From: Michael Vogt Date: Mon, 20 Dec 2021 14:15:32 +0000 (+0000) Subject: Import snapd_2.54.1-1.debian.tar.xz X-Git-Tag: archive/raspbian/2.54.3-1+rpi1^2^2~7^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1de5612fc255dda2b0c45eb93c7b8c2b1f5eb09d;p=snapd.git Import snapd_2.54.1-1.debian.tar.xz [dgit import tarball snapd 2.54.1-1 snapd_2.54.1-1.debian.tar.xz] --- 1de5612fc255dda2b0c45eb93c7b8c2b1f5eb09d diff --git a/README.Source b/README.Source new file mode 100644 index 00000000..2a4c1231 --- /dev/null +++ b/README.Source @@ -0,0 +1,35 @@ +# Overview + +The packaging is maintained in the upstream git repo at + +github.com/snapcore/snapd in the packaging/debian-sid dir + +Please push any debian changes back there to make packaging +easier. + +## Release a new version + +To release a new upstream version the following steps are +recommended: + + # one time setup + $ git clone git@salsa.debian.org:debian/snapd + $ cd snapd + $ git remote add upstream https://github.com/snapcore/snapd + + # releasing a new version + $ git fetch upstream + $ git merge upstream/ # e.g. upstream/2.44 + $ cp -ar packaging/debian-sid/* debian/ + # ensure to git add any new files + # set debian/changelog to UNRELEASED + $ git commit -a -m 'debian: sync packaging changes from upstream' + # update changelog + $ debcommit -ar + $ gbp buildpackage -S -d + # testbuild + $ pbuilder-dist sid update + $ pbuilder-dist sid build ../build-area/snapd_.dsc + $ dput ftp-master ../build-area/snapd__source.changes + + -- Michael Vogt , Wed, 18 Mar 2020 13:11:03 +0100 diff --git a/changelog b/changelog new file mode 100644 index 00000000..b3dae174 --- /dev/null +++ b/changelog @@ -0,0 +1,8420 @@ +snapd (2.54.1-1) unstable; urgency=medium + + * New upstream release, LP: #1955137 + - buid-aux: set version before calling ./generate-packaging-dir + This fixes the "dirty" suffix in the auto-generated version + + * Upstream fixes for Debian bugs: + - cgroups v2 are now supported (closes: #934372) + - transitional package golang-github-ubuntu-core-snappy-dev + dropped (closes: #940782) + - support squashfs-tools 4.5 properly (closes: #993233) + - fix FTBFS (closes: #997257) + + * Updated the debian packaging: + - add myself to the uploaders (partly addresses 1001999) + - remove npn-default series patches) + - bump standards-version to 4.6.0 (required removal of + non-default series files) + + -- Michael Vogt Mon, 20 Dec 2021 15:15:32 +0100 + +snapd (2.54-1) unstable; urgency=medium + + * New upstream release, LP: #1955137 + - interfaces/builtin/opengl.go: add boot_vga sys/devices file + - o/configstate/configcore: add tmpfs.size option + - tests: moving to manual opensuse 15.2 + - cmd/snap-device-helper: bring back the device type identification + behavior, but for remove action fallback only + - cmd/snap-failure: use snapd from the snapd snap if core is not + present + - tests/core/failover: enable the test on core18 + - o/devicestate: ensure proper order when remodel does a simple + switch-snap-channel + - builtin/interfaces: add shared memory interface + - overlord: extend kernel/base success and failover with bootenv + checks + - o/snapstate: check disk space w/o store if possible + - snap-bootstrap: Mount snaps read only + - gadget/install: do not re-create partitions using OnDiskVolume + after deletion + - many: fix formatting w/ latest go version + - devicestate,timeutil: improve logging of NTP sync + - tests/main/security-device-cgroups-helper: more debugs + - cmd/snap: print a placeholder for version of broken snaps + - o/snapstate: mock system with classic confinement support + - cmd: Fixup .clangd to use correct syntax + - tests: run spread tests in fedora-35 + - data/selinux: allow snapd to access /etc/modprobe.d + - mount-control: step 2 + - daemon: add multiple snap sideload to API + - tests/lib/pkgdb: install dbus-user-session during prepare, drop + dbus-x11 + - systemd: provide more detailed errors for unimplemented method in + emulation mode + - tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base + test + - tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot + test + - o/snapstate: add hide/expose snap data to backend + - interfaces: kernel-module-load + - snap: add support for `snap watch + --last={revert,enable,disable,switch}` + - tests/main/security-udev-input-subsystem: drop info from udev + - tests/core/kernel-and-base-single-reboot-failover, + tests/lib/fakestore: verify failover scenario + - tests/main/security-device-cgroups-helper: collect some debug info + when the test fails + - tests/nested/manual/core20-remodel: wait for device to have a + serial before starting a remodel + - tests/main/generic-unregister: test re-registration if not blocked + - o/snapstate, assertsate: validation sets/undo on partial failure + - tests: ensure snapd can be downloaded as a module + - snapdtool, many: support additional key/value flags in info file + - data/env: improve fish shell env setup + - usersession/client: provide a way for client to send messages to a + subset of users + - tests: verify that simultaneous refresh of kernel and base + triggers a single reboot only + - devicestate: Unregister deletes the device key pair as well + - daemon,tests: support forgetting device serial via API + - asserts: change behavior of alternative attribute matcher + - configcore: relax validation rules for hostname + - cmd/snap-confine: do not include libglvnd libraries from the host + system + - overlord, tests: add managers and a spread test for UC20 to UC22 + remodel + - HACKING.md: adjust again for building the snapd snap + - systemd: add support for systemd unit alias names + - o/snapstate: add InstallPathMany + - gadget: allow EnsureLayoutCompatibility to ensure disk has all + laid out structsnow reject/fail: + - packaging/ubuntu, packaging/debian: depend on dbus-session-bus + provider (#11111) + - interfaces/interfaces/scsi_generic: add interface for scsi generic + de… (#10936) + - osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping + - interfaces/microstack-support: set controlsDeviceCgroup to true + - network-setup-control: add netplan generate D-Bus rules + - interface/builtin/log_observe: allow to access /dev/kmsg + - .github/workflows/test.yaml: restore failing of spread tests on + errors (nested) + - gadget: tweaks to DiskStructureDeviceTraits + expand test cases + - tests/lib/nested.sh: allow tests to use their own core18 in extra- + snaps-path + - interfaces/browser-support: Update rules for Edge + - o/devicestate: during remodel first check pending download tasks + for snaps + - polkit: add a package to validate polkit policy files + - HACKING.md: document building the snapd snap and splicing it into + the core snap + - interfaces/udev: fix installing snaps inside lxd in 21.10 + - o/snapstate: refactor disk space checks + - tests: add (strict) microk8s smoke test + - osutil/strace: try to enable strace on more arches + - cmd/libsnap-confine-private: fix snap-device-helper device allow + list modification on cgroup v2 + - tests/main/snapd-reexec-snapd-snap: improve debugging + - daemon: write formdata file parts to snaps dir + - systemd: add support for .target units + - tests: run snap-disconnect on uc16 + - many: add experimental setting to allow using ~/.snap/data instead + of ~/snap + - overlord/snapstate: perform a single reboot when updating boot + base and kernel + - kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver, + use w/ disks pkg + - o/devicestate: introduce DeviceManager.Unregister + - interfaces: allow receiving PropertiesChanged on the mpris plug + - tests: new tool used to retrieve data from mongo db + - daemon: amend ssh keys coming from the store + - tests: Include the tools from snapd-testing-tools project in + "$TESTSTOOLS" + - tests: new workflow step used to report spread error to mongodb + - interfaces/builtin/dsp: update proc files for ambarella flavor + - gadget: replace ondisk implementation with disks package, refactor + part calcs + - tests: Revert "tests: disable flaky uc18 tests until systemd is + fixed" + - Revert: "many: Vendor apparmor-3.0.3 into the snapd snap" + - asserts: rename "white box" to "clear box" (woke checker) + - many: Vendor apparmor-3.0.3 into the snapd snap + - tests: reorganize the debug-each on the spread.yaml + - packaging: sync with downstream packaging in Fedora and openSUSE + - tests: disable flaky uc18 tests until systemd is fixed + - data/env: provide profile setup for fish shell + - tests: use ubuntu-image 1.11 from stable channel + - gadget/gadget.go: include disk schema in the disk device volume + traits too + - tests/main/security-device-cgroups-strict-enforced: extend the + comments + - README.md: point at bugs.launchpad.net/snapd instead of snappy + project + - osutil/disks: introduce RegisterDeviceMapperBackResolver + use for + crypt-luks2 + - packaging: make postrm script robust against `rm` failures + - tests: print extra debug on auto-refresh-gating test failure + - o/assertstate, api: move enforcing/monitoring from api to + assertstate, save history + - tests: skip the test-snapd-timedate-control-consumer.date to avoid + NTP sync error + - gadget/install: use disks functions to implement deviceFromRole, + also rename + - tests: the `lxd` test is failing right now on 21.10 + - o/snapstate: account for deleted revs when undoing install + - interfaces/builtin/block_devices: allow blkid to print block + device attributes + - gadget: include size + sector-size in DiskVolumeDeviceTraits + - cmd/libsnap-confine-private: do not deny all devices when reusing + the device cgroup + - interfaces/builtin/time-control: allow pps access + - o/snapstate/handlers: propagate read errors on "copy-snap-data" + - osutil/disks: add more fields to Partition, populate them during + discovery + - interfaces/u2f-devices: add Trezor and Trezor v2 keys + - interfaces: timezone-control, add permission for ListTimezones + DBus call + - o/snapstate: remove repeated test assertions + - tests: skip `snap advise-command` test if the store is overloaded + - cmd: create ~/snap dir with 0700 perms + - interfaces/apparmor/template.go: allow udevadm from merged usr + systems + - github: leave a comment documenting reasons for pipefail + - github: enable pipefail when running spread + - osutil/disks: add DiskFromPartitionDeviceNode + - gadget, many: add model param to Update() + - cmd/snap-seccomp: add riscv64 support + - o/snapstate: maintain a RevertStatus map in SnapState + - tests: enable lxd tests on impish system + - tests: (partially) revert the memory limits PR#r10241 + - o/assertstate: functions for handling validation sets tracking + history + - tests: some improvements for the spread log parser + - interfaces/network-manager-observe: Update for libnm / dart + clients + - tests: add ntp related debug around "auto-refresh" test + - boot: expand on the fact that reseal taking modeenv is very + intentional + - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp + abad8a8f4 + - data/selinux: update the policy to allow snapd to talk to + org.freedesktop.timedate1 + - o/snapstate: keep old revision if install doesn't add new one + - overlord/state: add a unit test for a kernel+base refresh like + sequence + - desktop, usersession: observe notifications + - osutil/disks: add AllPhysicalDisks() + - timeutil,deviceutil: fix unit tests on systems without dbus or + without ntp-sync + - cmd/snap-bootstrap/README: explain all the things (well most of + them anyways) + - docs: add run-checks dependency install instruction + - o/snapstate: do not prune refresh-candidates if gate-auto-refresh- + hook feature is not enabled + - o/snapstate: test relink remodel helpers do a proper subset of + doInstall and rework the verify*Tasks helpers + - tests/main/mount-ns: make the test run early + - tests: add `--debug` to netplan apply + - many: wait for up to 10min for NTP synchronization before + autorefresh + - tests: initialize CHANGE_ID in _wait_autorefresh + - sandbox/cgroup: freeze and thaw cgroups related to services and + scopes only + - tests: add more debug around qemu-nbd + - o/hookstate: print cohort with snapctl refresh --pending (#10985) + - tests: misc robustness changes + - o/snapstate: improve install/update tests (#10850) + - tests: clean up test tools + - spread.yaml: show `journalctl -e` for all suites on debug + - tests: give interfaces-udisks2 more time for the loop device to + appear + - tests: set memory limit for snapd + - tests: increase timeout/add debug around nbd0 mounting (up, see + LP:#1949513) + - snapstate: add debug message where a snap is mounted + - tests: give nbd0 more time to show up in preseed-lxd + - interfaces/dsp: add more ambarella things + - cmd/snap: improve snap disconnect arg parsing and err msg + - tests: disable nested lxd snapd testing + - tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32 + - o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite + - sandbox/cgroup: wait for start transient unit job to finish + - o/snapstate: fix task order, tweak errors, add unit tests for + remodel helpers + - osutil/disks: re-org methods for end of usable region, size + information + - build-aux: ensure that debian packaging matches build-base + - docs: update HACKING.md instructions for snapd 2.52 and later + - spread: run lxd tests with version from latest/edge + - interfaces: suppress denial of sys_module capability + - osutil/disks: add methods to replace gadget/ondisk functions + - tests: split test tools - part 1 + - tests: fix nested tests on uc20 + - data/selinux: allow snap-confine to read udev's database + - i/b/common_test: refactor AppArmor features test + - tests: run spread tests on debian 11 + - o/devicestate: copy timesyncd clock timestamp during install + - interfaces/builtin: do not probe parser features when apparmor + isn't available + - interface/modem-manager: allow connecting to the mbim/qmi proxy + - tests: fix error message in run-checks + - tests: spread test for validation sets enforcing + - cmd/snap-confine: lazy set up of device cgroup, only when devices + were assigned + - o/snapstate: deduplicate snap names in remove/install/update + - tests/main/selinux-data-context: use session when performing + actions as test user + - packaging/opensuse: sync with openSUSE packaging, enable AppArmor + on 15.3+ + - interfaces: skip connection of netlink interface on older + systems + - asserts, o/snapstate: honor IgnoreValidation flag when checking + installed snaps + - tests/main/apparmor-batch-reload: fix fake apparmor_parser to + handle --preprocess + - sandbox/apparmor, interfaces/apparmor: detect bpf capability, + generate snippet for s-c + - release-tools/repack-debian-tarball.sh: fix c-vendor dir + - tests: test for enforcing with prerequisites + - tests/main/snapd-sigterm: fix race conditions + - spread: run lxd tests with version from latest/stable + - run-checks: remove --spread from help message + - secboot: use latest secboot with tpm legacy platform and v2 fully + optional + - tests/lib/pkgdb: install strace on Debian 11 and Sid + - tests: ensure systemd-timesyncd is installed on debian + - interfaces/u2f-devices: add Nitrokey 3 + - tests: update the ubuntu-image channel to candidate + - osutil/disks/labels: simplify decoding algorithm + - tests: not testing lxd snap anymore on i386 architecture + - o/snapstate, hookstate: print remaining hold time on snapctl + --hold + - cmd/snap: support --ignore-validation with snap install client + command + - tests/snapd-sigterm: be more robust against service restart + - tests: simplify mock script for apparmor_parser + - o/devicestate, o/servicestate: update gadget assets and cmdline + when remodeling + - tests/nested/manual/refresh-revert-fundamentals: re-enable + encryption + - osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel + - gadget, osutil/disks: fix some bugs from prior PR'sin the dir. + - secboot: revert move to new version (revert #10715) + - cmd/snap-confine: die when snap process is outside of snap + specific cgroup + - many: mv MockDeviceNameDisksToPartitionMapping -> + MockDeviceNameToDiskMapping + - interfaces/builtin: Add '/com/canonical/dbusmenu' path access to + 'unity7' interface + - interfaces/builtin/hardware-observer: add /proc/bus/input/devices + too + - osutil/disks, many: switch to defining Partitions directly for + MockDiskMapping + - tests: remove extra-snaps-assertions test + - interface/modem-manager: add accept for MBIM/QMI proxy clients + - tests/nested/core/core20-create-recovery: fix passing of data to + curl + - daemon: allow enabling enforce mode + - daemon: use the syscall connection to get the socket credentials + - i/builtin/kubernetes_support: add access to Calico lock file + - osutil: ensure parent dir is opened and sync'd + - tests: using test-snapd-curl snap instead of http snap + - overlord: add managers unit test demonstrating cyclic dependency + between gadget and kernel updates + - gadget/ondisk.go: include the filesystem UUID in the returned + OnDiskVolume + - packaging: fixes for building on openSUSE + - o/configcore: allow hostnames up to 253 characters, with dot- + delimited elements + - gadget/ondisk.go: add listBlockDevices() to get all block devices + on a system + - gadget: add mapping trait types + functions to save/load + - interfaces: add polkit security backend + - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for + s390x impish + - tests: merge coverage results + - tests: remove "features" from fde-setup.go example + - fde: add new device-setup support to fde-setup + - gadget: add `encryptedDevice` and add encryptedDeviceLUKS + - spread: use `bios: uefi` for uc20 + - client: fail fast on non-retryable errors + - tests: support running all spread tests with experimental features + - tests: check that a snap that doesn't have gate-auto-refresh hook + can call --proceed + - o/snapstate: support ignore-validation flag when updating to a + specific snap revision + - o/snapstate: test prereq update if started by old version + - tests/main: disable cgroup-devices-v1 and freezer tests on 21.10 + - tests/main/interfaces-many: run both variants on all possible + Ubuntu systems + - gadget: mv ensureLayoutCompatibility to gadget proper, add + gadgettest pkg + - many: replace state.State restart support with overlord/restart + - overlord: fix generated snap-revision assertions in remodel unit + tests + + -- Michael Vogt Fri, 17 Dec 2021 15:49:18 +0100 + +snapd (2.53.4-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to + avoid host env leaking into tests + - timeutil: return NoTimedate1Error if it can't connect to the + system bus + + -- Ian Johnson Thu, 02 Dec 2021 17:16:48 -0600 + +snapd (2.53.3-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - devicestate: Unregister deletes the device key pair as well + - daemon,tests: support forgetting device serial via API + - configcore: relax validation rules for hostname + - o/devicestate: introduce DeviceManager.Unregister + - packaging/ubuntu, packaging/debian: depend on dbus-session-bus + provider + - many: wait for up to 10min for NTP synchronization before + autorefresh + - interfaces/interfaces/scsi_generic: add interface for scsi generic + devices + - interfaces/microstack-support: set controlsDeviceCgroup to true + - interface/builtin/log_observe: allow to access /dev/kmsg + - daemon: write formdata file parts to snaps dir + - spread: run lxd tests with version from latest/edge + - cmd/libsnap-confine-private: fix snap-device-helper device allow + list modification on cgroup v2 + - interfaces/builtin/dsp: add proc files for monitoring Ambarella + DSP firmware + - interfaces/builtin/dsp: update proc file accordingly + + -- Ian Johnson Thu, 02 Dec 2021 11:42:15 -0600 + +snapd (2.53.2-1) unstable; urgency=medium + + * New upstream release, LP: #1946127 + - interfaces/builtin/block_devices: allow blkid to print block + device attributes/run/udev/data/b{major}:{minor} + - cmd/libsnap-confine-private: do not deny all devices when reusing + the device cgroup + - interfaces/builtin/time-control: allow pps access + - interfaces/u2f-devices: add Trezor and Trezor v2 keys + - interfaces: timezone-control, add permission for ListTimezones + DBus call + - interfaces/apparmor/template.go: allow udevadm from merged usr + systems + - interface/modem-manager: allow connecting to the mbim/qmi proxy + - interfaces/network-manager-observe: Update for libnm client + library + - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp + abad8a8f4 + - sandbox/cgroup: freeze and thaw cgroups related to services and + scopes only + - o/hookstate: print cohort with snapctl refresh --pending + - cmd/snap-confine: lazy set up of device cgroup, only when devices + were assigned + - tests: ensure systemd-timesyncd is installed on debian + - tests/lib/pkgdb: install strace on Debian 11 and Sid + - tests/main/snapd-sigterm: flush, use retry + - tests/main/snapd-sigterm: fix race conditions + - release-tools/repack-debian-tarball.sh: fix c-vendor dir + - data/selinux: allow snap-confine to read udev's database + - interfaces/dsp: add more ambarella things* interfaces/dsp: add + more ambarella things + + -- Ian Johnson Mon, 15 Nov 2021 16:09:09 -0600 + +snapd (2.53.1-1) unstable; urgency=medium + + * New upstream release, LP: #1946127 + - spread: run lxd tests with version from latest/stable + - secboot: use latest secboot with tpm legacy platform and v2 fully + optional (#10946) + - cmd/snap-confine: die when snap process is outside of snap + specific cgroup (2.53) + - interfaces/u2f-devices: add Nitrokey 3 + - Update the ubuntu-image channel to candidate + - Allow hostnames up to 253 characters, with dot-delimited elements + (as suggested by man 7 hostname). + - Disable i386 until it is possible to build snapd using lxd + - o/snapstate, hookstate: print remaining hold time on snapctl + --hold + - tests/snapd-sigterm: be more robust against service restart + - tests: add a regression test for snapd hanging on SIGTERM + - daemon: use the syscall connection to get the socket + credentials + - interfaces/builtin/hardware-observer: add /proc/bus/input/devices + too + - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for + s390x impish + - interface/modem-manager: add accept for MBIM/QMI proxy clients + - secboot: revert move to new version + + -- Ian Johnson Thu, 21 Oct 2021 11:55:31 -0500 + +snapd (2.53-1) unstable; urgency=medium + + * New upstream release, LP: #1946127 + - overlord: fix generated snap-revision assertions in remodel unit + tests + - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` + - interfaces/modem-manager: add access to PCIe modems + - overlord/devicestate: record recovery capable system on a + successful remodel + - o/snapstate: use device ctx in prerequisite install/update + - osutil/disks: support filtering by mount opts in + MountPointsForPartitionRoot + - many: support an API flag system-restart-immediate to make snap + ops proceed immediately with system restarts + - osutil/disks: add RootMountPointsForPartition + - overlord/devicestate, tests: enable UC20 remodel, add spread tests + - cmd/snap: improve snap run help message + - o/snapstate: support ignore validation flag on install/update + - osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label + - desktop: implement gtk notification backend and provide minimal + notification api + - tests: use the latest cpu family for nested tests execution + - osutil/disks: add Partition struct and Disks.Partitions() + - o/snapstate: prevent install hang if prereq install fails + - osutil/disks: add Disk.KernelDevice{Node,Path} methods + - disks: add `Size(path)` helper + - tests: reset some mount units failing on ubuntu impish + - osutil/disks: add DiskFromDevicePath, other misc changes + - interfaces/apparmor: do not fail during initialization when there + is no AppArmor profile for snap-confine + - daemon: implement access checkers for themes API + - interfaces/seccomp: add clone3 to default template + - interfaces/u2f-devices: add GoTrust Idem Key + - o/snapstate: validation sets enforcing on update + - o/ifacestate: don't fail remove if disconnect hook fails + - tests: fix error trying to create the extra-snaps dir which + already exists + - devicestate: use EncryptionType + - cmd/libsnap-confine-private: workaround BPF memory accounting, + update apparmor profile + - tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is + false + - interfaces/dsp: add a usb rule to the ambarella flavor + - interfaces/apparmor/template.go: allow inspection of dbus + mediation level + - tests/main/security-device-cgroups: fix when both variants run on + the same host + - cmd/snap-confine: update s-c apparmor profile to allow versioned + ld.so + - many: rename systemd.Kind to Backend for a bit more clarity + - cmd/libsnap-confine-private: fix set but unused variable in the + unit tests + - tests: fix netplan test on i386 architecture + - tests: fix lxd-mount-units test which is based on core20 in ubuntu + focal system + - osutil/disks: add new `CreateLinearMapperDevice` helper + - cmd/snap: wait while inhibition file is present + - tests: cleanup the job workspace as first step of the actions + workflow + - tests: use our own image for ubuntu impish + - o/snapstate: update default provider if missing required content + - o/assertstate, api: update validation set assertions only when + updating all snaps + - fde: add HasDeviceUnlock() helper + - secboot: move to new version + - o/ifacestate: don't lose connections if snaps are broken + - spread: display information about current device cgroup in debug + dump + - sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp + - tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak + tests for cgroupv2, update builtin interfaces + - sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on + grade signed + - usersession/client: refactor doMany() method + - interfaces/builtin/opengl.go: add libOpenGL.so* too + - o/assertstate: check installed snaps when refreshing validation + set assertions + - osutil: helper for injecting run time faults in snapd + - tests: update test nested tool part 2 + - libsnap-confine: use the pid parameter + - gadget/gadget.go: LaidOutSystemVolumeFromGadget -> + LaidOutVolumesFromGadget + - tests: update the time tolerance to fix the snapd-state test + - .github/workflows/test.yaml: revert #10809 + - tests: rename interfaces-hooks-misbehaving spread test to install- + hook-misbehaving + - data/selinux: update the policy to allow s-c to manipulate BPF map + and programs + - overlord/devicestate: make settle wait longer in remodel tests + - kernel/fde: mock systemd-run in unit test + - o/ifacestate: do not create stray task in batchConnectTasks if + there are no connections + - gadget: add VolumeName to Volume and VolumeStructure + - cmd/libsnap-confine-private: use root when necessary for BPF + related operations + - .github/workflows/test.yaml: bump action-build to 1.0.9 + - o/snapstate: enforce validation sets/enforce on InstallMany + - asserts, snapstate: return full validation set keys from + CheckPresenceRequired and CheckPresenceInvalid + - cmd/snap: only log translation warnings in debug/testing + - tests/main/preseed: update for new base snap of the lxd snap + - tests/nested/manual: use loop for checking for initialize-system + task done + - tests: add a local snap variant to testing prepare-image gating + support + - tests/main/security-device-cgroups-strict-enforced: demonstrate + device cgroup being enforced + - store: one more tweak for the test action timeout + - github: do not fail when codecov upload fails + - o/devicestate: fix flaky test remodel clash + - o/snapstate: add ChangeID to conflict error + - tests: fix regex of TestSnapActionTimeout test + - tests: fix tests for 21.10 + - tests: add test for store.SnapAction() request timeout + - tests: print user sessions info on debug-each + - packaging: backports of golang-go 1.13 are good enough + - sysconfig/cloudinit: add cloudDatasourcesInUseForDir + - cmd: build gdb shims as static binaries + - packaging/ubuntu: pass GO111MODULE to dh_auto_test + - cmd/libsnap-confine-private, tests, sandbox: remove warnings about + cgroup v2, drop forced devmode + - tests: increase memory quota in quota-groups-systemd-accounting + - tests: be more robust against a new day stepping in + - usersession/xdgopenproxy: move PortalLauncher class to own package + - interfaces/builtin: fix microstack unit tests on distros using + /usr/libexec + - cmd/snap-confine: handle CURRENT_TAGS on systems that support it + - cmd/libsnap-confine-private: device cgroup v2 support + - o/servicestate: Update task summary for restart action + - packaging, tests/lib/prepare-restore: build packages without + network access, fix building debs with go modules + - systemd: add AtLeast() method, add mocking in systemdtest + - systemd: use text.template to generate mount unit + - o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command + - o/snapstate: optimize conflicts around snaps stored on + conditional-auto-refresh task + - tests/lib/prepare.sh: download core20 for UC20 runs via + BASE_CHANNEL + - mount-control: step 1 + - go: update go.mod dependencies + - o/snapstate: enforce validation sets on snap install + - tests: revert revert manual lxd removal + - tests: pre-cache snaps in classic and core systems + - tests/lib/nested.sh: split out additional helper for adding files + to VM imgs + - tests: update nested tool - part1 + - image/image_linux.go: add newline + - interfaces/block-devices: support to access the state of block + devices + - o/hookstate: require snap-refresh-control interface for snapctl + refresh --proceed + - build-aux: stage libgcc1 library into snapd snap + - configcore: add read-only netplan support + - tests: fix fakedevicesvc service already exists + - tests: fix interfaces-libvirt test + - tests: remove travis leftovers + - spread: bump delta ref to 2.52 + - packaging: ship the `snapd.apparmor.service` unit in debian + - packaging: remove duplicated `golang-go` build-dependency + - boot: record recovery capable systems in recovery bootenv + - tests: skip overlord tests on riscv64 due to timeouts. + - overlord/ifacestate: fix arguments in unit tests + - ifacestate: undo repository connection if doConnect fails + - many: remove unused parameters + - tests: failure of prereqs on content interface doesn't prevent + install + - tests/nested/manual/refresh-revert-fundamentals: fix variable use + - strutil: add Intersection() + - o/ifacestate: special-case system-files and force refreshing its + static attributes + - interface/builtin: add qualcomm-ipc-router interface for + AF_QIPCRTR socket protocol + - tests: new snapd-state tool + - codecov: fix files pathnames + - systemd: add mock systemd helper + - tests/nested/core/extra-snaps-assertions: fix the match pattern + - image,c/snap,tests: support enforcing validations in prepare-image + via --customize JSON validation enforce(|ignore) + - o/snapstate: enforce validation sets assertions when removing + snaps + - many: update deps + - interfaces/network-control: additional ethernet rule + - tests: use host-scaled settle timeout for hookstate tests + - many: move to go modules + - interfaces: no need for snapRefreshControlInterface struct + - interfaces: introduce snap-refresh-control interface + - tests: move interfaces-libvirt test back to 16.04 + - tests: bump the number of retries when waiting for /dev/nbd0p1 + - tests: add more space on ubuntu xenial + - spread: add 21.10 to qemu, remove 20.10 (EOL) + - packaging: add libfuse3-dev build dependency + - interfaces: add microstack-support interface + - wrappers: fix a bunch of duplicated service definitions in tests + - tests: use host-scaled timeout to avoid riscv64 test failure + - many: fix run-checks gofmt check + - tests: spread test for snapctl refresh --pending/--proceed from + the snap + - o/assertstate,daemon: refresh validation sets assertions with snap + declarations + - tests: migrate tests that are only executed on xenial to bionic + - tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs + - packaging: update master changelog for 2.51.7 + - sysconfig/cloudinit: fix bug around error state of cloud-init + - interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag + - interfaces/interfaces/ion-memory-control: add: add interface for + ion buf + - interfaces/dsp: add /dev/ambad into dsp interface + - tests: new spread log parser + - tests: check files and dirs are cleaned for each test + - o/hookstate/ctlcmd: unify the error message when context is + missing + - o/hookstate: support snapctl refresh --pending from snap + - many: remove unused/dead code + - cmd/libsnap-confine-private: add BPF support helpers + - interfaces/hardware-observe: add some dmi properties + - snapstate: abort kernel refresh if no gadget update can be found + - many: shellcheck fixes + - cmd/snap: add Size column to refresh --list + - packaging: build without dwarf debugging data + - snapstate: fix misleading `assumes` error message + - tests: fix restore in snapfuse spread tests + - o/assertstate: fix missing 'scheduled' header when auto refreshing + assertions + - o/snapstate: fail remove with invalid snap names + - o/hookstate/ctlcmd: correct err message if missing root + - .github/workflows/test.yaml: fix logic + - o/snapstate: don't hold some snaps if not all snaps can be held by + the given gating snap + - c-vendor.c: new c-vendor subdir + - store: make sure expectedZeroFields in tests gets updated + - overlord: add manager test for "assumes" checking + - store: deal correctly with "assumes" from the store raw yaml + - sysconfig/cloudinit.go: add functions for filtering cloud-init + config + - cgroup-support: allow to hide cgroupv2 warning via ENV + - gadget: Export mkfs functions for use in ubuntu-image + - tests: set to 10 minutes the kill timeout for tests failing on + slow boards + - .github/workflows/test.yaml: test github.events key + - i18n/xgettext-go: preserve already escaped quotes + - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp + v2.2.0-428-g5c22d4b + - github: do not try to upload coverage when working with cached run + - tests/main/services-install-hook-can-run-svcs: shellcheck issue + fix + - interfaces/u2f-devices: add Nitrokey FIDO2 + - testutil: add DeepUnsortedMatches Checker + - cmd, packaging: import BPF headers from kernel, detect whether + host headers are usable + - tests: fix services-refresh-mode test + - tests: clean snaps.sh helper + - tests: fix timing issue on security-dev-input-event-denied test + - tests: update systems for sru validation + - .github/workflows: add codedov again + - secboot: remove duplicate import + - tests: stop the service when is active in test interfaces- + firewall-control test + - packaging: remove TEST_GITHUB_AUTOPKGTEST support + - packaging: merge 2.51.6 changelog back to master + - secboot: use half the mem for KDF in AddRecoveryKey + - secboot: switch main key KDF memory cost to 32KB + - tests: remove the test user just when it was installed on create- + user-2 test + - spread: temporarily fix the ownership of /home/ubuntu/.ssh on + 21.10 + - daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) + - usersession/agent: refactor common JSON validation into own + function + - o/hookstate: allow snapctl refresh --proceed from snaps + - cmd/libsnap-confine-private: fix issues identified by coverity + - cmd/snap: print logs in local timezone + - packaging: changelog for 2.51.5 to master + - build-aux: build with go-1.13 in the snapcraft build too + - config: rename "virtual" config to "external" config + - devicestate: add `snap debug timings --ensure=install-system` + - interfaces/builtin/raw_usb: fix platform typo, fix access to usb + devices accessible through platform + - o/snapstate: remove commented out code + - cmd/snap-device-helper: reimplement snap-device-helper + - cmd/libsnap-confine-private: fix coverity issues in tests, tweak + uses of g_assert() + - o/devicestate/handlers_install.go: add workaround to create dirs + for install + - o/assertstate: implement ValidationSetAssertionForEnforce helper + - clang-format: stop breaking my includes + - o/snapstate: allow auto-refresh limited to snaps affected by a + specific gating snap + - tests: fix core-early-config test to use tests.nested tool + - sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init + datasource + - c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags + to snap/snapctl + - corecfg: add "system.hostname" setting to the system settings + - wrappers: measure time to enable services in StartServices() + - configcore: fix early config timezone handling + - tests/nested/manual: enable serial assertions on testkeys nested + VM's + - configcore: fix a bunch of incorrect error returns + - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd + snap + - packaging: merge 2.51.4 changelog back to master + - {device,snap}state: skip kernel extraction in seeding + - vendor: move to snapshot-4c814e1 branch and set fixed KDF options + - tests: use bigger storage on ubuntu 21.10 + - snap: support links map in snap.yaml (and later from the store + API) + - o/snapstate: add AffectedByRefreshCandidates helper + - configcore: register virtual config for timezone reading + - cmd/libsnap-confine-private: move device cgroup files, add helper + to deny a device + - tests: fix cached-results condition in github actions workflow + - interfaces/tee: add support for Qualcomm qseecom device node + - packaging: fix build failure on bionic and simplify rules + - o/snapstate: affectedByRefresh tweaks + - tests: update nested wait for snapd command + - interfaces/builtin: allow access to per-user GTK CSS overrides + - tests/main/snapd-snap: install 4.x snapcraft to build the snapd + snap + - snap/squashfs: handle squashfs-tools 4.5+ + - asserts/snapasserts: CheckPresenceInvalid and + CheckPresenceRequired methods + - cmd/snap-confine: refactor device cgroup handling to enable easier + v2 integration + - tests: skip udp protocol on latest ubuntus + - cmd/libsnap-confine-private: g_spawn_check_exit_status is + deprecated since glib 2.69 + - interfaces: s/specifc/specific/ + - github: enable gofmt for Go 1.13 jobs + - overlord/devicestate: UC20 specific set-model, managers tests + - o/devicestate, sysconfig: refactor cloud-init config permission + handling + - config: add "virtual" config via config.RegisterVirtualConfig + - packaging: switch ubuntu to use golang-1.13 + - snap: change `snap login --help` to not mention "buy" + - tests: removing Ubuntu 20.10, adding 21.04 nested in spread + - tests/many: remove lxd systemd unit to prevent unexpected + leftovers + - tests/main/services-install-hook-can-run-svcs: make variants more + obvious + - tests: force snapd-session-agent.socket to be re-generated + + -- Michael Vogt Tue, 05 Oct 2021 20:29:14 +0200 + +snapd (2.52.1-1) unstable; urgency=medium + + * New upstream release, LP: #1942646 + - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` + for the disk (if not present already) + - many: support an API flag system-restart-immediate to make snap + ops proceed immediately with system restarts + - cmd/libsnap-confine-private: g_spawn_check_exit_status is + deprecated since glib 2.69 + - interfaces/seccomp: add clone3 to default template + - interfaces/apparmor/template.go: allow inspection of dbus + mediation level + - interfaces/dsp: add a usb rule to the ambarella flavor + - cmd/snap-confine: update s-c apparmor profile to allow versioned + ld.so + - o/ifacestate: don't lose connections if snaps are broken + - interfaces/builtin/opengl.go: add libOpenGL.so* too + - interfaces/hardware-observe: add some dmi properties + - build-aux: stage libgcc1 library into snapd snap + - interfaces/block-devices: support to access the state of block + devices + - packaging: ship the `snapd.apparmor.service` unit in debian + + -- Michael Vogt Tue, 05 Oct 2021 13:29:25 +0200 + +snapd (2.52-1) unstable; urgency=medium + + * New upstream release, LP: #1942646 + - interface/builtin: add qualcomm-ipc-router interface for + AF_QIPCRTR socket protocol + - o/ifacestate: special-case system-files and force refreshing its + static attributes + - interfaces/network-control: additional ethernet rule + - packaging: update 2.52 changelog with 2.51.7 + - interfaces/interfaces/ion-memory-control: add: add interface for + ion buf + - packaging: merge 2.51.6 changelog back to 2.52 + - secboot: use half the mem for KDF in AddRecoveryKey + - secboot: switch main key KDF memory cost to 32KB + - many: merge release/2.51 change to release/2.52 + - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd + snap + - o/servicestate: use snap app names for ExplicitServices of + ServiceAction + - tests/main/services-install-hook-can-run-svcs: add variant w/o + --enable + - o/servicestate: revert only start enabled services + - tests: adding Ubuntu 21.10 to spread test suite + - interface/modem-manager: add support for MBIM/QMI proxy clients + - cmd/snap/model: support storage-safety and snaps headers too + - o/assertstate: Implement EnforcedValidationSets helper + - tests: using retry tool for nested tests + - gadget: check for system-save with multi volumes if encrypting + correctly + - interfaces: make the service naming entirely internal to systemd + BE + - tests/lib/reset.sh: fix removing disabled snaps + - store/store_download.go: use system snap provided xdelta3 priority + + fallback + - packaging: merge changelog from 2.51.3 back to master + - overlord: only start enabled services + - interfaces/builtin: add sd-control interface + - tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, + use 2.45 + - tests/lib/reset.sh: add workaround from refresh-vs-services tests + for all tests + - o/assertstate: check for conflicts when refreshing and committing + validation set asserts + - devicestate: add support to save timings from install mode + - tests: new tests.nested commands copy and wait-for + - install: add a bunch of nested timings + - tests: drop any-python wrapper + - store: set ResponseHeaderTimeout on the default transport + - tests: fix test-snapd-user-service-sockets test removing snap + - tests: moving nested_exec to nested.tests exec + - tests: add tests about services vs snapd refreshes + - client, cmd/snap, daemon: refactor REST API for quotas to match + CLI org + - c/snap,asserts: create/delete-key external keypair manager + interaction + - tests: revert disable of the delta download tests + - tests/main/system-usernames-microk8s: disable on centos 7 too + - boot: support device change + - o/snapstate: remove unused refreshSchedule argument for + isRefreshHeld helper + - daemon/api_quotas.go: handle conflicts, returning conflict + response + - tests: test for gate-auto-refresh hook error resulting in hold + - release: 2.51.2 + - snapstate/check_snap: add snap_microk8s to shared system- + usernames + - snapstate: remove temporary snap file for local revisions early + - interface: allows reading sd cards internal info from block- + devices interface + - tests: Renaming tool nested-state to tests.nested + - testutil: fix typo in json checker unit tests + - tests: ack assertions by default, add --noack option + - overlord/devicestate: try to pick alternative recovery labels + during remodel + - bootloader/assets: update recovery grub to allow system labels + generated by snapd + - tests: print serial log just once for nested tests + - tests: remove xenial 32 bits + - sandbox/cgroup: do not be so eager to fail when paths do not exist + - tests: run spread tests in ubuntu bionic 32bits + - c/snap,asserts: start supporting ExternalKeypairManager in the + snap key-related commands + - tests: refresh control spread test + - cmd/libsnap-confine-private: do not fail on ENOENT, better getline + error handling + - tests: disable delta download tests for now until the store is + fixed + - tests/nested/manual/preseed: fix for cloud images that ship + without core18 + - boot: properly handle tried system model + - tests/lib/store.sh: revert #10470 + - boot, seed/seedtest: tweak test helpers + - o/servicestate: TODO and fix preexisting typo + - o/servicestate: detect conflicts for quota group operations + - cmd/snap/quotas: adjust help texts for quota commands + - many/quotas: little adjustments + - tests: add spread test for classic snaps content slots + - o/snapstate: fix check-rerefresh task summary when refresh control + is used + - many: use changes + tasks for quota group operations + - tests: fix test snap-quota-groups when checking file + cgroupProcsFile + - asserts: introduce ExternalKeypairManager + - o/ifacestate: do not visit same halt tasks in waitChainSearch to + avoid cycles + - tests/lib/store.sh: fix make_snap_installable_with_id() + - overlord/devicestate, overlord/assertstate: use a temporary DB + when creating recovery systems + - corecfg: allow using `# snapd-edit: no` header to disable pi- + config# snapd-edit: no + - tests/main/interfaces-ssh-keys: tweak checks for openSUSE + Tumbleweed + - cmd/snap: prevent cycles in waitChainSearch with snap debug state + - o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for + marking self as affecting + - tests: new parameter used by retry tool to set env vars + - tests: support parameters for match-log on journal-state tool + - configcore: ignore system.pi-config.* setting on measured kernels + - sandbox/cgroup: support freezing groups with unified + hierarchy + - tests: fix preseed test to used core20 snap on latest systems + - testutil: introduce a checker which compares the type after having + passed them through a JSON marshaller + - store: tweak error message when store.Sections() download fails + - o/servicestate: stop setting DoneStatus prematurely for quota- + control + - cmd/libsnap-confine-private: bump max depth of groups hierarchy to + 32 + - many: turn Contact into an accessor + - store: make the log with download size a debug one + - cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to + include search path" + - o/devicestate: move SystemMode method before first usage + - tests: skip tests when the sections cannot be retrieved + - boot: support resealing with a try model + - o/hookstate: dedicated handler for gate-auto-refresh hook + - tests: make sure the /root/snap dir is backed up on test snap- + user-dir-perms-fixed + - cmd/snap-confine: make mount ns use check cgroup v2 compatible + - snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set + - cmd/libsnap-confine-private/cgroup-support.c: Fix typo + - cmd/snap-confine, cmd/snapd-generator: fix issues identified by + sparse + - o/snapstate: make conditional-auto-refresh conflict with other + tasks via affected snaps + - many: pass device/model info to configcore via sysconfig.Device + interface + - o/hookstate: return bool flag from Error function of hook handler + to ignore hook errors + - cmd/snap-update-ns: add SRCDIR to include search path + - tests: fix for tests/main/lxd-mount-units test and enable + ubuntu-21.04 + - overlord, o/devicestate: use a single test helper for resetting to + a post boot state + - HACKING.md: update instructions for go1.16+ + - tests: fix restore for security-dev-input-event-denied test + - o/servicestate: move SetStatus to doQuotaControl + - tests: fix classic-prepare-image test + - o/snapstate: prune gating information and refresh-candidates on + snap removal + - o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add + mock helper + - cmd: a bunch of tweaks and updates + - o/servicestate: refactor meter handling, eliminate some common + parameters + - o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed + syntax. + - o/snapstate: prune refresh candidates in check-rerefresh + - osutil: pass --extrausers option to groupdel + - o/snapstate: remove refreshed snap from snaps-hold in + snapstate.doInstall + - tests/nested: add spread test for uc20 cloud.conf from gadgets + - boot: drop model from resealing and boostate + - o/servicestate, snap/quota: eliminate workaround for buggy + systemds, add spread test + - o/servicestate: introduce internal and servicestatetest + - o/servicestate/quota_control.go: enforce minimum of 4K for quota + groups + - overlord/servicestate: avoid unnecessary computation of disabled + services + - o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately + from snapctl + - o/snapstate: prune hold state during autoRefreshPhase1 + - wrappers/services.go: do not restart disabled or inactive + services + - sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed + config + - spread: switch LXD back to latest/candidate channel + - interfaces/opengl: add support for Imagination PowerVR + - boot: decouple model from seal/reseal handling via an auxiliary + type + - spread, tests/main/lxd: no longer manual, switch to latest/stable + - github: try out golangci-lint + - tests: set lxd test to manual until failures are fixed + - tests: connect 30% of the interfaces on test interfaces-many-core- + provided + - packaging/debian-sid: update snap-seccomp patches for latest + master + - many: fix imports order (according to gci) + - o/snapstate: consider held snaps in autoRefreshPhase2 + - o/snapstate: unlock the state before calling backend in + undoStartSnapServices + - tests: replace "not MATCH" by NOMATCH in tests + - README.md: refer to new IRC server + - cmd/snap-preseed: provide more error info if snap-preseed fails + early on mount + - daemon: add a Daemon argument to AccessChecker.CheckAccess + - c/snap-bootstrap: add bind option with tests + - interfaces/builtin/netlink_driver_test.go: add test snippet + - overlord/devicestate: set up recovery system tasks when attempting + a remodel + - osutil,strutil,testutil: fix imports order (according to gci) + - release: merge 2.51.1 changelog + - cmd: fix imports order (according to gci) + - tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control + interface + - o/servicestate: move handlers tests to quota_handlers_test.go file + instead + - interfaces: add netlink-driver interface + - interfaces: remove leftover debug print + - systemd: refactor property parsers for int values in + CurrentTasksCount, etc. + - tests: fix debug section for postrm-purge test + - tests/many: change all cloud-init passwords for ubuntu to use + plain_test_passwd + - asserts,interfaces,snap: fix imports order (according to gci) + - o/servicestate/quota_control_test.go: test the handlers directly + - tests: fix issue when checking the udev tag on test security- + device-cgroups + - many: introduce Store.SnapExists and use it in + /v2/accessories/themes + - o/snapstate: update LastRefreshTime in doLinkSnap handler + - o/hookstate: handle snapctl refresh --proceed and --hold + - boot: fix model inconsistency check in modeenv, extend unit tests + - overlord/servicestate: improve test robustness with locking + - tests: first part of the cleanup + - tests: new note in HACKING file to clarify about + yamlordereddictloader dependency + - daemon: make CheckAccess return an apiError + - overlord: fix imports ordering (according to gci) + - o/servicestate: add quotastate handlers + - boot: track model's sign key ID, prepare infra for tracking + candidate model + - daemon: have apiBaseSuite.errorReq return *apiError directly + - o/servicestate/service_control.go: add comment about + ExplicitServices + - interfaces: builtin: add dm-crypt interface to support external + storage encryption + - daemon: split out error response code from response*.go to + errors*.go + - interfaces/dsp: fix typo in udev rule + - daemon,o/devicestate: have DeviceManager.SystemMode take an + expectation on the system + - o/snapstate: add helpers for setting and querying holding time for + snaps + - many: fix quota groups for centos 7, amazon linux 2 w/ workaround + for buggy systemd + - overlord/servicestate: mv ensureSnapServicesForGroup to new file + - overlord/snapstate: lock the mutex before returning from stop snap + services undo + - daemon: drop resp completely in favor of using respJSON + consistently + - overlord/devicestate: support for snap downloads in recovery + system handlers + - daemon: introduce a separate findResponse, simplify SyncRespone + and drop Meta + - overlord/snapstate, overlord/devicestate: exclusive change + conflict check + - wrappers, packaging, snap-mgmt: handle removing slices on purge + too + - services: remember if acting on the entire snap + - store: extend context and action objects of SnapAction with + validation-sets + - o/snapstate: refresh control - autorefresh phase2 + - cmd/snap/quota: refactor quota CLI as per new design + - interfaces: opengl: change path for Xilinx zocl driver + - tests: update spread images for ubuntu-core-20 and ubuntu-21.04 + - o/servicestate/quota_control_test.go: change helper escaping + - o/configstate/configcore: support snap set system swap.size=... + - o/devicestate: require serial assertion before remodeling can be + started + - systemd: improve systemctl error reporting + - tests/core/remodel: use model assertions signed with valid keys + - daemon: use apiError for more of the code + - store: fix typo in snapActionResult struct json tag + - userd: mock `systemd --version` in privilegedDesktopLauncherSuite + - packaging/fedora: sync with downstream packaging + - daemon/api_quotas.go: include current memory usage information in + results + - daemon: introduce StructuredResponse and apiError + - o/patch: check if we have snapd snap with correct snap type + already in snapstate + - tests/main/snapd-snap: build the snapd snap on all platforms with + lxd + - tests: new commands for snaps-state tool + - tests/main/snap-quota-groups: add functional spread test for quota + groups + - interfaces/dsp: add /dev/cavalry into dsp interface + - cmd/snap/cmd_info_test.go: make test robust against TZ changes + - tests: moving to tests directories snaps built locally - part 2 + - usersession/userd: fix unit tests on systems using /var/lib/snapd + - sandbox/cgroup: wait for pid to be moved to the desired cgroup + - tests: fix snap-user-dir-perms-fixed vs format checks + - interfaces/desktop-launch: support confined snaps launching other + snaps + - features: enable dbus-activation by default + - usersession/autostart: change ~/snap perms to 0700 on startup + - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid + - tests: new test static checker + - release-tool/changelog.py: misc fixes from real world usage + - release-tools/changelog.py: add function to generate github + release template + - spread, tests: Fedora 32 is EOL, drop it + - o/snapstate: bump max postponement from 60 to 95 days + - interfaces/apparmor: limit the number of jobs when running with a + single CPU + - packaging/fedora/snapd.spec: correct date format in changelog + - packaging: merge 2.51 changelog back to master + - packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs, + placeholder for 2.51 + - interfaces: allow read access to /proc/tty/drivers to modem- + manager and ppp/dev/tty + + -- Ian Johnson Fri, 03 Sep 2021 16:06:15 -0500 + +snapd (2.51.7-2) unstable; urgency=medium + + * debian: cherry-pick PR#10745 + - cherry pick https://github.com/snapcore/snapd/pull/10745 + (closes: #993783) + * debian/control: + - build with go-1.15 for now until snapd-2.52 is released + which fully supports go.mod + + -- Michael Vogt Tue, 07 Sep 2021 13:53:22 +0200 + +snapd (2.51.7-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp + v2.2.0-428-g5c22d4b1 + - tests: cherry-pick shellcheck fix `bd730fd4` + - interfaces/dsp: add /dev/ambad into dsp interface + - many: shellcheck fixes + - snapstate: abort kernel refresh if no gadget update can be found + - overlord: add manager test for "assumes" checking + - store: deal correctly with "assumes" from the store raw yaml + + -- Michael Vogt Wed, 01 Sep 2021 13:32:06 +0200 + +snapd (2.51.6-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - secboot: use half the mem for KDF in AddRecoveryKey + - secboot: switch main key KDF memory cost to 32KB + + -- Ian Johnson Thu, 19 Aug 2021 15:49:47 -0500 + +snapd (2.51.5-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - snap/squashfs: handle squashfs-tools 4.5+ + - tests/core20-install-device-file-install-via-hook-hack: adjust + test for 2.51 + - o/devicestate/handlers_install.go: add workaround to create dirs + for install + - tests: fix linter warning + - tests: update other spread tests for new behaviour + - tests: ack assertions by default, add --noack option + - release-tools/changelog.py: also fix opensuse changelog date + format + - release-tools/changelog.py: fix typo in function name + - release-tools/changelog.py: fix fedora date format + - release-tools/changelog.py: handle case where we don't have a TZ + - release-tools/changelog.py: fix line length check + - release-tools/changelog.py: specify the LP bug for the release as + an arg too + - interface/modem-manager: add support for MBIM/QMI proxy + clients + - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd + snap + + -- Ian Johnson Mon, 16 Aug 2021 15:02:40 -0500 + +snapd (2.51.4-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - {device,snap}state: skip kernel extraction in seeding + - vendor: move to snapshot-4c814e1 branch and set fixed KDF options + - tests/interfaces/tee: fix HasLen check for udev snippets + - interfaces/tee: add support for Qualcomm qseecom device node + - gadget: check for system-save with multi volumes if encrypting + correctly + - gadget: drive-by: drop unnecessary/supported passthrough in test + gadget.yaml + + -- Ian Johnson Mon, 09 Aug 2021 18:56:18 -0500 + +snapd (2.51.3-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - interfaces/builtin: add sd-control interface + - store: set ResponseHeaderTimeout on the default transport + + -- Ian Johnson Wed, 14 Jul 2021 15:26:54 -0500 + +snapd (2.51.2-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - snapstate: remove temporary snap file for local revisions early + - interface: allows reading sd cards internal info from block- + devices interface + - o/ifacestate: do not visit same halt tasks in waitChainSearch to + avoid slow convergence (or unlikely cycles) + - corecfg: allow using `# snapd-edit: no` header to disable pi- + config + - configcore: ignore system.pi-config.* setting on measured kernels + - many: pass device/model info to configcore via sysconfig.Device + interface + - o/configstate/configcore: support snap set system swap.size=... + - store: make the log with download size a debug one + - interfaces/opengl: add support for Imagination PowerVR + + -- Michael Vogt Wed, 07 Jul 2021 15:35:46 +0200 + +snapd (2.51.1-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - interfaces: add netlink-driver interface + - interfaces: builtin: add dm-crypt interface to support external + storage encryption + - interfaces/dsp: fix typo in udev rule + - overlord/snapstate: lock the mutex before returning from stop + snap services undo + - interfaces: opengl: change path for Xilinx zocl driver + - interfaces/dsp: add /dev/cavalry into dsp interface + - packaging/fedora/snapd.spec: correct date format in changelog + + -- Michael Vogt Tue, 15 Jun 2021 12:45:08 +0200 + +snapd (2.51-1) unstable; urgency=medium + + * New upstream release, LP: #1929842 + - cmd/snap: stacktraces debug endpoint + - secboot: deactivate volume again when model checker fails + - store: extra log message, a few minor cleanups + - packaging/debian-sid: update systemd patch + - snapstate: adjust update-gadget-assets user visible message + - tests/nested/core/core20-create-recovery: verify that recovery + system can be created at runtime + - gadget: support creating vfat partitions during bootstrap + - daemon/api_quotas.go: support updating quotas with ensure action + - daemon: tighten access to a couple of POST endpoints that should + be really be root-only + - seed/seedtest, overlord/devicestate: move seed validation helper + to seedtest + - overlord/hookstate/ctlcmd: remove unneeded parameter + - snap/quota: add CurrentMemoryUsage for current memory usage of a + quota group + - systemd: add CurrentMemoryUsage to get current memory usage for a + unit + - o/snapstate: introduce minimalInstallInfo interface + - o/hookstate: print pending info (ready, inhibited or none) + - osutil: a helper to find out the total amount of memory in the + system + - overlord, overlord/devicestate: allow for reloading modeenv in + devicemgr when testing + - daemon: refine access testing + - spread: disable unattended-upgrades on debian + - tests/lib/reset: make nc exit after a while when connection is + idle + - daemon: replace access control flags on commands with access + checkers + - release-tools/changelog.py: refactor regexp + file reading/writing + - packaging/debian-sid: update locale patch for the latest master + - overlord/devicestate: tasks for creating recovery systems at + runtime + - release-tools/changelog.py: implement script to update all the + changelog files + - tests: change machine type used for nested testsPrices: + - cmd/snap: include locale when linting description being lower case + - o/servicestate: add RemoveSnapFromQuota + - interfaces/serial-port: add Qualcomm serial port devices to + allowed list + - packaging: merge 2.50.1 changelog back + - interfaces/builtin: introduce raw-input interface + - tests: remove tests.cleanup prepare from nested test + - cmd/snap-update-ns: fix linter errors + - asserts: fix errors reported by linter + - o/hookstate/ctlcmd: allow system-mode for non-root + - overlord/devicestate: comment why explicit system mode check is + needed in ensuring tried recovery systems (#10275) + - overlord/devicesate: observe snap writes when creating recovery + systems + - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 + - tests: moving to tests directories snaps built locally - part 1 + - seed/seedwriter: fail early when system seed directory exists + - o/snapstate: autorefresh phase1 for refresh-control + - c/snap: more precise message for ErrorKindSystemRestart op != + reboot + - tests: simplify the tests.cleanup tool + - boot: helpers for manipulating current and good recovery systems + list + - o/hookstate, o/snapstate: print revision, version, channel with + snapctl --pending + - overlord: unit test tweaks, use well known snap IDs, setup snap + declarations for most common snaps + - tests/nested/manual: add test for install-device + snapctl reboot + - o/servicestate: restart slices + services on modifications + - tests: update mount-ns test to support changes in the distro + - interfaces: fix linter issues + - overlord: mock logger in managers unit tests + - tests: adding support for fedora-34 + - tests: adding support for debian 10 on gce + - boot: reseal given keys when the respective boot chain has changed + - secboot: switch encryption key size to 32 byte (thanks to Chris) + - interfaces/dbus: allow claiming 'well-known' D-Bus names with a + wildcard suffix + - spread: bump delta reference version + - interfaces: builtin: update permitted paths to be compatible with + UC20 + - overlord: fix errors reported by linter + - tests: remove old fedora systems from tests + - tests: update spread url + - interfaces/camera: allow devices in /sys/devices/platform/**/usb* + - interfaces/udisks2: Allow access to the login manager via dbus + - cmd/snap: exit normally if "snap changes" has no changes + (LP #1823974) + - tests: more fixes for spread suite on openSUSE + - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed + - daemon: fix linter errors + - spread: add Fedora 34, leave a TODO about dropping Fedora 32 + - interfaces: fix linter errors + - tests: use op.paths tools instead of dirs.sh helper - part 2 + - client: Fix linter errors + - cmd/snap: Fix errors reported by linter + - cmd/snap-repair: fix linter issues + - cmd/snap-bootstrap: Fix linter errors + - tests: update permission denied message for test-snapd-event on + ubuntu 2104 + - cmd/snap: small tweaks based on previous reviews + - snap/snaptest: helper that mocks both the squashfs file and a snap + directory + - overlord/devicestate: tweak comment about creating recovery + systems, formatting tweaks + - overlord/devicestate: move devicemgr base suite helpers closer to + test suite struct + - overlord/devicestate: keep track of tried recovery system + - seed/seedwriter: clarify in the diagram when SetInfo is called + - overlord/devicestate: add helper for creating recovery systems at + runtime + - snap-seccomp: update syscalls.go list + - boot,image: support image.Customizations.BootFlags + - overlord: support snapctl --halt|--poweroff in gadget install- + device + - features,servicestate: add experimental.quota-groups flag + - o/servicestate: address comments from previous PR + - tests: basic spread test for snap quota commands + - tests: moving the snaps which are not locally built to the store + directory + - image,c/snap: implement prepare-image --customize + - daemon: implement REST API for quota groups (create / list / get) + - cmd/snap, client: snap quotas command + - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods + and snapctl system-mode + - o/servicestate/quota_control.go: introduce (very) basic group + manipulation methods + - cmd/snap, client: snap remove-quota command + - wrappers, quota: implement quota groups slice generation + - snap/quotas: followups from previous PR + - cmd/snap: introduce 'snap quota' command + - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in + uc20 run mode + - o/servicestate: test has internal ordering issues, consider both + cases + - o/servicestate/quotas: add functions for getting and setting + quotas in state + - tests: new buckets for snapd-spread project on gce + - spread.yaml: update the gce project to start using snapd-spread + - quota: new package for managing resource groups + - many: bind and check keys against models when using FDE hooks v2 + - many: move responsibilities down seboot -> kernel/fde and boot -> + secboot + - packaging: add placeholder changelog + - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap + bug + - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu + Core system + - many: hide EncryptionKey size and refactors for fde hook v2 next + steps + - tests: adding debug info for create user tests + - o/hookstate: add "refresh" command to snapctl (hidden, not + complete yet) + - systemd: wait for zfs mounts (LP #1922293) + - testutil: support referencing files in FileEquals checker + - many: refactor to kernel/fde and allow `fde-setup initial-setup` + to return json + - o/snapstate: store refresh-candidates in the state + - o/snapstate: helper for creating gate-auto-refresh hooks + - bootloader/bootloadertest: provide interface implementation as + mixins, provide a mock for recovery-aware-trusted-asses bootloader + - tests/lib/nested: do not compress images, return early when + restored from pristine image + - boot: split out a helper for making recovery system bootable + - tests: update os.query check to match new bullseye codename used + on sid images + - o/snapstate: helper for getting snaps affected by refresh, define + new hook + - wrappers: support in EnsureSnapServices a callback to observe + changes (#10176) + - gadget: multi line support in gadget's cmdline file + - daemon: test that requesting restart from (early) Ensure works + - tests: use op.paths tools instead of dirs.sh helper - part 1 + - tests: add new command to snaps-state to get current core, kernel + and gadget + - boot, gadget: move opening the snap container into the gadget + helper + - tests, overlord: extend unit tests, extend spread tests to cover + full command line support + - interfaces/builtin: introduce dsp interface + - boot, bootloader, bootloader/assets: support for full command line + override from gadget + - overlord/devicestate, overlord/snapstate: add task for updating + kernel command lines from gadget + - o/snapstate: remove unused DeviceCtx argument of + ensureInstallPreconditions + - tests/lib/nested: proper status return for tpm/secure boot checks + - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars + - wrappers/services.go: refactor helper lambda function to separate + function + - boot/flags.go: add HostUbuntuDataForMode + - boot: handle updating of components that contribute to kernel + command line + - tests: add 20.04 to systems for nested/core + - daemon: add new accessChecker implementations + - boot, overlord/devicestate: consider gadget command lines when + updating boot config + - tests: fix prepare-image-grub-core18 for arm devices + - tests: fix gadget-kernel-refs-update-pc test on arm and when + $TRUST_TEST_KEY is false + - tests: enable help test for all the systems + - boot: set extra command line arguments when preparing run mode + - boot: load bits of kernel command line from gadget snaps + - tests: update layout for tests - part 2 + - tests: update layout for tests - part 1 + - tests: remove the snap profiler from the test suite + - boot: drop gadget snap yaml which is already defined elsewhere in + the tests + - boot: set extra kernel command line arguments when making a + recovery system bootable + - boot: pass gadget path to command line helpers, load gadget from + seed + - tests: new os.paths tool + - daemon: make ucrednetGet() return a *ucrednet structure + - boot: derive boot variables for kernel command lines + - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from + initramfs + + -- Ian Johnson Thu, 27 May 2021 11:15:20 -0500 + +snapd (2.50.1-1) unstable; urgency=medium + + * New upstream release, LP: #1926005 + - interfaces: update permitted /lib/.. paths to be compatible with + UC20 + - interfaces: builtin: update permitted paths to be compatible with + UC20 + - interfaces/greengrass-support: delete white spaces at the end of + lines + - snap-seccomp: update syscalls.go list + - many: backport kernel command line for 2.50 + - interfaces/dbus: allow claiming 'well-known' D-Bus names with a + wildcard suffix + - interfaces/camera: allow devices in /sys/devices/platform/**/usb* + - interfaces/builtin: introduce dsp interface + + -- Ian Johnson Wed, 19 May 2021 10:46:02 -0500 + +snapd (2.50-1) unstable; urgency=medium + + * New upstream release, LP: #1926005 + - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu + Core system + - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug + - o/servicestate/servicemgr.go: add ensure loop for snap service + units + - wrappers/services.go: introduce EnsureSnapServices() + - snapstate: add "kernel-assets" to featureSet + - systemd: wait for zfs mounts + - overlord: make servicestate responsible to compute + SnapServiceOptions + - boot,tests: move where we write boot-flags one level up + - o/configstate: don't pass --root=/ when + masking/unmasking/enabling/disabling services + - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to + /run + - gadget: be more flexible with kernel content resolving + - boot, cmd/snap: include extra cmdline args in debug boot-vars + output + - boot: support read/writing boot-flags from userspace/initramfs + - interfaces/pwm: add PWM interface + - tests/lib/prepare-restore.sh: clean out snapd changes and snaps + before purging + - systemd: enrich UnitStatus returned by systemd.Status() with + Installed flag + - tests: updated restore phase of spread tests - part 1 + - gadget: add support for kernel command line provided by the gadget + - tests: Using GO111MODULE: "off" in spread.yaml + - features: add gate-auto-refresh-hook feature flag + - spread: ignore linux kernel upgrade in early stages for arch + preparation + - tests: use snaps-state commands and remove them from the snaps + helper + - o/configstate: fix panic with a sequence of config unset ops over + same path + - api: provide meaningful error message on connect/disconnect for + non-installed snap + - interfaces/u2f-devices: add HyperFIDO Pro + - tests: add simple sanity check for systemctl show + --property=UnitFileState for unknown service + - tests: use tests.session tool on interfaces-desktop-document- + portal test + - wrappers: install D-Bus service activation files for snapd session + tools on core + - many: add x-gvfs-hide option to mount units + - interfaces/builtin/gpio_test.go: actually test the generated gpio + apparmor + - spread: tentative workaround for arch failure caused by libc + upgrade and cgroups v2 + - tests: add spread test for snap validate against store assertions + - tests: remove snaps which are not used in any test + - ci: set the accept-existing-contributors parameter for the cla- + check action + - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and + some apiBaseSuite cosmetics) + - o/devicestate/devicemgr: register install-device hook, run if + present in install + - o/configstate/configcore: simple refactors in preparation for new + function + - tests: unifying the core20 nested suite with the core nested suite + - tests: uboot-unpacked-assets updated to reflect the real path used + to find the kernel + - daemon: switch api_test.go to daemon_test and various other + cleanups + - o/configstate/configcore/picfg.go: add hdmi_cvt support + - interfaces/apparmor: followup cleanups, comments and tweaks + - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 + - overlord/snapstate: skip catalog refresh when snappy testing is + enabled + - overlord/snapstate, overlord/ifacestate: move late security + profile removal to ifacestate + - snap-seccomp: fix seccomp test on ppc64el + - interfaces, interfaces/apparmor, overlord/snapstate: late removal + of snap-confine apparmor profiles + - cmd/snap-bootstrap/initramfs-mounts: move time forward using + assertion times + - tests: reset the system while preparing the test suite + - tests: fix snap-advise-command check for 429 + - gadget: policy for gadget/kernel refreshes + - o/configstate: deal with no longer valid refresh.timer=managed + - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 + - cla-check: Use has-signed-canonical-cla GitHub Action + - tests: validation sets spread test + - tests: simplify the reset.sh logic by removing not needed command + - overlord/snapstate: make sure that snapd current symlink is not + removed during refresh + - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 + - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data + is base64 + - o/devicestate: split off ensuring next boot goes to run mode into + new task + - tests: fix cgroup-tracking test + - boot: export helper for clearing tried system state, add tests + - cmd/snap: use less aggressive client timeouts in unit tests + - daemon: fix signing key validity timestamp in unit tests + - o/{device,hook}state: encode fde-setup-request key as base64 + string + - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ + - cmd/snap/pack: unhide the compression option + - boot: extend set try recovery system unit tests + - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use + secboot's implicit fallback + - o/configstate/configcore: add hdmi_timings to pi-config + - snapstate: reduce reRefreshRetryTimeout to 1/2 second + - interfaces/tee: add TEE/OPTEE interface + - o/snapstate: update validation sets assertions with auto-refresh + - vendor: update go-tpm2/secboot to latest version + - seed: ReadSystemEssentialAndBetterEarliestTime + - tests: replace while commands with the retry tool + - interfaces/builtin: update unit tests to use proper distro's + libexecdir + - tests: run the reset.sh helper and check test invariants while the + test is restored + - daemon: switch preexisting daemon_test tests to apiBaseSuite and + .req + - boot, o/devicestate: split makeBootable20 into two parts + - interfaces/docker-support: add autobind unix rules to docker- + support + - interfaces/apparmor: allow reading + /proc/sys/kernel/random/entropy_avail + - tests: use retry tool instead a loops + - tests/main/uc20-create-partitions: fix tests cleanup + - asserts: mode where Database only assumes cur time >= earliest + time + - daemon: validation sets/api tests cleanup + - tests: improve tests self documentation for nested test suite + - api: local assertion fallback when it's not in the store + - api: validation sets monitor mode + - tests: use fs-state tool in interfaces tests + - daemon: move out /v2/login|logout and errToResponse tests from + api_test.go + - boot: helper for inspecting the outcome of a recovery system try + - o/configstate, o/snapshotstate: fix handling of nil snap config on + snapshot restore + - tests: update documentation and checks for interfaces tests + - snap-seccomp: add new `close_range` syscall + - boot: revert #10009 + - gadget: remove `device-tree{,-origin}` from gadget tests + - boot: simplify systems test setup + - image: write resolved-content from snap prepare-image + - boot: reseal the run key for all recovery systems, but recovery + keys only for the good ones + - interfaces/builtin/network-setup-{control,observe}: allow using + netplan directly + - tests: improve sections prepare and restore - part 1 + - tests: update details on task.yaml files + - tests: revert os.query usage in spread.yaml + - boot: export bootAssetsMap as AssetsMap + - tests/lib/prepare: fix repacking of the UC20 kernel snap for with + ubuntu-core-initramfs 40 + - client: protect against reading too much data from stdin + - tests: improve tests documentation - part 2 + - boot: helper for setting up a try recover system + - tests: improve tests documentation - part 1 + - tests/unit/go: use tests.session wrapper for running tests as a + user + - tests: improvements for snap-seccomp-syscalls + - gadget: simplify filterUpdate (thanks to Maciej) + - tests/lib/prepare.sh: use /etc/group and friends from the core20 + snap + - tests: fix tumbleweed spread tests part 2 + - tests: use new commands of os.query tool on tests + - o/snapshotstate: create snapshots directory on import + - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list + - packaging: drop 99-snapd.conf via dpkg-maintscript-helper + - osutil: add SetTime() w/ 32-bit and 64-bit implementations + - interfaces/wayland: rm Xwayland Xauth file access from wayland + slot + - packaging/ubuntu-16.04/rules: turn modules off explicitly + - gadget,devicestate: perform kernel asset update for $kernel: style + refs + - cmd/recovery: small fix for `snap recovery` tab output + - bootloader/lkenv: add recovery systems related variables + - tests: fix new tumbleweed image + - boot: fix typo, should be systems + - o/devicestate: test that users.create.automatic is configured + early + - asserts: use Fetcher in AddSequenceToUpdate + - daemon,o/c/configcore: introduce users.create.automatic + - client, o/servicestate: expose enabled state of user daemons + - boot: helper for checking and marking tried recovery system status + from initramfs + - asserts: pool changes for validation-sets (#9930) + - daemon: move the last api_foo_test.go to daemon_test + - asserts: include the assertion timestamp in error message when + outside of signing key validity range + - ovelord/snapshotstate: keep a few of the last line tar prints + before failing + - gadget/many: rm, delay sector size + structure size checks to + runtime + - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors + - interfaces: add allegro-vcu and media-control interfaces + - interfaces: opengl: add Xilinx zocl bits + - mkversion: check that version from changelog is set before + overriding the output version + - many: fix new ineffassign warnings + - .github/workflows/labeler.yaml: try work-around to not sync + labels + - cmd/snap, boot: add debug set-boot-vars + - interfaces: allow reading the Xauthority file KDE Plasma writes + for Wayland sessions + - tests/main/snap-repair: test running repair assertion w/ fakestore + - tests: disable lxd tests for 21.04 until the lxd images are + published for the system + - tests/regression/lp-1910456: cleanup the /snap symlink when done + - daemon: move single snap querying and ops to api_snaps.go + - tests: fix for preseed and dbus tests on 21.04 + - overlord/snapshotstate: include the last message printed by tar in + the error + - interfaces/system-observe: Allow reading /proc/zoneinfo + - interfaces: remove apparmor downgrade feature + - snap: fix unit tests on Go 1.16 + - spread: disable Go modules support in environment + - tests: use new path to find kernel.img in uc20 for arm devices + - tests: find files before using cat command when checking broadcom- + asic-control interface + - boot: introduce good recovery systems, provide compatibility + handling + - overlord: add manager gadget refresh test + - tests/lib/fakestore: support repair assertions too + - github: temporarily disable action labeler due to issues with + labels being removed + - o/devicestate,many: introduce DeviceManager.preloadGadget for + EarlyConfig + - tests: enable ubuntu 21.04 for spread tests + - snap: provide a useful error message if gdbserver is not installed + - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 + - tests/lib/prepare.sh: split reflash.sh into two parts + - packaging/opensuse: sync with openSUSE packaging + - packaging: disable Go modules in snapd.mk + - snap: add deprecation noticed to "snap run --gdb" + - daemon: add API for checking and installing available theme snaps + - tests: using labeler action to add automatically a label to run + nested tests + - gadget: improve error handling around resolving content sources + - asserts: repeat the authority cross-check in CheckSignature as + well + - interfaces/seccomp/template.go: allow copy_file_range + - o/snapstate/check_snap.go: add support for many subversions in + assumes snapdX.. + - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go + - wrappers: use proper paths for mocked mount units in tests + - snap: rename gdbserver option to `snap run --gdbserver` + - store: support validation sets with fetch-assertions action + - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky + - packaging/fedora: sync with downstream packaging in Fedora + - many: add Delegate=true to generated systemd units for special + interfaces (master) + - boot: use a common helper for mocking boot assets in cache + - api: validate snaps against validation set assert from the store + - wrappers: don't generate an [Install] section for timer or dbus + activated services + - tests/nested/core20/boot-config-update: skip when snapd was not + built with test features + - o/configstate,o/devicestate: introduce devicestate.EarlyConfig + implemented by configstate.EarlyConfig + - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name + - interfaces/builtin: mock distribution in fontconfig cache unit + tests + - tests/lib/prepare.sh: add another console= to the reflash magic + grub entry + - overlord/servicestate: expose dbus activators of a service + - desktop/notification: test against a real session bus and + notification server implementation + - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for + recover+install + - HACKING.md: explain how to run UC20 spread tests with QEMU + - asserts: introduce AtSequence + - overlord/devicestate: task for updating boot configs, spread test + - gadget: fix documentation/typos + - gadget: cleanup MountedFilesystem{Writer,Updater} + - gadget: use ResolvedSource in MountedFilesystemWriter + - snap/info.go: add doc-comment for SortServices + - interfaces: add an optional mount-host-font-cache plug attribute + to the desktop interface + - osutil: skip TestReadBuildGo inside sbuild + - o/hookstate/ctlcmd: add optional --pid and --apparmor-label + arguments to "snapctl is-connected" + - data/env/snapd: use quoting in case PATH contains spaces + - boot: do not observe successful boot assets if not in run mode + - tests: fix umount for snapd snap on fsck-on-boot testumount: + /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount + - misc: little tweaks + - snap/info.go: ignore unknown daemons in SortSnapServices + - devicestate: keep log from install-mode on installed system + - seed: add LoadEssentialMeta to seed16 and allow all of its + implementations to be called multiple times + - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in + seeds + - tests/core/uc20-recovery: move recover mode helpers to generic + testslib script + - interfaces/fwupd: allow any distros to access fw files via fwupd + - store: method for fetching validation set assertion + - store: switch to v2/assertions api + - gadget: add new ResolvedContent and populate from LayoutVolume() + - spread: use full format when listing processes + - osutil/many: make all test pkgs osutil_test instead of "osutil" + - tests/unit/go: drop unused environment variables, skip coverage + - OpenGL interface: Support more Tegra libs + - gadget,overlord: pass kernelRoot to install.Run() + - tests: run unit tests in Focal instead of Xenial + - interfaces/browser-support: allow sched_setaffinity with browser- + sandbox: true + - daemon: move query /snaps/ tests to api_snaps_test.go + - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair + runner + - systemd/systemd.go: support journald JSON messages with arrays for + values + - cmd: make string/error code more robust against errno leaking + - github, run-checks: do not collect coverage data on subsequent + test runs + - boot: boot config update & reseal + - o/snapshotstate: handle conflicts between snapshot forget, export + and import + - osutil/stat.go: add RegularFileExists + - cmd/snapd-generator: don't create mount overrides for snap-try + snaps inside lxc + - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment + - tests: use 6 spread workers for centos8 + - bootloader/assets: support injecting bootloader assets in testing + builds of snapd + - gadget: enable multi-volume uc20 gadgets in + LaidOutSystemVolumeFromGadget; rename too + - overlord/devicestate, sysconfig: do nothing when cloud-init is not + present + - cmd/snap-repair: filter repair assertions based on bases + modes + - snap-confine: make host /etc/ssl available for snaps on classic + + -- Michael Vogt Sat, 24 Apr 2021 12:17:45 +0200 + +snapd (2.49.2-1) unstable; urgency=medium + + * New upstream release, LP: #1915248 + - interfaces/tee: add TEE/OPTEE interface + - o/configstate/configcore: add hdmi_timings to pi-config + - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 + - snap-seccomp: fix seccomp test on ppc64el + - interfaces{,/apparmor}, overlord/snapstate: + late removal of snap-confine apparmor profiles + - overlord/snapstate, wrappers: add dependency on usr-lib- + snapd.mount for services on core with snapd snap + - o/configstate: deal with no longer valid refresh.timer=managed + - overlord/snapstate: make sure that snapd current symlink is not + removed during refresh + - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ + - o/{device,hook}state: encode fde-setup-request key as base64 + - snapstate: reduce reRefreshRetryTimeout to 1/2 second + - tests/main/uc20-create-partitions: fix tests cleanup + - o/configstate, o/snapshotstate: fix handling of nil snap config on + snapshot restore + - snap-seccomp: add new `close_range` syscall + + -- Michael Vogt Fri, 26 Mar 2021 16:49:46 +0100 + +snapd (2.49.1-1) unstable; urgency=medium + + * New upstream release, LP: #1915248 + - tests: turn modules off explicitly in spread go unti test + - o/snapshotstate: create snapshots directory on import + - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors + - interfaces: add allegro-vcu and media-control interfaces + - interfaces: opengl: add Xilinx zocl bits + - many: fix new ineffassign warnings + - interfaces/seccomp/template.go: allow copy_file_range + - interfaces: allow reading the Xauthority file KDE Plasma writes + for Wayland sessions + - data/selinux: allow system dbus to watch + /var/lib/snapd/dbus-1 + - Remove apparmor downgrade feature + - Support tmp and log dirs on Yocto/Poky + + -- Michael Vogt Mon, 08 Mar 2021 10:47:05 +0100 + +snapd (2.49-1) unstable; urgency=medium + + * New upstream release, LP: #1915248 + - many: add Delegate=true to generated systemd units for special + interfaces + - cmd/snap-bootstrap: rename ModeenvFromModel to + EphemeralModeenvForModel + - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for + recover+install + - osutil: skip TestReadBuildGo inside sbuild + - tests: fix umount for snapd snap on fsck-on-boot test + - snap/info_test.go: add unit test cases for bug + - tests/main/services-after-before: add regression spread test + - snap/info.go: ignore unknown daemons in SortSnapServices + - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in + seeds + - OpenGL interface: Support more Tegra libs + - interfaces/browser-support: allow sched_setaffinity with browser- + sandbox: true + - cmd: make string/error code more robust against errno leaking + - o/snapshotstate: handle conflicts between snapshot forget, export + and import + - cmd/snapd-generator: don't create mount overrides for snap-try + snaps inside lxc + - tests: update test pkg for fedora and centos + - gadget: pass sector size in to mkfs family of functions, use to + select block sz + - o/snapshotstate: fix returning of snap names when duplicated + snapshot is detected + - tests/main/snap-network-errors: skip flushing dns cache on + centos-7 + - interfaces/builtin: Allow DBus property access on + org.freedesktop.Notifications + - cgroup-support.c: fix link to CGROUP DELEGATION + - osutil: update go-udev package + - packaging: fix arch-indep build on debian-sid + - {,sec}boot: pass "key-name" to the FDE hooks + - asserts: sort by revision with Sort interface + - gadget: add gadget.ResolveContentPaths() + - cmd/snap-repair: save base snap and mode in device info; other + misc cleanups + - tests: cleanup the run-checks script + - asserts: snapasserts method to validate installed snaps against + validation sets + - tests: normalize test tools - part 1 + - snapshotstate: detect duplicated snapshot imports + - interfaces/builtin: fix unit test expecting snap-device-helper at + /usr/lib/snapd + - tests: apply workaround done for snap-advise-command to apt-hooks + test + - tests: skip main part of snap-advise test if 429 error is + encountered + - many: clarify gadget role-usage consistency checks for UC16/18 vs + UC20 + - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable + broken tests on sid + - interfaces/builtin: more drive by fixes, import ordering, removing + dead code + - tests: skip interfaces-openvswitch spread test on debian sid + - interfaces/apparmor: drive by comment fix + - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree + usage + - cmd/libsnap-confine-private: make unit tests execute happily in a + container + - interfaces, wrappers: misc comment fixes, etc. + - asserts/repair.go: add "bases" and "modes" support to the repair + assertion + - interfaces/opengl: allow RPi MMAL video decoding + - snap: skip help output tests for go-flags v1.4.0 + - gadget: add validation for "$kernel:ref" style content + - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside + containers + - spdx: update to SPDX license list version: 3.11 2020-11-25 + - tests: improve hotplug test setup on classic + - tests: update check to verify is the current system is arm + - tests: use os-query tool to check debian, trusty and tumbleweed + - daemon: start moving implementation to api_snaps.go + - tests/main/snap-validate-basic: disable test on Fedora due to go- + flags panics + - tests: fix library path used for tests.pkgs + - tests/main/cohorts: replace yq with a Python snippet + - run-checks: update to match new argument syntax of ineffassign + - tests: use apiBaseSuite for snapshots tests, fix import endpoint + path + - many: separate consistency/content validation into + gadget.Validate|Content + - o/{device,snap}state: enable devmode snaps with dangerous model + assertions + secboot: add test for when systemd-run does not honor + RuntimeMaxSec + - secboot: add workaround for snapcore/core-initrd issue #13 + - devicestate: log checkEncryption errors via logger.Noticef + - o/daemon: validation sets api and basic spread test + - gadget: move BuildPartitionList to install and make it unexported + - tests: add nested spread end-to-end test for fde-hooks + - devicestate: implement checkFDEFeatures() + - boot: tweak resealing with fde-setup hooks + - tests: add os query commands for subsystems and architectures + - o/snapshotstate: don't set auto flag in the snapshot file + - tests: use os.query tool instead of comparing the system var + - testutil: use the original environment when calling shellcheck + - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- + init restrict file + - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and + instead set the implicit labels when loading the yaml + - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- + key + - gadget/quantity: introduce Offset, start using it for offset + related fields in the gadget + - gadget: use "sealed-keys" to determine what method to use for + reseal + - tests/main/fake-netplan-apply: disable test on xenial for now + - daemon: start splitting snaps op tests out of api_test.go + - testutil: make DBusTest use a custom bus configuration file + - tests: replace pkgdb.sh (library) with tests.pkgs (program) + - gadget: prepare gadget kernel refs (0/N) + - interfaces/builtin/docker-support: allow /run/containerd/s/... + - cmd/snap-preseed: reset run inhibit locks on --reset. + - boot: add sealKeyToModeenvUsingFdeSetupHook() + - daemon: reorg snap.go and split out sections and icons support + from api.go + - sandbox/seccomp: use snap-seccomp's stdout for getting version + info + - daemon: split find support to its own api_*.go files and move some + helpers + - tests: move snapstate config defaults tests to a separate file. + - bootloader/{lk,lkenv}: followups from #9695 + - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite + - gadget,o/devicestate: set implicit values for schema and role + directly instead of relying on Effective* accessors + - daemon: split aliases support to its own api_*.go files + - gadget: start separating rule/convention validation from basic + soundness + - cmd/snap-update-ns: add better unit test for overname sorting + - secboot: use `fde-reveal-key` if available to unseal key + - tests: fix lp-1899664 test when snapd_x1 is not installed in the + system + - tests: fix the scenario when the "$SRC".orig file does not exist + - cmd/snap-update-ns: fix sorting of overname mount entries wrt + other entries + - devicestate: add runFDESetupHook() helper + - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv + structs + - daemon: split unsupported buy implementation to its own api_*.go + files + - tests: download timeout spread test + - gadget,o/devicestate: hybrid 18->20 ready volume setups should be + valid + - o/devicestate: save model with serial in the device save db + - bootloader: add check for prepare-image time and more tests + validating options + - interfaces/builtin/log_observe.go: allow controlling apparmor + audit levels + - hookstate: refactor around EphemeralRunHook + - cmd/snap: implement 'snap validate' command + - secboot,devicestate: add scaffoling for "fde-reveal-key" support + - boot: observe successful command line update, provide a default + - tests: New queries for the os tools + - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" + as path+"bak" + - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk + iface + - daemon: split out snapctl support and snap configuration support + to their own api_*.go files + - snapshotstate: improve handling of multiple errors + - tests: sign new nested-18|20* models to allow for generic serials + - bootloader: remove installableBootloader interface and methods + - seed: cleanup/drop some no longer valid TODOS, clarify some other + points + - boot: set kernel command line in modeenv during install + - many: rename disks.FindMatching... to FindMatching...WithFsLabel + and err type + - cmd/snap: suppress a case of spurious stdout logging from tests + - hookstate: add new HookManager.EphemeralRunHook() + - daemon: move some more api tests from daemon to daemon_test + - daemon: split apps and logs endpoints to api_apps.go and tests + - interfaces/utf: Add Ledger to U2F devices + - seed/seedwriter: consider modes when checking for deps + availability + - o/devicestate,daemon: fix reboot system action to not require a + system label + - cmd/snap-repair,store: increase initial retry time intervals, + stalling TODOs + - daemon: split interfacesCmd to api_interfaces.go + - github: run nested suite when commit is pushed to release branch + - client: reduce again the /v2/system-info timeout + - tests: reset fakestore unit status + - update-pot: fix typo in plural keyword spec + - tests: remove workarounds that add "ubuntu-save" if missing + - tests: add unit test for auto-refresh with validate-snap failure + - osutil: add helper for getting the kernel command line + - tests/main/uc20-create-partitions: verify ubuntu-save encryption + keys, tweak not MATCH + - boot: add kernel command lines to the modeenv file + - spread: bump delta ref, tweak repacking to make smaller delta + archives + - bootloader/lkenv: add v2 struct + support using it + - snapshotstate: add cleanup of abandonded snapshot imports + - tests: fix uc20-create-parition-* tests for updated gadget + - daemon: split out /v2/interfaces tests to api_interfaces_test.go + - hookstate: implement snapctl fde-setup-{request,result} + - wrappers, o/devicestate: remove EnableSnapServices + - tests: enable nested on 20.10 + - daemon: simplify test helpers Get|PostReq into Req + - daemon: move general api to api_general*.go + - devicestate: make checkEncryption fde-setup hook aware + - client/snapctl, store: fix typos + - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files + before doing apt ops + - cmd/snap-bootstrap: update model cross-check considerations + - client,snapctl: add naive support for "stdin" + - many: add new "install-mode: disable" option + - osutil/disks: allow building on mac os + - data/selinux: update the policy to allow operations on non-tmpfs + /tmp + - boot: add helper for generating candidate kernel lines for + recovery system + - wrappers: generate D-Bus service activation files + - bootloader/many: rm ConfigFile, add Present for indicating + presence of bloader + - osutil/disks: allow mocking DiskFromDeviceName + - daemon: start cleaning up api tests + - packaging/arch: sync with AUR packaging + - bootloader: indicate when boot config was updated + - tests: Fix snap-debug-bootvars test to make it work on arm devices + and core18 + - tests/nested/manual/core20-save: verify handling of ubuntu-save + with different system variants + - snap: use the boot-base for kernel hooks + - devicestate: support "storage-safety" defaults during install + - bootloader/lkenv: mv v1 to separate file, + include/lk/snappy_boot_v1.h: little fixups + - interfaces/fpga: add fpga interface + - store: download timeout + - vendor: update secboot repo to avoid including secboot.test binary + - osutil: add KernelCommandLineKeyValue + - gadget/gadget.go: allow system-recovery-{image,select} as roles in + gadget.yaml + - devicestate: implement boot.HasFDESetupHook + - osutil/disks: add DiskFromName to get a disk using a udev name + - usersession/agent: have session agent connect to the D-Bus session + bus + - o/servicestate: preserve order of services on snap restart + - o/servicestate: unlock state before calling wrappers in + doServiceControl + - spread: disable unattended-upgrades on ubuntu + - tests: testing new fedora 33 image + - tests: fix fsck on boot on arm devices + - tests: skip boot state test on arm devices + - tests: updated the systems to run prepare-image-grub test + - interfaces/raw_usb: allow read access to /proc/tty/drivers + - tests: unmount /boot/efi in fsck-on-boot test + - strutil/shlex,osutil/udev/netlink: minimally import go-check + - tests: fix basic20 test on arm devices + - seed: make a shared seed system label validation helper + - tests/many: enable some uc20 tests, delete old unneeded tests or + TODOs + - boot/makebootable.go: set snapd_recovery_mode=install at image- + build time + - tests: migrate test from boot.sh helper to boot-state tool + - asserts: implement "storage-safety" in uc20 model assertion + - bootloader: use ForGadget when installing boot config + - spread: UC20 no longer needs 2GB of mem + - cmd/snap-confine: implement snap-device-helper internally + - bootloader/grub: replace old reference to Managed...Blr... with + Trusted...Blr... + - cmd/snap-bootstrap: add readme for snap-bootstrap + real state + diagram + - interfaces: fix greengrass attr namingThe flavor attribute names + are now as follows: + - tests/lib/nested: poke the API to get the snap revisions + - tests: compare options of mount units created by snapd and snapd- + generator + - o/snapstate,servicestate: use service-control task for service + actions + - sandbox: track applications unconditionally + - interfaces/greengrass-support: add additional "process" flavor for + 1.11 update + - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test + + -- Michael Vogt Wed, 10 Feb 2021 10:47:17 +0100 + +snapd (2.48.2-1) unstable; urgency=medium + + * New upstream release, LP: #1906690 + - tests: sign new nested-18|20* models to allow for generic serials + - secboot: add extra paranoia when waiting for that fde-reveal-key + - tests: backport netplan workarounds from #9785 + - secboot: add workaround for snapcore/core-initrd issue #13 + - devicestate: log checkEncryption errors via logger.Noticef + - tests: add nested spread end-to-end test for fde-hooks + - devicestate: implement checkFDEFeatures() + - boot: tweak resealing with fde-setup hooks + - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- + init restrict file + - secboot: add new LockSealedKeys() that uses either TPM or + fde-reveal-key + - gadget: use "sealed-keys" to determine what method to use for + reseal + - boot: add sealKeyToModeenvUsingFdeSetupHook() + - secboot: use `fde-reveal-key` if available to unseal key + - cmd/snap-update-ns: fix sorting of overname mount entries wrt + other entries + - o/devicestate: save model with serial in the device save db + - devicestate: add runFDESetupHook() helper + - secboot,devicestate: add scaffoling for "fde-reveal-key" support + - hookstate: add new HookManager.EphemeralRunHook() + - update-pot: fix typo in plural keyword spec + - store,cmd/snap-repair: increase initial expontential time + intervals + - o/devicestate,daemon: fix reboot system action to not require a + system label + - github: run nested suite when commit is pushed to release branch + - tests: reset fakestore unit status + - tests: fix uc20-create-parition-* tests for updated gadget + - hookstate: implement snapctl fde-setup-{request,result} + - devicestate: make checkEncryption fde-setup hook aware + - client,snapctl: add naive support for "stdin" + - devicestate: support "storage-safety" defaults during install + - snap: use the boot-base for kernel hooks + - vendor: update secboot repo to avoid including secboot.test binary + + -- Michael Vogt Tue, 15 Dec 2020 20:21:44 +0100 + +snapd (2.48.1-1) unstable; urgency=medium + + * New upstream release, LP: #1906690 + - gadget: disable ubuntu-boot role validation check + + -- Michael Vogt Thu, 03 Dec 2020 17:43:30 +0100 + +snapd (2.48-1) unstable; urgency=medium + + * New upstream release, LP: #1904098 + - osutil: add KernelCommandLineKeyValue + - devicestate: implement boot.HasFDESetupHook + - boot/makebootable.go: set snapd_recovery_mode=install at image- + build time + - bootloader: use ForGadget when installing boot config + - interfaces/raw_usb: allow read access to /proc/tty/drivers + - boot: add scaffolding for "fde-setup" hook support for sealing + - tests: fix basic20 test on arm devices + - seed: make a shared seed system label validation helper + - snap: add new "fde-setup" hooktype + - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test + - secboot,cmd/snap-bootstrap: fix degraded mode cases with better + device handling + - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some + messiness + - tests/nested/manual/refresh-revert-fundamentals: temporarily + disable secure boot + - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all + boot modes + - many: address degraded recover mode feedback, cleanups + - tests: Use systemd-run on tests part2 + - tests: set the opensuse tumbleweed system as manual in spread.yaml + - secboot: call BlockPCRProtectionPolicies even if the TPM is + disabled + - vendor: update to current secboot + - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and + save + - spread.yaml: increase number of workers on 20.10 + - snap: add new `snap recovery --show-keys` option + - tests: minor test tweaks suggested in the review of 9607 + - snapd-generator: set standard snapfuse options when generating + units for containers + - tests: enable lxd test on ubuntu-core-20 and 16.04-32 + - interfaces: share /tmp/.X11-unix/ from host or provider + - tests: enable main lxd test on 20.10 + - cmd/s-b/initramfs-mounts: refactor recover mode to implement + degraded mode + - gadget/install: add progress logging + - packaging: keep secboot/encrypt_dummy.go in debian + - interfaces/udev: use distro specific path to snap-device-helper + - o/devistate: fix chaining of tasks related to regular snaps when + preseeding + - gadget, overlord/devicestate: validate that system supports + encrypted data before install + - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core + ESP layout + - many: add /v2/system-recovery-keys API and client + - secboot, many: return UnlockMethod from Unlock* methods for future + usage + - many: mv keys to ubuntu-boot, move model file, rename keyring + prefix for secboot + - tests: using systemd-run instead of manually create a systemd unit + - part 1 + - secboot, cmd/snap-bootstrap: enable or disable activation with + recovery key + - secboot: refactor Unlock...IfEncrypted to take keyfile + check + disks first + - secboot: add LockTPMSealedKeys() to lock access to keys + independently + - gadget: correct sfdisk arguments + - bootloader/assets/grub: adjust fwsetup menuentry label + - tests: new boot state tool + - spread: use the official image for Ubuntu 20.10, no longer an + unstable system + - tests/lib/nested: enable snapd logging to console for core18 + - osutil/disks: re-implement partition searching for disk w/ non- + adjacent parts + - tests: using the nested-state tool in nested tests + - many: seal a fallback object to the recovery boot chain + - gadget, gadget/install: move helpers to install package, refactor + unit tests + - dirs: add "gentoo" to altDirDistros + - update-pot: include file locations in translation template, and + extract strings from desktop files + - gadget/many: drop usage of gpt attr 59 for indicating creation of + partitions + - gadget/quantity: tweak test name + - snap: fix failing unittest for quantity.FormatDuration() + - gadget/quantity: introduce a new package that captures quantities + - o/devicestate,a/sysdb: make a backup of the device serial to save + - tests: fix rare interaction of tests.session and specific tests + - features: enable classic-preserves-xdg-runtime-dir + - tests/nested/core20/save: check the bind mount and size bump + - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 + - tests: rename hasHooks to hasInterfaceHooks in the ifacestate + tests + - o/devicestate: unit test tweaks + - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save + - testutil, cmd/snap/version: fix misc little errors + - overlord/devicestate: bind mount ubuntu-save under + /var/lib/snapd/save on startup + - gadget/internal: tune ext4 setting for smaller filesystems + - tests/nested/core20/save: a test that verifies ubuntu-save is + present and set up + - tests: update google sru backend to support groovy + - o/ifacestate: handle interface hooks when preseeding + - tests: re-enable the apt hooks test + - interfaces,snap: use correct type: {os,snapd} for test data + - secboot: set metadata and keyslots sizes when formatting LUKS2 + volumes + - tests: improve uc20-create-partitions-reinstall test + - client, daemon, cmd/snap: cleanups from #9489 + more unit tests + - cmd/snap-bootstrap: mount ubuntu-save during boot if present + - secboot: fix doc comment on helper for unlocking volume with key + - tests: add spread test for refreshing from an old snapd and core18 + - o/snapstate: generate snapd snap wrappers again after restart on + refresh + - secboot: version bump, unlock volume with key + - tests/snap-advise-command: re-enable test + - cmd/snap, snapmgr, tests: cleanups after #9418 + - interfaces: deny connected x11 plugs access to ICE + - daemon,client: write and read a maintenance.json file for when + snapd is shut down + - many: update to secboot v1 (part 1) + - osutil/disks/mockdisk: panic if same mountpoint shows up again + with diff opts + - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the + reseal tests + - many: implement snap routine console-conf-start for synchronizing + auto-refreshes + - dirs, boot: add ubuntu-save directories and related locations + - usersession: fix typo in test name + - overlord/snapstate: refactor ihibitRefresh + - overlord/snapstate: stop warning about inhibited refreshes + - cmd/snap: do not hardcode snapshot age value + - overlord,usersession: initial notifications of pending refreshes + - tests: add a unit test for UpdateMany where a single snap fails + - o/snapstate/catalogrefresh.go: don't refresh catalog in install + mode uc20 + - tests: also check snapst.Current in undo-unlink tests + - tests: new nested tool + - o/snapstate: implement undo handler for unlink-snap + - tests: clean systems.sh helper and migrate last set of tests + - tests: moving the lib section from systems.sh helper to os.query + tool + - tests/uc20-create-partitions: don't check for grub.cfg + - packaging: make sure that static binaries are indeed static, fix + openSUSE + - many: have install return encryption keys for data and save, + improve tests + - overlord: add link participant for linkage transitions + - tests: lxd smoke test + - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- + seed too + - tests: moving main suite from systems.sh to os.query tool + - tests: moving the core test suite from systems.sh to os.query tool + - cmd/snap-confine: mask host's apparmor config + - o/snapstate: move setting updated SnapState after error paths + - tests: add value to INSTANCE_KEY/regular + - spread, tests: tweaks for openSUSE + - cmd/snap-confine: update path to snap-device-helper in AppArmor + profile + - tests: new os.query tool + - overlord/snapshotstate/backend: specify tar format for snapshots + - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested + UC20 + - client,daemon,snap: auto-import does not error on managed devices + - interfaces: PTP hardware clock interface + - tests: use tests.backup tool + - many: verify that unit tests work with nosecboot tag and without + secboot package + - wrappers: do not error out on read-only /etc/dbus-1/session.d + filesystem on core18 + - snapshots: import of a snapshot set + - tests: more output for sbuild test + - o/snapstate: re-order remove tasks for individual snap revisions + to remove current last + - boot: skip some unit tests when running as root + - o/assertstate: introduce + ValidationTrackingKey/ValidationSetTracking and basic methods + - many: allow ignoring running apps for specific request + - tests: allow the searching test to fail under load + - overlord/snapstate: inhibit startup while unlinked + - seed/seedwriter/writer.go: check DevModeConfinement for dangerous + features + - tests/main/sudo-env: snap bin is available on Fedora + - boot, overlord/devicestate: list trusted and managed assets + upfront + - gadget, gadget/install: support for ubuntu-save, create one during + install if needed + - spread-shellcheck: temporary workaround for deadlock, drop + unnecessary test + - snap: support different exit-code in the snap command + - logger: use strutil.KernelCommandLineSplit in + debugEnabledOnKernelCmdline + - logger: fix snapd.debug=1 parsing + - overlord: increase refresh postpone limit to 14 days + - spread-shellcheck: use single thread pool executor + - gadget/install,secboot: add debug messages + - spread-shellcheck: speed up spread-shellcheck even more + - spread-shellcheck: process paths from arguments in parallel + - tests: tweak error from tests.cleanup + - spread: remove workaround for openSUSE go issue + - o/configstate: create /etc/sysctl.d when applying early config + defaults + - tests: new tests.backup tool + - tests: add tests.cleanup pop sub-command + - tests: migration of the main suite to snaps-state tool part 6 + - tests: fix journal-state test + - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc + recover files + - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for + same IP addr + - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for + building snapd + - boot, gadget, bootloader: observer preserves managed bootloader + configs + - tests/nested/manual: add uc20 grade signed cloud-init test + - o/snapstate/autorefresh.go: eliminate race when launching + autorefresh + - daemon,snapshotstate: do not return "size" from Import() + - daemon: limit reading from snapshot import to Content-Length + - many: set/expect Content-Length header when importing snapshots + - github: switch from ::set-env command to environment file + - tests: migration of the main suite to snaps-state tool part 5 + - client: cleanup the Client.raw* and Client.do* method families + - tests: moving main suite to snaps-state tool part 4 + - client,daemon,snap: use constant for snapshot content-type + - many: fix typos and repeated "the" + - secboot: fix tpm connection leak when it's not enabled + - many: scaffolding for snapshots import API + - run-checks: run spread-shellcheck too + - interfaces: update network-manager interface to allow + ObjectManager access from unconfined clients + - tests: move core and regression suites to snaps-state tool + - tests: moving interfaces tests to snaps-state tool + - gadget: preserve files when indicated by content change observer + - tests: moving smoke test suite and some tests from main suite to + snaps-state tool + - o/snapshotstate: pass set id to backend.Open, update tests + - asserts/snapasserts: introduce ValidationSets + - o/snapshotstate: improve allocation of new set IDs + - boot: look at the gadget for run mode bootloader when making the + system bootable + - cmd/snap: allow snap help vs --all to diverge purposefully + - usersession/userd: separate bus name ownership from defining + interfaces + - o/snapshotstate: set snapshot set id from its filename + - o/snapstate: move remove-related tests to snapstate_remove_test.go + - desktop/notification: switch ExpireTimeout to time.Duration + - desktop/notification: add unit tests + - snap: snap help output refresh + - tests/nested/manual/preseed: include a system-usernames snap when + preseeding + - tests: fix sudo-env test + - tests: fix nested core20 shellcheck bug + - tests/lib: move to new directory when restoring PWD, cleanup + unpacked unpacked snap directories + - desktop/notification: add bindings for FDO notifications + - dbustest: fix stale comment references + - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, + drop former + - snap-repair: add uc20 support + - tests: print all the serial logs for the nested test + - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid + bug in test + - cmd/snap/auto-import: stop importing system user assertions from + initramfs mnts + - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} + as Unknown* + - asserts: deserialize grouping only once in Pool.AddBatch if needed + - gadget: allow content observer to have opinions about a change + - tests: new snaps-state command - part1 + - o/assertstate: support refreshing any number of snap-declarations + - boot: use test helpers + - tests/core/snap-debug-bootvars: also check snap_mode + - many/apparmor: adjust rules for reading profile/ execing new + profiles for new kernel + - tests/core/snap-debug-bootvars: spread test for snap debug boot- + vars + - tests/lib/nested.sh: more little tweaks + - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm + - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, + recover modes + - overlord: explicitly set refresh-app-awareness in tests + - kernel: remove "edition" from kernel.yaml and add "update" + - spread: drop vendor from the packed project archive + - boot: fix debug bootloader variables dump on UC20 systems + - wrappers, systemd: allow empty root dir and conditionally do not + pass --root to systemctl + - tests/nested/manual: add test for grades above signed booting with + testkeys + - tests/nested: misc robustness fixes + - o/assertstate,asserts: use bulk refresh to refresh snap- + declarations + - tests/lib/prepare.sh: stop patching the uc20 initrd since it has + been updated now + - tests/nested/manual/refresh-revert-fundamentals: re-enable test + - update-pot: ignore .go files inside .git when running xgettext-go + - tests: disable part of the lxd test completely on 16.04. + - o/snapshotstate: tweak comment regarding snapshot filename + - o/snapstate: improve snapshot iteration + - bootloader: lk cleanups + - tests: update to support nested kvm without reboots on UC20 + - tests/nested/manual/preseed: disable system-key check for 20.04 + image + - spread.yaml: add ubuntu-20.10-64 to qemu + - store: handle v2 error when fetching assertions + - gadget: resolve device mapper devices for fallback device lookup + - tests/nested/cloud-init-many: simplify tests and unify + helpers/seed inputs + - tests: copy /usr/lib/snapd/info to correct directory + - check-pr-title.py * : allow "*" in the first part of the title + - many: typos and small test tweak + - tests/main/lxd: disable cgroup combination for 16.04 that is + failing a lot + - tests: make nested signing helpers less confusing + - tests: misc nested changes + - tests/nested/manual/refresh-revert-fundamentals: disable + temporarily + - tests/lib/cla_check: default to Python 3, tweaks, formatting + - tests/lib/cl_check.py: use python3 compatible code + + -- Michael Vogt Thu, 19 Nov 2020 17:51:02 +0100 + +snapd (2.47.1-1) unstable; urgency=medium + + * New upstream release, LP: #1895929 + - o/configstate: create /etc/sysctl.d when applying early config + defaults + - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for + same IP addr + - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for + building snapd + - cmd/snap: allow snap help vs --all to diverge purposefully + - snap: snap help output refresh + + -- Michael Vogt Thu, 08 Oct 2020 09:30:44 +0200 + +snapd (2.47-1) unstable; urgency=medium + + * New upstream release, LP: #1895929 + - tests: fix nested core20 shellcheck bug + - many/apparmor: adjust rule for reading apparmor profile for new + kernel + - snap-repair: add uc20 support + - cmd/snap/auto-import: stop importing system user assertions from + initramfs mnts + - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, + recover modes + - gadget: resolve device mapper devices for fallback device lookup + - secboot: add boot manager profile to pcr protection profile + - sysconfig,o/devicestate: mv DisableNoCloud to + DisableAfterLocalDatasourcesRun + - tests: make gadget-reseal more robust + - tests: skip nested images pre-configuration by default + - tests: fix for basic20 test running on external backend and rpi + - tests: improve kernel reseal test + - boot: adjust comments, naming, log success around reseal + - tests/nested, fakestore: changes necessary to run nested uc20 + signed/secured tests + - tests: add nested core20 gadget reseal test + - boot/modeenv: track unknown keys in Read and put back into modeenv + during Write + - interfaces/process-control: add sched_setattr to seccomp + - boot: with unasserted kernels reseal if there's a hint modeenv + changed + - client: bump the default request timeout to 120s + - configcore: do not error in console-conf.disable for install mode + - boot: streamline bootstate20.go reseal and tests changes + - boot: reseal when changing kernel + - cmd/snap/model: specify grade in the model command output + - tests: simplify + repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks + - test: improve logging in nested tests + - nested: add support to telnet to serial port in nested VM + - secboot: use the snapcore/secboot native recovery key type + - tests/lib/nested.sh: use more focused cloud-init config for uc20 + - tests/lib/nested.sh: wait for the tpm socket to exist + - spread.yaml, tests/nested: misc changes + - tests: add more checks to disk space awareness spread test + - tests: disk space awareness spread test + - boot: make MockUC20Device use a model and MockDevice more + realistic + - boot,many: reseal only when meaningful and necessary + - tests/nested/core20/kernel-failover: add test for failed refresh + of uc20 kernel + - tests: fix nested to work with qemu and kvm + - boot: reseal when updating boot assets + - tests: fix snap-routime-portal-info test + - boot: verify boot chain file in seal and reseal tests + - tests: use full path to test-snapd-refresh.version binary + - boot: store boot chains during install, helper for checking + whether reseal is needed + - boot: add call to reseal an existing key + - boot: consider boot chains with unrevisioned kernels incomparable + - overlord: assorted typos and miscellaneous changes + - boot: group SealKeyModelParams by model, improve testing + - secboot: adjust parameters to buildPCRProtectionProfile + - strutil: add SortedListsUniqueMergefrom the doc comment: + - snap/naming: upgrade TODO to TODO:UC20 + - secboot: add call to reseal an existing key + - boot: in seal.go adjust error message and function names + - o/snapstate: check available disk space in RemoveMany + - boot: build bootchains data for sealing + - tests: remove "set -e" from function only shell libs + - o/snapstate: disk space check on UpdateMany + - o/snapstate: disk space check with snap update + - snap: implement new `snap reboot` command + - boot: do not reorder boot assets when generating predictable boot + chains and other small tweaks + - tests: some fixes and improvements for nested execution + - tests/core/uc20-recovery: fix check for at least specific calls to + mock-shutdown + - boot: be consistent using bootloader.Role* consts instead of + strings + - boot: helper for generating secboot load chains from a given boot + asset sequence + - boot: tweak boot chains to support a list of kernel command lines, + keep track of model and kernel boot file + - boot,secboot: switch to expose and use snapcore/secboot load event + trees + - tests: use `nested_exec` in core{20,}-early-config test + - devicestate: enable cloud-init on uc20 for grade signed and + secured + - boot: add "rootdir" to baseBootenvSuite and use in tests + - tests/lib/cla_check.py: don't allow users.noreply.github.com + commits to pass CLA + - boot: represent boot chains, helpers for marshalling and + equivalence checks + - boot: mark successful with boot assets + - client, api: handle insufficient space error + - o/snapstate: disk space check with single snap install + - configcore: "service.console-conf.disable" is gadget defaults only + - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode + AppArmor profile path + - tests: skip udp protocol in nfs-support test on ubuntu-20.10 + - packaging/debian-sid: tweak code preparing _build tree + - many: move seal code from gadget/install to boot + - tests: remove workaround for cups on ubuntu-20.10 + - client: implement RebootToSystem + - many: seed.Model panics now if called before LoadAssertions + - daemon: add /v2/systems "reboot" action API + - github: run tests also on push to release branches + - interfaces/bluez: let slot access audio streams + - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with + new seed.ReadSystemEssential + - interfaces: allow snap-update-ns to read /proc/cmdline + - tests: new organization for nested tests + - o/snapstate, features: add feature flags for disk space awareness + - tests: workaround for cups issue on 20.10 where default printer is + not configured. + - interfaces: update cups-control and add cups for providing snaps + - boot: keep track of the original asset when observing updates + - tests: simplify and fix tests for disk space checks on snap remove + - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for + cloud.conf + - tests/main: mv core specific tests to core suite + - tests/lib/nested.sh: reset the TPM when we create the uc20 vm + - devicestate: rename "mockLogger" to "logbuf" + - many: introduce ContentChange for tracking gadget content in + observers + - many: fix partion vs partition typo + - bootloader: retrieve boot chains from bootloader + - devicestate: add tests around logging in RequestSystemAction + - boot: handle canceled update + - bootloader: tweak doc comments (thanks Samuele) + - seed/seedwriter: test local asserted snaps with UC20 grade signed + - sysconfig/cloudinit.go: add DisableNoCloud to + CloudInitRestrictOptions + - many: use BootFile type in load sequences + - boot,bootloader: clarifications after the changes to introduce + bootloader.Options.Role + - boot,bootloader,gadget: apply new bootloader.Options.Role + - o/snapstate, features: add feature flag for disk space check on + remove + - testutil: add checkers for symbolic link target + - many: refactor tpm seal parameter setting + - boot/bootstate20: reboot to rollback to previous kernel + - boot: add unit test helpers + - boot: observe update & rollback of trusted assets + - interfaces/utf: Add MIRKey to u2f devices + - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 + cloud-init tests + - many: check that users of BaseTest don't forget to consume + cleanups + - tests/nested/core20/tpm: verify trusted boot assets tracking + - github: run macOS job with Go 1.14 + - many: misc doc-comment changes and typo fixes + - o/snapstate: disk space check with InstallMany + - many: cloud-init cleanups from previous PR's + - tests: running tests on opensuse leap 15.2 + - run-checks: check for dirty build tree too + - vendor: run ./get-deps.sh to update the secboot hash + - tests: update listing test for "-dirty" versions + - overlord/devicestate: do not release the state lock when updating + gadget assets + - secboot: read kernel efi image from snap file + - snap: add size to the random access file return interface + - daemon: correctly parse Content-Type HTTP header. + - tests: account for apt-get on core18 + - cmd/snap-bootstrap/initramfs-mounts: compute string outside of + loop + - mkversion.sh: simple hack to include dirty in version if the tree + is dirty + - cgroup,snap: track hooks on system bus only + - interfaces/systemd: compare dereferenced Service + - run-checks: only check files in git for misspelling + - osutil: add a package doc comment (via doc.go) + - boot: complain about reused asset name during initial install + - snapstate: installSize helper that calculates total size of snaps + and their prerequisites + - snapshots: export of snapshots + - boot/initramfs_test.go: reset boot vars on the bootloader for each + iteration + + -- Michael Vogt Tue, 29 Sep 2020 17:19:13 +0200 + +snapd (2.46.1-1) unstable; urgency=medium + + * New upstream release, LP: #1891134 + - interfaces: allow snap-update-ns to read + /proc/cmdline + - github: run macOS job with Go 1.14 + - o/snapstate, features: add feature flag for disk space check on + remove + - tests: account for apt-get on core18 + - mkversion.sh: include dirty in version if the tree + is dirty + - interfaces/systemd: compare dereferenced Service + - vendor.json: update mysterious secboot SHA again + + -- Michael Vogt Fri, 04 Sep 2020 17:42:54 +0200 + +snapd (2.46-1) unstable; urgency=medium + + * New upstream release, LP: #1891134 + - logger: add support for setting snapd.debug=1 on kernel cmdline + - o/snapstate: check disk space before creating automatic snapshot + on remove + - boot, o/devicestate: observe existing recovery bootloader trusted + boot assets + - many: use transient scope for tracking apps and hooks + - features: add HiddenSnapFolder feature flag + - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 + too + - runinhibit: open the lock file in read-only mode in IsLocked + - cmd/s-b/initramfs-mounts: make recover -> run mode transition + automatic + - tests: update spread test for unknown plug/slot with snapctl is- + connected + - osutil: add OpenExistingLockForReading + - kernel: add kernel.Validate() + - interfaces: add vcio interface + - interfaces/{docker,kubernetes}-support: load overlay and support + systemd cgroup driver + - tests/lib/nested.sh: use more robust code for finding what loop + dev we mounted + - cmd/snap-update-ns: detach all bind-mounted file + - snap/snapenv: set SNAP_REAL_HOME + - packaging: umount /snap on purge in containers + - interfaces: misc policy updates xlvi + - secboot,cmd/snap-bootstrap: cross-check partitions before + unlocking, mounting + - boot: copy boot assets cache to new root + - gadget,kernel: add new kernel.{Info,Asset} struct and helpers + - o/hookstate/ctlcmd: make is-connected check whether the plug or + slot exists + - tests: find -ignore_readdir_race when scanning cgroups + - interfaces/many: deny arbitrary desktop files and misc from + /usr/share + - tests: use "set -ex" in prep-snapd-in-lxd.sh + - tests: re-enable udisks test on debian-sid + - cmd/snapd-generator: use PATH fallback if PATH is not set + - tests: disable udisks2 test on arch linux + - github: use latest/stable go, not latest/edge + - tests: remove support for ubuntu 19.10 from spread tests + - tests: fix lxd test wrongly tracking 'latest' + - secboot: document exported functions + - cmd: compile snap gdbserver shim correctly + - many: correctly calculate the desktop file prefix everywhere + - interfaces: add kernel-crypto-api interface + - corecfg: add "system.timezone" setting to the system settings + - cmd/snapd-generator: generate drop-in to use fuse in container + - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments + from previous PR + - interfaces/many: miscellaneous updates for strict microk8s + - secboot,cmd/snap-bootstrap: don't import boot package from secboot + - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of + the-tool + - tests: work around broken update of systemd-networkd + - tests/main/install-fontconfig-cache-gen: enhance test by + verifying, add fonts to test + - o/devicestate: wrap asset update observer error + - boot: refactor such that bootStateUpdate20 mainly carries Modeenv + - mkversion.sh: disallow changelog versions that have git in it, if + we also have git version + - interfaces/many: miscellaneous updates for strict microk8s + - snap: fix repeated "cannot list recovery system" and add test + - boot: track trusted assets during initial install, assets cache + - vendor: update secboot to fix key data validation + - tests: unmount FUSE file-systems from XDG runtime dir + - overlord/devicestate: workaround non-nil interface with nil struct + - sandbox/cgroup: remove temporary workaround for multiple cgroup + writers + - sandbox/cgroup: detect dangling v2 cgroup + - bootloader: add helper for creating a bootloader based on gadget + - tests: support different images on nested execution + - many: reorg cmd/snapinfo.go into snap and new client/clientutil + - packaging/arch: use external linker when building statically + - tests: cope with ghost cgroupv2 + - tests: fix issues related to restarting systemd-logind.service + - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to + gadget updates + - vendor: update github.com/kr/pretty to fix diffs of values with + pointer cycles + - boot: move bootloaderKernelState20 impls to separate file + - .github/workflows: move snap building to test.yaml as separate + cached job + - tests/nested/manual/minimal-smoke: run core smoke tests in a VM + meeting minimal requirements + - osutil: add CommitAs to atomic file + - gadget: introduce content update observer + - bootloader: introduce TrustedAssetsBootloader, implement for grub + - o/snapshotstate: helpers for calculating disk space needed for an + automatic snapshot + - gadget/install: retrieve command lines from bootloader + - boot/bootstate20: unify commit method impls, rm + bootState20MarkSuccessful + - tests: add system information and image information when debug + info is displayed + - tests/main/cgroup-tracking: try to collect some information about + cgroups + - boot: introduce current_boot_assets and + current_recovery_boot_assets to modeenv + - tests: fix for timing issues on journal-state test + - many: remove usage and creation of hijacked pid cgroup + - tests: port regression-home-snap-root-owned to tests.session + - tests: run as hightest via tests.session + - github: run CLA checks on self-hosted workers + - github: remove Ubuntu 19.10 from actions workflow + - tests: remove End-Of-Life opensuse/fedora releases + - tests: remove End-Of-Life releases from spread.yaml + - tests: fix debug section of appstream-id test + - interfaces: check !b.preseed earlier + - tests: work around bug in systemd/debian + - boot: add deepEqual, Copy helpers for Modeenv to simplify + bootstate20 refactor + - cmd: add new "snap recovery" command + - interfaces/systemd: use emulation mode when preseeding + - interfaces/kmod: don't load kernel modules in kmod backend when + preseeding + - interfaces/udev: do not reload udevadm rules when preseeding + - cmd/snap-preseed: use snapd from the deb if newer than from seeds + - boot: fancy marshaller for modeenv values + - gadget, osutil: use atomic file copy, adjust tests + - overlord: use new tracking cgroup for refresh app awareness + - github: do not skip gofmt with Go 1.9/1.10 + - many: introduce content write observer, install mode glue, initial + seal stubs + - daemon,many: switch to use client.ErrorKind and drop the local + errorKind... + - tests: new parameters for nested execution + - client: move all error kinds into errors.go and add doc strings + - cmd/snap: display the error in snap debug seeding if seeding is in + error + - cmd/snap/debug/seeding: use unicode for proper yaml + - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty + recovery_mode + - osutil/disks: add mock disk and tests for happy path of mock disks + - tests: refresh/revert snapd in uc20 + - osutil/disks: use a dedicated error to indicate a fs label wasn't + found + - interfaces/system-key: in WriteSystemKey during tests, don't call + ParserFeatures + - boot: add current recovery systems to modeenv + - bootloader: extend managed assets bootloader interface to compose + a candidate command line + - interfaces: make the unmarshal test match more the comment + - daemon/api: use pointers to time.Time for debug seeding aspect + - o/ifacestate: update security profiles in connect undo handler + - interfaces: add uinput interface + - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit + tests + - o/devicestate: save seeding/preseeding times for use with debug + seeding api + - cmd/snap/debug: add "snap debug seeding" command for preseeding + debugging + - tests/main/selinux-clean: workaround SELinux denials triggered by + linger setup on Centos8 + - bootloader: compose command line with mode and extra arguments + - cmd/snap, daemon: detect and bail purge on multi-snap + - o/ifacestate: fix bug in snapsWithSecurityProfiles + - interfaces/builtin/multipass: replace U+00A0 no-break space with + simple space + - bootloader/assets: generate bootloader assets from files + - many/tests/preseed: reset the preseeded images before preseeding + them + - tests: drop accidental accents from e + - secboot: improve key sealing tests + - tests: replace _wait_for_file_change with retry + - tests: new fs-state which replaces the files.sh helper + - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" + from path + - cmd/snap: track started apps and hooks + - tests/main/interfaces-pulseaudio: disable start limit checking for + pulseaudio service + - api: seeding debug api + - .github/workflows/snap-build.yaml: build the snapd snap via GH + Actions too + - tests: moving journalctl.sh to a new journal-state tool + - tests/nested/manual: add spread tests for cloud-init vuln + - bootloader/assets: helpers for registering per-edition snippets, + register snippets for grub + - data,packaging,wrappers: extend D-Bus service activation search + path + - spread: add opensuse 15.2 and tumbleweed for qemu + - overlord,o/devicestate: restrict cloud-init on Ubuntu Core + - sysconfig/cloudinit: add RestrictCloudInit + - cmd/snap-preseed: check that target path exists and is a directory + on --reset + - tests: check for pids correctly + - gadget,gadget/install: refactor partition table update + - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState + type + - interface/fwupd: add more policies for making fwupd upstream + strict + - tests: new to-one-line tool which replaces the strings.sh helper + - interfaces: new helpers to get and compare system key, for use + with seeding debug api + - osutil, many: add helper for checking whether the process is a go + test binary + - cmd/snap-seccomp/syscalls: add faccessat2 + - tests: adjust xdg-open after launcher changes + - tests: new core config helper + - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- + open + - cmd/snap-preseed: handle relative chroot path + - snapshotstate: move sizer to osutil.Sizer() + - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref + kernel tests + - gadget/install,secboot: use snapcore/secboot luks2 api + - boot/initramfs_test.go: add Commentf to more Assert()'s + - tests/lib: account for changes in arch package file name extension + - bootloader/bootloadertest: fix comment typo + - bootloader: add helper for getting recovery system environment + variables + - tests: preinstall shellcheck and run tests on focal + - strutil: add a helper for parsing kernel command line + - osutil: add CheckFreeSpace helper + - secboot: update tpm connection error handling + - packaging, cmd/snap-mgmt, tests: remove modules files on purge + - tests: add tests.cleanup helper + - packaging: add "ca-certificates" to build-depends + - tests: more checks in core20 early config spread test + - tests: fix some snapstate tests to use pointers for + snapmgrTestSuite + - boot: better naming of helpers for obtaining kernel command line + - many: use more specific check for unit test mocking + - systemd/escape: fix issues with "" and "\t" handling + - asserts: small improvements and corrections for sequence-forming + assertions' support + - boot, bootloader: query kernel command line of run mod and + recovery mode systems + - snap/validate.go: disallow snap layouts with new top-level + directories + - tests: allow to add a new label to run nested tests as part of PR + validation + - tests/core/gadget-update-pc: port to UC20 + - tests: improve nested tests flexibility + - asserts: integer headers: disallow prefix zeros and make parsing + more uniform + - asserts: implement Database.FindSequence + - asserts: introduce SequenceMemberAfter in the asserts backstores + - spread.yaml: remove tests/lib/tools from PATH + - overlord: refuse to install snaps whose activatable D-Bus services + conflict with installed snaps + - tests: shorten lxd-state undo-mount-changes + - snap-confine: don't die if a device from sysfs path cannot be + found by udev + - tests: fix argument handling of apt-state + - tests: rename lxd-tool to lxd-state + - tests: rename user-tool to user-state, fix --help + - interfaces: add gconf interface + - sandbox/cgroup: avoid parsing security tags twice + - tests: rename version-tool to version-compare + - cmd/snap-update-ns: handle anomalies better + - tests: fix call to apt.Package.mark_install(auto_inst=True) + - tests: rename mountinfo-tool to mountinfo.query + - tests: rename memory-tool to memory-observe-do + - tests: rename invariant-tool to tests.invariant + - tests: rename apt-tool to apt-state + - many: managed boot config during run mode setup + - asserts: introduce the concept of sequence-forming assertion types + - tests: tweak comments/output in uc20-recovery test + - tests/lib/pkgdb: do not use quiet when purging debs + - interfaces/apparmor: allow snap-specific /run/lock + - interfaces: add system-source-code for access to /usr/src + - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data + - gadget/install: move udev trigger to gadget/install + - many: make nested spread tests more reliable + - tests/core/uc20-recovery: apply hack to get gopath in recover mode + w/ external backend + - tests: enable tests on uc20 which now work with the real model + assertion + - tests: enable system-snap-refresh test on uc20 + - gadget, bootloader: preserve managed boot assets during gadget + updates + - tests: fix leaked dbus-daemon in selinux-clean + - tests: add servicestate.Control tests + - tests: fix "restart.service" + - wrappers: helper for enabling services - extract and move enabling + of services into a helper + - tests: new test to validate refresh and revert of kernel and + gadget on uc20 + - tests/lib/prepare-restore: collect debug info when prepare purge + fails + - bootloader: allow managed bootloader to update its boot config + - tests: Remove unity test from nightly test suite + - o/devicestate: set mark-seeded to done in the task itself + - tests: add spread test for disconnect undo caused by failing + disconnect hook + - sandbox/cgroup: allow discovering PIDs of given snap + - osutil/disks: support IsDecryptedDevice for mountpoints which are + dm devices + - osutil: detect autofs mounted in /home + - spread.yaml: allow amazon-linux-2-64 qemu with + ec2-user/ec2-user + - usersession: support additional zoom URL schemes + - overlord: mock timings.DurationThreshold in TestNewWithGoodState + - sandbox/cgroup: add tracking helpers + - tests: detect stray dbus-daemon + - overlord: refuse to install snaps providing user daemons on Ubuntu + 14.04 + - many: move encryption and installer from snap-boostrap to gadget + - o/ifacestate: fix connect undo handler + - interfaces: optimize rules of multiple connected iio/i2c/spi plugs + - bootloader: introduce managed bootloader, implement for grub + - tests: fix incorrect check in smoke/remove test + - asserts,seed: split handling of essential/not essential model + snaps + - gadget: fix typo in mounted filesystem updater + - gadget: do only one mount point lookup in mounted fs updater + - tests/core/snap-auto-mount: try to make the test more robust + - tests: adding ubuntu-20.04 to google-sru backend + - o/servicestate: add updateSnapstateServices helper + - bootloader: pull recovery grub config from internal assets + - tests/lib/tools: apply linger workaround when needed + - overlord/snapstate: graceful handling of denied "managed" refresh + schedule + - snapstate: fix autorefresh from classic->strict + - overlord/configstate: add system.kernel.printk.console-loglevel + option + - tests: fix assertion disk handling for nested UC systems + - snapstate: use testutil.HostScaledTimeout() in snapstate tests + - tests: extra worker for google-nested backend to avoid timeout + error on uc20 + - snapdtool: helper to check whether the current binary is reexeced + from a snap + - tests: mock servicestate in api tests to avoid systemctl checks + - many: rename back snap.Info.GetType to Type + - tests/lib/cla_check: expect explicit commit range + - osutil/disks: refactor diskFromMountPointImpl a bit + - o/snapstate: service-control task handler + - osutil: add disks pkg for associating mountpoints with + disks/partitions + - gadget,cmd/snap-bootstrap: move partitioning to gadget + - seed: fix LoadEssentialMeta when gadget is not loaded + - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo + secure_path + - asserts: introduce new assertion validation-set + - asserts,daemon: add support for "serials" field in system-user + assertion + - data/sudo: drop a failed sudo secure_path workaround + - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat + - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg + - spread.yaml: update secure boot attribute name + - interfaces/block_devices: add NVMe subsystem devices, support + multipath paths + - tests: use the "jq" snap from the edge channel + - tests: simplify the tpm test by removing the test-snapd-mokutil + snap + - boot/bootstate16.go: clean snap_try_* vars when not in Trying + status too + - tests/main/sudo-env: check snap path under sudo + - tests/main/lxd: add test for snaps inside nested lxd containers + not working + - asserts/internal: expand errors about invalid serialized grouping + labels + - usersession/userd: add msteams url support + - tests/lib/prepare.sh: adjust comment about sgdisk + - tests: fix how gadget pc is detected when the snap does not exist + and ls fails + - tests: move a few more tests to snapstate_update_test.go + - tests/main: add spread test for running svc from install hook + - tests/lib/prepare: increase the size of the uc16/uc18 partitions + - tests/special-home-can-run-classic-snaps: re-enable + - workflow: test PR title as part of the static checks again + - tests/main/xdg-open-compat: backup and restore original xdg-open + - tests: move update-related tests to snapstate_update_test.go + - cmd,many: move Version and bits related to snapd tools to + snapdtool, merge cmdutil + - tests/prepare-restore.sh: reset-failed systemd-journald before + restarting + - interfaces: misc small interface updates + - spread: use find rather than recursive ls, skip mounted snaps + - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls + /var/lib/snapd + - tests: enable snap-auto-mount test on core20 + - cmd/snap: do not show $PATH warning when executing under sudo on a + known distro + - asserts/internal: add some iteration benchmarks + - sandbox/cgroup: improve pid parsing code + - snap: add new `snap run --experimental-gdbserver` option + - asserts/internal: limit Grouping size switching to a bitset + representationWe don't always use the bit-set representation + because: + - snap: add an activates-on property to apps for D-Bus activation + - dirs: delete unused Cloud var, fix typo + - sysconfig/cloudinit: make callers of DisableCloudInit use + WritableDefaultsDir + - tests: fix classic ubuntu core transition auth + - tests: fail in setup_reflash_magic() if there is snapd state left + - tests: port interfaces-many-core-provided to tests.session + - tests: wait after creating partitions with sfdisk + - bootloader: introduce bootloarder assets, import grub.cfg with an + edition marker + - riscv64: bump timeouts + - gadget: drop dead code, hide exports that are not used externally + - tests: port 2 uc20 part1 + - tests: fix bug waiting for snap command to be ready + - tests: move try-related tests to snapstate_try_test.go + - tests: add debug for 20.04 prepare failure + - travis.yml: removed, all our checks run in GH actions now + - tests: clean up up the use of configcoreSuite in the configcore + tests + - sandbox/cgroup: remove redundant pathOfProcPidCgroup + - sandbox/cgroup: add tests for ParsePids + - tests: fix the basic20 test for uc20 on external backend + - tests: use configcoreSuite in journalSuite and remove some + duplicated code + - tests: move a few more tests to snapstate_install_test + - tests: assorted small patches + - dbusutil/dbustest: separate license from package + - interfaces/builtin/time-control: allow POSIX clock API + - usersession/userd: add "slack" to the white list of URL schemes + handled by xdg-open + - tests: check that host settings like hostname are settable on core + - tests: port xdg-settings test to tests.session + - tests: port snap-handle-link test to tests.session + - arch: add riscv64 + - tests: core20 early defaults spread test + - tests: move install tests from snapstate_test.go to + snapstate_install_test.go + - github: port macOS sanity checks from travis + - data/selinux: allow checking /var/cache/app-info + - o/devicestate: core20 early config from gadget defaults + - tests: autoremove after removing lxd in preseed-lxd test + - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot + - sandbox/cgroup: move FreezerCgroupDir from dirs.go + - tests: update the file used to detect the boot path on uc20 + - spread.yaml: show /var/lib/snapd in debug + - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + + netplan files + - snap/naming: add helpers to parse app and hook security tags + - tests: modernize retry tool + - tests: fix and trim debug section in xdg-open-portal + - tests: modernize and use snapd.tool + - vendor: update to latest github.com/snapcore/bolt for riscv64 + - cmd/snap-confine: add support for libc6-lse + - interfaces: miscellaneous policy updates xlv + - interfaces/system-packages-doc: fix typo in variable names + - tests: port interfaces-calendar-service to tests.session + - tests: install/run the lzo test snap too + - snap: (small) refactor of `snap download` code for + testing/extending + - data: fix shellcheck warnings in snapd.sh.in + - packaging: disable buildmode=pie for riscv64 + - tests: install test-snapd-rsync snap from edge channel + - tests: modernize tests.session and port everything using it + - tests: add ubuntu 20.10 to spread tests + - cmd/snap/remove: mention snap restore/automatic snapshots + - dbusutil: move all D-Bus helpers and D-Bus test helpers + - wrappers: pass 'disable' flag to StopServices wrapper + - osutil: enable riscv64 build + - snap/naming: add ParseSecurityTag and friends + - tests: port document-portal-activation to session-tool + - bootloader: rename test helpers to reflect we are mocking EFI boot + locations + - tests: disable test of nfs v3 with udp proto on debian-sid + - tests: plan to improve the naming and uniformity of utilities + - tests: move *-tool tests to their own suite + - snap-bootstrap: remove sealed key file on reinstall + - bootloader/ubootenv: don't panic with an empty uboot env + - systemd: rename actualFsTypeAndMountOptions to + hostFsTypeAndMountOptions + - daemon: fix filtering of service-control changes for snap.app + - tests: spread test for preseeding in lxd container + - tests: fix broken snapd.session agent.socket + - wrappers: add RestartServices function and ReloadOrRestart to + systemd + - o/cmdstate: handle ignore flag on exec-command tasks + - gadget: make ext4 filesystems with or without metadata checksum + - tests: update statx test to run on all LTS releases + - configcore: show better error when disabling services + - interfaces: add hugepages-control + - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ + - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases + - tests: skip interfaces-openvswitch for centos 8 in nightly suite + - tests: reload systemd --user for root, if present + - tests: reload systemd after editing /etc/fstab + - tests: add missing dependencies needed for sbuild test on debian + - tests: reload systemd after removing pulseaudio + - image, tests: core18 early config. + - interfaces: add system-packages-doc interface + - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when + preseeding + - interfaces/fwupd: allow bind mount to /boot on core + - tests: improve oom-vitality tests + - tests: add fedora 32 to spread.yaml + - config: apply vitality-hint immediately when the config changes + - tests: port snap-routine-portal-info to session-tool + - configcore: add "service.console-conf.disable" config option + - tests: port xdg-open to session-tool + - tests: port xdg-open-compat to session-tool + - tests: port interfaces-desktop-* to session-tool + - spread.yaml: apply yaml formatter/linter + - tests: port interfaces-wayland to session-tool + - o/devicestate: refactor current system handling + - snap-mgmt: perform cleanup of user services + - snap/snapfile,squashfs: followups from 8729 + - boot, many: require mode in modeenv + - data/selinux: update policy to allow forked processes to call + getpw*() + - tests: log stderr from dbus-monitor + - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers + tag + - snap/squashfs: also symlink snap Install with uc20 seed snap dir + layout + - interfaces/builtin/desktop: do not mount fonts cache on distros + with quirks + - data/selinux: allow snapd to remove/create the its socket + - testutil/exec.go: set PATH after running shellcheck + - tests: silence stderr from dbus-monitor + - snap,many: mv Open to snapfile pkg to support add'l options to + Container methods + - devicestate, sysconfig: revert support for cloud.cfg.d/ in the + gadget + - github: remove workaround for bug 133 in actions/cache + - tests: remove dbus.sh + - cmd/snap-preseed: improve mountpoint checks of the preseeded + chroot + - spread.yaml: add ps aux to debug section + - github: run all spread systems in a single go with cached results + - test: session-tool cli tweaks + - asserts: rest of the Pool API + - tests: port interfaces-network-status-classic to session-tool + - packaging: remove obsolete 16.10,17.04 symlinks + - tests: setup portals before starting user session + - o/devicestate: typo fix + - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed + devices + - cmd/snap/model: support store, system-user-authority keys in + --verbose + - o/devicestate: raise conflict when requesting system action while + seeding + - tests: detect signs of crashed snap-confine + - tests: sign kernel and gadget to run nested tests using current + snapd code + - tests: remove gnome-online-accounts we install + - tests: fix the issue where all the tests were executed on secboot + system + - tests: port interfaces-accounts-service to session-tool + - interfaces/network-control: bring /var/lib/dhcp from host + - image,cmd/snap,tests: add support for store-wide cohort keys + - configcore: add nomanagers buildtag for conditional build + - tests: port interfaces-password-manager-service to session-tool + - o/devicestate: cleanup system actions supported by recover mode + - snap-bootstrap: remove create-partitions and update tests + - tests: fix nested tests + - packaging/arch: update PKGBUILD to match one in AUR + - tests: port interfaces-location-control to session-tool + - tests: port interfaces-contacts-service to session-tool + - state: log task errors in the journal too + - o/devicestate: change how current system is reported for different + modes + - devicestate: do not report "ErrNoState" for seeded up + - tests: add a note about broken test sequence + - tests: port interfaces-autopilot-introspection to session-tool + - tests: port interfaces-dbus to session-tool + - packaging: update sid packaging to match 16.04+ + - tests: enable degraded test on uc20 + - c/snaplock/runinhibit: add run inhibition operations + - tests: detect and report root-owned files in /home + - tests: reload root's systemd --user after snapd tests + - tests: test registration with serial-authority: [generic] + - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- + key in recover + - tests/mount-ns: stop binfmt_misc mount unit + - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition + uuid if available + - daemon, tests: indicate system mode, test switching to recovery + and back to run + - interfaces/desktop: silence more /var/lib/snapd/desktop/icons + denials + - tests/mount-ns: update to reflect new UEFI boot mode + - usersession,tests: clean ups for userd/settings.go and move + xdgopenproxy under usersession + - tests: disable mount-ns test + - tests: test user belongs to systemd-journald, on core20 + - tests: run core/snap-set-core-config on uc20 too + - tests: remove generated session-agent units + - sysconfig: use new _writable_defaults dir to create cloud config + - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for + future work + - asserts: make clearer that with label we mean a serialized label + - cmd/snap-bootstrap: tweak recovery trigger log messages + - asserts: introduce PoolTo + - userd: allow setting default-url-scheme-handler + - secboot: append uuid to ubuntu-data when decrypting + - o/configcore: pass extra options to FileSystemOnlyApply + - tests: add dbus-user-session to bionic and reorder package names + - boot, bootloader: adjust comments, expand tests + - tests: improve debugging of user session agent tests + - packaging: add the inhibit directory + - many: add core.resiliance.vitality-hint config setting + - tests: test adjustments and fixes for recently published images + - cmd/snap: coldplug auto-import assertions from all removable + devices + - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to + secboot + - tests: not fail when boot dir cannot be determined + - tests: new directory used to store the cloud images on gce + - tests: inject snapd from edge into seeds of the image in manual + preseed test + - usersession/agent,wrappers: fix races between Shutdown and Serve + - tests: add dependency needed for next upgrade of bionic + - tests: new test user is used for external backend + - cmd/snap: fix the order of positional parameters in help output + - tests: don't create root-owned things in ~test + - tests/lib/prepare.sh: delete patching of the initrd + - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy + as well + - progress: tweak multibyte label unit test data + - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline + - gadget: fix fallback device lookup for 'mbr' type structures + - configcore: only reload journald if systemd is new enough + - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data + - wrappers: allow user mode systemd daemons + - progress: fix progress bar with multibyte duration units + - tests: fix raciness in pulseaudio test + - asserts/internal: introduce Grouping and Groupings + - tests: remove user.sh + - tests: pair of follow-ups from earlier reviews + - overlord/snapstate: warn of refresh/postpone events + - configcore,tests: use daemon-reexec to apply watchdog config + - c/snap-bootstrap: check mount states via initramfsMountStates + - store: implement DownloadAssertions + - tests: run smoke test with different bases + - tests: port user-mounts test to session-tool + - store: handle error-list in fetch-assertions results + - tests: port interfaces-audio-playback-record to session-tool + - data/completion: add `snap` command completion for zsh + - tests/degraded: ignore failure in systemd-vconsole-setup.service + - image: stub implementation of image.Prepare for darwin + - tests: session-tool --restore -u stops user-$UID.slice + - o/ifacestate/handlers.go: fix typo + - tests: port pulseaudio test to session-tool + - tests: port user-session-env to session-tool + - tests: work around journald bug in core16 + - tests: add debug to core-persistent-journal test + - tests: port selinux-clean to session-tool + - tests: port portals test to session-tool, fix portal tests on sid + - tests: adding option --no-install-recommends option also when + install all the deps + - tests: add session-tool --has-systemd-and-dbus + - packaging/debian-sid: add gcc-multilib to build deps + - osutil: expand FileLock to support shared locks and more + - packaging: stop depending on python-docutils + - store,asserts,many: support the new action fetch-assertions + - tests: port snap-session-agent-* to session-tool + - packaging/fedora: disable FIPS compliant crypto for static + binaries + - tests: fix for preseeding failures + + -- Michael Vogt Tue, 25 Aug 2020 17:26:21 +0200 + +snapd (2.45.3.1-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - o/ifacestate: fix bug in snapsWithSecurityProfiles + - tests/main/selinux-clean: workaround SELinux denials triggered by + linger setup on Centos8 + + -- Samuele Pedroni Tue, 28 Jul 2020 21:43:38 +0200 + +snapd (2.45.3-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - many: backport _writable_defaults dir changes + - tests: fix incorrect check in smoke/remove test + - cmd/snap-bootstrap,seed: backport of uc20 PRs + - tests: avoid exit when nested type var is not defined + - cmd/snap-preseed: backport fixes + - interfaces: optimize rules of multiple connected iio/i2c/spi plugs + - many: cherry-picks for 2.45, gh-action, test fixes + - tests/lib: account for changes in arch package file name extension + - postrm, snap-mgmt: cleanup modules and other cherry-picks + - snap-confine: don't die if a device from sysfs path cannot be + found by udev + - data/selinux: update policy to allow forked processes to call + getpw*() + - tests/main/interfaces-time-control: exercise setting time via date + - interfaces/builtin/time-control: allow POSIX clock API + - usersession/userd: add "slack" to the white list of URL schemes + handled by xdg-open + + -- Zygmunt Krynicki Mon, 27 Jul 2020 12:01:14 +0200 + +snapd (2.45.2-1) unstable; urgency=high + + * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open + implementation + - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment + variable modification when calling the system xdg-open. Patch + thanks to James Henstridge + - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is + restarted. Patch thanks to Michael Vogt + - CVE-2020-11934 + * SECURITY UPDATE: arbitrary code execution vulnerability on core + devices with access to physical removable media + - devicestate: Disable/restrict cloud-init after seeding. + - CVE-2020-11933 + + -- Michael Vogt Fri, 10 Jul 2020 20:06:29 +0200 + +snapd (2.45.1-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - data/selinux: allow checking /var/cache/app-info + - cmd/snap-confine: add support for libc6-lse + - interfaces: miscellaneous policy updates xlv + - snap-bootstrap: remove sealed key file on reinstall + - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ + - gadget: make ext4 filesystems with or without metadata checksum + - interfaces/fwupd: allow bind mount to /boot on core + - tests: cherry-pick test fixes from master + - snap/squashfs: also symlink snap Install with uc20 seed snap dir + layout + - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed + devices + - snap,many: mv Open to snapfile pkg to support add'l options to + Container methods + - interfaces/builtin/desktop: do not mount fonts cache on distros + with quirks + - devicestate, sysconfig: revert support for cloud.cfg.d/ in the + gadget + - data/completion, packaging: cherry-pick zsh completion + - state: log task errors in the journal too + - devicestate: do not report "ErrNoState" for seeded up + - interfaces/desktop: silence more /var/lib/snapd/desktop/icons + denials + - packaging/fedora: disable FIPS compliant crypto for static + binaries + - packaging: stop depending on python-docutils + + -- Michael Vogt Fri, 05 Jun 2020 15:13:49 +0200 + +snapd (2.45-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - o/devicestate: support doing system action reboots from recover + mode + - vendor: update to latest secboot + - tests: not fail when boot dir cannot be determined + - configcore: only reload journald if systemd is new enough + - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data + when decrypting + - tests/lib/prepare.sh: delete patching of the initrd + - cmd/snap: coldplug auto-import assertions from all removable + devices + - cmd/snap: fix the order of positional parameters in help output + - c/snap-bootstrap: port mount state mocking to the new style on + master + - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy + as well + - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, + unlock in recover mode initramfs + - progress: tweak multibyte label unit test data + - gadget: fix fallback device lookup for 'mbr' type structures + - progress: fix progress bar with multibyte duration units + - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 + - many: put the sealed keys in a directory on seed for tidiness + - cmd/snap-bootstrap: measure epoch and model before unlocking + encrypted data + - o/configstate: core config handler for persistent journal + - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 + - packaging: add "$TAGS" to dh_auto_test for debian packaging + - tests: ensure $cache_dir is actually available + - secboot,cmd/snap-bootstrap: add model to pcr protection profile + - devicestate: do not use snap-boostrap in devicestate to install + - tests: fix a typo in nested.sh helper + - devicestate: add support for cloud.cfg.d config from the gadget + - cmd/snap-bootstrap: cleanups, naming tweaks + - testutil: add NewDBusTestConn + - snap-bootstrap: lock access to sealed keys + - overlord/devicestate: preserve the current model inside ubuntu- + boot + - interfaces/apparmor: use differently templated policy for non-core + bases + - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing + syscalls + - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, + other misc changes + - o/snapstate: tweak "waiting for restart" message + - boot: store model model and grade information in modeenv + - interfaces/firewall-control: allow -legacy and -nft for core20 + - boot: enable makeBootable20RunMode for EnvRefExtractedKernel + bootloaders + - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 + implementation + - daemon: fix error message from `snap remove-user foo` on classic + - overlord: have a variant of Mock that can take a state.State + - tests: 16.04 and 18.04 now have mediating pulseaudio (again) + - seed: clearer errors for missing essential snapd or core snap + - cmd/snap-bootstrap/initramfs-mounts: support + EnvRefExtractedKernelBootloader's + - gadget, cmd/snap-bootstrap: MBR schema support + - image: improve/adjust DownloadSnap doc comment + - asserts: introduce ModelGrade.Code + - tests: ignore user-12345 slice and service + - image,seed/seedwriter: support redirect channel aka default + tracks + - bootloader: use binary.Read/Write + - tests: uc20 nested suite part II + - tests/boot: refactor to make it easier for new + bootloaderKernelState20 impl + - interfaces/openvswitch: support use of ovs-appctl + - snap-bootstrap: copy auth data from real ubuntu-data in recovery + mode + - snap-bootstrap: seal and unseal encryption key using tpm + - tests: disable special-home-can-run-classic-snaps due to jenkins + repo issue + - packaging: fix build on Centos8 to support BUILDTAGS + - boot/bootstate20: small changes to bootloaderKernelState20 + - cmd/snap: Implement a "snap routine file-access" command + - spread.yaml: switch back to latest/candidate for lxd snap + - boot/bootstate20: re-factor kernel methods to use new interface + for state + - spread.yaml,tests/many: use global env var for lxd channel + - boot/bootstate20: fix bug in try-kernel cleanup + - config: add system.store-certs.[a-zA-Z0-9] support + - secboot: key sealing also depends on secure boot enabled + - httputil: fix client timeout retry tests + - cmd/snap-update-ns: handle EBUSY when unlinking files + - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 + vars + - secboot: add tpm support helpers + - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for + kernel and gadget + - cmd/snap-bootstrap: switch to a 64-byte key for unlocking + - tests: preserve size for centos images on spread.yaml + - github: partition the github action workflows + - run-checks: use consistent "Checking ..." style messages + - bootloader: add efi pkg for reading efi variables + - data/systemd: do not run snapd.system-shutdown if finalrd is + available + - overlord: update tests to work with latest go + - cmd/snap: do not hide debug boot-vars on core + - cmd/snap-bootstrap: no error when not input devices are found + - snap-bootstrap: fix partition numbering in create-partitions + - httputil/client_test.go: add two TLS version tests + - tests: ignore user@12345.service hierarchy + - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things + - tests: rewrite timeserver-control test + - tests: fix racy pulseaudio tests + - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS + - tests: update snap-preseed --reset logic to accommodate for 2.44 + change + - cmd/snap: don't wait for system key when stopping + - sandbox/cgroup: avoid making arrays we don't use + - osutil: mock proc/self/mountinfo properly everywhere + - selinux: export MockIsEnforcing; systemd: use in tests + - tests: add 32 bit machine to GH actions + - tests/session-tool: kill cron session, if any + - asserts: it should be possible to omit many snap-ids if allowed, + fix + - boot: cleanup more things, simplify code + - github: skip spread jobs when corresponding label is set + - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor + pkg + - tests/session-tool: add session-tool --dump + - github: allow cached debian downloads to restore + - tests/session-tool: session ordering is non-deterministic + - tests: enable unit tests on debian-sid again + - github: move spread to self-hosted workers + - secboot: import secboot on ubuntu, provide dummy on !ubuntu + - overlord/devicestate: support for recover and run modes + - snap/naming: add validator for snap security tag + - interfaces: add case for rootWritableOverlay + NFS + - tests/main/uc20-create-partitions: tweaks, renames, switch to + 20.04 + - github: port CLA check to Github Actions + - interfaces/many: miscellaneous policy updates xliv + - configcore,tests: fix setting watchdog options on UC18/20 + - tests/session-tool: collect information about services on startup + - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- + partitions + - state: add state.CopyState() helper + - tests/session-tool: stop anacron.service in prepare + - interfaces: don't use the owner modifier for files shared via + document portal + - systemd: move the doc comments to the interface so they are + visible + - cmd/snap-recovery-chooser: tweaks + - interfaces/docker-support: add overlayfs file access + - packaging: use debian/not-installed to ignore snap-preseed + - travis.yml: disable unit tests on travis + - store: start splitting store.go and store_test.go into subtopic + files + - tests/session-tool: stop cron/anacron from meddling + - github: disable fail-fast as spread cannot be interrupted + - github: move static checks and spread over + - tests: skip "/etc/machine-id" in "writablepaths" test + - snap-bootstrap: store encrypted partition recovery key + - httputil: increase testRetryStrategy max timelimit to 5s + - tests/session-tool: kill leaking closing session + - interfaces: allow raw access to USB printers + - tests/session-tool: reset failed session-tool units + - httputil: increase httpclient timeout in + TestRetryRequestTimeoutHandling + - usersession: extend timerange in TestExitOnIdle + - client: increase timeout in client tests to 100ms + - many: disentagle release and snapdenv from sandbox/* + - boot: simplify modeenv mocking to always write a modeenv + - snap-bootstrap: expand data partition on install + - o/configstate: add backlight option for core config + - cmd/snap-recovery-chooser: add recovery chooser + - features: enable robust mount ns updates + - snap: improve TestWaitRecovers test + - sandbox/cgroup: add ProcessPathInTrackingCgroup + - interfaces/policy: fix comment in recent new test + - tests: make session tool way more robust + - interfaces/seccomp: allow passing an address to setgroups + - o/configcore: introduce core config handlers (3/N) + - interfaces: updates to login-session-observe, network-manager and + modem-manager interfaces + - interfaces/policy/policy_test.go: add more tests'allow- + installation: false' and we grant based on interface attributes + - packaging: detect/disable broken seed in the postinst + - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia + library + - tests: remove google-tpm backend from spread.yaml + - tests: install dependencies with apt using --no-install-recommends + - usersession/userd: add zoommtg url support + - snap-bootstrap: fix disk layout sanity check + - snap: add `snap debug state --is-seeded` helper + - devicestate: generate warning if seeding fails + - config, features: move and rename config.GetFeatureFlag helper to + features.Flag + - boot, overlord/devicestate, daemon: implement requesting boot + into a given recovery system + - xdgopenproxy: forward requests to the desktop portal + - many: support immediate reboot + - store: search v2 tweaks + - tests: fix cross build tests when installing dependencies + - daemon: make POST /v2/systems/