeler due to issues with ++ labels being removed ++ - o/devicestate,many: introduce DeviceManager.preloadGadget for ++ EarlyConfig ++ - tests: enable ubuntu 21.04 for spread tests ++ - snap: provide a useful error message if gdbserver is not installed ++ - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 ++ - tests/lib/prepare.sh: split reflash.sh into two parts ++ - packaging/opensuse: sync with openSUSE packaging ++ - packaging: disable Go modules in snapd.mk ++ - snap: add deprecation noticed to "snap run --gdb" ++ - daemon: add API for checking and installing available theme snaps ++ - tests: using labeler action to add automatically a label to run ++ nested tests ++ - gadget: improve error handling around resolving content sources ++ - asserts: repeat the authority cross-check in CheckSignature as ++ well ++ - interfaces/seccomp/template.go: allow copy_file_range ++ - o/snapstate/check_snap.go: add support for many subversions in ++ assumes snapdX.. ++ - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go ++ - wrappers: use proper paths for mocked mount units in tests ++ - snap: rename gdbserver option to `snap run --gdbserver` ++ - store: support validation sets with fetch-assertions action ++ - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky ++ - packaging/fedora: sync with downstream packaging in Fedora ++ - many: add Delegate=true to generated systemd units for special ++ interfaces (master) ++ - boot: use a common helper for mocking boot assets in cache ++ - api: validate snaps against validation set assert from the store ++ - wrappers: don't generate an [Install] section for timer or dbus ++ activated services ++ - tests/nested/core20/boot-config-update: skip when snapd was not ++ built with test features ++ - o/configstate,o/devicestate: introduce devicestate.EarlyConfig ++ implemented by configstate.EarlyConfig ++ - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name ++ - interfaces/builtin: mock distribution in fontconfig cache unit ++ tests ++ - tests/lib/prepare.sh: add another console= to the reflash magic ++ grub entry ++ - overlord/servicestate: expose dbus activators of a service ++ - desktop/notification: test against a real session bus and ++ notification server implementation ++ - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for ++ recover+install ++ - HACKING.md: explain how to run UC20 spread tests with QEMU ++ - asserts: introduce AtSequence ++ - overlord/devicestate: task for updating boot configs, spread test ++ - gadget: fix documentation/typos ++ - gadget: cleanup MountedFilesystem{Writer,Updater} ++ - gadget: use ResolvedSource in MountedFilesystemWriter ++ - snap/info.go: add doc-comment for SortServices ++ - interfaces: add an optional mount-host-font-cache plug attribute ++ to the desktop interface ++ - osutil: skip TestReadBuildGo inside sbuild ++ - o/hookstate/ctlcmd: add optional --pid and --apparmor-label ++ arguments to "snapctl is-connected" ++ - data/env/snapd: use quoting in case PATH contains spaces ++ - boot: do not observe successful boot assets if not in run mode ++ - tests: fix umount for snapd snap on fsck-on-boot testumount: ++ /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount ++ - misc: little tweaks ++ - snap/info.go: ignore unknown daemons in SortSnapServices ++ - devicestate: keep log from install-mode on installed system ++ - seed: add LoadEssentialMeta to seed16 and allow all of its ++ implementations to be called multiple times ++ - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in ++ seeds ++ - tests/core/uc20-recovery: move recover mode helpers to generic ++ testslib script ++ - interfaces/fwupd: allow any distros to access fw files via fwupd ++ - store: method for fetching validation set assertion ++ - store: switch to v2/assertions api ++ - gadget: add new ResolvedContent and populate from LayoutVolume() ++ - spread: use full format when listing processes ++ - osutil/many: make all test pkgs osutil_test instead of "osutil" ++ - tests/unit/go: drop unused environment variables, skip coverage ++ - OpenGL interface: Support more Tegra libs ++ - gadget,overlord: pass kernelRoot to install.Run() ++ - tests: run unit tests in Focal instead of Xenial ++ - interfaces/browser-support: allow sched_setaffinity with browser- ++ sandbox: true ++ - daemon: move query /snaps/ tests to api_snaps_test.go ++ - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair ++ runner ++ - systemd/systemd.go: support journald JSON messages with arrays for ++ values ++ - cmd: make string/error code more robust against errno leaking ++ - github, run-checks: do not collect coverage data on subsequent ++ test runs ++ - boot: boot config update & reseal ++ - o/snapshotstate: handle conflicts between snapshot forget, export ++ and import ++ - osutil/stat.go: add RegularFileExists ++ - cmd/snapd-generator: don't create mount overrides for snap-try ++ snaps inside lxc ++ - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment ++ - tests: use 6 spread workers for centos8 ++ - bootloader/assets: support injecting bootloader assets in testing ++ builds of snapd ++ - gadget: enable multi-volume uc20 gadgets in ++ LaidOutSystemVolumeFromGadget; rename too ++ - overlord/devicestate, sysconfig: do nothing when cloud-init is not ++ present ++ - cmd/snap-repair: filter repair assertions based on bases + modes ++ - snap-confine: make host /etc/ssl available for snaps on classic ++ ++ -- Michael Vogt Sat, 24 Apr 2021 12:17:45 +0200 ++ ++snapd (2.49.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - interfaces/tee: add TEE/OPTEE interface ++ - o/configstate/configcore: add hdmi_timings to pi-config ++ - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 ++ - snap-seccomp: fix seccomp test on ppc64el ++ - interfaces{,/apparmor}, overlord/snapstate: ++ late removal of snap-confine apparmor profiles ++ - overlord/snapstate, wrappers: add dependency on usr-lib- ++ snapd.mount for services on core with snapd snap ++ - o/configstate: deal with no longer valid refresh.timer=managed ++ - overlord/snapstate: make sure that snapd current symlink is not ++ removed during refresh ++ - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ ++ - o/{device,hook}state: encode fde-setup-request key as base64 ++ - snapstate: reduce reRefreshRetryTimeout to 1/2 second ++ - tests/main/uc20-create-partitions: fix tests cleanup ++ - o/configstate, o/snapshotstate: fix handling of nil snap config on ++ snapshot restore ++ - snap-seccomp: add new `close_range` syscall ++ ++ -- Michael Vogt Fri, 26 Mar 2021 16:49:46 +0100 ++ ++snapd (2.49.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - tests: turn modules off explicitly in spread go unti test ++ - o/snapshotstate: create snapshots directory on import ++ - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors ++ - interfaces: add allegro-vcu and media-control interfaces ++ - interfaces: opengl: add Xilinx zocl bits ++ - many: fix new ineffassign warnings ++ - interfaces/seccomp/template.go: allow copy_file_range ++ - interfaces: allow reading the Xauthority file KDE Plasma writes ++ for Wayland sessions ++ - data/selinux: allow system dbus to watch ++ /var/lib/snapd/dbus-1 ++ - Remove apparmor downgrade feature ++ - Support tmp and log dirs on Yocto/Poky ++ ++ -- Michael Vogt Mon, 08 Mar 2021 10:47:05 +0100 ++ ++snapd (2.49-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - many: add Delegate=true to generated systemd units for special ++ interfaces ++ - cmd/snap-bootstrap: rename ModeenvFromModel to ++ EphemeralModeenvForModel ++ - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for ++ recover+install ++ - osutil: skip TestReadBuildGo inside sbuild ++ - tests: fix umount for snapd snap on fsck-on-boot test ++ - snap/info_test.go: add unit test cases for bug ++ - tests/main/services-after-before: add regression spread test ++ - snap/info.go: ignore unknown daemons in SortSnapServices ++ - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in ++ seeds ++ - OpenGL interface: Support more Tegra libs ++ - interfaces/browser-support: allow sched_setaffinity with browser- ++ sandbox: true ++ - cmd: make string/error code more robust against errno leaking ++ - o/snapshotstate: handle conflicts between snapshot forget, export ++ and import ++ - cmd/snapd-generator: don't create mount overrides for snap-try ++ snaps inside lxc ++ - tests: update test pkg for fedora and centos ++ - gadget: pass sector size in to mkfs family of functions, use to ++ select block sz ++ - o/snapshotstate: fix returning of snap names when duplicated ++ snapshot is detected ++ - tests/main/snap-network-errors: skip flushing dns cache on ++ centos-7 ++ - interfaces/builtin: Allow DBus property access on ++ org.freedesktop.Notifications ++ - cgroup-support.c: fix link to CGROUP DELEGATION ++ - osutil: update go-udev package ++ - packaging: fix arch-indep build on debian-sid ++ - {,sec}boot: pass "key-name" to the FDE hooks ++ - asserts: sort by revision with Sort interface ++ - gadget: add gadget.ResolveContentPaths() ++ - cmd/snap-repair: save base snap and mode in device info; other ++ misc cleanups ++ - tests: cleanup the run-checks script ++ - asserts: snapasserts method to validate installed snaps against ++ validation sets ++ - tests: normalize test tools - part 1 ++ - snapshotstate: detect duplicated snapshot imports ++ - interfaces/builtin: fix unit test expecting snap-device-helper at ++ /usr/lib/snapd ++ - tests: apply workaround done for snap-advise-command to apt-hooks ++ test ++ - tests: skip main part of snap-advise test if 429 error is ++ encountered ++ - many: clarify gadget role-usage consistency checks for UC16/18 vs ++ UC20 ++ - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable ++ broken tests on sid ++ - interfaces/builtin: more drive by fixes, import ordering, removing ++ dead code ++ - tests: skip interfaces-openvswitch spread test on debian sid ++ - interfaces/apparmor: drive by comment fix ++ - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree ++ usage ++ - cmd/libsnap-confine-private: make unit tests execute happily in a ++ container ++ - interfaces, wrappers: misc comment fixes, etc. ++ - asserts/repair.go: add "bases" and "modes" support to the repair ++ assertion ++ - interfaces/opengl: allow RPi MMAL video decoding ++ - snap: skip help output tests for go-flags v1.4.0 ++ - gadget: add validation for "$kernel:ref" style content ++ - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside ++ containers ++ - spdx: update to SPDX license list version: 3.11 2020-11-25 ++ - tests: improve hotplug test setup on classic ++ - tests: update check to verify is the current system is arm ++ - tests: use os-query tool to check debian, trusty and tumbleweed ++ - daemon: start moving implementation to api_snaps.go ++ - tests/main/snap-validate-basic: disable test on Fedora due to go- ++ flags panics ++ - tests: fix library path used for tests.pkgs ++ - tests/main/cohorts: replace yq with a Python snippet ++ - run-checks: update to match new argument syntax of ineffassign ++ - tests: use apiBaseSuite for snapshots tests, fix import endpoint ++ path ++ - many: separate consistency/content validation into ++ gadget.Validate|Content ++ - o/{device,snap}state: enable devmode snaps with dangerous model ++ assertions ++ secboot: add test for when systemd-run does not honor ++ RuntimeMaxSec ++ - secboot: add workaround for snapcore/core-initrd issue #13 ++ - devicestate: log checkEncryption errors via logger.Noticef ++ - o/daemon: validation sets api and basic spread test ++ - gadget: move BuildPartitionList to install and make it unexported ++ - tests: add nested spread end-to-end test for fde-hooks ++ - devicestate: implement checkFDEFeatures() ++ - boot: tweak resealing with fde-setup hooks ++ - tests: add os query commands for subsystems and architectures ++ - o/snapshotstate: don't set auto flag in the snapshot file ++ - tests: use os.query tool instead of comparing the system var ++ - testutil: use the original environment when calling shellcheck ++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- ++ init restrict file ++ - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and ++ instead set the implicit labels when loading the yaml ++ - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- ++ key ++ - gadget/quantity: introduce Offset, start using it for offset ++ related fields in the gadget ++ - gadget: use "sealed-keys" to determine what method to use for ++ reseal ++ - tests/main/fake-netplan-apply: disable test on xenial for now ++ - daemon: start splitting snaps op tests out of api_test.go ++ - testutil: make DBusTest use a custom bus configuration file ++ - tests: replace pkgdb.sh (library) with tests.pkgs (program) ++ - gadget: prepare gadget kernel refs (0/N) ++ - interfaces/builtin/docker-support: allow /run/containerd/s/... ++ - cmd/snap-preseed: reset run inhibit locks on --reset. ++ - boot: add sealKeyToModeenvUsingFdeSetupHook() ++ - daemon: reorg snap.go and split out sections and icons support ++ from api.go ++ - sandbox/seccomp: use snap-seccomp's stdout for getting version ++ info ++ - daemon: split find support to its own api_*.go files and move some ++ helpers ++ - tests: move snapstate config defaults tests to a separate file. ++ - bootloader/{lk,lkenv}: followups from #9695 ++ - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite ++ - gadget,o/devicestate: set implicit values for schema and role ++ directly instead of relying on Effective* accessors ++ - daemon: split aliases support to its own api_*.go files ++ - gadget: start separating rule/convention validation from basic ++ soundness ++ - cmd/snap-update-ns: add better unit test for overname sorting ++ - secboot: use `fde-reveal-key` if available to unseal key ++ - tests: fix lp-1899664 test when snapd_x1 is not installed in the ++ system ++ - tests: fix the scenario when the "$SRC".orig file does not exist ++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt ++ other entries ++ - devicestate: add runFDESetupHook() helper ++ - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv ++ structs ++ - daemon: split unsupported buy implementation to its own api_*.go ++ files ++ - tests: download timeout spread test ++ - gadget,o/devicestate: hybrid 18->20 ready volume setups should be ++ valid ++ - o/devicestate: save model with serial in the device save db ++ - bootloader: add check for prepare-image time and more tests ++ validating options ++ - interfaces/builtin/log_observe.go: allow controlling apparmor ++ audit levels ++ - hookstate: refactor around EphemeralRunHook ++ - cmd/snap: implement 'snap validate' command ++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support ++ - boot: observe successful command line update, provide a default ++ - tests: New queries for the os tools ++ - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" ++ as path+"bak" ++ - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk ++ iface ++ - daemon: split out snapctl support and snap configuration support ++ to their own api_*.go files ++ - snapshotstate: improve handling of multiple errors ++ - tests: sign new nested-18|20* models to allow for generic serials ++ - bootloader: remove installableBootloader interface and methods ++ - seed: cleanup/drop some no longer valid TODOS, clarify some other ++ points ++ - boot: set kernel command line in modeenv during install ++ - many: rename disks.FindMatching... to FindMatching...WithFsLabel ++ and err type ++ - cmd/snap: suppress a case of spurious stdout logging from tests ++ - hookstate: add new HookManager.EphemeralRunHook() ++ - daemon: move some more api tests from daemon to daemon_test ++ - daemon: split apps and logs endpoints to api_apps.go and tests ++ - interfaces/utf: Add Ledger to U2F devices ++ - seed/seedwriter: consider modes when checking for deps ++ availability ++ - o/devicestate,daemon: fix reboot system action to not require a ++ system label ++ - cmd/snap-repair,store: increase initial retry time intervals, ++ stalling TODOs ++ - daemon: split interfacesCmd to api_interfaces.go ++ - github: run nested suite when commit is pushed to release branch ++ - client: reduce again the /v2/system-info timeout ++ - tests: reset fakestore unit status ++ - update-pot: fix typo in plural keyword spec ++ - tests: remove workarounds that add "ubuntu-save" if missing ++ - tests: add unit test for auto-refresh with validate-snap failure ++ - osutil: add helper for getting the kernel command line ++ - tests/main/uc20-create-partitions: verify ubuntu-save encryption ++ keys, tweak not MATCH ++ - boot: add kernel command lines to the modeenv file ++ - spread: bump delta ref, tweak repacking to make smaller delta ++ archives ++ - bootloader/lkenv: add v2 struct + support using it ++ - snapshotstate: add cleanup of abandonded snapshot imports ++ - tests: fix uc20-create-parition-* tests for updated gadget ++ - daemon: split out /v2/interfaces tests to api_interfaces_test.go ++ - hookstate: implement snapctl fde-setup-{request,result} ++ - wrappers, o/devicestate: remove EnableSnapServices ++ - tests: enable nested on 20.10 ++ - daemon: simplify test helpers Get|PostReq into Req ++ - daemon: move general api to api_general*.go ++ - devicestate: make checkEncryption fde-setup hook aware ++ - client/snapctl, store: fix typos ++ - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files ++ before doing apt ops ++ - cmd/snap-bootstrap: update model cross-check considerations ++ - client,snapctl: add naive support for "stdin" ++ - many: add new "install-mode: disable" option ++ - osutil/disks: allow building on mac os ++ - data/selinux: update the policy to allow operations on non-tmpfs ++ /tmp ++ - boot: add helper for generating candidate kernel lines for ++ recovery system ++ - wrappers: generate D-Bus service activation files ++ - bootloader/many: rm ConfigFile, add Present for indicating ++ presence of bloader ++ - osutil/disks: allow mocking DiskFromDeviceName ++ - daemon: start cleaning up api tests ++ - packaging/arch: sync with AUR packaging ++ - bootloader: indicate when boot config was updated ++ - tests: Fix snap-debug-bootvars test to make it work on arm devices ++ and core18 ++ - tests/nested/manual/core20-save: verify handling of ubuntu-save ++ with different system variants ++ - snap: use the boot-base for kernel hooks ++ - devicestate: support "storage-safety" defaults during install ++ - bootloader/lkenv: mv v1 to separate file, ++ include/lk/snappy_boot_v1.h: little fixups ++ - interfaces/fpga: add fpga interface ++ - store: download timeout ++ - vendor: update secboot repo to avoid including secboot.test binary ++ - osutil: add KernelCommandLineKeyValue ++ - gadget/gadget.go: allow system-recovery-{image,select} as roles in ++ gadget.yaml ++ - devicestate: implement boot.HasFDESetupHook ++ - osutil/disks: add DiskFromName to get a disk using a udev name ++ - usersession/agent: have session agent connect to the D-Bus session ++ bus ++ - o/servicestate: preserve order of services on snap restart ++ - o/servicestate: unlock state before calling wrappers in ++ doServiceControl ++ - spread: disable unattended-upgrades on ubuntu ++ - tests: testing new fedora 33 image ++ - tests: fix fsck on boot on arm devices ++ - tests: skip boot state test on arm devices ++ - tests: updated the systems to run prepare-image-grub test ++ - interfaces/raw_usb: allow read access to /proc/tty/drivers ++ - tests: unmount /boot/efi in fsck-on-boot test ++ - strutil/shlex,osutil/udev/netlink: minimally import go-check ++ - tests: fix basic20 test on arm devices ++ - seed: make a shared seed system label validation helper ++ - tests/many: enable some uc20 tests, delete old unneeded tests or ++ TODOs ++ - boot/makebootable.go: set snapd_recovery_mode=install at image- ++ build time ++ - tests: migrate test from boot.sh helper to boot-state tool ++ - asserts: implement "storage-safety" in uc20 model assertion ++ - bootloader: use ForGadget when installing boot config ++ - spread: UC20 no longer needs 2GB of mem ++ - cmd/snap-confine: implement snap-device-helper internally ++ - bootloader/grub: replace old reference to Managed...Blr... with ++ Trusted...Blr... ++ - cmd/snap-bootstrap: add readme for snap-bootstrap + real state ++ diagram ++ - interfaces: fix greengrass attr namingThe flavor attribute names ++ are now as follows: ++ - tests/lib/nested: poke the API to get the snap revisions ++ - tests: compare options of mount units created by snapd and snapd- ++ generator ++ - o/snapstate,servicestate: use service-control task for service ++ actions ++ - sandbox: track applications unconditionally ++ - interfaces/greengrass-support: add additional "process" flavor for ++ 1.11 update ++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test ++ ++ -- Michael Vogt Wed, 10 Feb 2021 10:47:17 +0100 ++ ++snapd (2.48.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1906690 ++ - tests: sign new nested-18|20* models to allow for generic serials ++ - secboot: add extra paranoia when waiting for that fde-reveal-key ++ - tests: backport netplan workarounds from #9785 ++ - secboot: add workaround for snapcore/core-initrd issue #13 ++ - devicestate: log checkEncryption errors via logger.Noticef ++ - tests: add nested spread end-to-end test for fde-hooks ++ - devicestate: implement checkFDEFeatures() ++ - boot: tweak resealing with fde-setup hooks ++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- ++ init restrict file ++ - secboot: add new LockSealedKeys() that uses either TPM or ++ fde-reveal-key ++ - gadget: use "sealed-keys" to determine what method to use for ++ reseal ++ - boot: add sealKeyToModeenvUsingFdeSetupHook() ++ - secboot: use `fde-reveal-key` if available to unseal key ++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt ++ other entries ++ - o/devicestate: save model with serial in the device save db ++ - devicestate: add runFDESetupHook() helper ++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support ++ - hookstate: add new HookManager.EphemeralRunHook() ++ - update-pot: fix typo in plural keyword spec ++ - store,cmd/snap-repair: increase initial expontential time ++ intervals ++ - o/devicestate,daemon: fix reboot system action to not require a ++ system label ++ - github: run nested suite when commit is pushed to release branch ++ - tests: reset fakestore unit status ++ - tests: fix uc20-create-parition-* tests for updated gadget ++ - hookstate: implement snapctl fde-setup-{request,result} ++ - devicestate: make checkEncryption fde-setup hook aware ++ - client,snapctl: add naive support for "stdin" ++ - devicestate: support "storage-safety" defaults during install ++ - snap: use the boot-base for kernel hooks ++ - vendor: update secboot repo to avoid including secboot.test binary ++ ++ -- Michael Vogt Tue, 15 Dec 2020 20:21:44 +0100 ++ ++snapd (2.48.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1906690 ++ - gadget: disable ubuntu-boot role validation check ++ ++ -- Michael Vogt Thu, 03 Dec 2020 17:43:30 +0100 ++ ++snapd (2.48-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1904098 ++ - osutil: add KernelCommandLineKeyValue ++ - devicestate: implement boot.HasFDESetupHook ++ - boot/makebootable.go: set snapd_recovery_mode=install at image- ++ build time ++ - bootloader: use ForGadget when installing boot config ++ - interfaces/raw_usb: allow read access to /proc/tty/drivers ++ - boot: add scaffolding for "fde-setup" hook support for sealing ++ - tests: fix basic20 test on arm devices ++ - seed: make a shared seed system label validation helper ++ - snap: add new "fde-setup" hooktype ++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test ++ - secboot,cmd/snap-bootstrap: fix degraded mode cases with better ++ device handling ++ - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some ++ messiness ++ - tests/nested/manual/refresh-revert-fundamentals: temporarily ++ disable secure boot ++ - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all ++ boot modes ++ - many: address degraded recover mode feedback, cleanups ++ - tests: Use systemd-run on tests part2 ++ - tests: set the opensuse tumbleweed system as manual in spread.yaml ++ - secboot: call BlockPCRProtectionPolicies even if the TPM is ++ disabled ++ - vendor: update to current secboot ++ - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and ++ save ++ - spread.yaml: increase number of workers on 20.10 ++ - snap: add new `snap recovery --show-keys` option ++ - tests: minor test tweaks suggested in the review of 9607 ++ - snapd-generator: set standard snapfuse options when generating ++ units for containers ++ - tests: enable lxd test on ubuntu-core-20 and 16.04-32 ++ - interfaces: share /tmp/.X11-unix/ from host or provider ++ - tests: enable main lxd test on 20.10 ++ - cmd/s-b/initramfs-mounts: refactor recover mode to implement ++ degraded mode ++ - gadget/install: add progress logging ++ - packaging: keep secboot/encrypt_dummy.go in debian ++ - interfaces/udev: use distro specific path to snap-device-helper ++ - o/devistate: fix chaining of tasks related to regular snaps when ++ preseeding ++ - gadget, overlord/devicestate: validate that system supports ++ encrypted data before install ++ - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ++ ESP layout ++ - many: add /v2/system-recovery-keys API and client ++ - secboot, many: return UnlockMethod from Unlock* methods for future ++ usage ++ - many: mv keys to ubuntu-boot, move model file, rename keyring ++ prefix for secboot ++ - tests: using systemd-run instead of manually create a systemd unit ++ - part 1 ++ - secboot, cmd/snap-bootstrap: enable or disable activation with ++ recovery key ++ - secboot: refactor Unlock...IfEncrypted to take keyfile + check ++ disks first ++ - secboot: add LockTPMSealedKeys() to lock access to keys ++ independently ++ - gadget: correct sfdisk arguments ++ - bootloader/assets/grub: adjust fwsetup menuentry label ++ - tests: new boot state tool ++ - spread: use the official image for Ubuntu 20.10, no longer an ++ unstable system ++ - tests/lib/nested: enable snapd logging to console for core18 ++ - osutil/disks: re-implement partition searching for disk w/ non- ++ adjacent parts ++ - tests: using the nested-state tool in nested tests ++ - many: seal a fallback object to the recovery boot chain ++ - gadget, gadget/install: move helpers to install package, refactor ++ unit tests ++ - dirs: add "gentoo" to altDirDistros ++ - update-pot: include file locations in translation template, and ++ extract strings from desktop files ++ - gadget/many: drop usage of gpt attr 59 for indicating creation of ++ partitions ++ - gadget/quantity: tweak test name ++ - snap: fix failing unittest for quantity.FormatDuration() ++ - gadget/quantity: introduce a new package that captures quantities ++ - o/devicestate,a/sysdb: make a backup of the device serial to save ++ - tests: fix rare interaction of tests.session and specific tests ++ - features: enable classic-preserves-xdg-runtime-dir ++ - tests/nested/core20/save: check the bind mount and size bump ++ - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 ++ - tests: rename hasHooks to hasInterfaceHooks in the ifacestate ++ tests ++ - o/devicestate: unit test tweaks ++ - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save ++ - testutil, cmd/snap/version: fix misc little errors ++ - overlord/devicestate: bind mount ubuntu-save under ++ /var/lib/snapd/save on startup ++ - gadget/internal: tune ext4 setting for smaller filesystems ++ - tests/nested/core20/save: a test that verifies ubuntu-save is ++ present and set up ++ - tests: update google sru backend to support groovy ++ - o/ifacestate: handle interface hooks when preseeding ++ - tests: re-enable the apt hooks test ++ - interfaces,snap: use correct type: {os,snapd} for test data ++ - secboot: set metadata and keyslots sizes when formatting LUKS2 ++ volumes ++ - tests: improve uc20-create-partitions-reinstall test ++ - client, daemon, cmd/snap: cleanups from #9489 + more unit tests ++ - cmd/snap-bootstrap: mount ubuntu-save during boot if present ++ - secboot: fix doc comment on helper for unlocking volume with key ++ - tests: add spread test for refreshing from an old snapd and core18 ++ - o/snapstate: generate snapd snap wrappers again after restart on ++ refresh ++ - secboot: version bump, unlock volume with key ++ - tests/snap-advise-command: re-enable test ++ - cmd/snap, snapmgr, tests: cleanups after #9418 ++ - interfaces: deny connected x11 plugs access to ICE ++ - daemon,client: write and read a maintenance.json file for when ++ snapd is shut down ++ - many: update to secboot v1 (part 1) ++ - osutil/disks/mockdisk: panic if same mountpoint shows up again ++ with diff opts ++ - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the ++ reseal tests ++ - many: implement snap routine console-conf-start for synchronizing ++ auto-refreshes ++ - dirs, boot: add ubuntu-save directories and related locations ++ - usersession: fix typo in test name ++ - overlord/snapstate: refactor ihibitRefresh ++ - overlord/snapstate: stop warning about inhibited refreshes ++ - cmd/snap: do not hardcode snapshot age value ++ - overlord,usersession: initial notifications of pending refreshes ++ - tests: add a unit test for UpdateMany where a single snap fails ++ - o/snapstate/catalogrefresh.go: don't refresh catalog in install ++ mode uc20 ++ - tests: also check snapst.Current in undo-unlink tests ++ - tests: new nested tool ++ - o/snapstate: implement undo handler for unlink-snap ++ - tests: clean systems.sh helper and migrate last set of tests ++ - tests: moving the lib section from systems.sh helper to os.query ++ tool ++ - tests/uc20-create-partitions: don't check for grub.cfg ++ - packaging: make sure that static binaries are indeed static, fix ++ openSUSE ++ - many: have install return encryption keys for data and save, ++ improve tests ++ - overlord: add link participant for linkage transitions ++ - tests: lxd smoke test ++ - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- ++ seed too ++ - tests: moving main suite from systems.sh to os.query tool ++ - tests: moving the core test suite from systems.sh to os.query tool ++ - cmd/snap-confine: mask host's apparmor config ++ - o/snapstate: move setting updated SnapState after error paths ++ - tests: add value to INSTANCE_KEY/regular ++ - spread, tests: tweaks for openSUSE ++ - cmd/snap-confine: update path to snap-device-helper in AppArmor ++ profile ++ - tests: new os.query tool ++ - overlord/snapshotstate/backend: specify tar format for snapshots ++ - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested ++ UC20 ++ - client,daemon,snap: auto-import does not error on managed devices ++ - interfaces: PTP hardware clock interface ++ - tests: use tests.backup tool ++ - many: verify that unit tests work with nosecboot tag and without ++ secboot package ++ - wrappers: do not error out on read-only /etc/dbus-1/session.d ++ filesystem on core18 ++ - snapshots: import of a snapshot set ++ - tests: more output for sbuild test ++ - o/snapstate: re-order remove tasks for individual snap revisions ++ to remove current last ++ - boot: skip some unit tests when running as root ++ - o/assertstate: introduce ++ ValidationTrackingKey/ValidationSetTracking and basic methods ++ - many: allow ignoring running apps for specific request ++ - tests: allow the searching test to fail under load ++ - overlord/snapstate: inhibit startup while unlinked ++ - seed/seedwriter/writer.go: check DevModeConfinement for dangerous ++ features ++ - tests/main/sudo-env: snap bin is available on Fedora ++ - boot, overlord/devicestate: list trusted and managed assets ++ upfront ++ - gadget, gadget/install: support for ubuntu-save, create one during ++ install if needed ++ - spread-shellcheck: temporary workaround for deadlock, drop ++ unnecessary test ++ - snap: support different exit-code in the snap command ++ - logger: use strutil.KernelCommandLineSplit in ++ debugEnabledOnKernelCmdline ++ - logger: fix snapd.debug=1 parsing ++ - overlord: increase refresh postpone limit to 14 days ++ - spread-shellcheck: use single thread pool executor ++ - gadget/install,secboot: add debug messages ++ - spread-shellcheck: speed up spread-shellcheck even more ++ - spread-shellcheck: process paths from arguments in parallel ++ - tests: tweak error from tests.cleanup ++ - spread: remove workaround for openSUSE go issue ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - tests: new tests.backup tool ++ - tests: add tests.cleanup pop sub-command ++ - tests: migration of the main suite to snaps-state tool part 6 ++ - tests: fix journal-state test ++ - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc ++ recover files ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - boot, gadget, bootloader: observer preserves managed bootloader ++ configs ++ - tests/nested/manual: add uc20 grade signed cloud-init test ++ - o/snapstate/autorefresh.go: eliminate race when launching ++ autorefresh ++ - daemon,snapshotstate: do not return "size" from Import() ++ - daemon: limit reading from snapshot import to Content-Length ++ - many: set/expect Content-Length header when importing snapshots ++ - github: switch from ::set-env command to environment file ++ - tests: migration of the main suite to snaps-state tool part 5 ++ - client: cleanup the Client.raw* and Client.do* method families ++ - tests: moving main suite to snaps-state tool part 4 ++ - client,daemon,snap: use constant for snapshot content-type ++ - many: fix typos and repeated "the" ++ - secboot: fix tpm connection leak when it's not enabled ++ - many: scaffolding for snapshots import API ++ - run-checks: run spread-shellcheck too ++ - interfaces: update network-manager interface to allow ++ ObjectManager access from unconfined clients ++ - tests: move core and regression suites to snaps-state tool ++ - tests: moving interfaces tests to snaps-state tool ++ - gadget: preserve files when indicated by content change observer ++ - tests: moving smoke test suite and some tests from main suite to ++ snaps-state tool ++ - o/snapshotstate: pass set id to backend.Open, update tests ++ - asserts/snapasserts: introduce ValidationSets ++ - o/snapshotstate: improve allocation of new set IDs ++ - boot: look at the gadget for run mode bootloader when making the ++ system bootable ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - usersession/userd: separate bus name ownership from defining ++ interfaces ++ - o/snapshotstate: set snapshot set id from its filename ++ - o/snapstate: move remove-related tests to snapstate_remove_test.go ++ - desktop/notification: switch ExpireTimeout to time.Duration ++ - desktop/notification: add unit tests ++ - snap: snap help output refresh ++ - tests/nested/manual/preseed: include a system-usernames snap when ++ preseeding ++ - tests: fix sudo-env test ++ - tests: fix nested core20 shellcheck bug ++ - tests/lib: move to new directory when restoring PWD, cleanup ++ unpacked unpacked snap directories ++ - desktop/notification: add bindings for FDO notifications ++ - dbustest: fix stale comment references ++ - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, ++ drop former ++ - snap-repair: add uc20 support ++ - tests: print all the serial logs for the nested test ++ - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid ++ bug in test ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} ++ as Unknown* ++ - asserts: deserialize grouping only once in Pool.AddBatch if needed ++ - gadget: allow content observer to have opinions about a change ++ - tests: new snaps-state command - part1 ++ - o/assertstate: support refreshing any number of snap-declarations ++ - boot: use test helpers ++ - tests/core/snap-debug-bootvars: also check snap_mode ++ - many/apparmor: adjust rules for reading profile/ execing new ++ profiles for new kernel ++ - tests/core/snap-debug-bootvars: spread test for snap debug boot- ++ vars ++ - tests/lib/nested.sh: more little tweaks ++ - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - overlord: explicitly set refresh-app-awareness in tests ++ - kernel: remove "edition" from kernel.yaml and add "update" ++ - spread: drop vendor from the packed project archive ++ - boot: fix debug bootloader variables dump on UC20 systems ++ - wrappers, systemd: allow empty root dir and conditionally do not ++ pass --root to systemctl ++ - tests/nested/manual: add test for grades above signed booting with ++ testkeys ++ - tests/nested: misc robustness fixes ++ - o/assertstate,asserts: use bulk refresh to refresh snap- ++ declarations ++ - tests/lib/prepare.sh: stop patching the uc20 initrd since it has ++ been updated now ++ - tests/nested/manual/refresh-revert-fundamentals: re-enable test ++ - update-pot: ignore .go files inside .git when running xgettext-go ++ - tests: disable part of the lxd test completely on 16.04. ++ - o/snapshotstate: tweak comment regarding snapshot filename ++ - o/snapstate: improve snapshot iteration ++ - bootloader: lk cleanups ++ - tests: update to support nested kvm without reboots on UC20 ++ - tests/nested/manual/preseed: disable system-key check for 20.04 ++ image ++ - spread.yaml: add ubuntu-20.10-64 to qemu ++ - store: handle v2 error when fetching assertions ++ - gadget: resolve device mapper devices for fallback device lookup ++ - tests/nested/cloud-init-many: simplify tests and unify ++ helpers/seed inputs ++ - tests: copy /usr/lib/snapd/info to correct directory ++ - check-pr-title.py * : allow "*" in the first part of the title ++ - many: typos and small test tweak ++ - tests/main/lxd: disable cgroup combination for 16.04 that is ++ failing a lot ++ - tests: make nested signing helpers less confusing ++ - tests: misc nested changes ++ - tests/nested/manual/refresh-revert-fundamentals: disable ++ temporarily ++ - tests/lib/cla_check: default to Python 3, tweaks, formatting ++ - tests/lib/cl_check.py: use python3 compatible code ++ ++ -- Michael Vogt Thu, 19 Nov 2020 17:51:02 +0100 ++ ++snapd (2.47.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - snap: snap help output refresh ++ ++ -- Michael Vogt Thu, 08 Oct 2020 09:30:44 +0200 ++ ++snapd (2.47-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - tests: fix nested core20 shellcheck bug ++ - many/apparmor: adjust rule for reading apparmor profile for new ++ kernel ++ - snap-repair: add uc20 support ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - gadget: resolve device mapper devices for fallback device lookup ++ - secboot: add boot manager profile to pcr protection profile ++ - sysconfig,o/devicestate: mv DisableNoCloud to ++ DisableAfterLocalDatasourcesRun ++ - tests: make gadget-reseal more robust ++ - tests: skip nested images pre-configuration by default ++ - tests: fix for basic20 test running on external backend and rpi ++ - tests: improve kernel reseal test ++ - boot: adjust comments, naming, log success around reseal ++ - tests/nested, fakestore: changes necessary to run nested uc20 ++ signed/secured tests ++ - tests: add nested core20 gadget reseal test ++ - boot/modeenv: track unknown keys in Read and put back into modeenv ++ during Write ++ - interfaces/process-control: add sched_setattr to seccomp ++ - boot: with unasserted kernels reseal if there's a hint modeenv ++ changed ++ - client: bump the default request timeout to 120s ++ - configcore: do not error in console-conf.disable for install mode ++ - boot: streamline bootstate20.go reseal and tests changes ++ - boot: reseal when changing kernel ++ - cmd/snap/model: specify grade in the model command output ++ - tests: simplify ++ repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks ++ - test: improve logging in nested tests ++ - nested: add support to telnet to serial port in nested VM ++ - secboot: use the snapcore/secboot native recovery key type ++ - tests/lib/nested.sh: use more focused cloud-init config for uc20 ++ - tests/lib/nested.sh: wait for the tpm socket to exist ++ - spread.yaml, tests/nested: misc changes ++ - tests: add more checks to disk space awareness spread test ++ - tests: disk space awareness spread test ++ - boot: make MockUC20Device use a model and MockDevice more ++ realistic ++ - boot,many: reseal only when meaningful and necessary ++ - tests/nested/core20/kernel-failover: add test for failed refresh ++ of uc20 kernel ++ - tests: fix nested to work with qemu and kvm ++ - boot: reseal when updating boot assets ++ - tests: fix snap-routime-portal-info test ++ - boot: verify boot chain file in seal and reseal tests ++ - tests: use full path to test-snapd-refresh.version binary ++ - boot: store boot chains during install, helper for checking ++ whether reseal is needed ++ - boot: add call to reseal an existing key ++ - boot: consider boot chains with unrevisioned kernels incomparable ++ - overlord: assorted typos and miscellaneous changes ++ - boot: group SealKeyModelParams by model, improve testing ++ - secboot: adjust parameters to buildPCRProtectionProfile ++ - strutil: add SortedListsUniqueMergefrom the doc comment: ++ - snap/naming: upgrade TODO to TODO:UC20 ++ - secboot: add call to reseal an existing key ++ - boot: in seal.go adjust error message and function names ++ - o/snapstate: check available disk space in RemoveMany ++ - boot: build bootchains data for sealing ++ - tests: remove "set -e" from function only shell libs ++ - o/snapstate: disk space check on UpdateMany ++ - o/snapstate: disk space check with snap update ++ - snap: implement new `snap reboot` command ++ - boot: do not reorder boot assets when generating predictable boot ++ chains and other small tweaks ++ - tests: some fixes and improvements for nested execution ++ - tests/core/uc20-recovery: fix check for at least specific calls to ++ mock-shutdown ++ - boot: be consistent using bootloader.Role* consts instead of ++ strings ++ - boot: helper for generating secboot load chains from a given boot ++ asset sequence ++ - boot: tweak boot chains to support a list of kernel command lines, ++ keep track of model and kernel boot file ++ - boot,secboot: switch to expose and use snapcore/secboot load event ++ trees ++ - tests: use `nested_exec` in core{20,}-early-config test ++ - devicestate: enable cloud-init on uc20 for grade signed and ++ secured ++ - boot: add "rootdir" to baseBootenvSuite and use in tests ++ - tests/lib/cla_check.py: don't allow users.noreply.github.com ++ commits to pass CLA ++ - boot: represent boot chains, helpers for marshalling and ++ equivalence checks ++ - boot: mark successful with boot assets ++ - client, api: handle insufficient space error ++ - o/snapstate: disk space check with single snap install ++ - configcore: "service.console-conf.disable" is gadget defaults only ++ - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode ++ AppArmor profile path ++ - tests: skip udp protocol in nfs-support test on ubuntu-20.10 ++ - packaging/debian-sid: tweak code preparing _build tree ++ - many: move seal code from gadget/install to boot ++ - tests: remove workaround for cups on ubuntu-20.10 ++ - client: implement RebootToSystem ++ - many: seed.Model panics now if called before LoadAssertions ++ - daemon: add /v2/systems "reboot" action API ++ - github: run tests also on push to release branches ++ - interfaces/bluez: let slot access audio streams ++ - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with ++ new seed.ReadSystemEssential ++ - interfaces: allow snap-update-ns to read /proc/cmdline ++ - tests: new organization for nested tests ++ - o/snapstate, features: add feature flags for disk space awareness ++ - tests: workaround for cups issue on 20.10 where default printer is ++ not configured. ++ - interfaces: update cups-control and add cups for providing snaps ++ - boot: keep track of the original asset when observing updates ++ - tests: simplify and fix tests for disk space checks on snap remove ++ - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for ++ cloud.conf ++ - tests/main: mv core specific tests to core suite ++ - tests/lib/nested.sh: reset the TPM when we create the uc20 vm ++ - devicestate: rename "mockLogger" to "logbuf" ++ - many: introduce ContentChange for tracking gadget content in ++ observers ++ - many: fix partion vs partition typo ++ - bootloader: retrieve boot chains from bootloader ++ - devicestate: add tests around logging in RequestSystemAction ++ - boot: handle canceled update ++ - bootloader: tweak doc comments (thanks Samuele) ++ - seed/seedwriter: test local asserted snaps with UC20 grade signed ++ - sysconfig/cloudinit.go: add DisableNoCloud to ++ CloudInitRestrictOptions ++ - many: use BootFile type in load sequences ++ - boot,bootloader: clarifications after the changes to introduce ++ bootloader.Options.Role ++ - boot,bootloader,gadget: apply new bootloader.Options.Role ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - testutil: add checkers for symbolic link target ++ - many: refactor tpm seal parameter setting ++ - boot/bootstate20: reboot to rollback to previous kernel ++ - boot: add unit test helpers ++ - boot: observe update & rollback of trusted assets ++ - interfaces/utf: Add MIRKey to u2f devices ++ - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 ++ cloud-init tests ++ - many: check that users of BaseTest don't forget to consume ++ cleanups ++ - tests/nested/core20/tpm: verify trusted boot assets tracking ++ - github: run macOS job with Go 1.14 ++ - many: misc doc-comment changes and typo fixes ++ - o/snapstate: disk space check with InstallMany ++ - many: cloud-init cleanups from previous PR's ++ - tests: running tests on opensuse leap 15.2 ++ - run-checks: check for dirty build tree too ++ - vendor: run ./get-deps.sh to update the secboot hash ++ - tests: update listing test for "-dirty" versions ++ - overlord/devicestate: do not release the state lock when updating ++ gadget assets ++ - secboot: read kernel efi image from snap file ++ - snap: add size to the random access file return interface ++ - daemon: correctly parse Content-Type HTTP header. ++ - tests: account for apt-get on core18 ++ - cmd/snap-bootstrap/initramfs-mounts: compute string outside of ++ loop ++ - mkversion.sh: simple hack to include dirty in version if the tree ++ is dirty ++ - cgroup,snap: track hooks on system bus only ++ - interfaces/systemd: compare dereferenced Service ++ - run-checks: only check files in git for misspelling ++ - osutil: add a package doc comment (via doc.go) ++ - boot: complain about reused asset name during initial install ++ - snapstate: installSize helper that calculates total size of snaps ++ and their prerequisites ++ - snapshots: export of snapshots ++ - boot/initramfs_test.go: reset boot vars on the bootloader for each ++ iteration ++ ++ -- Michael Vogt Tue, 29 Sep 2020 17:19:13 +0200 ++ ++snapd (2.46.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - interfaces: allow snap-update-ns to read ++ /proc/cmdline ++ - github: run macOS job with Go 1.14 ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - tests: account for apt-get on core18 ++ - mkversion.sh: include dirty in version if the tree ++ is dirty ++ - interfaces/systemd: compare dereferenced Service ++ - vendor.json: update mysterious secboot SHA again ++ ++ -- Michael Vogt Fri, 04 Sep 2020 17:42:54 +0200 ++ ++snapd (2.46-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - logger: add support for setting snapd.debug=1 on kernel cmdline ++ - o/snapstate: check disk space before creating automatic snapshot ++ on remove ++ - boot, o/devicestate: observe existing recovery bootloader trusted ++ boot assets ++ - many: use transient scope for tracking apps and hooks ++ - features: add HiddenSnapFolder feature flag ++ - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 ++ too ++ - runinhibit: open the lock file in read-only mode in IsLocked ++ - cmd/s-b/initramfs-mounts: make recover -> run mode transition ++ automatic ++ - tests: update spread test for unknown plug/slot with snapctl is- ++ connected ++ - osutil: add OpenExistingLockForReading ++ - kernel: add kernel.Validate() ++ - interfaces: add vcio interface ++ - interfaces/{docker,kubernetes}-support: load overlay and support ++ systemd cgroup driver ++ - tests/lib/nested.sh: use more robust code for finding what loop ++ dev we mounted ++ - cmd/snap-update-ns: detach all bind-mounted file ++ - snap/snapenv: set SNAP_REAL_HOME ++ - packaging: umount /snap on purge in containers ++ - interfaces: misc policy updates xlvi ++ - secboot,cmd/snap-bootstrap: cross-check partitions before ++ unlocking, mounting ++ - boot: copy boot assets cache to new root ++ - gadget,kernel: add new kernel.{Info,Asset} struct and helpers ++ - o/hookstate/ctlcmd: make is-connected check whether the plug or ++ slot exists ++ - tests: find -ignore_readdir_race when scanning cgroups ++ - interfaces/many: deny arbitrary desktop files and misc from ++ /usr/share ++ - tests: use "set -ex" in prep-snapd-in-lxd.sh ++ - tests: re-enable udisks test on debian-sid ++ - cmd/snapd-generator: use PATH fallback if PATH is not set ++ - tests: disable udisks2 test on arch linux ++ - github: use latest/stable go, not latest/edge ++ - tests: remove support for ubuntu 19.10 from spread tests ++ - tests: fix lxd test wrongly tracking 'latest' ++ - secboot: document exported functions ++ - cmd: compile snap gdbserver shim correctly ++ - many: correctly calculate the desktop file prefix everywhere ++ - interfaces: add kernel-crypto-api interface ++ - corecfg: add "system.timezone" setting to the system settings ++ - cmd/snapd-generator: generate drop-in to use fuse in container ++ - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments ++ from previous PR ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - secboot,cmd/snap-bootstrap: don't import boot package from secboot ++ - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of ++ the-tool ++ - tests: work around broken update of systemd-networkd ++ - tests/main/install-fontconfig-cache-gen: enhance test by ++ verifying, add fonts to test ++ - o/devicestate: wrap asset update observer error ++ - boot: refactor such that bootStateUpdate20 mainly carries Modeenv ++ - mkversion.sh: disallow changelog versions that have git in it, if ++ we also have git version ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - snap: fix repeated "cannot list recovery system" and add test ++ - boot: track trusted assets during initial install, assets cache ++ - vendor: update secboot to fix key data validation ++ - tests: unmount FUSE file-systems from XDG runtime dir ++ - overlord/devicestate: workaround non-nil interface with nil struct ++ - sandbox/cgroup: remove temporary workaround for multiple cgroup ++ writers ++ - sandbox/cgroup: detect dangling v2 cgroup ++ - bootloader: add helper for creating a bootloader based on gadget ++ - tests: support different images on nested execution ++ - many: reorg cmd/snapinfo.go into snap and new client/clientutil ++ - packaging/arch: use external linker when building statically ++ - tests: cope with ghost cgroupv2 ++ - tests: fix issues related to restarting systemd-logind.service ++ - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to ++ gadget updates ++ - vendor: update github.com/kr/pretty to fix diffs of values with ++ pointer cycles ++ - boot: move bootloaderKernelState20 impls to separate file ++ - .github/workflows: move snap building to test.yaml as separate ++ cached job ++ - tests/nested/manual/minimal-smoke: run core smoke tests in a VM ++ meeting minimal requirements ++ - osutil: add CommitAs to atomic file ++ - gadget: introduce content update observer ++ - bootloader: introduce TrustedAssetsBootloader, implement for grub ++ - o/snapshotstate: helpers for calculating disk space needed for an ++ automatic snapshot ++ - gadget/install: retrieve command lines from bootloader ++ - boot/bootstate20: unify commit method impls, rm ++ bootState20MarkSuccessful ++ - tests: add system information and image information when debug ++ info is displayed ++ - tests/main/cgroup-tracking: try to collect some information about ++ cgroups ++ - boot: introduce current_boot_assets and ++ current_recovery_boot_assets to modeenv ++ - tests: fix for timing issues on journal-state test ++ - many: remove usage and creation of hijacked pid cgroup ++ - tests: port regression-home-snap-root-owned to tests.session ++ - tests: run as hightest via tests.session ++ - github: run CLA checks on self-hosted workers ++ - github: remove Ubuntu 19.10 from actions workflow ++ - tests: remove End-Of-Life opensuse/fedora releases ++ - tests: remove End-Of-Life releases from spread.yaml ++ - tests: fix debug section of appstream-id test ++ - interfaces: check !b.preseed earlier ++ - tests: work around bug in systemd/debian ++ - boot: add deepEqual, Copy helpers for Modeenv to simplify ++ bootstate20 refactor ++ - cmd: add new "snap recovery" command ++ - interfaces/systemd: use emulation mode when preseeding ++ - interfaces/kmod: don't load kernel modules in kmod backend when ++ preseeding ++ - interfaces/udev: do not reload udevadm rules when preseeding ++ - cmd/snap-preseed: use snapd from the deb if newer than from seeds ++ - boot: fancy marshaller for modeenv values ++ - gadget, osutil: use atomic file copy, adjust tests ++ - overlord: use new tracking cgroup for refresh app awareness ++ - github: do not skip gofmt with Go 1.9/1.10 ++ - many: introduce content write observer, install mode glue, initial ++ seal stubs ++ - daemon,many: switch to use client.ErrorKind and drop the local ++ errorKind... ++ - tests: new parameters for nested execution ++ - client: move all error kinds into errors.go and add doc strings ++ - cmd/snap: display the error in snap debug seeding if seeding is in ++ error ++ - cmd/snap/debug/seeding: use unicode for proper yaml ++ - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty ++ recovery_mode ++ - osutil/disks: add mock disk and tests for happy path of mock disks ++ - tests: refresh/revert snapd in uc20 ++ - osutil/disks: use a dedicated error to indicate a fs label wasn't ++ found ++ - interfaces/system-key: in WriteSystemKey during tests, don't call ++ ParserFeatures ++ - boot: add current recovery systems to modeenv ++ - bootloader: extend managed assets bootloader interface to compose ++ a candidate command line ++ - interfaces: make the unmarshal test match more the comment ++ - daemon/api: use pointers to time.Time for debug seeding aspect ++ - o/ifacestate: update security profiles in connect undo handler ++ - interfaces: add uinput interface ++ - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit ++ tests ++ - o/devicestate: save seeding/preseeding times for use with debug ++ seeding api ++ - cmd/snap/debug: add "snap debug seeding" command for preseeding ++ debugging ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ - bootloader: compose command line with mode and extra arguments ++ - cmd/snap, daemon: detect and bail purge on multi-snap ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - interfaces/builtin/multipass: replace U+00A0 no-break space with ++ simple space ++ - bootloader/assets: generate bootloader assets from files ++ - many/tests/preseed: reset the preseeded images before preseeding ++ them ++ - tests: drop accidental accents from e ++ - secboot: improve key sealing tests ++ - tests: replace _wait_for_file_change with retry ++ - tests: new fs-state which replaces the files.sh helper ++ - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" ++ from path ++ - cmd/snap: track started apps and hooks ++ - tests/main/interfaces-pulseaudio: disable start limit checking for ++ pulseaudio service ++ - api: seeding debug api ++ - .github/workflows/snap-build.yaml: build the snapd snap via GH ++ Actions too ++ - tests: moving journalctl.sh to a new journal-state tool ++ - tests/nested/manual: add spread tests for cloud-init vuln ++ - bootloader/assets: helpers for registering per-edition snippets, ++ register snippets for grub ++ - data,packaging,wrappers: extend D-Bus service activation search ++ path ++ - spread: add opensuse 15.2 and tumbleweed for qemu ++ - overlord,o/devicestate: restrict cloud-init on Ubuntu Core ++ - sysconfig/cloudinit: add RestrictCloudInit ++ - cmd/snap-preseed: check that target path exists and is a directory ++ on --reset ++ - tests: check for pids correctly ++ - gadget,gadget/install: refactor partition table update ++ - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState ++ type ++ - interface/fwupd: add more policies for making fwupd upstream ++ strict ++ - tests: new to-one-line tool which replaces the strings.sh helper ++ - interfaces: new helpers to get and compare system key, for use ++ with seeding debug api ++ - osutil, many: add helper for checking whether the process is a go ++ test binary ++ - cmd/snap-seccomp/syscalls: add faccessat2 ++ - tests: adjust xdg-open after launcher changes ++ - tests: new core config helper ++ - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- ++ open ++ - cmd/snap-preseed: handle relative chroot path ++ - snapshotstate: move sizer to osutil.Sizer() ++ - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref ++ kernel tests ++ - gadget/install,secboot: use snapcore/secboot luks2 api ++ - boot/initramfs_test.go: add Commentf to more Assert()'s ++ - tests/lib: account for changes in arch package file name extension ++ - bootloader/bootloadertest: fix comment typo ++ - bootloader: add helper for getting recovery system environment ++ variables ++ - tests: preinstall shellcheck and run tests on focal ++ - strutil: add a helper for parsing kernel command line ++ - osutil: add CheckFreeSpace helper ++ - secboot: update tpm connection error handling ++ - packaging, cmd/snap-mgmt, tests: remove modules files on purge ++ - tests: add tests.cleanup helper ++ - packaging: add "ca-certificates" to build-depends ++ - tests: more checks in core20 early config spread test ++ - tests: fix some snapstate tests to use pointers for ++ snapmgrTestSuite ++ - boot: better naming of helpers for obtaining kernel command line ++ - many: use more specific check for unit test mocking ++ - systemd/escape: fix issues with "" and "\t" handling ++ - asserts: small improvements and corrections for sequence-forming ++ assertions' support ++ - boot, bootloader: query kernel command line of run mod and ++ recovery mode systems ++ - snap/validate.go: disallow snap layouts with new top-level ++ directories ++ - tests: allow to add a new label to run nested tests as part of PR ++ validation ++ - tests/core/gadget-update-pc: port to UC20 ++ - tests: improve nested tests flexibility ++ - asserts: integer headers: disallow prefix zeros and make parsing ++ more uniform ++ - asserts: implement Database.FindSequence ++ - asserts: introduce SequenceMemberAfter in the asserts backstores ++ - spread.yaml: remove tests/lib/tools from PATH ++ - overlord: refuse to install snaps whose activatable D-Bus services ++ conflict with installed snaps ++ - tests: shorten lxd-state undo-mount-changes ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - tests: fix argument handling of apt-state ++ - tests: rename lxd-tool to lxd-state ++ - tests: rename user-tool to user-state, fix --help ++ - interfaces: add gconf interface ++ - sandbox/cgroup: avoid parsing security tags twice ++ - tests: rename version-tool to version-compare ++ - cmd/snap-update-ns: handle anomalies better ++ - tests: fix call to apt.Package.mark_install(auto_inst=True) ++ - tests: rename mountinfo-tool to mountinfo.query ++ - tests: rename memory-tool to memory-observe-do ++ - tests: rename invariant-tool to tests.invariant ++ - tests: rename apt-tool to apt-state ++ - many: managed boot config during run mode setup ++ - asserts: introduce the concept of sequence-forming assertion types ++ - tests: tweak comments/output in uc20-recovery test ++ - tests/lib/pkgdb: do not use quiet when purging debs ++ - interfaces/apparmor: allow snap-specific /run/lock ++ - interfaces: add system-source-code for access to /usr/src ++ - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data ++ - gadget/install: move udev trigger to gadget/install ++ - many: make nested spread tests more reliable ++ - tests/core/uc20-recovery: apply hack to get gopath in recover mode ++ w/ external backend ++ - tests: enable tests on uc20 which now work with the real model ++ assertion ++ - tests: enable system-snap-refresh test on uc20 ++ - gadget, bootloader: preserve managed boot assets during gadget ++ updates ++ - tests: fix leaked dbus-daemon in selinux-clean ++ - tests: add servicestate.Control tests ++ - tests: fix "restart.service" ++ - wrappers: helper for enabling services - extract and move enabling ++ of services into a helper ++ - tests: new test to validate refresh and revert of kernel and ++ gadget on uc20 ++ - tests/lib/prepare-restore: collect debug info when prepare purge ++ fails ++ - bootloader: allow managed bootloader to update its boot config ++ - tests: Remove unity test from nightly test suite ++ - o/devicestate: set mark-seeded to done in the task itself ++ - tests: add spread test for disconnect undo caused by failing ++ disconnect hook ++ - sandbox/cgroup: allow discovering PIDs of given snap ++ - osutil/disks: support IsDecryptedDevice for mountpoints which are ++ dm devices ++ - osutil: detect autofs mounted in /home ++ - spread.yaml: allow amazon-linux-2-64 qemu with ++ ec2-user/ec2-user ++ - usersession: support additional zoom URL schemes ++ - overlord: mock timings.DurationThreshold in TestNewWithGoodState ++ - sandbox/cgroup: add tracking helpers ++ - tests: detect stray dbus-daemon ++ - overlord: refuse to install snaps providing user daemons on Ubuntu ++ 14.04 ++ - many: move encryption and installer from snap-boostrap to gadget ++ - o/ifacestate: fix connect undo handler ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - bootloader: introduce managed bootloader, implement for grub ++ - tests: fix incorrect check in smoke/remove test ++ - asserts,seed: split handling of essential/not essential model ++ snaps ++ - gadget: fix typo in mounted filesystem updater ++ - gadget: do only one mount point lookup in mounted fs updater ++ - tests/core/snap-auto-mount: try to make the test more robust ++ - tests: adding ubuntu-20.04 to google-sru backend ++ - o/servicestate: add updateSnapstateServices helper ++ - bootloader: pull recovery grub config from internal assets ++ - tests/lib/tools: apply linger workaround when needed ++ - overlord/snapstate: graceful handling of denied "managed" refresh ++ schedule ++ - snapstate: fix autorefresh from classic->strict ++ - overlord/configstate: add system.kernel.printk.console-loglevel ++ option ++ - tests: fix assertion disk handling for nested UC systems ++ - snapstate: use testutil.HostScaledTimeout() in snapstate tests ++ - tests: extra worker for google-nested backend to avoid timeout ++ error on uc20 ++ - snapdtool: helper to check whether the current binary is reexeced ++ from a snap ++ - tests: mock servicestate in api tests to avoid systemctl checks ++ - many: rename back snap.Info.GetType to Type ++ - tests/lib/cla_check: expect explicit commit range ++ - osutil/disks: refactor diskFromMountPointImpl a bit ++ - o/snapstate: service-control task handler ++ - osutil: add disks pkg for associating mountpoints with ++ disks/partitions ++ - gadget,cmd/snap-bootstrap: move partitioning to gadget ++ - seed: fix LoadEssentialMeta when gadget is not loaded ++ - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo ++ secure_path ++ - asserts: introduce new assertion validation-set ++ - asserts,daemon: add support for "serials" field in system-user ++ assertion ++ - data/sudo: drop a failed sudo secure_path workaround ++ - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat ++ - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg ++ - spread.yaml: update secure boot attribute name ++ - interfaces/block_devices: add NVMe subsystem devices, support ++ multipath paths ++ - tests: use the "jq" snap from the edge channel ++ - tests: simplify the tpm test by removing the test-snapd-mokutil ++ snap ++ - boot/bootstate16.go: clean snap_try_* vars when not in Trying ++ status too ++ - tests/main/sudo-env: check snap path under sudo ++ - tests/main/lxd: add test for snaps inside nested lxd containers ++ not working ++ - asserts/internal: expand errors about invalid serialized grouping ++ labels ++ - usersession/userd: add msteams url support ++ - tests/lib/prepare.sh: adjust comment about sgdisk ++ - tests: fix how gadget pc is detected when the snap does not exist ++ and ls fails ++ - tests: move a few more tests to snapstate_update_test.go ++ - tests/main: add spread test for running svc from install hook ++ - tests/lib/prepare: increase the size of the uc16/uc18 partitions ++ - tests/special-home-can-run-classic-snaps: re-enable ++ - workflow: test PR title as part of the static checks again ++ - tests/main/xdg-open-compat: backup and restore original xdg-open ++ - tests: move update-related tests to snapstate_update_test.go ++ - cmd,many: move Version and bits related to snapd tools to ++ snapdtool, merge cmdutil ++ - tests/prepare-restore.sh: reset-failed systemd-journald before ++ restarting ++ - interfaces: misc small interface updates ++ - spread: use find rather than recursive ls, skip mounted snaps ++ - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls ++ /var/lib/snapd ++ - tests: enable snap-auto-mount test on core20 ++ - cmd/snap: do not show $PATH warning when executing under sudo on a ++ known distro ++ - asserts/internal: add some iteration benchmarks ++ - sandbox/cgroup: improve pid parsing code ++ - snap: add new `snap run --experimental-gdbserver` option ++ - asserts/internal: limit Grouping size switching to a bitset ++ representationWe don't always use the bit-set representation ++ because: ++ - snap: add an activates-on property to apps for D-Bus activation ++ - dirs: delete unused Cloud var, fix typo ++ - sysconfig/cloudinit: make callers of DisableCloudInit use ++ WritableDefaultsDir ++ - tests: fix classic ubuntu core transition auth ++ - tests: fail in setup_reflash_magic() if there is snapd state left ++ - tests: port interfaces-many-core-provided to tests.session ++ - tests: wait after creating partitions with sfdisk ++ - bootloader: introduce bootloarder assets, import grub.cfg with an ++ edition marker ++ - riscv64: bump timeouts ++ - gadget: drop dead code, hide exports that are not used externally ++ - tests: port 2 uc20 part1 ++ - tests: fix bug waiting for snap command to be ready ++ - tests: move try-related tests to snapstate_try_test.go ++ - tests: add debug for 20.04 prepare failure ++ - travis.yml: removed, all our checks run in GH actions now ++ - tests: clean up up the use of configcoreSuite in the configcore ++ tests ++ - sandbox/cgroup: remove redundant pathOfProcPidCgroup ++ - sandbox/cgroup: add tests for ParsePids ++ - tests: fix the basic20 test for uc20 on external backend ++ - tests: use configcoreSuite in journalSuite and remove some ++ duplicated code ++ - tests: move a few more tests to snapstate_install_test ++ - tests: assorted small patches ++ - dbusutil/dbustest: separate license from package ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ - tests: check that host settings like hostname are settable on core ++ - tests: port xdg-settings test to tests.session ++ - tests: port snap-handle-link test to tests.session ++ - arch: add riscv64 ++ - tests: core20 early defaults spread test ++ - tests: move install tests from snapstate_test.go to ++ snapstate_install_test.go ++ - github: port macOS sanity checks from travis ++ - data/selinux: allow checking /var/cache/app-info ++ - o/devicestate: core20 early config from gadget defaults ++ - tests: autoremove after removing lxd in preseed-lxd test ++ - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot ++ - sandbox/cgroup: move FreezerCgroupDir from dirs.go ++ - tests: update the file used to detect the boot path on uc20 ++ - spread.yaml: show /var/lib/snapd in debug ++ - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + ++ netplan files ++ - snap/naming: add helpers to parse app and hook security tags ++ - tests: modernize retry tool ++ - tests: fix and trim debug section in xdg-open-portal ++ - tests: modernize and use snapd.tool ++ - vendor: update to latest github.com/snapcore/bolt for riscv64 ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - interfaces/system-packages-doc: fix typo in variable names ++ - tests: port interfaces-calendar-service to tests.session ++ - tests: install/run the lzo test snap too ++ - snap: (small) refactor of `snap download` code for ++ testing/extending ++ - data: fix shellcheck warnings in snapd.sh.in ++ - packaging: disable buildmode=pie for riscv64 ++ - tests: install test-snapd-rsync snap from edge channel ++ - tests: modernize tests.session and port everything using it ++ - tests: add ubuntu 20.10 to spread tests ++ - cmd/snap/remove: mention snap restore/automatic snapshots ++ - dbusutil: move all D-Bus helpers and D-Bus test helpers ++ - wrappers: pass 'disable' flag to StopServices wrapper ++ - osutil: enable riscv64 build ++ - snap/naming: add ParseSecurityTag and friends ++ - tests: port document-portal-activation to session-tool ++ - bootloader: rename test helpers to reflect we are mocking EFI boot ++ locations ++ - tests: disable test of nfs v3 with udp proto on debian-sid ++ - tests: plan to improve the naming and uniformity of utilities ++ - tests: move *-tool tests to their own suite ++ - snap-bootstrap: remove sealed key file on reinstall ++ - bootloader/ubootenv: don't panic with an empty uboot env ++ - systemd: rename actualFsTypeAndMountOptions to ++ hostFsTypeAndMountOptions ++ - daemon: fix filtering of service-control changes for snap.app ++ - tests: spread test for preseeding in lxd container ++ - tests: fix broken snapd.session agent.socket ++ - wrappers: add RestartServices function and ReloadOrRestart to ++ systemd ++ - o/cmdstate: handle ignore flag on exec-command tasks ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - tests: update statx test to run on all LTS releases ++ - configcore: show better error when disabling services ++ - interfaces: add hugepages-control ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases ++ - tests: skip interfaces-openvswitch for centos 8 in nightly suite ++ - tests: reload systemd --user for root, if present ++ - tests: reload systemd after editing /etc/fstab ++ - tests: add missing dependencies needed for sbuild test on debian ++ - tests: reload systemd after removing pulseaudio ++ - image, tests: core18 early config. ++ - interfaces: add system-packages-doc interface ++ - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when ++ preseeding ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: improve oom-vitality tests ++ - tests: add fedora 32 to spread.yaml ++ - config: apply vitality-hint immediately when the config changes ++ - tests: port snap-routine-portal-info to session-tool ++ - configcore: add "service.console-conf.disable" config option ++ - tests: port xdg-open to session-tool ++ - tests: port xdg-open-compat to session-tool ++ - tests: port interfaces-desktop-* to session-tool ++ - spread.yaml: apply yaml formatter/linter ++ - tests: port interfaces-wayland to session-tool ++ - o/devicestate: refactor current system handling ++ - snap-mgmt: perform cleanup of user services ++ - snap/snapfile,squashfs: followups from 8729 ++ - boot, many: require mode in modeenv ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests: log stderr from dbus-monitor ++ - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers ++ tag ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - data/selinux: allow snapd to remove/create the its socket ++ - testutil/exec.go: set PATH after running shellcheck ++ - tests: silence stderr from dbus-monitor ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - github: remove workaround for bug 133 in actions/cache ++ - tests: remove dbus.sh ++ - cmd/snap-preseed: improve mountpoint checks of the preseeded ++ chroot ++ - spread.yaml: add ps aux to debug section ++ - github: run all spread systems in a single go with cached results ++ - test: session-tool cli tweaks ++ - asserts: rest of the Pool API ++ - tests: port interfaces-network-status-classic to session-tool ++ - packaging: remove obsolete 16.10,17.04 symlinks ++ - tests: setup portals before starting user session ++ - o/devicestate: typo fix ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - cmd/snap/model: support store, system-user-authority keys in ++ --verbose ++ - o/devicestate: raise conflict when requesting system action while ++ seeding ++ - tests: detect signs of crashed snap-confine ++ - tests: sign kernel and gadget to run nested tests using current ++ snapd code ++ - tests: remove gnome-online-accounts we install ++ - tests: fix the issue where all the tests were executed on secboot ++ system ++ - tests: port interfaces-accounts-service to session-tool ++ - interfaces/network-control: bring /var/lib/dhcp from host ++ - image,cmd/snap,tests: add support for store-wide cohort keys ++ - configcore: add nomanagers buildtag for conditional build ++ - tests: port interfaces-password-manager-service to session-tool ++ - o/devicestate: cleanup system actions supported by recover mode ++ - snap-bootstrap: remove create-partitions and update tests ++ - tests: fix nested tests ++ - packaging/arch: update PKGBUILD to match one in AUR ++ - tests: port interfaces-location-control to session-tool ++ - tests: port interfaces-contacts-service to session-tool ++ - state: log task errors in the journal too ++ - o/devicestate: change how current system is reported for different ++ modes ++ - devicestate: do not report "ErrNoState" for seeded up ++ - tests: add a note about broken test sequence ++ - tests: port interfaces-autopilot-introspection to session-tool ++ - tests: port interfaces-dbus to session-tool ++ - packaging: update sid packaging to match 16.04+ ++ - tests: enable degraded test on uc20 ++ - c/snaplock/runinhibit: add run inhibition operations ++ - tests: detect and report root-owned files in /home ++ - tests: reload root's systemd --user after snapd tests ++ - tests: test registration with serial-authority: [generic] ++ - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- ++ key in recover ++ - tests/mount-ns: stop binfmt_misc mount unit ++ - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition ++ uuid if available ++ - daemon, tests: indicate system mode, test switching to recovery ++ and back to run ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - tests/mount-ns: update to reflect new UEFI boot mode ++ - usersession,tests: clean ups for userd/settings.go and move ++ xdgopenproxy under usersession ++ - tests: disable mount-ns test ++ - tests: test user belongs to systemd-journald, on core20 ++ - tests: run core/snap-set-core-config on uc20 too ++ - tests: remove generated session-agent units ++ - sysconfig: use new _writable_defaults dir to create cloud config ++ - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for ++ future work ++ - asserts: make clearer that with label we mean a serialized label ++ - cmd/snap-bootstrap: tweak recovery trigger log messages ++ - asserts: introduce PoolTo ++ - userd: allow setting default-url-scheme-handler ++ - secboot: append uuid to ubuntu-data when decrypting ++ - o/configcore: pass extra options to FileSystemOnlyApply ++ - tests: add dbus-user-session to bionic and reorder package names ++ - boot, bootloader: adjust comments, expand tests ++ - tests: improve debugging of user session agent tests ++ - packaging: add the inhibit directory ++ - many: add core.resiliance.vitality-hint config setting ++ - tests: test adjustments and fixes for recently published images ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to ++ secboot ++ - tests: not fail when boot dir cannot be determined ++ - tests: new directory used to store the cloud images on gce ++ - tests: inject snapd from edge into seeds of the image in manual ++ preseed test ++ - usersession/agent,wrappers: fix races between Shutdown and Serve ++ - tests: add dependency needed for next upgrade of bionic ++ - tests: new test user is used for external backend ++ - cmd/snap: fix the order of positional parameters in help output ++ - tests: don't create root-owned things in ~test ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - progress: tweak multibyte label unit test data ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data ++ - wrappers: allow user mode systemd daemons ++ - progress: fix progress bar with multibyte duration units ++ - tests: fix raciness in pulseaudio test ++ - asserts/internal: introduce Grouping and Groupings ++ - tests: remove user.sh ++ - tests: pair of follow-ups from earlier reviews ++ - overlord/snapstate: warn of refresh/postpone events ++ - configcore,tests: use daemon-reexec to apply watchdog config ++ - c/snap-bootstrap: check mount states via initramfsMountStates ++ - store: implement DownloadAssertions ++ - tests: run smoke test with different bases ++ - tests: port user-mounts test to session-tool ++ - store: handle error-list in fetch-assertions results ++ - tests: port interfaces-audio-playback-record to session-tool ++ - data/completion: add `snap` command completion for zsh ++ - tests/degraded: ignore failure in systemd-vconsole-setup.service ++ - image: stub implementation of image.Prepare for darwin ++ - tests: session-tool --restore -u stops user-$UID.slice ++ - o/ifacestate/handlers.go: fix typo ++ - tests: port pulseaudio test to session-tool ++ - tests: port user-session-env to session-tool ++ - tests: work around journald bug in core16 ++ - tests: add debug to core-persistent-journal test ++ - tests: port selinux-clean to session-tool ++ - tests: port portals test to session-tool, fix portal tests on sid ++ - tests: adding option --no-install-recommends option also when ++ install all the deps ++ - tests: add session-tool --has-systemd-and-dbus ++ - packaging/debian-sid: add gcc-multilib to build deps ++ - osutil: expand FileLock to support shared locks and more ++ - packaging: stop depending on python-docutils ++ - store,asserts,many: support the new action fetch-assertions ++ - tests: port snap-session-agent-* to session-tool ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - tests: fix for preseeding failures ++ ++ -- Michael Vogt Tue, 25 Aug 2020 17:26:21 +0200 ++ ++snapd (2.45.3.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ ++ -- Samuele Pedroni Tue, 28 Jul 2020 21:43:38 +0200 ++ ++snapd (2.45.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - many: backport _writable_defaults dir changes ++ - tests: fix incorrect check in smoke/remove test ++ - cmd/snap-bootstrap,seed: backport of uc20 PRs ++ - tests: avoid exit when nested type var is not defined ++ - cmd/snap-preseed: backport fixes ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - many: cherry-picks for 2.45, gh-action, test fixes ++ - tests/lib: account for changes in arch package file name extension ++ - postrm, snap-mgmt: cleanup modules and other cherry-picks ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests/main/interfaces-time-control: exercise setting time via date ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ ++ -- Zygmunt Krynicki Mon, 27 Jul 2020 12:01:14 +0200 ++ ++snapd (2.45.2-1) unstable; urgency=high ++ ++ * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open ++ implementation ++ - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment ++ variable modification when calling the system xdg-open. Patch ++ thanks to James Henstridge ++ - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is ++ restarted. Patch thanks to Michael Vogt ++ - CVE-2020-11934 ++ * SECURITY UPDATE: arbitrary code execution vulnerability on core ++ devices with access to physical removable media ++ - devicestate: Disable/restrict cloud-init after seeding. ++ - CVE-2020-11933 ++ ++ -- Michael Vogt Fri, 10 Jul 2020 20:06:29 +0200 ++ ++snapd (2.45.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - data/selinux: allow checking /var/cache/app-info ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - snap-bootstrap: remove sealed key file on reinstall ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: cherry-pick test fixes from master ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - data/completion, packaging: cherry-pick zsh completion ++ - state: log task errors in the journal too ++ - devicestate: do not report "ErrNoState" for seeded up ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - packaging: stop depending on python-docutils ++ ++ -- Michael Vogt Fri, 05 Jun 2020 15:13:49 +0200 ++ ++snapd (2.45-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/devicestate: support doing system action reboots from recover ++ mode ++ - vendor: update to latest secboot ++ - tests: not fail when boot dir cannot be determined ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data ++ when decrypting ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - cmd/snap: fix the order of positional parameters in help output ++ - c/snap-bootstrap: port mount state mocking to the new style on ++ master ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, ++ unlock in recover mode initramfs ++ - progress: tweak multibyte label unit test data ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - progress: fix progress bar with multibyte duration units ++ - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 ++ - many: put the sealed keys in a directory on seed for tidiness ++ - cmd/snap-bootstrap: measure epoch and model before unlocking ++ encrypted data ++ - o/configstate: core config handler for persistent journal ++ - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 ++ - packaging: add "$TAGS" to dh_auto_test for debian packaging ++ - tests: ensure $cache_dir is actually available ++ - secboot,cmd/snap-bootstrap: add model to pcr protection profile ++ - devicestate: do not use snap-boostrap in devicestate to install ++ - tests: fix a typo in nested.sh helper ++ - devicestate: add support for cloud.cfg.d config from the gadget ++ - cmd/snap-bootstrap: cleanups, naming tweaks ++ - testutil: add NewDBusTestConn ++ - snap-bootstrap: lock access to sealed keys ++ - overlord/devicestate: preserve the current model inside ubuntu- ++ boot ++ - interfaces/apparmor: use differently templated policy for non-core ++ bases ++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing ++ syscalls ++ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, ++ other misc changes ++ - o/snapstate: tweak "waiting for restart" message ++ - boot: store model model and grade information in modeenv ++ - interfaces/firewall-control: allow -legacy and -nft for core20 ++ - boot: enable makeBootable20RunMode for EnvRefExtractedKernel ++ bootloaders ++ - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 ++ implementation ++ - daemon: fix error message from `snap remove-user foo` on classic ++ - overlord: have a variant of Mock that can take a state.State ++ - tests: 16.04 and 18.04 now have mediating pulseaudio (again) ++ - seed: clearer errors for missing essential snapd or core snap ++ - cmd/snap-bootstrap/initramfs-mounts: support ++ EnvRefExtractedKernelBootloader's ++ - gadget, cmd/snap-bootstrap: MBR schema support ++ - image: improve/adjust DownloadSnap doc comment ++ - asserts: introduce ModelGrade.Code ++ - tests: ignore user-12345 slice and service ++ - image,seed/seedwriter: support redirect channel aka default ++ tracks ++ - bootloader: use binary.Read/Write ++ - tests: uc20 nested suite part II ++ - tests/boot: refactor to make it easier for new ++ bootloaderKernelState20 impl ++ - interfaces/openvswitch: support use of ovs-appctl ++ - snap-bootstrap: copy auth data from real ubuntu-data in recovery ++ mode ++ - snap-bootstrap: seal and unseal encryption key using tpm ++ - tests: disable special-home-can-run-classic-snaps due to jenkins ++ repo issue ++ - packaging: fix build on Centos8 to support BUILDTAGS ++ - boot/bootstate20: small changes to bootloaderKernelState20 ++ - cmd/snap: Implement a "snap routine file-access" command ++ - spread.yaml: switch back to latest/candidate for lxd snap ++ - boot/bootstate20: re-factor kernel methods to use new interface ++ for state ++ - spread.yaml,tests/many: use global env var for lxd channel ++ - boot/bootstate20: fix bug in try-kernel cleanup ++ - config: add system.store-certs.[a-zA-Z0-9] support ++ - secboot: key sealing also depends on secure boot enabled ++ - httputil: fix client timeout retry tests ++ - cmd/snap-update-ns: handle EBUSY when unlinking files ++ - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 ++ vars ++ - secboot: add tpm support helpers ++ - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for ++ kernel and gadget ++ - cmd/snap-bootstrap: switch to a 64-byte key for unlocking ++ - tests: preserve size for centos images on spread.yaml ++ - github: partition the github action workflows ++ - run-checks: use consistent "Checking ..." style messages ++ - bootloader: add efi pkg for reading efi variables ++ - data/systemd: do not run snapd.system-shutdown if finalrd is ++ available ++ - overlord: update tests to work with latest go ++ - cmd/snap: do not hide debug boot-vars on core ++ - cmd/snap-bootstrap: no error when not input devices are found ++ - snap-bootstrap: fix partition numbering in create-partitions ++ - httputil/client_test.go: add two TLS version tests ++ - tests: ignore user@12345.service hierarchy ++ - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things ++ - tests: rewrite timeserver-control test ++ - tests: fix racy pulseaudio tests ++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS ++ - tests: update snap-preseed --reset logic to accommodate for 2.44 ++ change ++ - cmd/snap: don't wait for system key when stopping ++ - sandbox/cgroup: avoid making arrays we don't use ++ - osutil: mock proc/self/mountinfo properly everywhere ++ - selinux: export MockIsEnforcing; systemd: use in tests ++ - tests: add 32 bit machine to GH actions ++ - tests/session-tool: kill cron session, if any ++ - asserts: it should be possible to omit many snap-ids if allowed, ++ fix ++ - boot: cleanup more things, simplify code ++ - github: skip spread jobs when corresponding label is set ++ - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor ++ pkg ++ - tests/session-tool: add session-tool --dump ++ - github: allow cached debian downloads to restore ++ - tests/session-tool: session ordering is non-deterministic ++ - tests: enable unit tests on debian-sid again ++ - github: move spread to self-hosted workers ++ - secboot: import secboot on ubuntu, provide dummy on !ubuntu ++ - overlord/devicestate: support for recover and run modes ++ - snap/naming: add validator for snap security tag ++ - interfaces: add case for rootWritableOverlay + NFS ++ - tests/main/uc20-create-partitions: tweaks, renames, switch to ++ 20.04 ++ - github: port CLA check to Github Actions ++ - interfaces/many: miscellaneous policy updates xliv ++ - configcore,tests: fix setting watchdog options on UC18/20 ++ - tests/session-tool: collect information about services on startup ++ - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- ++ partitions ++ - state: add state.CopyState() helper ++ - tests/session-tool: stop anacron.service in prepare ++ - interfaces: don't use the owner modifier for files shared via ++ document portal ++ - systemd: move the doc comments to the interface so they are ++ visible ++ - cmd/snap-recovery-chooser: tweaks ++ - interfaces/docker-support: add overlayfs file access ++ - packaging: use debian/not-installed to ignore snap-preseed ++ - travis.yml: disable unit tests on travis ++ - store: start splitting store.go and store_test.go into subtopic ++ files ++ - tests/session-tool: stop cron/anacron from meddling ++ - github: disable fail-fast as spread cannot be interrupted ++ - github: move static checks and spread over ++ - tests: skip "/etc/machine-id" in "writablepaths" test ++ - snap-bootstrap: store encrypted partition recovery key ++ - httputil: increase testRetryStrategy max timelimit to 5s ++ - tests/session-tool: kill leaking closing session ++ - interfaces: allow raw access to USB printers ++ - tests/session-tool: reset failed session-tool units ++ - httputil: increase httpclient timeout in ++ TestRetryRequestTimeoutHandling ++ - usersession: extend timerange in TestExitOnIdle ++ - client: increase timeout in client tests to 100ms ++ - many: disentagle release and snapdenv from sandbox/* ++ - boot: simplify modeenv mocking to always write a modeenv ++ - snap-bootstrap: expand data partition on install ++ - o/configstate: add backlight option for core config ++ - cmd/snap-recovery-chooser: add recovery chooser ++ - features: enable robust mount ns updates ++ - snap: improve TestWaitRecovers test ++ - sandbox/cgroup: add ProcessPathInTrackingCgroup ++ - interfaces/policy: fix comment in recent new test ++ - tests: make session tool way more robust ++ - interfaces/seccomp: allow passing an address to setgroups ++ - o/configcore: introduce core config handlers (3/N) ++ - interfaces: updates to login-session-observe, network-manager and ++ modem-manager interfaces ++ - interfaces/policy/policy_test.go: add more tests'allow- ++ installation: false' and we grant based on interface attributes ++ - packaging: detect/disable broken seed in the postinst ++ - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia ++ library ++ - tests: remove google-tpm backend from spread.yaml ++ - tests: install dependencies with apt using --no-install-recommends ++ - usersession/userd: add zoommtg url support ++ - snap-bootstrap: fix disk layout sanity check ++ - snap: add `snap debug state --is-seeded` helper ++ - devicestate: generate warning if seeding fails ++ - config, features: move and rename config.GetFeatureFlag helper to ++ features.Flag ++ - boot, overlord/devicestate, daemon: implement requesting boot ++ into a given recovery system ++ - xdgopenproxy: forward requests to the desktop portal ++ - many: support immediate reboot ++ - store: search v2 tweaks ++ - tests: fix cross build tests when installing dependencies ++ - daemon: make POST /v2/systems/