From: Michael Vogt <michael.vogt@ubuntu.com>
Date: Fri, 10 Jul 2020 18:06:29 +0000 (+0100)
Subject: snapd (2.45.2-1) unstable; urgency=high
X-Git-Tag: archive/raspbian/2.45.2-1+rpi1^2~9
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5b3283a322e1a2f11bb673d90a495cd91819350c;p=snapd.git

snapd (2.45.2-1) unstable; urgency=high

  * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
    implementation
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
      restarted. Patch thanks to Michael Vogt
    - CVE-2020-11934
  * SECURITY UPDATE: arbitrary code execution vulnerability on core
    devices with access to physical removable media
    - devicestate: Disable/restrict cloud-init after seeding.
    - CVE-2020-11933

[dgit import unpatched snapd 2.45.2-1]
---

5b3283a322e1a2f11bb673d90a495cd91819350c
diff --cc debian/changelog
index 00000000,00000000..999f51fe
new file mode 100644
--- /dev/null
+++ b/debian/changelog
@@@ -1,0 -1,0 +1,4972 @@@
++snapd (2.45.2-1) unstable; urgency=high
++
++  * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
++    implementation
++    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
++      variable modification when calling the system xdg-open. Patch
++      thanks to James Henstridge
++    - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
++      restarted. Patch thanks to Michael Vogt
++    - CVE-2020-11934
++  * SECURITY UPDATE: arbitrary code execution vulnerability on core
++    devices with access to physical removable media
++    - devicestate: Disable/restrict cloud-init after seeding.
++    - CVE-2020-11933
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 10 Jul 2020 20:06:29 +0200
++
++snapd (2.45.1-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1875071
++    - data/selinux: allow checking /var/cache/app-info
++    - cmd/snap-confine: add support for libc6-lse
++    - interfaces: miscellanious policy updates xlv
++    - snap-bootstrap: remove sealed key file on reinstall
++    - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
++    - gadget: make ext4 filesystems with or without metadata checksum
++    - interfaces/fwupd: allow bind mount to /boot on core
++    - tests: cherry-pick test fixes from master
++    - snap/squashfs: also symlink snap Install with uc20 seed snap dir
++      layout
++    - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
++      devices
++    - snap,many: mv Open to snapfile pkg to support add'l options to
++      Container methods
++    - interfaces/builtin/desktop: do not mount fonts cache on distros
++      with quirks
++    - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
++      gadget
++    - data/completion, packaging: cherry-pick zsh completion
++    - state: log task errors in the journal too
++    - devicestate: do not report "ErrNoState" for seeded up
++    - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
++      denials
++    - packaging/fedora: disable FIPS compliant crypto for static
++      binaries
++    - packaging: stop depending on python-docutils
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 05 Jun 2020 15:13:49 +0200
++
++snapd (2.45-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1875071
++    - o/devicestate: support doing system action reboots from recover
++      mode
++    - vendor: update to latest secboot
++    - tests: not fail when boot dir cannot be determined
++    - configcore: only reload journald if systemd is new enough
++    - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
++      when decrypting
++    - tests/lib/prepare.sh: delete patching of the initrd
++    - cmd/snap: coldplug auto-import assertions from all removable
++      devices
++    - cmd/snap: fix the order of positional parameters in help output
++    - c/snap-bootstrap: port mount state mocking to the new style on
++      master
++    - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
++      as well
++    - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
++      unlock in recover mode initramfs
++    - progress: tweak multibyte label unit test data
++    - gadget: fix fallback device lookup for 'mbr' type structures
++    - progress: fix progress bar with multibyte duration units
++    - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
++    - many: put the sealed keys in a directory on seed for tidiness
++    - cmd/snap-bootstrap: measure epoch and model before unlocking
++      encrypted data
++    - o/configstate: core config handler for persistent journal
++    - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
++    - packaging: add "$TAGS" to dh_auto_test for debian packaging
++    - tests: ensure $cache_dir is actually available
++    - secboot,cmd/snap-bootstrap: add model to pcr protection profile
++    - devicestate: do not use snap-boostrap in devicestate to install
++    - tests: fix a typo in nested.sh helper
++    - devicestate: add support for cloud.cfg.d config from the gadget
++    - cmd/snap-bootstrap: cleanups, naming tweaks
++    - testutil: add NewDBusTestConn
++    - snap-bootstrap: lock access to sealed keys
++    - overlord/devicestate: preserve the current model inside ubuntu-
++      boot
++    - interfaces/apparmor: use differently templated policy for non-core
++      bases
++    - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
++      syscalls
++    - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
++      other misc changes
++    - o/snapstate: tweak "waiting for restart" message
++    - boot: store model model and grade information in modeenv
++    - interfaces/firewall-control: allow -legacy and -nft for core20
++    - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
++      bootloaders
++    - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
++      implementation
++    - daemon: fix error message from `snap remove-user foo` on classic
++    - overlord: have a variant of Mock that can take a state.State
++    - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
++    - seed: clearer errors for missing essential snapd or core snap
++    - cmd/snap-bootstrap/initramfs-mounts: support
++      EnvRefExtractedKernelBootloader's
++    - gadget, cmd/snap-bootstrap: MBR schema support
++    - image: improve/adjust DownloadSnap doc comment
++    - asserts: introduce ModelGrade.Code
++    - tests: ignore user-12345 slice and service
++    - image,seed/seedwriter: support redirect channel aka default
++      tracks
++    - bootloader: use binary.Read/Write
++    - tests: uc20 nested suite part II
++    - tests/boot: refactor to make it easier for new
++      bootloaderKernelState20 impl
++    - interfaces/openvswitch: support use of ovs-appctl
++    - snap-bootstrap: copy auth data from real ubuntu-data in recovery
++      mode
++    - snap-bootstrap: seal and unseal encryption key using tpm
++    - tests: disable special-home-can-run-classic-snaps due to jenkins
++      repo issue
++    - packaging: fix build on Centos8 to support BUILDTAGS
++    - boot/bootstate20: small changes to bootloaderKernelState20
++    - cmd/snap: Implement a "snap routine file-access" command
++    - spread.yaml: switch back to latest/candidate for lxd snap
++    - boot/bootstate20: re-factor kernel methods to use new interface
++      for state
++    - spread.yaml,tests/many: use global env var for lxd channel
++    - boot/bootstate20: fix bug in try-kernel cleanup
++    - config: add system.store-certs.[a-zA-Z0-9] support
++    - secboot: key sealing also depends on secure boot enabled
++    - httputil: fix client timeout retry tests
++    - cmd/snap-update-ns: handle EBUSY when unlinking files
++    - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
++      vars
++    - secboot: add tpm support helpers
++    - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
++      kernel and gadget
++    - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
++    - tests: preserve size for centos images on spread.yaml
++    - github: partition the github action workflows
++    - run-checks: use consistent "Checking ..." style messages
++    - bootloader: add efi pkg for reading efi variables
++    - data/systemd: do not run snapd.system-shutdown if finalrd is
++      available
++    - overlord: update tests to work with latest go
++    - cmd/snap: do not hide debug boot-vars on core
++    - cmd/snap-bootstrap: no error when not input devices are found
++    - snap-bootstrap: fix partition numbering in create-partitions
++    - httputil/client_test.go: add two TLS version tests
++    - tests: ignore user@12345.service hierarchy
++    - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
++    - tests: rewrite timeserver-control test
++    - tests: fix racy pulseaudio tests
++    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
++    - tests: update snap-preseed --reset logic to accommodate for 2.44
++      change
++    - cmd/snap: don't wait for system key when stopping
++    - sandbox/cgroup: avoid making arrays we don't use
++    - osutil: mock proc/self/mountinfo properly everywhere
++    - selinux: export MockIsEnforcing; systemd: use in tests
++    - tests: add 32 bit machine to GH actions
++    - tests/session-tool: kill cron session, if any
++    - asserts: it should be possible to omit many snap-ids if allowed,
++      fix
++    - boot: cleanup more things, simplify code
++    - github: skip spread jobs when corresponding label is set
++    - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
++      pkg
++    - tests/session-tool: add session-tool --dump
++    - github: allow cached debian downloads to restore
++    - tests/session-tool: session ordering is non-deterministic
++    - tests: enable unit tests on debian-sid again
++    - github: move spread to self-hosted workers
++    - secboot: import secboot on ubuntu, provide dummy on !ubuntu
++    - overlord/devicestate: support for recover and run modes
++    - snap/naming: add validator for snap security tag
++    - interfaces: add case for rootWritableOverlay + NFS
++    - tests/main/uc20-create-partitions: tweaks, renames, switch to
++      20.04
++    - github: port CLA check to Github Actions
++    - interfaces/many: miscellaneous policy updates xliv
++    - configcore,tests: fix setting watchdog options on UC18/20
++    - tests/session-tool: collect information about services on startup
++    - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
++      partitions
++    - state: add state.CopyState() helper
++    - tests/session-tool: stop anacron.service in prepare
++    - interfaces: don't use the owner modifier for files shared via
++      document portal
++    - systemd: move the doc comments to the interface so they are
++      visible
++    - cmd/snap-recovery-chooser: tweaks
++    - interfaces/docker-support: add overlayfs file access
++    - packaging: use debian/not-installed to ignore snap-preseed
++    - travis.yml: disable unit tests on travis
++    - store: start splitting store.go and store_test.go into subtopic
++      files
++    - tests/session-tool: stop cron/anacron from meddling
++    - github: disable fail-fast as spread cannot be interrupted
++    - github: move static checks and spread over
++    - tests: skip "/etc/machine-id" in "writablepaths" test
++    - snap-bootstrap: store encrypted partition recovery key
++    - httputil: increase testRetryStrategy max timelimit to 5s
++    - tests/session-tool: kill leaking closing session
++    - interfaces: allow raw access to USB printers
++    - tests/session-tool: reset failed session-tool units
++    - httputil: increase httpclient timeout in
++      TestRetryRequestTimeoutHandling
++    - usersession: extend timerange in TestExitOnIdle
++    - client: increase timeout in client tests to 100ms
++    - many: disentagle release and snapdenv from sandbox/*
++    - boot: simplify modeenv mocking to always write a modeenv
++    - snap-bootstrap: expand data partition on install
++    - o/configstate: add backlight option for core config
++    - cmd/snap-recovery-chooser: add recovery chooser
++    - features: enable robust mount ns updates
++    - snap: improve TestWaitRecovers test
++    - sandbox/cgroup: add ProcessPathInTrackingCgroup
++    - interfaces/policy: fix comment in recent new test
++    - tests: make session tool way more robust
++    - interfaces/seccomp: allow passing an address to setgroups
++    - o/configcore: introduce core config handlers (3/N)
++    - interfaces: updates to login-session-observe, network-manager and
++      modem-manager interfaces
++    - interfaces/policy/policy_test.go: add more tests'allow-
++      installation: false' and we grant based on interface attributes
++    - packaging: detect/disable broken seed in the postinst
++    - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
++      library
++    - tests: remove google-tpm backend from spread.yaml
++    - tests: install dependencies with apt using --no-install-recommends
++    - usersession/userd: add zoommtg url support
++    - snap-bootstrap: fix disk layout sanity check
++    - snap: add `snap debug state --is-seeded` helper
++    - devicestate: generate warning if seeding fails
++    - config, features: move and rename config.GetFeatureFlag helper to
++      features.Flag
++    - boot, overlord/devicestate, daemon:  implement requesting boot
++      into a given recovery system
++    - xdgopenproxy: forward requests to the desktop portal
++    - many: support immediate reboot
++    - store: search v2 tweaks
++    - tests: fix cross build tests when installing dependencies
++    - daemon: make POST /v2/systems/<label> root only
++    - tests/lib/prepare.sh: use only initrd from the kernel snap
++    - cmd/snap,seed: validate full seeds (UC 16/18)
++    - tests/main/user-session-env: stop the user session before deleting
++      the test-zsh user
++    - overlord/devicestate, daemon: record the seed current system was
++      installed from
++    - gadget: SystemDefaults helper function to convert system defaults
++      config into a flattened map suitable for FilesystemOnlyApply.
++    - many: comment or avoid cryptic snap-ids in tests
++    - tests: add LXD_CHANNEL environment
++    - store: support for search API v2
++    - .github: register a problem matcher to detect spread failures
++    - seed: add Info() method for seed.Snap
++    - github: always run the "Discard spread workers" step, even if the
++      job fails
++    - github: offload self-hosted workers
++    - cmd/snap: the model command needs just a client, no waitMixin
++    - github: combine tests into one workflow
++    - github: fix order of go get caches
++    - tests: adding more workers for ubuntu 20.04
++    - boot,overlord: rename operating mode to system mode
++    - config: add new Transaction.GetPristine{,Maybe}() function
++    - o/devicestate: rename readMaybe* to maybeRead*
++    - github: cache Debian dependencies for unit tests
++    - wrappers: respect pre-seeding in error path
++    - seed: validate UC20 seed system label
++    - client, daemon, overlord/devicestate: request system action API
++      and stubs
++    - asserts,o/devicestate: support model specified alternative serial-
++      authority
++    - many: introduce naming.WellKnownSnapID
++    - o/configcore: FilesystemOnlyApply method for early configuration
++      of core (1/N)
++    - github: run C unit tests
++    - github: run spread tests on PRs only
++    - interfaces/docker-support: make containerd abstract socket more
++      generic
++    - tests: cleanup security-private-tmp properly
++    - overlord/devicestate,boot: do not hold to the originally read
++      modeenv
++    - dirs: rm RunMnt; boot: add vars for early boot env layout;
++      sysconfig: take targetdir arg
++    - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
++      s.runMnt
++    - tests: add regression test for MAAS refresh bug
++    - errtracker: add missing mocks
++    - github: apt-get update before installing build-deps
++    - github: don't fail-fast
++    - github: run spread via github actions
++    - boot,many: add modeenv.WriteTo, make Write take no args
++    - wrappers: fix timer schedules that are days only
++    - tests/main/snap-seccomp-syscalls: install gperf
++    - github: always checkout to snapcore/snapd
++    - github: add prototype workflow running unit tests
++    - many: improve comments, naming, a possible TODO
++    - client: use Assert when checking for error
++    - tests: ensure sockets target is ready in session agent spread
++      tests
++    - osutil: do not leave processes behind after the test run
++    - tests: update proxy-no-core to match latest CDN changes
++    - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
++      dangerous
++    - cmd/snap-failure,tests: try to make snap-failure more robust
++    - many: fix packages having mistakenly their copyright as doc
++    - many: enumerate system seeds, return them on the /v2/systems API
++      endpoint
++    - randutil: don't consume kernel entropy at init, just mix more info
++      to try to avoid fleet collisions
++    - snap-bootstrap: add creationSupported predicate for partition
++      types
++    - tests: umount partitions which are not umounted after remount
++      gadget
++    - snap: run gofmt -s
++    - many: improve environment handling, fixing duplicate entries
++    - boot_test: add many boot robustness tests for UC20 kernel
++      MarkBootSuccessul and SetNextBoot
++    - overlord: remove unneeded overlord.MockPruneInterval() mocks
++    - interfaces/greengrass-support: fix typo
++    - overlord,timings,daemon: separate timings from overlord/state
++    - tests: enable nested on core20 and test current branch
++    - snap-bootstrap: remove created partitions on reinstall
++    - boot: apply Go 1.10 formatting
++    - apparmor: use rw for uuidd request to default and remove from
++      elsewhere
++    - packaging: add README.source for debian
++    - tests: cleanup various uc20 boot tests from previous PR
++    - devicestate: disable cloud-init by default on uc20
++    - run-checks: tweak formatting checks
++    - packaging,tests: ensure debian-sid builds without vendor/
++    - travis.yml: run unit tests with go/master as well* travis.yml: run
++      unit tests with go/master as well
++    - seed: make Brand() part of the Seed interface
++    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
++    - daemon: do a forceful server shutdown if we hit a deadline
++    - tests/many: don't use StartLimitInterval anymore, unify snapd-
++      failover variants, build snapd snap for UC16 tests
++    - snap-seccomp: robustness improvements
++    - run-tests: disable -v for go test to avoid spaming the logs
++    - snap: whitelist lzo as support compression for snap pack
++    - snap: tweak comment in Install() for overlayfs detection
++    - many: introduce snapdenv.Preseeding instead of release.PreseedMode
++    - client, daemon, overlord/devicestate: structures and stubs for
++      systems API
++    - o/devicestate: delay the creation of mark-seeded task until
++      asserts are loaded
++    - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
++      policy, updates
++    - interfaces/greengrass-support: add new 1.9 access
++    - snap: do not hardlink on overlayfs
++    - boot,image: ARM kernel extract prepare image
++    - interfaces: make gpio robust against not-existing gpios in /sys
++    - cmd/snap-preseed: handle --reset flag
++    - many: introduce snapdenv to present common snapd env options
++    - interfaces/kubernetes-support: allow autobind to journald socket
++    - snap-seccomp: allow mprotect() to unblock the tests
++    - tests/lib/reset: workaround unicode dot in systemctl output
++    - interfaces/udisks2: also allow Introspection on
++      /org/freedesktop/UDisks/**
++    - snap: introduce Container.RandomAccessFile
++    - o/ifacestate, api: implementation of snap disconnect --forget
++    - cmd/snap: make the portal-info command search for the network-
++      status interface
++    - interfaces: work around apparmor_parser slowness affecting uio
++    - tests: fix/improve failing spread tests
++    - many: clean separation of bootenv mocking vs mock bootloader kinds
++    - tests: mock prune ticker in overlord tests to reduce wait times
++    - travis: disable arm64 again
++    - httputil: add support for extra snapd certs
++    - travis.yml: run unit tests on arm64 as well
++    - many: fix a pair of ineffectual assignments
++    - tests: add uc20 kernel snap upgrade managers test, fix
++      bootloadertest bugs
++    - o/snapstate: set base in SnapSetup on snap revert
++    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
++    - cmd/snap-exec: add test case for LP bug 1860369
++    - interfaces: make the network-status interface implicit on
++      classic
++    - interfaces: power control interfaceIt is documented in the
++      kernel
++    - interfaces: miscellaneous policy updates
++    - cmd/snap: add a "snap routine portal-info" command
++    - usersession/userd: add "apt" to the white list of URL schemes
++      handled by xdg-open
++    - interfaces/desktop: allow access to system prompter interface
++    - devicestate: allow encryption regardless of grade
++    - tests: run ipv6 network-retry test too
++    - tests: test that after "remove-user" the system is unmanaged
++    - snap-confine: unconditionally add /dev/net/tun to the device
++      cgroup
++    - snapcraft.yaml: use sudo -E and remove workaround
++    - interfaces/audio_playback: Fix pulseaudio config access
++    - ovelord/snapstate: update only system wide fonts cache
++    - wrappers: import /etc/environment in all services
++    - interfaces/u2f: Add Titan USB-C key
++    - overlord, taskrunner: exit on task/ensure error when preseeding
++    - tests: add session-tool, a su / sudo replacement
++    - wrappers: add mount unit dependency for snapd services on core
++      devices
++    - tests: just remove user when the system is not managed on create-
++      user-2 test
++    - snap-preseed: support for preseeding of snapd and core18
++    - boot: misc UC20 changes
++    - tests: adding arch-linux execution
++    - packaging: revert "work around review-tools and snap-confine"
++    - netlink: fix panic on arm64 with the new rawsockstop codewith a
++      nil Timeval panics
++    - spread, data/selinux: add CentOS 8, update policy
++    - tests: updating checks to new test account for snapd-test snaps
++    - spread.yaml: mv opensuse 15.1 to unstable
++    - cmd/snap-bootstrap,seed: verify only in-play snaps
++    - tests: use ipv4 in retry-network to unblock failing master
++    - data/systemd: improve the description
++    - client: add "Resume" to DownloadOptions and new test
++    - tests: enable snapd-failover on uc20
++    - tests: add more debug output to the snapd-failure handling
++    - o/devicestate: unset recovery_system when done seeding
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 May 2020 17:17:57 +0200
++
++snapd (2.44.3-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1864808
++    - tests: fix racy pulseaudio tests
++    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
++    - tests: update snap-preseed --reset logic
++    - tests: backport partition fixes
++    - cmd/snap: don't wait for system key when stopping
++    - interfaces/many: miscellaneous policy updates xliv
++    - tests/main/uc20-snap-recovery: use 20.04 system
++    - tests: skip "/etc/machine-id" in "writablepaths
++    - interfaces/docker-support: add overlays file access
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 10 Apr 2020 16:57:25 +0200
++
++snapd (2.44.2-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1864808
++    - packaging: detect/disable broken seeds in the postinst
++    - cmd/snap,seed: validate full seeds (UC 16/18)
++    - snap: add `snap debug state --is-seeded` helper
++    - devicestate: generate warning if seeding fails
++    - store: support for search API v2
++    - cmd/snap-seccomp/syscalls: update the list of known syscalls
++    - snap/cmd: the model command needs just a client, no waitMixin
++    - tests: cleanup security-private-tmp properly
++    - wrappers: fix timer schedules that are days only
++    - tests: update proxy-no-core to match latest CDN changes
++    - cmd/snap-failure,tests: make snap-failure more robust
++    - tests, many: don't use StartLimitInterval anymore, unify snapd-
++      failover variants, build snapd snap for UC16 tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Apr 2020 09:51:34 +0200
++
++snapd (2.44.1-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1864808
++    - randutil: switch back to setting up seed with lower entropy data
++    - interfaces/greengrass-support: fix typo
++    - packaging,tests: ensure debian-sid builds without vendor/
++    - travis.yml: run unit tests with go/master as well
++    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 21 Mar 2020 18:32:12 +0100
++
++snapd (2.44-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1864808
++    - daemon: do a forceful serer shutdown if we hit a deadline
++    - snap: whitelist lzo as support compression for snap pack
++    - data/selinux: update policy to allow more ops
++    - interfaces/greengrass-support: add new 1.9 access
++    - snap: do not hardlink on overlayfs
++    - cmd/snap-preseed: handle --reset flag
++    - interfaces/kubernetes-support: allow autobind to journald socket
++    - snap-seccomp: allow mprotect() to unblock the tests
++    - tests/lib/reset: workaround unicode dot in systemctl output
++    - interfaces: work around apparmor_parser slowness affecting uio
++    - interfaces/udisks2: also allow Introspection on
++      /org/freedesktop/UDisks2/**
++    - tests: mock prune ticker in overlord tests to reduce wait times
++    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
++    - interfaces: miscellaneous policy updates
++    - interfaces/audio_playback: Fix pulseaudio config access
++    - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
++    - ovelord/snapstate: update only system wide fonts cache
++    - wrappers: import /etc/environment in all services
++    - interfaces/u2f: Add Titan USB-C key
++    - overlord, taskrunner: exit on task/ensure error when preseeding
++    - overlord/snapstate/backend: update snapd services contents in unit
++      tests
++    - wrappers: add mount unit dependency for snapd services on core
++      devices
++    - Revert "tests: remove /tmp/snap.* left over by other tests"
++    - Revert "packaging: work around review-tools and snap-confine"
++    - netlink: fix panic on arm64 with the new rawsockstop code
++    - spread, data/selinux: add CentOS 8, update policy
++    - spread.yaml: mv opensuse tumbleweed to unstable too
++    - spread.yaml: mv opensuse 15.1 to unstable
++    - tests: use ipv4 in retry-network to unblock failing master
++    - data/systemd: improve the description
++    - tests/lib/prepare.sh: simplify, combine code paths
++    - tests/main/user-session-env: add test verifying environment
++      variables inside the user session
++    - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
++    - run-checks: SKIP_GMFMT really skips formatting checks
++    - tests: enable more tests for UC20/UC18
++    - tests: remove tmp dir for snap not-test-snapd-sh on security-
++      private-tmp test
++    - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
++      simplify bootstrap code
++    - snapstate: do not restart in undoLinkSnap unless on first install
++    - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
++    - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
++      mode too
++    - cmd/libsnap, tests: fix C unit tests failing as non-root
++    - cmd/snap-bootstrap: verify kernel snap is in modeenv before
++      mounting it
++    - tests: adding amazon linux to google backend
++    - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
++      status
++    - client: add support for "ResumeToken", "HeaderPeek" to download
++    - build: enable type: snapd
++    - tests: rm -rf /tmp/snap.* in restore
++    - cmd/snap-confine: deny snap-confine to load nss libs
++    - snapcraft.yaml: add comments, rename snapd part to snapd-deb
++    - boot: write current_kernels in bootstate20, makebootable
++    - packaging: work around review-tools and snap-confine
++    - tests: skipping interfaces-openvswitch on centos due to package is
++      not available
++    - packaging,snap-confine: stop being setgid root
++    - cmd/snap-confine: bring /var/lib/dhcp from host, if present
++    - store: rely on CommandFromSystemSnap to find xdelta3
++    - tests: bump sleep time of the new overlord tests
++    - cmd/snap-preseed: snapd version check for the target
++    - netlink: fix/support stopping goroutines reading netlink raw
++      sockets
++    - tests: reset PS1 before possibly interactive dash
++    - overlord, state: don't abort changes if spawn time before
++      StartOfOperationTime (2/2)
++    - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
++      snapd snap
++    - tests: ask tar to speak English
++    - tests: using google storage when downloading ubuntu cloud images
++      from gce
++    - Coverity produces false positives for code like this:
++    - many: maybe restart & security backend options
++    - o/standby: add SNAPD_STANDBY_WAIT to control standby in
++      development
++    - snap: use the actual staging snap-id for snapd
++    - cmd/snap-bootstrap: create a new parser instance
++    - snapcraft.yaml: use build-base and adopt-info, rm builddeb
++      plugin
++    - tests: set StartLimitInterval in snapd failover test
++    - tests: disable archlinux system
++    - tests: add preseed test for classic
++    - many, tests: integrate all preseed bits and add spread tests
++    - daemon: support resuming downloads
++    - tests: use Filename() instead of filepath.Base(sn.MountFile())
++    - tests/core: add swapfiles test
++    - interfaces/cpu-control: allow to control cpufreq tunables
++    - interfaces: use commonInteface for desktopInterface
++    - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
++      location
++    - snap/info: add Filename
++    - bootloader: make uboot a RecoveryAwareBootloader
++    - gadget: skip update when mounted filesystem content is identical
++    - systemd: improve is-active check for 'failed' services
++    - boot: add current_kernels to modeenv
++    - o/devicestate: StartOfOperationTime helper for Prune (1/2)
++    - tests: detect LXD launching i386 containers
++    - tests: move main/ubuntu-core-* tests to core/ suite
++    - tests: remove snapd in ubuntu-core-snapd
++    - boot: enable base snap updates in bootstate20
++    - tests: Fix core revert channel after 2.43 has been released to
++      stable
++    - data/selinux: unify tabs/spaces
++    - o/ifacestate: move ResolveDisconnect to ifacestate
++    - spread: move centos to stable systems
++    - interfaces/opengl: allow datagrams to nvidia-driver
++    - httputil: add NoNetwork(err) helper, spread test and use in serial
++      acquire
++    - store: detect if server does not support http range headers
++    - test/lib/user: add helper lib for doing things for and as a user
++    - overlord/snapstate, wrappers: undo of snapd on core
++    - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
++      set kill timeout
++    - store: add support for resume in DownloadStream
++    - cmd/snap: implement 'snap remove-user'
++    - overlord/devicestate: fix preseed unit tests on systems not using
++      /snap
++    - tests/main/static: ldd in glibc 2.31 logs to stderr now
++    - run-checks, travis: allow skipping spread jobs by adding a label
++    - tests: add new backend which includes images with tpm support
++    - boot: use constants for boot status values
++    - tests: add "core" suite for UC specific tests
++    - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
++    - tests: retry mounting the udisk2 device due to timing issue
++    - usersession/client: add a client library for the user session
++      agent
++    - o/devicestate: Handle preseed mode in the firstboot mode (core16
++      only for now).
++    - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
++    - cmd/snap-confine: detect base transitions on core16
++    - boot: don't use "kernel" from the modeenv anymore
++    - interfaces: add uio interface
++    - tests: repack the initramfs + kernel snap for UC20 spread tests
++    - interfaces/greengrass-support: add /dev/null ->
++      /proc/latency_stats mount
++    - httputil: remove workaround for redirect handling in go1.7
++    - httputil: remove go1.6 transport workaround
++    - snap: add `snap pack --compression=<comp>` options
++    - tests/lib/prepare: fix hardcoded loopback device names for UC
++      images
++    - timeutil: add a unit test case for trivial schedule
++    - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
++      introduction
++    - dirs: variable with distros using alternate snap mount
++    - many,randutil: centralize and streamline our random value
++      generation
++    - tests/lib/prepare-restore: Revert "Continue on errors updating or
++      installing dependencies"
++    - daemon: Allow clients to call /v2/logout via Polkit
++    - dirs: manjaro-arm is like manjaro
++    - data, packaging: Add sudoers snippet to allow snaps to be run with
++      sudo
++    - daemon, store: better expose single action errors
++    - tests: switch mount-ns test to differential data set
++    - snapstate: refactor things to add the re-refresh task last
++    - daemon: drop support for the DELETE method
++    - client: move to /v2/users; implement RemoveUser
++    - boot: enable UC20 kernel extraction and bootState20 handling
++    - interfaces/policy: enforce plug-names/slot-names constraints
++    - asserts: parse plug-names/slot-names constraints
++    - daemon: make users result more consistent
++    - cmd/snap-confine,tests: support x.y.z nvidia version
++    - dirs: fixlet for XdgRuntimeDirGlob
++    - boot: add bootloader options to coreKernel
++    - o/auth,daemon: do not remove unknown user
++    - tests: tweak and enable tests on ubuntu 20.04
++    - daemon: implement user removal
++    - cmd/snap-confine: allow snap-confine to link to libpcre2
++    - interfaces/builtin: Allow NotificationReplied signal on
++      org.freedesktop.Notifications
++    - overlord/auth: add RemoveUserByName
++    - client: move user-related things to their own files
++    - boot: tweak kernel cmdline helper docstring
++    - osutil: implement deluser
++    - gadget: skip update when raw structure content is unchanged
++    - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
++      detection to boot
++    - tests: fix revisions leaking from snapd-refresh test
++    - daemon: refactor create-user to a user action & hide behind a flag
++    - osutil/tests: check there are no leftover symlinks with
++      AtomicSymlink
++    - grub: support atomically renaming kernel symlinks
++    - osutil: add helpers for creating symlinks and renaming in an
++      atomic manner
++    - tests: add marker tag for core 20 test failure
++    - tests: fix gadget-update-pc test leaking snaps
++    - tests: remove revision leaking from ubuntu-core-refresh
++    - tests: remove revision leaking from remodel-kernel
++    - tests: disable system-usernames test on core20
++    - travis, tests, run-checks: skip nakedret
++    - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
++    - tests: update mount-ns test tables
++    - snap: disable auto-import in uc20 install-mode
++    - tests: add a command-chain service test
++    - tests: use test-snapd-upower instead of upower
++    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
++    - spread.yaml: fix ubuntu 19.10 and 20.04 names
++    - debian: check embedded keys for snap-{bootstrap,preseed} too
++    - interfaces/apparmor: fix doc-comments, unnecessary code
++    - o/ifacestate,o/devicestatate: merge gadget-connect logic into
++      auto-connect
++    - bootloader: add ExtractedRunKernelImageBootloader interface,
++      implement in grub
++    - tests: add spread test for hook permissions
++    - cmd/snap-bootstrap: check device size before boostrapping and
++      produce a meaningful error
++    - cmd/snap: add ability to register "snap routine" commands
++    - tests: add a test demonstrating that snaps can't access the
++      session agent socket
++    - api: don't return connections referring to non-existing
++      plugs/slots
++    - interfaces: refactor path() from raw-volume into utils with
++      comments for old
++    - gitignore: ignore snap files
++    - tests: skip interfaces-network-manager on arm devices
++    - o/devicestate: do not create perfTimings if not needed inside
++      ensureSeed/Operational
++    - tests: add ubuntu 20.04 to the tests execution and remove
++      tumbleweed from unstable
++    - usersession: add systemd user instance service control to user
++      session agent
++    - cmd/snap: print full channel in 'snap list', 'snap info'
++    - tests: remove execution of ubuntu 19.04 from google backend
++    - cmd/snap-boostrap: add mocking for fakeroot
++    - tests/core18/snapd-failover: collect more debug info
++    - many: run black formatter on all python files
++    - overlord: increase settle timeout for slow machines
++    - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
++    - store, o/snapstate: send default-tracks header, use
++      RedirectChannel
++    - overlord/standby: fix possible deadlock in standby test
++    - cmd/snap-discard-ns: fix pattern for .info files
++    - boot: add HasModeenv to Device
++    - devicestate: do not allow remodel between core20 models
++    - bootloader,snap: misc tweaks
++    - store, overlord/snapstate, etc: SnapAction now returns a []…Result
++    - snap-bootstrap: create encrypted partition
++    - snap: remove "host" output from `snap version`
++    - tests: use snap remove --purge flag in most of the spread tests
++    - data/selinux, test/main/selinux-clean: update the test to cover
++      more scenarios
++    - many: drop NameAndRevision, use snap.PlaceInfo instead
++    - boot: split MakeBootable tests into their own file
++    - travis-ci: add go import path
++    - boot: split MakeBootable implementations into their own file
++    - tests: enable a lot of the tests of main on uc20
++    - packaging, tests: stop services in prerm
++    - tests: enable regression suite on core20
++    - overlord/snapstate: improve snapd snap backend link unit tests
++    - boot: implement SetNextBoot in terms of bootState.setNext
++    - wrappers: write and undo snapd services on core
++    - boot,o/devicestate: refactor MarkBootSuccessful over bootState
++    - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
++    - snap-bootstrap: refactor partition creation
++    - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
++    - tests: add core20 tests
++    - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
++      use the information
++    - tests/main/snap-sign: add test for non-stdin signing
++    - snap-bootstrap: trigger udev after filesystem creation
++    - boot,overlord: introduce internal abstraction bootState and use it
++      for InUse/GetCurrentBoot
++    - overlord/snapstate: tracks are now sticky
++    - cmd: sign: add filename param
++    - tests: remove "test-snapd-tools" in smoke/sandbox on restore
++    - cmd/snap, daemon: stop over-normalising channels
++    - tests: fix classic-ubuntu-core-transition-two-cores after refactor
++      of MATCH -v
++    - packaging: ship var/lib/snapd/desktop/applications in the pkg
++    - spread: drop copr repo with F30 build dependencies
++    - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
++    - tests: fix partition creation test
++    - tests: unify/rename services-related spread tests to start with
++      services- prefix
++    - test: extract code that modifies "writable" for test prep
++    - systemd: handle preseed mode
++    - snap-bootstrap: read only stdout when parsing the sfdisk json
++    - interfaces/browser-support: add more product/vendor paths
++    - boot: write compat UC16 bootvars in makeBootable20RunMode
++    - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
++    - devicestate: request reboot after successful doSetupRunSystem()
++    - snapd.core-fixup.sh: do not run on UC20 at all
++    - tests: unmount automounted snap-bootstrap devices
++    - devicestate: run boot.MakeBootable in doSetupRunSystem
++    - boot: copy kernel/base to data partition in makeBootable20RunMode
++    - tests: also check nested lxd container
++    - run-checks: complain about MATCH -v
++    - boot: always return the trivial boot participant in ephemeral mode
++    - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
++      gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
++    - snap-bootstrap: append new partitions
++    - snap-bootstrap: mount filesystems after creation
++    - snapstate: do not try to detect rollback in ephemeral modes
++    - snap-bootstrap: trigger udev for new partitions
++    - cmd/snap-bootstrap: xxx todos about kernel cross-checks
++    - tests: avoid mask rsyslog service in case is not enabled on the
++      system
++    - tests: fix use of MATCH -v
++    - cmd/snap-preseed: update help strings
++    - cmd/snap-bootstrap: actually parse snapd_recovery_system label
++    - bootstrap: reduce runmode mounts from 5 to 2 steps.
++    - lkenv.go: adjust for new location of include file
++    - snap: improve squashfs.ReadFile() error
++    - systemd: fix uc20 shutdown
++    - boot: write modeenv when creating the run mode
++    - boot,image: add skeleton boot.makeBootable20RunMode
++    - cmd/snap-preseed: add snap-preseed executable
++    - overlord,boot: follow ups to #7889 and #7899
++    - interfaces/wayland: Add access to Xwayland's shm files
++    - o/hookstate/ctlcmd: fix command name in snapctl -h
++    - daemon,snap: remove screenshot deprecation notice
++    - overlord,o/snapstate: make sure we never leave config behind
++    - many: pass consistently boot.Device state to boot methods
++    - run-checks: check multiline string blocks in
++      restore/prepare/execute sections of spread tests
++    - intrefaces: login-session-control - added missing dbus commands
++    - tests/main/parallel-install-remove-after: parallel installs should
++      not break removal
++    - overlord/snapstate: tweak assumes error hint
++    - overlord: replace DeviceContext.OldModel with GroundContext
++    - devicestate: use httputil.ShouldRetryError() in
++      prepareSerialRequest
++    - tests: replace "test-snapd-base-bare" with real "bare" base snap
++    - many: pass a Model to the gadget info reading functions
++    - snapstate: relax gadget constraints in ConfigDefaults Et al.
++    - devicestate: only run ensureBootOk() in "run" mode
++    - tests/many: quiet lxc launching, file pushing
++    - tests: disable apt-hooks test until it can be properly fixed
++    - tests: 16.04 and 18.04 now have mediating pulseaudio
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 17 Mar 2020 20:55:47 +0100
++
++snapd (2.43.3-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1856159
++    - interfaces/opengl: allow datagrams to nvidia-driver
++    - httputil: add NoNetwork(err) helper, spread test and use
++      in serial acquire
++    - interfaces: add uio interface
++    - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
++      start due to apparmor deny on mounting of "/proc/latency_stats".
++    - data, packaging: Add sudoers snippet to allow snaps to be run with
++      sudo
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 12 Feb 2020 14:59:15 +0100
++
++snapd (2.43.2-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1856159
++    - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
++    - overlord/snapstate: fix for re-refresh bug
++    - tests, run-checks, many: fix nakedret issues
++    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
++    - tests: use test-snapd-upower instead of upower
++    - overlord: increase overall settle timeout for slow arm boards
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 28 Jan 2020 15:50:25 +0100
++
++snapd (2.43.1-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1856159
++    - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
++    - overlord/standby: fix possible deadlock in standby test
++    - cmd/snap-discard-ns: fix pattern for .info files
++    - overlord,o/snapstate: make sure we never leave config behind
++    - data/selinux: update policy to cover more cases
++    - snap: remove "host" output from `snap version`
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 14 Jan 2020 20:30:07 +0100
++
++snapd (2.43-1) unstable; urgency=medium
++
++  * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 09 Jan 2020 17:16:12 +0100
++
++snapd (2.42.5-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1853244
++    - snap-confine: revert, with comment, explicit unix deny for nested
++      lxd
++    - Disable mount-ns test on 16.04. It is too flaky currently.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 06 Dec 2019 14:10:56 +0100
++
++snapd (2.42.4-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1853244
++    - overlord/snapstate: make sure configuration defaults are applied
++      only once
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 28 Nov 2019 06:48:26 +0100
++
++snapd (2.42.3-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1853244
++    - overlord/snapstate: pick up system defaults when seeding the snapd
++      snap
++    - cmd/snap-update-ns: fix overlapping, nested writable mimic
++      handling
++    - interfaces: misc updates for u2f-devices, browser-support,
++      hardware-observe, et al
++    - tests: reset failing "fwupd-refresh.service" if needed
++    - tests/main/gadget-update-pc: use a program to modify gadget yaml
++    - snap-confine: suppress noisy classic snap file_inherit denials
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 27 Nov 2019 12:41:07 +0100
++
++snapd (2.42.2-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1853244
++    - interfaces/lxd-support: Fix on core18
++    - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
++      2.4.1 now
++    - snap-seccomp: add missing clock_getres_time64
++    - cmd/snap-seccomp/syscalls: update the list of known
++      syscalls
++    - sandbox/seccomp: accept build ID generated by Go toolchain
++    - interfaces: allow access to ovs bridge sockets
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 20 Nov 2019 08:09:15 +0100
++
++snapd (2.42.1-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1846181
++    - interfaces: de-duplicate emitted update-ns profiles
++    - packaging: tweak handling of usr.lib.snapd.snap-confine
++    - interfaces: allow introspecting network-manager on core
++    - tests/main/interfaces-contacts-service: disable on openSUSE
++      Tumbleweed
++    - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
++    - snap: fix default-provider in seed validation
++    - tests: update system-usernames test now that opensuse-15.1 works
++    - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
++    - gadget: rename "boot{select,img}" -> system-boot-{select,image}
++    - tests: listing test, make accepted snapd/core versions consistent
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 30 Oct 2019 13:17:43 +0100
++
++snapd (2.42-1) unstable; urgency=medium
++
++  * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 01 Oct 2019 11:40:58 +0200
++
++snapd (2.41-1) unstable; urgency=medium
++
++  [ Michael Vogt ]
++  * New upstream release, LP: #1840740
++
++  [ Jamie Strandboge ]
++  * debian/control: Depends on apparmor >= 2.10.95-5 instead of
++    2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have
++    all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 30 Aug 2019 08:53:57 +0200
++
++snapd (2.40-1) unstable; urgency=medium
++
++  * New upstream release.
++
++ -- Michael Vogt <mvo@debian.org>  Tue, 23 Jul 2019 15:38:36 +0200
++
++snapd (2.39.3-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1827495
++    - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
++    - spread: run tests against openSUSE 15.1
++    - data/selinux: fix policy for snaps with bases and classic snaps
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 21 Jun 2019 09:06:01 +0200
++
++snapd (2.39.2-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1827495
++    - debian: rework how we run autopkgtests
++    - interfaces/docker-support: add overlayfs accesses for ubuntu core
++    - data/selinux: permit init_t to remount snappy_snap_t
++    - strutil/shlex: fix ineffassign
++    - packaging: fix build-depends on powerpc
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 05 Jun 2019 08:46:14 +0200
++
++snapd (2.39-1) unstable; urgency=medium
++
++   * New upstream release
++   * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
++     fixed upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 28 Feb 2019 18:21:26 +0100
++
++snapd (2.39.1-1) unstable; urgency=medium
++
++  * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 May 2019 12:08:43 +0200
++
++snapd (2.38-1) unstable; urgency=medium
++
++  * New upstream release
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 21 Mar 2019 11:02:04 +0100
++
++snapd (2.37.4-1) unstable; urgency=medium
++
++  * New upstream release
++  * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
++    fixed upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 28 Feb 2019 18:21:26 +0100
++
++snapd (2.37.3-1) unstable; urgency=medium
++
++  * New upstream release
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 19 Feb 2019 13:46:24 +0100
++
++snapd (2.37.2-1) unstable; urgency=medium
++
++  * New upstream releease. 
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 07 Feb 2019 21:26:34 +1300
++
++snapd (2.37.1-1) unstable; urgency=medium
++
++  * New upstream release.
++  * d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch:
++    applied upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 29 Jan 2019 19:24:35 +0100
++
++snapd (2.37-3) unstable; urgency=medium
++
++  * Fix --no-arch-any build.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 24 Jan 2019 16:11:17 +1300
++
++snapd (2.37-2) unstable; urgency=medium
++
++  * d/patches/0010-man-page-sections.patch: fix a couple of instances of the
++    lintian warning 'manpage-section-mismatch'.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 24 Jan 2019 09:52:09 +1300
++
++snapd (2.37-1) unstable; urgency=medium
++
++  [ Michael Hudson-Doyle ]
++  * New upstream version.
++  * d/control: make myself Maintainer, use my Debian address, update Vcs-* to
++    point to salsa.
++  * Add new build-dependencies.
++  * d/watch: update to download new upstream-provided no-vendor tarballs.
++  * d/patches: refresh/drop.
++  * d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse.
++  * d/patches/upstram-bolt.patch: use upstream version of boltdb.
++  * d/patches/systemd-activation-compat.patch: compatibility for the
++    newer go-systemd in debian
++
++  [ Ondřej Nový ]
++  * d/copyright: Use https protocol in Format field
++  * d/changelog: Remove trailing whitespaces
++
++  [ Zygmunt Krynicki ]
++  * Update unreleased package to 2.37
++  * Drop and recreate all patches
++  * Add patches for failing unit tests
++  * Reconcile packaging with snapd upstream
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 22 Jan 2019 12:39:58 +0100
++
++snapd (2.30-5) unstable; urgency=medium
++
++  * Team upload.
++  * add fix-pkg-config-line.patch to fix FTBFS
++  * Set XS-Go-Import-Path
++
++ -- Michael Stapelberg <stapelberg@debian.org>  Sat, 10 Feb 2018 23:18:15 +0100
++
++snapd (2.30-4) unstable; urgency=medium
++
++  * Fix Built-Using computation on Debian.
++  * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable
++    a flaky test.
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 16 Jan 2018 13:02:31 +1300
++
++snapd (2.30-3) unstable; urgency=medium
++
++  * Fix arch builds again, sigh,
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 09 Jan 2018 13:56:48 +1300
++
++snapd (2.30-2) unstable; urgency=medium
++
++  * Fix arch-all-only build. (Closes: 886431)
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 09 Jan 2018 10:48:20 +1300
++
++snapd (2.30-1) unstable; urgency=medium
++
++  * New upstream release.
++  * Remove several patches:
++    - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
++      release.
++    - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
++      now implements a better solution to the problem.
++    - pb.v1-canonical-path.patch: applied upstream.
++  * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Fri, 05 Jan 2018 09:39:07 +1300
++
++snapd (2.28.5) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - snap-confine: cleanup broken nvidia udev tags
++    - cmd/snap-confine: update valid security tag regexp
++    - overlord/ifacestate: refresh udev backend on startup
++    - dbus: ensure io.snapcraft.Launcher.service is created on re-
++      exec
++    - snap-confine: add support for handling /dev/nvidia-modeset
++    - interfaces/network-control: remove incorrect rules for tun
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 Oct 2017 23:25:46 +0200
++
++snapd (2.28.4) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - interfaces/opengl: don't udev tag nvidia devices and use snap-
++      confine instead
++    - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 11 Oct 2017 19:40:57 +0200
++
++snapd (2.28.3) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - interfaces/lxd: lxd slot implementation can also be an app
++      snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 11 Oct 2017 08:20:26 +0200
++
++snapd (2.28.2) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - interfaces: fix udev rules for tun
++    - release,cmd,dirs: Redo the distro checks to take into account
++      distribution families
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 10 Oct 2017 18:39:58 +0200
++
++snapd (2.28.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - snap-confine: update apparmor rules for fedora based basesnaps
++    - snapstate: rename refresh hook to post-refresh for consistency
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 27 Sep 2017 17:59:49 -0400
++
++snapd (2.28) xenial; urgency=medium
++
++  * New upstream release, LP: #1714984
++    - hooks: rename refresh to after-refresh
++    - snap-confine: bind mount /usr/lib/snapd relative to snap-confine
++    - cmd,dirs: treat "liri" the same way as "arch"
++    - snap-confine: fix base snaps on core
++    - hooks: substitute env vars when executing hooks
++    - interfaces: updates for default, browser-support, desktop, opengl,
++      upower and stub-resolv.conf
++    - cmd,dirs: treat manjaro the same as arch
++    - systemd: do not run auto-import and repair services on classic
++    - packaging/fedora: Ensure vendor/ is empty for builds and fix spec
++      to build current master
++    - many: fix TestSetConfNumber missing an Unlock and other fragility
++      improvements
++    - osutil: adjust StreamCommand tests for golang 1.9
++    - daemon: allow polkit authorisation to install/remove snaps
++    - tests: make TestCmdWatch more robust
++    - debian: improve package description
++    - interfaces: add netlink kobject uevent to hardware observe
++    - debian: update trusted account-keys check on 14.04 packaging
++    - interfaces/network-{control,observe}: allow receiving
++      kobject_uevent() messages
++    - tests: fix lxd test for external backend
++    - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
++      go1.7,ppc64
++    - corecfg: mock "systemctl" in all corecfg tests
++    - tests: fix unit tests on Ubuntu 14.04
++    - debian: add missing flags when building static snap-exec
++    - many: end-to-end support for the bare base snap
++    - overlord/snapstate: SetRootDir from SetUpTest, not in just some
++      tests
++    - store: have an ad-hoc method on cfg to get its list of uris for
++      tests
++    - daemon: let client decide whether to allow interactive auth via
++      polkit
++    - client,daemon,snap,store: add license field
++    - overlord/snapstate: rename HasCurrent to IsInstalled, remove
++      superfluous/misleading check from All
++    - cmd/snap: SetRootDir from SetUpTest, not in just some individual
++      tests.
++    - systemd: rename snap-repair.{service,timer} to snapd.snap-
++      repair.{service,timer}
++    - snap-seccomp: remove use of x/net/bpf from tests
++    - httputil: more naive per go version way to recreate a default
++      transport for tls reconfig
++    - cmd/snap-seccomp/main_test.go: add one more syscall for arm64
++    - interfaces/opengl: use == to compare, not =
++    - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
++    - cmd/snap-repair: track and use a lower bound for the time for
++      TLS checks
++    - interfaces: expose bluez interface on classic OS
++    - snap-seccomp: add in-kernel bpf tests
++    - overlord: always try to get a serial, lazily on classic
++    - tests: add nmcli regression test
++    - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
++    - tests: add autopilot-introspection interface test
++    - vendor: fix artifact from manually editing vendor/vendor.json
++    - tests: rename complexion to test-snapd-complexion
++    - interfaces: add desktop and desktop-legacy
++      interfaces/desktop: add new 'desktop' interface for modern DEs
++      interfaces/builtin/desktop_test.go: use modern testing techniques
++      interfaces/wayland: allow read on /etc/drirc for Plasma desktop
++      interfaces/desktop-legacy: add new 'legacy' interface (currently
++      for a11y and input)
++    - tests: fix race in snap userd test
++    - devices/iio: add read/write for missing sysfs entries
++    - spread: don't set HTTPS?_PROXY for linode
++    - cmd/snap-repair: check signatures of repairs from Next
++    - env: set XDG_DATA_DIRS for wayland et.al.
++    - interfaces/{default,account-control}: Use username/group instead
++      of uid/gid
++    - interfaces/builtin: use udev tagging more broadly
++    - tests: add basic lxd test
++    - wrappers: ensure bash completion snaps install on core
++    - vendor: use old golang.org/x/crypto/ssh/terminal to build on
++      powerpc again
++    - docs: add PULL_REQUEST_TEMPLATE.md
++    - interfaces: fix network-manager plug
++    - hooks: do not error out when hook is optional and no hook handler
++      is registered
++    - cmd/snap: add userd command to replace snapd-xdg-open
++    - tests: new regex used to validate the core version on extra snaps
++      ass...
++    - snap: add new `snap switch` command
++    - tests: wait more and more debug info about fakestore start issues
++    - apparmor,release: add better apparmor detection/mocking code
++    - interfaces/i2c: adjust sysfs rule for alternate paths
++    - interfaces/apparmor: add missing call to dirs.SetRootDir
++    - cmd: "make hack" now also installs snap-update-ns
++    - tests: copy files with less verbosity
++    - cmd/snap-confine: allow using additional libraries required by
++      openSUSE
++    - packaging/fedora: Merge changes from Fedora Dist-Git
++    - snapstate: improve the error message when classic confinement is
++      not supported
++    - tests: add test to ensure amd64 can run i386 syscall binaries
++    - tests: adding extra info for fakestore when fails to start
++    - tests: install most important snaps
++    - cmd/snap-repair: more test coverage of filtering
++    - squashfs: remove runCommand/runCommandWithOutput as we do not need
++      it
++    - cmd/snap-repair: ignore superseded revisions, filter on arch and
++      models
++    - hooks: support for refresh hook
++    - Partial revert "overlord/devicestate, store: update device auth
++      endpoints URLs"
++    - cmd/snap-confine: allow reading /proc/filesystems
++    - cmd/snap-confine: genearlize apparmor profile for various lib
++      layout
++    - corecfg: fix proxy.* writing and add integration test
++    - corecfg: deal with system.power-key-action="" correctly
++    - vendor: update vendor.json after (presumed) manual edits
++    - cmd/snap: in `snap info`, don't print a newline between tracks
++    - daemon: add polkit support to /v2/login
++    - snapd,snapctl: decode json using Number
++    - client: fix go vet 1.7 errors
++    - tests: make 17.04 shellcheck clean
++    - tests: remove TestInterfacesHelp as it breaks when go-flags
++      changes
++    - snapstate: undo a daemon restart on classic if needed
++    - cmd/snap-repair: recover brand/model from
++      /var/lib/snapd/seed/assertions checking signatures and brand
++      account
++    - spread: opt into unsafe IO during spread tests
++    - snap-repair: update snap-repair/runner_test.go for API change in
++      makeMockServer
++    - cmd/snap-repair: skeleton code around actually running a repair
++    - tests: wait until the port is listening after start the fake store
++    - corecfg: fix typo in tests
++    - cmd/snap-repair: test that redirects works during fetching
++    - osutil: honor SNAPD_UNSAFE_IO for testing
++    - vendor: explode and make more precise our golang.go/x/crypto deps,
++      use same version as Debian unstable
++    - many: sanitize NewStoreStack signature, have shared default store
++      test private keys
++    - systemd: disable `Nice=-5` to fix error when running inside lxd
++    - spread.yaml: update delta ref to 2.27
++    - cmd/snap-repair: use E-Tags when refetching a repair to retry
++    - interfaces/many: updates based on chromium and mrrescue denials
++    - cmd/snap-repair: implement most logic to get the next repair to
++      run/retry in a brand sequence
++    - asserts/assertstest: copy headers in SigningDB.Sign
++    - interfaces: convert uhid to common interface and test cases
++      improvement for time_control and opengl
++    - many tests: move all panicing fake store methods to a common place
++    - asserts: add store assertion type
++    - interfaces: don't crash if content slot has no attributes
++    - debian: do not build with -buildmode=pie on i386
++    - wrappers: symlink completion snippets when symlinking binaries
++    - tests: adding more debug information for the interfaces-cups-
++      control …
++    - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
++    - many: allow and support serials signed by the 'generic' authority
++      instead of the brand
++    - corecfg: add proxy configuration via `snap set core
++      proxy.{http,https,ftp}=...`
++    - interfaces: a bunch of interfaces test improvement
++    - tests: enable regression and completion suites for opensuse
++    - tests: installing snapd for nested test suite
++    - interfaces: convert lxd_support to common iface
++    - interfaces: add missing test for camera interface.
++    - snap: add support for parsing snap layout section
++    - cmd/snap-repair: like for downloads we cannot have a timeout (at
++      least for now), less aggressive retry strategies
++    - overlord: rely on more conservative ensure interval
++    - overlord,store: no piles of return args for methods gathering
++      device session request params
++    - overlord,store: send model assertion when setting up device
++      sessions
++    - interfaces/misc: updates for unity7/x11, browser-
++      support, network-control and mount-observe
++      interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
++      interfaces/browser-support: update sysfs reads for
++      newer browser versions, interfaces/network-control: rw for
++      ieee80211 advanced wireless interfaces/mount-observe: allow read
++      on sysfs entries for block devices
++    - tests: use dnf --refresh install to avert stale cache
++    - osutil: ensure TestLockUnlockWorks uses supported flock
++    - interfaces: convert lxd to common iface
++    - tests: restart snapd to ensure re-exec settings are applied
++    - tests: fix interfaces-cups-control test
++    - interfaces: improve and tweak bunch of interfaces test cases.
++    - tests: adding extra worker for fedora
++    - asserts,overlord/devicestate: support predefined assertions that
++      don't establish foundational trust
++    - interfaces: convert two hardware_random interfaces to common iface
++    - interfaces: convert io_ports_control to common iface
++    - tests: fix for  upgrade test on fedora
++    - daemon, client, cmd/snap: implement snap start/stop/restart
++    - cmd/snap-confine: set _FILE_OFFSET_BITS to 64
++    - interfaces: covert framebuffer to commonInterface
++    - interfaces: convert joystick to common iface
++    - interfaces/builtin: add the spi interface
++    - wrappers, overlord/snapstate/backend: make link-snap clean up on
++      failure.
++    - interfaces/wayland: add wayland interface
++    - interfaces: convert kvm to common iface
++    - tests: extend upower-observe test to cover snaps providing slots
++    - tests: enable main suite for opensuse
++    - interfaces: convert physical_memory_observe to common iface
++    - interfaces: add missing test for optical_drive interface.
++    - interfaces: convert physical_memory_control to common iface
++    - interfaces: convert ppp to common iface
++    - interfaces: convert time-control to common iface
++    - tests: fix failover test
++    - interfaces/builtin: rework for avahi interface
++    - interfaces: convert broadcom-asic-control to common iface
++    - snap/snapenv: document the use of CoreSnapMountDir for SNAP
++    - packaging/arch: drop patches merged into master
++    - cmd: fix mustUnsetenv docstring (thanks to Chipaca)
++    - release: remove default from VERSION_ID
++    - tests: enable regression, upgrade and completion test suites for
++      fedora
++    - tests: restore interfaces-account-control properly
++    - overlord/devicestate, store: update device auth endpoints URLs
++    - tests: fix install-hook test failure
++    - tests: download core and ubuntu-core at most once
++    - interfaces: add common support for udev
++    - overlord/devicestate: fix, don't assume that the serial is backed
++      by a 1-key chain
++    - cmd/snap-confine: don't share /etc/nsswitch from host
++    - store: do not resume a download when we already have the whole
++      thing
++    - many: implement "snap logs"
++    - store: don't call useDeltas() twice in quick succession
++    - interfaces/builtin: add kvm interface
++    - snap/snapenv: always expect /snap for $SNAP
++    - cmd: mark arch as non-reexecing distro
++    - cmd: fix tests that assume /snap mount
++    - gitignore: ignore more build artefacts
++    - packaging: add current arch packaging
++    - interfaces/unity7: allow receiving media key events in (at least)
++      gnome-shell
++    - interfaces/many, cmd/snap-confine: miscellaneous policy updates
++    - interfaces/builtin: implement broadcom-asic-control interface
++    - interfaces/builtin: reduce duplication and remove cruft in
++      Sanitize{Plug,Slot}
++    - tests: apply underscore convention for SNAPMOUNTDIR variable
++    - interfaces/greengrass-support: adjust accesses now that have
++      working snap
++    - daemon, client, cmd/snap: implement "snap services"
++    - tests: fix refresh tests not stopping fake store for fedora
++    - many: add the interface command
++    - overlord/snapstate/backend: some copydata improvements
++    - many: support querying and completing assertion type names
++    - interfaces/builtin: discard empty Validate{Plug,Slot}
++    - cmd/snap-repair:  start of Runner, implement first pass of Peek
++      and Fetch
++    - tests: enable main suite on fedora
++    - snap: do not always quote the snap info summary
++    - vendor: update go-flags to address crash in "snap debug"
++    - interfaces: opengl support pci device and vendor
++    - many: start implenting "base" snap type on the snapd side
++    - arch,release: map armv6 correctly
++    - many: expose service status in 'snap info'
++    - tests: add browser-support interface test
++    - tests: disable snapd-notify for the external backend
++    - interfaces: Add /run/uuid/request to openvswitch
++    - interfaces: add password-manager-service implicit classic
++      interface
++    - cmd: rework reexec detection
++    - cmd: fix re-exec bug when starting from snapd 2.21
++    - tests: dependency packages installed during prepare-project
++    - tests: remove unneeded check for re-exec in InternalToolPath()
++    - cmd,tests: fix classic confinement confusing re-execution code
++    - store: configurable base api
++    - tests: fix how package lists are updated for opensuse and fedora
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 25 Sep 2017 12:07:34 -0400
++
++snapd (2.27.6-2) unstable; urgency=medium
++
++  * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch
++    to fix FTBFS with Go 1.9. (Closes: #876867)
++
++ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 26 Sep 2017 13:41:53 -0400
++
++snapd (2.27.6-1) unstable; urgency=medium
++
++  * New upstream release, LP: #1703798:
++    - interfaces: add udev netlink support to hardware-observe
++    - interfaces/network-{control,observe}: allow receiving
++      kobject_uevent() messages
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Fri, 08 Sep 2017 00:03:18 +0200
++
++snapd (2.27.5-1) unstable; urgency=medium
++
++  * New upstream release.
++    - interfaces: fix network-manager plug regression
++    - hooks: do not error when hook handler is not registered
++    - interfaces/alsa,pulseaudio: allow read on udev data for sound
++    - interfaces/optical-drive: read access to udev data for /dev/scd*
++    - interfaces/browser-support: read on /proc/vmstat and misc udev data
++
++ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 31 Aug 2017 10:11:20 +0200
++
++snapd (2.27.4-1) unstable; urgency=medium
++
++  * New upstream release.
++  * Enable seccomp.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 24 Aug 2017 22:12:52 +1200
++
++snapd (2.27.2-2) unstable; urgency=medium
++
++  * Fix re-exec test failure.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Fri, 18 Aug 2017 11:37:47 +1200
++
++snapd (2.27.2-1) unstable; urgency=medium
++
++  * New upstream release.
++  * Stop using single-debian-patch, split delta into separate patches.
++  * Allow confining snap-confine even when --disable-apparmor is used.
++  * Pass --enable-static-libcap to cmd/configure, as was always the intention.
++  * Disable re-exec on Debian until core snap can cope with a partial apparmor
++    implementation. (Closes: #851473)
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Fri, 18 Aug 2017 11:00:31 +1200
++
++snapd (2.27.1-1) unstable; urgency=medium
++
++  * New upstream release. (Closes: #868959, #869268, #872071)
++  * New changes to upstream sources:
++    - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of
++      golang/x/net.
++    - Use upstream version of libseccomp-golang.
++  * Do not install ancient ubuntu-core-launcher symlink.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 14 Aug 2017 21:53:09 +1200
++
++snapd (2.27.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1703798:
++    - tests: use dnf --refresh install to avert stale cache
++    - tests: fix test failure on 14.04 due to old version of
++      flock
++    - updates for unity7/x11, browser-support, network-control,
++      mount-observe
++    - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
++    - interfaces/browser-support: update sysfs reads for
++      newer browser versions
++    - interfaces/network-control: rw for ieee80211 advanced wireless
++    - interfaces/mount-observe: allow read on sysfs entries for block
++      devices
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 14 Aug 2017 08:02:17 +0200
++
++snapd (2.27) xenial; urgency=medium
++
++  * New upstream release, LP: #1703798
++    - fix build failure on 32bit fedora
++    - interfaces: add password-manager-service implicit classic interface
++    - interfaces/greengrass-support: adjust accesses now that have working
++      snap
++    - interfaces/many, cmd/snap-confine: miscellaneous policy updates
++    - interfaces/unity7: allow receiving media key events in (at least)
++      gnome-shell
++    - cmd: fix re-exec bug when starting from snapd 2.21
++    - tests: restore interfaces-account-control properly
++    - cmd: fix tests that assume /snap mount
++    - cmd: mark arch as non-reexecing distro
++    - snap-confine: don't share /etc/nsswitch from host
++    - store: talk to api.snapcraft.io for purchases
++    - hooks: support for install and remove hooks
++    - packaging: fix Fedora support
++    - tests: add bluetooth-control interface test
++    - store: talk to api.snapcraft.io for assertions
++    - tests: remove snapd before building from branch
++    - tests: add avahi-observe interface test
++    - store: orders API now checks if customer is ready
++    - cmd/snap: snap find only searches stable
++    - interfaces: updates default, mir, optical-observe, system-observe,
++      screen-inhibit-control and unity7
++    - tests: speedup prepare statement part 1
++    - store: do not send empty refresh requests
++    - asserts: fix error handling in snap-developer consistency check
++    - systemd: add explicit sync to snapd.core-fixup.sh
++    - snapd: generate snap cookies on startup
++    - cmd,client,daemon: expose "force devmode" in sysinfo
++    - many: introduce and use strutil.ListContains and also
++      strutil.SortedListContains
++    - assserts,overlord/assertstate: test we don't accept chains of
++      assertions founded on a self-signed key coming externally
++    - interfaces: enable access to bridge settings
++    - interfaces: fix copy-pasted iio vs io in io-ports-control
++    - cmd/snap-confine: various small fixes and tweaks to seccomp
++      support code
++    - interfaces: bring back seccomp argument filtering
++    - systemd, osutil: rework systemd logs in preparation for services
++      commands
++    - tests: store /etc/systemd/system/snap-*core*.mount in snapd-
++      state.tar.gz
++    - tests: shellcheck improvements for tests/main tasks - first set of
++      tests
++    - cmd/snap: `--last` for abort and watch, and aliases
++      (search→find, change→tasks)
++    - tests: shellcheck improvements for tests/lib scripts
++    - tests: create ramdisk if it's not present
++    - tests: shellcheck improvements for nightly upgrade and regressions
++      tests
++    - snapd: fix for snapctl get panic on null config values.
++    - tests: fix for rng-tools service not restarting
++    - systemd: add snapd.core-fixup.service unit
++    - cmd: avoid using current symlink in InternalToolPath
++    - tests: fix timeout issue for test refresh core with hanging …
++    - intefaces: control bridged vlan/ppoe-tagged traffic
++    - cmd/snap: include snap type in notes
++    - overlord/state: Abort() only visits each task once
++    - tests: extend find-private test to cover more cases
++    - snap-seccomp: skip socket() tests on systems that use socketcall()
++      instead of socket()
++    - many: support snap title as localized/title-cased name
++    - snap-seccomp: deal with mknod on aarch64 in the seccomp tests
++    - interfaces: put base policy fragments inside each interface
++    - asserts: introduce NewDecoderWithTypeMaxBodySize
++    - tests: fix snapd-notify when it takes more time to restart
++    - snap-seccomp: fix snap-seccomp tests in artful
++    - tests: fix for create-key task to avoid rng-tools service ramains
++      alive
++    - snap-seccomp: make sure snap-seccomp writes the bpf file
++      atomically
++    - tests: do not disable ipv6 on core systems
++    - arch: the kernel architecture name is armv7l instead of armv7
++    - snap-confine: ensure snap-confine waits some seconds for seccomp
++      security profiles
++    - tests: shellcheck improvements for tests/nested tasks
++    - wrappers: add SyslogIdentifier to the service unit files.
++    - tests: shellcheck improvements for unit tasks
++    - asserts: implement FindManyTrusted as well
++    - asserts: open up and optimize Encoder to help avoiding unnecessary
++      copying
++    - interfaces: simplify snap-confine by just loading pre-generated
++      bpf code
++    - tests: restart rng-tools services after few seconds
++    - interfaces, tests: add mising dbus abstraction to system-observe
++      and extend spread test
++    - store: change main store host to api.snapcraft.io
++    - overlord/cmdstate: new package for running commands as tasks.
++    - spread: help libapt resolve installing libudev-dev
++    - tests: show the IP from .travis.yaml
++    - tests/main: use pkgdb function in more test cases
++    - cmd,daemon: add debug command for displaying the base policy
++    - tests: prevent quoting error on opensuse
++    - tests: fix nightly suite
++    - tests: add linode-sru backend
++    - snap-confine: validate SNAP_NAME against security tag
++    - tests: fix ipv6 disable for ubuntu-core
++    - tests: extend core-revert test to cover bluez issues
++    - interfaces/greengrass-support: add support for Amazon Greengrass
++      as a snap
++    - asserts: support timestamp and optional disabled header on repair
++    - tests: reboot after upgrading to snapd on the -proposed pocket
++    - many: fix test cases to work with different DistroLibExecDir
++    - tests: reenable help test on ubuntu and debian systems
++    - packaging/{opensuse,fedora}: allow package build with testkeys
++      included
++    - tests/lib: generalize RPM build support
++    - interfaces/builtin: sync connected slot and permanent slot snippet
++    - tests: fix snap create-key by restarting automatically rng-tools
++    - many: switch to use http numeric statuses as agreed
++    - debian: add missing  Type=notify in 14.04 packaging
++    - tests: mark interfaces-openvswitch as manual due to prepare errors
++    - debian: unify built_using between the 14.04 and 16.04 packaging
++      branch
++    - tests: pull from urandom when real entropy is not enough
++    - tests/main/manpages: install missing man package
++    - tests: add refresh --time output check
++    - debian: add missing "make -C data/systemd clean"
++    - tests: fix for upgrade test when it is repeated
++    - tests/main: use dir abstraction in a few more test cases
++    - tests/main: check for confinement in a few more interface tests
++    - spread: add fedora snap bin dir to global PATH
++    - tests: check that locale-control is not present on core
++    - many: snapctl outside hooks
++    - tests: add whoami check
++    - interfaces: compose the base declaration from interfaces
++    - tests: fix spread flaky tests linode
++    - tests,packaging: add package build support for openSUSE
++    - many: slight improvement of some snap error messaging
++    - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
++      err reports
++    - tests: fix for the test postrm-purge
++    - tests: restoring the /etc/environment and service units config for
++      each test
++    - daemon: make snapd a "Type=notify" daemon and notify when startup
++      is done
++    - cmd/snap-confine: add support for --base snap
++    - many: derive implicit slots from interface meta-data
++    - tests: add core revert test
++    - tests,packaging: add package build support for Fedora for our
++      spread setup
++    - interfaces: move base declaration to the policy sub-package
++    - tests: fix for snapd-reexec test cheking for restart info on debug
++      log
++    - tests: show available entropy on error
++    - tests: clean journalctl logs on trusty
++    - tests: fix econnreset on staging
++    - tests: modify core before calling set
++    - tests: add snap-confine privilege test
++    - tests: add staging snap-id
++    - interfaces/builtin: silence ptrace denial for network-manager
++    - tests: add alsa interface spread test
++    - tests: prefer ipv4 over ipv6
++    - tests: fix for econnreset test checking that the download already
++      started
++    - httputil,store: extract retry code to httputil, reorg usages
++    - errtracker: report if snapd did re-execute itself
++    - errtracker: include bits of snap-confine apparmor profile
++    - tests: take into account staging snap-ids for snap-info
++    - cmd: add stub new snap-repair command and add timer
++    - many: stop "snap refresh $x --channel invalid" from working
++    - interfaces: revert "interfaces: re-add reverted ioctl and quotactl
++    - snapstate: consider connect/disconnect tasks in
++      CheckChangeConflict.
++    - interfaces: disable "mknod |N" in the default seccomp template
++      again
++    - interfaces,overlord/ifacestate: make sure installing slots after
++      plugs works similarly to plugs after slots
++    - interfaces/seccomp: add bind() syscall for forced-devmode systems
++    - packaging/fedora: Sync packaging from Fedora Dist-Git
++    - tests: move static and unit tests to spread task
++    - many: error types should be called FooError, not ErrFoo.
++    - partition: add directory sync to the save uboot.env file code
++    - cmd: test everything (100% coverage \o/)
++    - many: make shell scripts shellcheck-clean
++    - tests: remove additional setup for docker on core
++    - interfaces: add summary to each interface
++    - many: remove interface meta-data from list of connections
++    - logger (& many more, to accommodate): drop explicit syslog.
++    - packaging: import packaging bits for opensuse
++    - snapstate,many: implement snap install --unaliased
++    - tests/lib: abstract build dependency installation a bit more
++    - interfaces, osutil: move flock code from interfaces/mount to
++      osutil
++    - cmd: auto import assertions only from ext4,vfat file systems
++    - many: refactor in preparation for 'snap start'
++    - overlord/snapstate: have an explicit code path last-refresh
++      unset/zero => immediately refresh try
++    - tests: fixes for executions using the staging store
++    - tests: use pollinate to seed the rng
++    - cmd/snap,tests: show the sha3-384 of the snap for snap info
++      --verbose SNAP-FILE
++    - asserts: simplify and adjust repair assertion definition
++    - cmd/snap,tests: show the snap id if available in snap info
++    - daemon,overlord/auth: store from model assertion wins
++    - cmd/snap,tests/main: add confinement switch instead of spread
++      system blacklisting
++    - many: cleanup MockCommands and don't leave a process around after
++      hookstate tests
++    - tests: update listing test to the core version number schema
++    - interfaces: allow snaps to use the timedatectl utility
++    - packaging: Add Fedora packaging files
++    - tests/libs: add distro_auto_remove_packages function
++    - cmd/snap: correct devmode note for anomalous state
++    - tests/main/snap-info: use proper pkgdb functions to install distro
++      packages
++    - tests/lib: use mktemp instead of tempfile to work cross-distro
++    - tests: abstract common dirs which differ on distributions
++    - many: model and expose interface meta-data.
++    - overlord: make config defaults from gadget work also at first boot
++    - interfaces/log-observe: allow using journalctl from hostfs for
++      classic distro
++    - partition,snap: add support for android boot
++    - errtracker: small simplification around readMachineID
++    - snap-confine: move rm_rf_tmp to test-utils.
++    - tests/lib: introduce pkgdb helper library
++    - errtracker: try multiple paths to read machine-id
++    - overlord/hooks: make sure only one hook for given snap is executed
++      at a time.
++    - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
++      confinement env
++    - tests: bump kill-timeout and remove quiet call on build
++    - tests/lib/snaps: add a test store snap with a passthrough
++      configure hook
++    - daemon: teach the daemon to wait on active connections when
++      shutting down
++    - tests: remove unit tests task
++    - tests/main/completion: source from /usr/share/bash-completion
++    - assertions: add "repair" assertion
++    - interfaces/seccomp: document Backend.NewSpecification
++    - wrappers: make StartSnapServices cleanup any services that were
++      added if a later one fails
++    - overlord/snapstate: avoid creating command aliases for daemons
++    - vendor: remove unused packages
++    - vendor,partition: fix panics from uenv
++    - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
++      core if possible
++    - daemon: do not allow to install ubuntu-core anymore
++    - wrappers: service start/stop were inconsistent
++    - tests: fix failing tests (snap core version, syslog changes)
++    - cmd/snap-update-ns: add actual implementation
++    - tests: improve entropy also for ubuntu
++    - cmd/snap-confine: use /etc/ssl from the core snap
++    - wrappers: don't convert between []byte and string needlessly.
++    - hooks: default timeout
++    - overlord/snapstate: Enable() was ignoring the flags from the
++      snap's state, resulting in losing "devmode" on disable/enable.
++    - difs,interfaces/mount: add support for locking namespaces
++    - interfaces/mount: keep track of kept mount entries
++    - tests/main: move a bunch of greps over to MATCH
++    - interfaces/builtin: make all interfaces private
++    - interfaces/mount: spell unmount correctly
++    - tests: allow 16-X.Y.Z version of core snap
++    - the timezone_control interface only allows changing /etc/timezone
++      and /etc/writable/timezone. systemd-timedated also updated the
++      link of /etc/localtime and /etc/writable/localtime ... allow
++      access to this file too
++    - cmd/snap-confine: aggregate operations holding global lock
++    - api, ifacestate: resolve disconnect early
++    - interfaces/builtin: ensure we don't register interfaces twice
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 10 Aug 2017 12:43:16 +0200
++
++snapd (2.26.14) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - cmd: fix incorrect re-exec when starting from snapd 2.21
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 20 Jul 2017 13:52:05 +0200
++
++snapd (2.26.13) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - cmd,tests: fix classic confinement confusing re-execution code
++    - cmd: fix incorrect check check for re-exec in InternalToolPath()
++    - snap-seccomp: add secondary arch for unrestricted snaps as well
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 18 Jul 2017 20:34:33 +0200
++
++snapd (2.26.10) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 17 Jul 2017 11:58:22 +0200
++
++snapd (2.26.9) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - statically link libseccomp in snap-seccomp to fix refresh issue
++      on trusty
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 12 Jul 2017 08:27:14 +0200
++
++snapd (2.26.8) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
++    - add snapd.core-fixup.service unit
++    - ensure re-exec uses the right internal tools
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 05 Jul 2017 07:48:22 +0200
++
++snapd (2.26.6) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - interfaces: allow snaps to use the timedatectl utility in
++      time-control
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 27 Jun 2017 08:36:23 +0100
++
++snapd (2.26.5) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - backport of seccomp-bpf branch to the 2.26 release to ensure snap
++      revert with new seccomp syntax works correctly
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 26 Jun 2017 15:30:15 +0100
++
++snapd (2.26.4) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - partly revert aace15ab53 to unbreak core reverts
++    - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
++    - Disable "mknod |N" in the default seccomp template
++      reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
++    - errtracker: include bits of snap-confine apparmor profile
++    - errtracker: report if snapd did re-execute itself
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 01 Jun 2017 18:50:52 +0200
++
++snapd (2.26.3) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
++      sure the image tests are updated for the changes in the
++      `snap info core` output and the removal of the rsyslog
++      package from core.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 17 May 2017 11:31:56 +0200
++
++snapd (2.26.2) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - cherry pick d444728 to make the uboot.env file parsing more
++      robust
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 16 May 2017 18:37:07 +0200
++
++snapd (2.26.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - store: fix panic error in auth
++    - tests: the new ubuntu-image snap needs classic confinement, adjust
++      tests
++    - cmd/snap-confine: don't fail on pre 3.8 kernel
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 May 2017 21:44:27 +0200
++
++snapd (2.26) xenial; urgency=medium
++
++  * New upstream release, LP: #1690083
++    - timeutil: avoid panicking when the window is very small
++    - image: fix go vet issue
++    - overlord/ifacestate: don't spam logs with harmless auto-connect
++      messages
++    - interfaces/builtin: add network-status interface
++    - interfaces/builtin: add online-accounts-service interface
++    - interfaces/builtin: distribute code of touching allInterfaces
++    - interfaces: API additions for interface hooks
++    - interfaces/builtin: add storage-framework-service interface
++    - tests: disable create-key test on ppc64el for artful (expect not
++      working)
++    - snap: make `snap prepare-image --extra-snaps` derive side info
++    - tests: unify tests/{main/completion,completion}/lib.exp0
++    - cmd/snap: tweak info channels output
++    - interfaces: ensure that legacy interface methods are unused
++    - packaging: cleanup how built-using is generated
++    - tests: extend kernel-module-control interface test
++    - interfaces/network: workaround Go's need for NETLINK_ROUTE with
++      'net'.
++    - cmd/snap-confine: use defensive argument parser
++    - tests: add test for empty snap name on revert
++    - overlord/hookstate: remove unused Context.timeout
++    - tests: additional setup in docker test for core systems
++    - configstate: return error if patch is invalid
++    - interfaces: add random interface
++    - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
++    - cmd/snap, client: add "whoami" command
++    - cmd/snap: iterate interface tab completion
++    - snap: move locale-control to only be present on classic
++    - interfaces/browser-support: deny read on squashfs backing files
++      and LVM vg names
++    - tests: wait for the docker socket to be listening
++    - snap: add `snap refresh --time` option
++    - tests: re-enable and moderninze /media sharing test
++    - cmd: make rst2man optional
++    - tests: remove quoting from [[ ]] when globs
++    - interfaces: allow plugging DBus clients to introspect the slot
++      service
++    - packaging/ubuntu*/changelog: drop extra dash
++    - snap-confine: init the ENTRY variable, coverity is unhappy
++      otherwise
++    - cmd/snap-confine/spread-tests: discard useless --version test
++    - spread: add spread target qemu:debian-9-64
++    - interfaces: mediate netlink sockets via seccomp
++    - tests,cmd/snap-confine: port older snapd-discard-ns tests
++    - cmd/snap-confine/tests: fix shellcheck on recently added files
++    - tests/upgrade: force install core snap from beta for debian
++    - overlord/snapstate/backend,interfaces/mount: move ns management
++      code.
++    - tests: extend network-control spread test to cope with network
++      namespaces
++    - tests: fail early in the spread suite if trying to run it inside a
++      container
++    - tests: set ownership of $PROJECT_PATH for the external backend
++    - tests: specify the auto-refreshable snap being tested
++    - many: fix tests with go1.8 / artful
++    - fix for tests: debian does not have /snap/bin in secure_path so
++      sudo
++    - snap: support for snap tasks --last=...
++    - cmd/snap-confine: remove obsolete debug message
++    - address review feedback, add a lot of comments :-), call
++      shellcheck on the completion scripts, fix a bug in compopt
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 May 2017 10:05:44 +0200
++
++snapd (2.25) xenial; urgency=medium
++
++  * New upstream release, LP: #1686713
++    - interfaces/default: allow mknod for regular files, pipes and
++      sockets
++    - many: use "SNAP.APP as ALIAS" instead of => when listing
++      added/removed aliases
++    - cmd/snap-confine: write current mount profile
++    - cmd/snap-discard-ns: remove current profile when cleaning up
++    - many: support debian in our CI
++    - tests: tweak time for econnreset test a bit more
++    - cmd/snap-confine: re-enable re-assciate fix for CE
++    - many: aliases v2 cleanups
++    - cmd/snap-confine: don't use apparmor if it is disabled on boot
++    - many: implement `snap prefer <snap>`  (aliases v2)
++    - many: adjust /aliases and "snap aliases" to aliases v2, also some
++      cleanup
++    - snapstate: normalize gadget defaults
++    - many: allow core refresh.schedule setting
++    - many: show alias changes on snap alias/unalias (aliases v2)
++    - client,cmd/snap: improve messaging on --devmode and --classic
++    - many: implement `snap unalias <alias-or-snap>` (aliases v2)
++    - store: retry on connection reset
++    - interfaces/mount: add Change.Perform
++    - tests: add openvswitch interface spread test
++    - interfaces/i2c: allow modifying device-specific sysfs entries
++    - interfaces: allow writing to /run/systemd/journal/stdout by
++      default
++    - tests: ensure travis fails early if static checks fail
++    - store,daemon: make store interpret channel="" as stable in most
++      cases
++    - overlord/snapstate: make UpdateAliases idempotent, simplify the
++      backend interface bits for aliases not used anymore (aliases v2)
++    - many: implement snap alias <snap.app> <alias> (aliases v2)
++    - snap-confine: add code to ensure that / or /snap is mounted
++      "shared"
++    - many: show available "tracks" in `snap info`
++    - cmd/snap: make users Xauthority file available in snap environment
++    - interfaces/mount: write current fstab files with mode 0644
++    - overlord: switch to aliases v2 tasks for install/refresh etc ops
++      plus transition
++    - tests: parameterize gadget snap channel (#3117)
++    - tests: copy .real profile as .real
++    - tests: add empty initrd failover test
++    - many: mount squashfs as read-only
++    - cmd: make locking around namespaces explicit
++    - tests: address review comments from #3186
++    - tests: add dbus interface spread test
++    - interfaces/mount: add ReadMountInfo and LoadMountInfo
++    - snap: require snap name for 'revert'
++    - overlord: maintain per-revision snapshots of snap configuration
++    - tests: relax network-bind interface regexps
++    - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
++    - store: retry once on hashsum mismatches in a Download()
++    - interfaces/builtin: don't panic if content plug has nil attrs
++    - interfaces/mount: pass mount.Profile to mount.NeededChanges
++    - packaging: add `built-using` header for 16.04 packaging
++    - interfaces: add media-hub interface
++    - interfaces/builtin: allow full access to properties iface of the
++      udisks service
++    - tests: handle case when both .real and plain are present
++    - interfaces/mount: add Change.String for readable output
++    - tests: ensure we mock force dev mode as well to fix FTBFS in
++      sbuild
++    - store: add more logs around retry in download
++    - interfaces/mount: add stub Change.{Needed,Perform}
++    - tests: allow installing snapd from -proposed for SRU validation
++    - interfaces/mount: parse mount options to map[string]string
++    - snap: added tasks subcommand
++    - tests: copy snap-confine apparmor profile into testbed
++    - interfaces/mount: improve go identifier names of mountinfo, parse
++      optional fields
++    - Arch Linux wants to respect FHS
++      (https://bugs.archlinux.org/task/53656),
++    - daemon: do not set RemoveSnapPath flag when doing a try
++    - debian: add maintscript helper to remove usr.lib.snapd.snap-
++      confine in snap-confine
++    - cmd/snap-confine: don't use plain "classic" term
++    - cmd/snap-confine: set TMPDIR and TEMPDIR each time
++    - many: fixes for `go vet` in go 1.7
++    - tests: add kernel-module-control interface test
++    - overlord/snapstate: introduce tasks for aliases v2 semantics with
++      temporary names for now (aliases v2)
++    - overlord/devicestate: switch to ssh-keygen for device key
++      generation
++    - snap: skip /dev/ram from auto-import assertions to make it less
++      noisy (#3010)
++    - interfaces: add kubernetes-support interface and adjust related
++      interfaces (LP: #1664638)
++    - tests: download previous snapd package from published versions
++      instead of specific PPA
++    - snap: run snap-confine from core if snap is also running from core
++    - overlord/ifacestate: automatically rename connections on core snap
++    - many: break the /aliases mutation API with a clean 400 (aliases
++      v2)
++    - interfaces/builting: allow read-only access to /sys/module
++    - tests: add extra test after the core transition for snap get/set
++      core
++    - store: misc cleanups in tests
++    - interfaces/mount: add parser for mountinfo entries
++    - store: tests for unexpected EOF
++    - tests: fix unity test
++    - interfaces,overlord: log interface auto-connection failures
++    - cmd/snap-update-ns: add C preamble for setns
++    - interfaces: validate plug/slot uniqueness
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 28 Apr 2017 07:57:49 +0200
++
++snapd (2.24.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1681799:
++    - fix autopkgtest failures with stable core snap
++    - ensure the snap-confine transitional package cleans up
++      the no-longer-used apparmor profile to fix the kernels
++      autopkgtest failures
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 19 Apr 2017 11:54:33 +0200
++
++snapd (2.24) xenial; urgency=medium
++
++  * New upstream release, LP: #1681799:
++    - interfaces/mount: add InfoEntry type
++    - many: fix plug auto-connect during core transition
++    - interfaces: fold network bind into core support with tests
++    - .travis.yml: add option to make raw log less noisy
++    - interfaces: adjust shm accesses to use 'm' for updated mmap kernel
++      mediation
++    - many: rename two core plugs that clash with slot names
++    - snap-confine,browser-support: /dev/tty for snap-confine, misc
++      browser-support for gnome-shell
++    - store: add download test with EOF in the middle
++    - tests: adjust to look for network-bind-plug
++    - store: make hash error message more accurate
++    - overlord/snapstate: simplify AliasesStatus down to just an
++      AutoAliasesDisabled bool flag (aliases v2)
++    - errtracker: never send errtracker reports when running under
++      SNAPPY_TESTING
++    - interfaces/repo: validate slot/plug names
++    - daemon: Give the snap directories via GET /v2/system-info
++    - interfaces/unity7: support unity messaging menu
++    - interfaces/mount: add high-level Profile functions
++    - git: ignore only the cmd/Makefile{,.in}
++    - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
++      support
++    - daemon: add desktop file location for app to the API
++    - overlord,release: disable classic snap support when not possible
++    - overlord: fix TestEnsureLoopPrune not to be so racy
++    - many: abstract path to /bin/{true,false}
++    - data/systemd: tweak data/systemd/Makefile to be slightly simpler
++    - store: handle EOF via url.Error check
++    - packaging: use templates for relevant systemd units
++    - tests: run gccgo only on ubuntu-16.04-64
++    - .travis.yml: remove travis matrix and do a single sequential run
++    - overlord/state: make sure that setting to nil a state key is
++      equivalent to deleting it
++    - tests: fix incorrect shell expression
++    - interfaces/mount: add OptsToFlags for converting arguments to
++      syscall…
++    - interfaces: add a joystick interface
++    - tests: enable docker test for more ubuntu-core systems
++    - tests: download and install additional dependencies when using
++      prepackaged snapd
++    - many: add support for partially static builds
++    - interfaces: allow slot to introspect dbus-daemon in dbus
++      interface, allow /usr/bin/arch by default
++    - interfaces/mount: fix golint issues
++    - interfaces/mount: add function for saving fstab-like file
++    - osutil: introducing GetenvInt64, like GetenvBool but Int64er.
++    - interfaces: drop udev tagging from framebuffer interface
++    - snapstate: more helpers to work with aliases state (aliases
++      v2)
++    - interfaces/mount: add function for parsing fstab-like file
++    - cmd: disable the re-associate fix as requested by jdstrand
++    - overlord/snapstate: unlock/relock the state less, especially not
++      across mutating the SnapState of a snap
++    - interfaces: allow executing ld.so (needed with new AppArmor base
++      abstraction)
++    - interfaces/mount: add function for parsing mount entries
++    - cmd: rework header check for xfs/xqm.h
++    - cmd: add poky to the list of distros which don't support reexec
++    - overlord: finish reorg, revert "be more conservative until we have
++      cut 2.23.x"
++    - cmd: select what socket to use in cmd/snap{,ctl}
++    - overlord: remove snap config values when snap is removed
++    - snapstate: introduce helper to apply to disk a alias states change
++      for a snap (aliases v2)
++    - configstate,hookstate: timeout the configure hook after 5 mins,
++      report failures to the errtracker
++    - interfaces/seccomp: add bind as part of the default seccomp policy
++      for hooks
++    - cmd: discard the C implementation of snap-update-ns
++    - tests: remove stale apt proxy leftover from cloud-init
++    - tests: move unity test to nightly suite
++    - interfaces: add support for location-observe for
++      dbus::ObjectManager session paths
++    - boot: log error in KernelOrOsRebootRequired
++    - interfaces: remove old API
++    - interfaces: use udev spec
++    - interfaces: convert systemd backend to new APIs
++    - osutil: add BootID
++    - tests: move docker test to new nightly suite
++    - interfaces/mount: compute mount changes required to transition
++      mount profiles
++    - data/selinux: add context definition for snapctl
++    - overlord: clean up organization under state packages
++    - overlord: make sure all managers packages have *state.go with the
++      main state manipulation/query APIs
++    - interfaces: use spec in the dbus backend
++    - store: download from authenticated URL if there is a device
++      session set
++    - tests: remove core_name variable
++    - interfaces: rename thumbnailer to thumbnailer-service
++    - interfaces: add chroot to base templates
++    - asserts: remove some unused things
++    - systemd: mount the squashfs with nodev
++    - overlord: when shutting down assume errors might be due to
++      cancellation so retry
++    - cmd: rename all unit tests to $command/unit-test
++    - cmd/snap: fix help string for version command
++    - asserts: don't allow revocations with other items for the same
++      developer
++    - tests: skip lp-1644439 test on older kernels
++    - interfaces: allow "sync" to be used by core support
++    - assertstate,snapstate: have assertstate.AutoAliases use the
++      "aliases" header
++    - interfaces: allow writing config.txt.tmp  in the core-support
++      interface
++    - tests: adjust network-bind test
++    - interfaces: dbus backend spec
++    - asserts: introduce a snap-declaration "aliases" header to list
++      auto aliases with explicit targets
++    - cmd: enable large file support
++    - cmd/snap: handle missing snap-confine
++    - cmd/snap-confine: re-associate with pid-1 mount namespace if
++      required
++    - cmd/libsnap: make mountinfo structures public
++    - tests: fix interfaces-cups-control for zesty
++    - misc: revert "Log if the system goes into ForceDevMode"
++    - interfaces: seccomp tests cleanup
++    - cmd: validate SNAP_NAME
++    - interfaces: log if the system goes into ForceDevMode
++    - tests: fix classic-ubuntu-core-transition race
++    - interfaces: use apparmor spec in the apparmor backend
++    - interfaces: alphabetize framebuffer in base decl and add it to
++      all_test.go
++    - tests: add ubuntu-core-16-32 system to the external backend and
++      fix docker test
++    - cmd/libsnap: simplify sc_string_quote default case
++    - osutil: fix double expand in environment map code and add test
++    - interfaces: extend location-control out-of-process provider
++      support
++    - cmd/snap-update-ns: use bidirectional lists for mount entries
++    - tests: prevent automatic transition before setting the initial
++      state of the test
++    - release: detect if we are in ForcedDevMode by inspecting the
++      kernel
++    - tests: add core-snap-refresh test
++    - interfaces: add maliit input method interface
++    - interfaces: seccomp spec API tweaks for better tests
++    - interfaces: updates for mir-kiosk in browser-support, mir, opengl,
++      unity7
++    - testutils: address review feedback from PR#2997
++    - tests: specify the core version to be unsquashfs'ed in the
++      failover tests
++    - interfaces: use MockInfo in tests
++    - cmd/libsnap: add sc_quote_string
++    - cmd/snap-confine: use sc_do_umount everywhere
++    - interfaces: add unity8 plug permissions
++    - timeutil: a few helpers for the recurring events
++    - asserts: implement snap-developer type
++    - partition: deal with grub{,2}-editenv in tests
++    - many: add new (hidden) `snap debug ensure-state-soon` command and
++      use in tests
++    - interfaces/builtin: small refactor of dbus tests
++    - packaging, tests: use "systemctl list-unit-files --full"
++      everywhere
++    - many: some opensuse patches that are ready to go into master
++    - packaging: add opensuse permissions files
++    - client, daemon: move "snap list" name filtering into snapd.
++    - interfaces: use seccomp specs
++    - overlord/snapstate: small cleanup of
++      ensureForceDevmodeDropsDevmodeFromState
++    - interfaces/builtin/alsa: add read access to alsa state dir
++    - interfaces: use spec in kmod backend, updated firewall_control,
++      openvswitch_support, ppp
++    - cmd/snap-confine: use sc_do_mount everywhere
++    - tests: remove workaround for docker again, snap-declaration is
++      fixed now
++    - interfaces: interface to allow autopilot introspection
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 11 Apr 2017 13:31:46 +0200
++
++snapd (2.23.6) xenial; urgency=medium
++
++  * New upstream release, LP: #1673568
++    - cmd: use the most appropriate snap/snapctl sockets
++    - tests: fix interfaces-cups-control for zesty
++    - configstate,hookstate: timeout the configure hook after 5 mins,
++      report failures
++    - packaging: rename the file shipping snap-confine AA profile to
++      workaround dpkg bug #858004
++    - many: ignore configure hook failures on core refresh to ensure
++      upgrades are always possible
++    - snapstate: restart as needed if we undid unlinking aka relinked
++      core or kernel snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Mar 2017 15:30:35 +0200
++
++snapd (2.23.5) xenial; urgency=medium
++
++  * New upstream release, LP: #1673568
++    - allow "sync" in core-support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Mar 2017 18:13:43 +0100
++
++snapd (2.23.4) xenial; urgency=medium
++
++  * New upstream release, LP: #1673568
++    - fix core-support interface for the new pi-config options
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Mar 2017 16:05:57 +0100
++
++snapd (2.23.3) xenial; urgency=medium
++
++  * FTBFS due to missing files in vendor/
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Thu, 16 Mar 2017 19:56:55 +0100
++
++snapd (2.23.2) xenial; urgency=medium
++
++  * New upstream release, LP: #1673568
++    - cmd/snap: handle missing snap-confine (#3041)
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Thu, 16 Mar 2017 19:38:24 +0100
++
++snapd (2.23.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1665608
++    - packaging, tests: use "systemctl list-unit-files --full"
++      everywhere
++    - interfaces: fix default content attribute value
++    - tests: do not nuke the entire snapd.conf.d dir when changing
++      store settings
++    - hookstate: run the right "snap" command in the hookmanager
++    - snapstate: revert PR#2958, run configure hook again everywhere
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 08 Mar 2017 14:29:56 +0100
++
++snapd (2.23) xenial; urgency=medium
++
++  * New upstream release, LP: #1665608
++    - overlord: phase 2 with 2nd setup-profiles and hook done after
++      restart for core installation
++    - data: re-add snapd.refresh.{timer,service} with weekly schedule
++    - interfaces: allow 'getent' by default with some missing dbs to
++      various interfaces
++    - overlord/snapstate: drop forced devmode
++    - snapstate: disable running the configure hook on classic for the
++      core snap
++    - ifacestate: re-generate apparmor in InterfaceManager.initialize()
++    - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
++    - interfaces/bluez,network-manager: implement ConnectedSlot policy
++    - cmd: add helpers for mounting / unmounting
++    - snapstate: error in LinkSnap() if revision is unset
++    - release: add linuxmint 18 to the non-devmode distros
++    - cmd: fixes to run correctly on opensuse
++    - interfaces: consistently use 'const' instead of 'var' for security
++      policy
++    - interfaces: miscellaneous policy updates for unity7, udisks2 and
++      browser-support
++    - interfaces/apparmor: compensate for kernel behavior change
++    - many: only tweak core config if hook exists
++    - overlord/hookstate: don't report a run hook output error without
++      any context
++    - cmd/snap-update-ns: move test data and helpers to new module
++    - vet: fix vet error on mount test.
++    - tests: empty init (systemd) failover test
++    - cmd: add .indent.pro file to the tree
++    - interfaces: specs for apparmor, seccomp, udev
++    - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
++      cmds
++    - tests: several improvements to the nested suite
++    - tests: do not use core for "All snaps up to date" check
++    - cmd/snap-update-ns: add function for sorting mount entries
++    - httputil: copy some headers over redirects
++    - data/selinux: merge SELinux policy module
++    - kmod: added Specification for kmod security backend
++    - tests: failover test for rc.local crash
++    - debian/tests: map snapd deb pockets to core snap channels for
++      autopkgtest
++    - many: switch channels on refresh if needed
++    - interfaces/builtin: add /boot/uboot/config.txt access to core-
++      support
++    - release: assume higher version of supported distros will still
++      work
++    - cmd/snap-update-ns: add compare function for mount entries
++    - tests: enable docker test
++    - tests: bail out if core snap is not installed
++    - interfaces: use mount.Entry instead of string snippets.
++    - osutil: trivial tweaks to build ID support
++    - many: display kernel version in 'snap version'
++    - osutil: add package for reading Build-ID
++    - snap: error when `snap list foo` is run and no snap is installed
++    - cmd/snap-confine: don't crash if nvidia module is loaded but
++      drivers are not available
++    - tests: update listing test for latest core snap version update
++    - overlord/hookstate/ctlcmd: helper function for creating a deep
++      copy of interface attributes
++    - interfaces: add a linux framebuffer interface
++    - cmd/snap, store: change error messages to reflect latest UX doc
++    - interfaces: initial unity8 interface
++    - asserts: improved information about assertions format in the
++      Decode doc comment
++    - snapstate: ensure snapstate.CanAutoRefresh is nil in tests
++    - mkversion.sh: Add support for taking the version as a parameter
++    - interfaces: add an interface for use by thumbnailer
++    - cmd/snap-confine: ensure that hostfs is root owned.
++    - screen-inhibit-control: add methods for delaying screensavers
++    - overlord: optional device registration and gadget support on
++      classic
++    - overlord: make seeding work also on classic, optionally
++    - image,cmd/snap: refactoring and initial envvar support to use
++      stores needing auth
++    - tests: add libvirt interface spread test
++    - cmd/libsnap: add helper for dropping permissions
++    - interfaces: misc updates for network-control, firewall-control,
++      unity7 and default policy
++    - interfaces: allow recv* and send* by default, accept4 with accept
++      and other cleanups
++    - interfaces/builtin: add classic-support interface
++    - store: use xdelta3 from core if available and not on the regular
++      system
++    - snap: add contact: line in `snap info`
++    - interfaces/builtin: add network-setup-control which allows rw
++      access to netplan
++    - unity7: support missing signals and methods for status icons
++    - cmd: autoconf for RHEL
++    - cmd/snap-confine: look for PROCFS_SUPER_MAGIC
++    - dirs: use the right snap mount dir for the distribution
++    - many: differentiate between "distro" and "core" libexecdir
++    - cmd: don't reexec on RHEL family
++    - config: make helpers reusable
++    - snap-exec: support nested environment variables in environment
++    - release: add galliumos support
++    - interfaces/builtin: more path options for serial
++    - i18n: look into core snaps when checking for translations
++    - tests: nested image testing
++    - tests: add basic test for docker
++    - hookstate,ifacestate: support snapctl set/get slot and plug attrs
++      (step 3)
++    - cmd/snap: add shell completion to connect
++    - cmd: add functions to load/save fstab-like files
++    - snap run: create "current" symlink in user data dir
++    - cmd: autoconf for centos
++    - tests: add more debug if ubuntu-core-upgrade fails
++    - tests: increase service retries
++    - packaging/ubuntu-14.04: inform user how to extend PATH with
++      /snap/bin.
++    - cmd: add helpers for working with mount/umount commands
++    - overlord/snapstate: prepare for using snap-update-ns
++    - cmd: use per-snap mount profile to populate the mount namespace
++    - overlord/ifacestate: setup seccomp security on startup
++    - interface/seccomp: sort combined snippets
++    - release: don't force devmode on LinuxMint "serena"
++    - tests: filter ubuntu-core systems for authenticated find-private
++      test
++    - interfaces/builtin/core-support: Allow modifying logind
++      configuration from the core snap
++    - tests: fix "snap managed" output check and suppress output from
++      expect in the authenticated login tests
++    - interfaces: shutdown: also allow shutdown/reboot/suspend via
++      logind
++    - cmd/snap-confine-tests: reformat test to pass shellcheck
++    - cmd: add sc_is_debug_enabled
++    - interfaces/mount: add dedicated mount entry type
++    - interfaces/core-support: allow modifying systemd-timesyncd and
++      sysctl configuration
++    - snap: improve message after `snap refresh pkg1 pkg2`
++    - tests: improve snap-env test
++    - interfaces/io-ports-control: use /dev/port, not /dev/ports
++    - interfaces/mount-observe: add quotactl with arg filtering (LP:
++      #1626359)
++    - interfaces/mount: generate per-snap mount profile
++    - tests: add spread test for delta downloads
++    - daemon: show "$snapname (delta)" in progress when downloading
++      deltas
++    - cmd: use safer functions in sc_mount_opt2str
++    - asserts: introduce a variant of model assertions for classic
++      systems
++    - interfaces/core-support: allow modifying snap rsyslog
++      configuration
++    - interfaces: remove some syscalls already in the default policy
++      plus comment cleanups
++    - interfaces: miscellaneous updates for hardware-observe, kernel-
++      module-control, unity7 and default
++    - snap-confine: add the key for which hsearch_r fails
++    - snap: improve the error message for `snap try`
++    - tests: fix pattern and use MATCH in find-private
++    - tests: stop tying setting up staging store access to the setup of
++      the state tarball
++    - tests: add regression spread test for #1660941
++    - interfaces/default: don't allow TIOCSTI ioctl
++    - interfaces: allow nice/setpriority to 0-19 values for calling
++      process by default
++    - tests: improve debug when the core transition test hangs
++    - tests: disable ubuntu-core->core transition on ppc64el (its just
++      too slow)
++    - snapstate: move refresh from a systemd timer to the internal
++      snapstate Ensure()
++    - tests/lib/fakestore/refresh: some more info when we fail to copy
++      asserts
++    - overlord/devicestate: backoff between retries if the server seems
++      to have refused the serial-request
++    - image: check kernel/gadget publisher vs model brand, warn on store
++      disconnected snaps
++    - vendor: move gettext.go back to github.com/ojii/gettext.go
++    - store: retry on 502 http response as well
++    - tests: increase snap-service kill-timeout
++    - store,osutil: use new osutil.ExecutableExists(exe) check to only
++      use deltas if xdelta3 is present
++    - cmd: fix autogen.sh on fedora
++    - overlord/devicemgr: fix test: setup account-key before using the
++      key for signing
++    - cmd: add /usr/local/* to PATH
++    - cmd: add sc_string_append
++    - asserts: support for correctly suggesting format 2 for snap-
++      declaration
++    - interfaces: port mount backend to new APIs, unify content of per
++      app/hook profiles
++    - overlord/devicestate: implement policy about gadget and kernel
++      matching the model
++    - interfaces: allow sched_setscheduler again by default
++    - debian: update breaks/replaces for snap-confine->snapd
++    - debian: move the snap-confine packaging into snapd
++    - 14.04/integrationtests: rely on upstart to restart ssh.
++    - store: enable download deltas on classic by default
++    - spread: add unit suite
++    - snapctl: add config in client to disable auth and use it in
++      snapctl
++    - overlord/ifacestate: register all security backends with the
++      repository
++    - overlord,tests: have enable/disable affect security profiles
++    - tests: install ubuntu-core from the same channel as core
++    - overlord: move configstate.Transaction into config package
++    - seccomp-support.c: add PF_* domains which can be used instead of
++      AF_*
++    - store: always log retry summary when SNAPD_DEBUG is set
++    - tests: parameterize kernel snap channel
++    - snapenv: do not append ":" to the SNAP_LIBRARY_PATH
++    - interfaces/builtin: refine the content interface rules using $SLOT
++    - asserts,interfaces/policy: add support for
++      $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
++      support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
++      constraints in plugs and slots rules in snap-declarations:
++    - cmd/snap-confine: add snap-confine command line parser module
++    - tests: remove (some) garbage files found by restore cleanup
++      analysis
++    - cmd: fix issues uncovered by valgrind
++    - tests: fix typo in systems name
++    - cmd: collect string utilities in one module, add missing tests
++    - cmd: rename mountinfo to sc_mountinfo
++    - tests: allow to install snapd debs from a ppa instead of building
++      them
++    - spread: remove state tar on project restore
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Feb 2017 12:21:42 +0100
++
++snapd (2.22.7) xenial; urgency=medium
++
++  * New upstream release:
++    - errtracker,overlord/snapstate: more info in errtracker reports
++    - interfaces/apparmor: compensate for kernel behavior change
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 24 Feb 2017 19:24:11 +0100
++
++snapd (2.22.6) xenial; urgency=medium
++
++  * New upstream release, LP: #1667105
++    - overlord/ifacestate: don't fail if affected snap is gone
++    - revert #2910: osutil: add package for reading Build-ID (#2918)
++    - errtracker: include the build-id of host and core snapd (#2912)
++    - errtracker: include the number of ubuntu-core -> core retries
++      (#2915)
++    - snapstate: retry ubuntu-core -> core transition every 6h (#2914)
++    - osutil: add package for reading Build-ID (#2910)
++    - errtracker: include kernel version in error reports (#2905)
++    - release: return "unknown" if uname fails
++    - many: rebased uname branch for 2.22
++    - errtracker: include snapd version in err reports
++    - overlord/ifacestate: don't unconditionally retry stuff (#2906)
++    - snapstate: fix incorrect cut of the timestamps for the error
++      reports (#2908)
++    - tests: update listing test for latest core snap version update
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Wed, 22 Feb 2017 23:34:23 +0100
++
++snapd (2.22.5) xenial; urgency=medium
++
++  * Fix FTBFS due to machine-id file
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Tue, 21 Feb 2017 09:43:42 +0100
++
++snapd (2.22.4) xenial; urgency=medium
++
++  * New bugfix release:
++    - errtracker: add support for error reporting via daisy.ubuntu.com
++    - snapstate: allow for 6 retries for the core transition
++    - httputils: ensure User-Agent works across redirects
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 21 Feb 2017 09:07:10 +0100
++
++snapd (2.22.3) xenial; urgency=medium
++
++  * New bugfix release, LP: #1665729:
++    - Limit the number of retries for the ubuntu-core -> core
++      transition to fix possible store overload.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Feb 2017 18:58:34 +0100
++
++snapd (2.22.2) xenial; urgency=medium
++
++  * New upstream release, LP: #1659522
++    - cherry pick fix for sched_setscheduler regression
++      (LP: #1661265)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Feb 2017 17:13:51 +0100
++
++snapd (2.22.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1659522
++    - cherry pick fix for snapctl auth.json handling
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 01 Feb 2017 17:09:31 +0100
++
++snapd (2.22) xenial; urgency=medium
++
++  * New upstream release, LP: #1659522
++    - many: make ubuntu-core-launcher mostly go
++    - interfaces/builtin: add account-control interface
++    - interfaces/builtin: add missing syscalls to core-support needed
++      for systemctl
++    - interfaces/builtin: rework core-support to only allow full access
++      to systemctl
++    - debian/tests: drop stale autopkgtest dependencies.
++    - tests: make the debugging of c-unit-tests more useful
++    - store: retry auth-related requests
++    - tests: integration test for system reload
++    - snap: be more helpful in the `snap install <already-installed>`
++      error message
++    - tests: set SNAPPY_USE_STAGING_STORE in su call
++    - tests: use test snap
++    - spread: set SNAPD_DEBUG=1 in the core snap as well
++    - tests: add extra debugging to security-setuid-root test
++    - cmd,snap,wrappers: systemd reload command support
++    - interfaces: builtin: mir: Allow recv and send
++    - overlord/ifacestate: use ParseConnRef
++    - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
++      -> core transition
++    - debian: remove aliases as well in snapd.postrm
++    - many: change interfaces.ParseID to return value
++    - interfaces/opengl: allow access to the nvidia abstract socket
++    - overlord, daemon: flag failures feature fancy forms.
++    - many: add --classic support to try and revert, and make missing
++      these things a little harder
++    - interfaces: allow reading non-PCI-attached usb devices via raw-usb
++    - many: rename snap-alter-ns to snap-update-ns
++    - interfaces/builtin: add core-support
++    - store: increase the retry.LimitTime()
++    - debian: move the packaging out into package/$id-$version_id
++    - overlord/stapstate: don't use unkeyed fields
++    - many: add stub implementation of snap-alter-ns
++    - asserts: improve error message when key is not valid at the given
++      time
++    - snapstate, ifacestate: add snapstate.CheckChangeConflict() to
++      ifacestate.{Connect,Disconnect}
++    - debian: remove trusty specific bits
++    - docs: Add a note about building snapd.
++    - interfaces: miscellaneous updates for default and network-control
++    - daemon: bubble out store.ErrSnapNotFound in the findOne codepath
++    - store: add retry logging into download as well
++    - snap: show price in `snap info`
++    - cmd: add fault injection support code
++    - interfaces: network-manager: allow rw access to /etc/netplan
++    - debian: move systemd files out of ./debian and into ./data/systemd
++    - asserts: implement SuggestFormat to help avoid specifying the
++      wrong format iteration for an assertion
++    - many: detect potentially insecure use of snap-confine
++    - interfaces: allow querying added security backends
++    - cmd: ensure that all .c files have a -test.c file
++    - asserts: don't use 'context' for the path of attributes, want to
++      reuse the concept for something else
++    - interfaces: abbreviate ConnRef construction
++    - tests: ensure systemd override directory is available before using
++      it
++    - cmd: more build system cleanups and a small fix
++    - tests: increase retries for service up
++    - cmd: move seccomp cleanup function to seccomp-support
++    - many: auto-connect plugs and slots symmetrically
++    - overlord: use a ticker for the pruning
++    - interfaces/builtin: add uhid interface
++    - cmd/snap-confine: add shutdown helper
++    - tests: fix path used when debugging
++    - cmd: switch to non-recursive make
++    - overlord/ifacestate: setup security of snaps affected by auto-
++      connection
++    - spread: refresh apt cache before first install
++    - overlord: allow max 500 changes in "ready" state to avoid growing
++      changes for 24h
++    - snap: add {Plug,Slot}Info.SecurityTags
++    - cmd: move snap-discard-ns to dedicated directory
++    - tests: skip i18n test when no "snappy.mo" file is available
++    - interfaces,overlord/ifacestate: small refactor around reference
++      methods
++    - tests: remove the snapd dirs last (should fix random test errors)
++    - interfaces: mm: permissions for protocol proxies
++    - interfaces/builtin: add evolution interfaces
++    - many: extract the logging http client and user-agent handling for
++      use in devicestate
++    - interfaces: unity8-download-manager is the chosen name for this
++      interface.
++    - tests: add "quiet" wrapper function that only prints output on
++      failure
++    - tests: fix failing snapd-reexec test
++    - docs: simplify HACKING.md that snapd itself supports setting up
++      the sockets
++    - overlord: flag required-snaps from model as required and prevent
++      removing them
++    - spread: exclude .o and .a files
++    - tests: parameterize remote store
++    - cmd: fix hardcoded paths to rst2man and support rst2man.py
++    - tests: improve debug output when reexec is used
++    - tests: disable ipv6 before unpacking delta
++    - interfaces: add new interface API
++    - tests: change TRUST_TEST_KEYS to be controlled from the host
++    - spread: add boilerplate for Linode delta uploads
++    - wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
++      extension
++    - partition: add support for native grubenv read/write and use it
++    - tests: add test ensuring manual pages are shipped
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 27 Jan 2017 23:18:57 +0100
++
++snapd (2.21-2) unstable; urgency=medium
++
++  * Modify snap-confine's apparmor rules to work on Debian when apparmor is
++    enabled on the kernel command line.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Wed, 25 Jan 2017 10:26:51 +1300
++
++snapd (2.21-1) unstable; urgency=medium
++
++  * New upstream release.
++  * Disable i18n so the package can build in stretch without new packages.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 16 Jan 2017 11:15:32 +1300
++
++snapd (2.21) xenial; urgency=medium
++
++  * New upstream release, LP: #1656382
++    - daemon: re-enable reexec
++    - interfaces: allow reading installed files from previous revisions
++      by default
++    - daemon: make activation optional
++    - tests: run all snap-confine tests in c-unit-tests task
++    - many: fix abbreviated forms of disconnect
++    - tests: switch more tests to MATCH
++    - store: export userAgent. daemon: print store.UserAgent() on
++      startup.
++    - tests: test classic confinement `snap list` and  `snap info`
++      output
++    - debian: skip snap-confine unit tests on nocheck
++    - overlord/snapstate: share code between Update and UpdateMany, so
++      that it deals with auto-aliases correctly
++    - interfaces: upower-observe: refactor to allow snaps to provide a
++      slot
++    - tests: add end-to-end store test for classic confinement
++    - overlord,overlord/snapstate: have UpdateMany retire/enable auto-
++      aliases even without new revision
++    - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
++      /run/udev
++    - interfaces/builtin: add physical-memory-* and io-ports-control
++    - interfaces: allow getsockopt by default since it is so commonly
++      used
++    - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
++      refresh" of a classic snap
++    - interfaces: allow read/write access of real-time clock with time-
++      control interface
++    - store: request no CDN via a header using SNAPPY_STORE_NO_CDN
++      envvar
++    - snap: add information about tracking channel (not just actual
++      channel)
++    - interfaces: use fewer dot imports
++    - overlord/snapstate: remove restrictions on ResetAliases
++    - overlord, store: move confinement filtering to the overlord (from
++      The Store)
++    - many: move interface test helpers to ifacetest package
++    - many: implement 'snap aliases'
++    - vet: fix for unkeyed fields error on aliases_test.go
++    - interfaces: miscellaneous policy updates for network-control,
++      unity7, pulseaudio, default and home
++    - tests: test for auto-aliases
++    - interface hooks: connect plug slot hooks (step 2)
++    - cmd/snap: fix internal naming in snap connect
++    - snap: use "size" as the json tag in snap.ChannelSnapInfo
++    - tests: restore the missing initialization of iface manager causing
++      race
++    - snap: fix missing sizes in `snap info <remote-snap>`
++    - tests: improve cleanup for c-unit-tests
++    - cmd/snap-confine: build non-installed libsnap-confine-private.a
++    - cmd/snap-confine: small tweaks to seccomp support code
++    - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
++    - many: obtain installed snaps developer/publisher username through
++      assertions
++    - store: setting of fields for details endpoint
++    - cmd/snap-confine: check for rst2man on configure
++    - snap: show `snap --help` output when just running `snap`
++    - interface/builtin: drop the obsolete checks in udisks2
++      SanitizeSlot
++    - cmd/snap: remove currency switch following UX review
++    - spread: find top-level directory before running generate-
++      packaging-dir
++    - interface hooks: prepare plug slot hooks (step 1)
++    - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
++      cgo
++    - many: put a marker in the User-Agent sent by snapd/snap when under
++      testingThe User-Agent will look like:
++    - tests: fix -reuse and -resend when govendor is missing
++    - snap: provide friendlier `snap find` message when no snaps are
++      found
++    - tests: fix mkversions.sh failure on zesty
++    - spread: install build-essential unconditionally
++    - spread: improve qemu ubuntu-14.04-{32,64} support
++    - overlord/snapstate,daemon: implement GET /v2/aliases handling
++    - store: retry user info request
++    - tests: port more snap-confine regression tests
++    - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
++      and restore state
++    - tests: debug zesty autopkgtest failures
++    - overlord/snapstate: use keyed fields on literals
++    - tests: use MATCH in install-remove-multi
++    - tests: increase wait time for service to be up
++    - tests: make debug-each succeed if DENIED doesn't match
++    - tests: skip packaging dir generation for non-git based autopkgtest
++      runs
++    - tests: port refresh-all-undo to MATCH
++    - tests: improve snap connect test
++    - tests: port additional snap-confine regression tests
++    - tests: show --version when it matches unknown
++    - tests: optionally use apt proxy for qemu
++    - tests: add hello-classic test
++    - many: behave more consistently when pointed to staging and
++      possibly the fake store
++    - overlord/ifacestate: remove stale comments
++    - interfaces/apparmor: ignore snippets in classic confinement
++    - tests: port first regression test from snap-confine
++    - cmd/snap-confine: disable old tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 Jan 2017 19:39:51 +0100
++
++snapd (2.20.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1648520
++    - tests: enable the ppc64el tests again
++    - tests: add classic confinement test
++    - tests: run snap confine tests in debian/rules already
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Dec 2016 11:53:29 +0100
++
++snapd (2.20-2) unstable; urgency=medium
++
++  * Replace unversioned Conflicts on snap package with versioned
++    Breaks/Replaces, now that snap has dropped /usr/bin/snap.
++    Closes: #849162.
++
++ -- Steve Langasek <vorlon@debian.org>  Sun, 25 Dec 2016 17:50:25 -0600
++
++snapd (2.20-1) unstable; urgency=medium
++
++  * New upstream release.
++  * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer
++    golang-go-flags-dev in unstable.
++  * Explicitly include 'udev' in Build-Depends.
++  * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754)
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 19 Dec 2016 11:43:55 +1300
++
++snapd (2.20) xenial; urgency=medium
++
++  * New upstream release, LP: #1648520
++    - many: implement  "snap alias --reset" using snapstate.ResetAliases
++    - debian: use a packaging branch for 14.04
++    - store: retry downloads on io.Copy errors and sha3 checksum errors
++    - snap: show apps in `snap info`
++    - store: send an explicit X-Ubuntu-Classic header to the store
++    - overlord/snapstate: implement snapstate.ResetAliases
++    - interfaces/builtin: add dbus interface
++    - tests: fix tests on 17.04
++    - store: use mocked retry strategy to make store tests faster
++    - overlord: apply auto-aliases information from the snap-declaration
++      on install or refresh
++    - many: prepare landing on trusty
++    - many: implement snap unalias using snapstate.Unalias
++    - overlord/snapstate: fixing the placement/grouping of some
++      functions
++    - interfaces: support network namespaces via 'ip netns' in network-
++      control
++    - interfaces/builtin: fix pulseaudio apparmor rules
++    - interfaces/builtin: add iio interface
++    - tests: update custom core snap with the freshly build snap-confine
++    - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
++    - overlord,overlord/snapstate: implement snapstate.Unalias by
++      generalizing the "alias" task
++    - interfaces: misc openstack snap enablement
++    - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
++    - notifications, daemon: kill the unsupported events endpoint
++    - client: only allow Dangerous option in InstallPath
++    - overlord/ifacestate: no interface checks if no snap id
++    - many: implement alias command
++    - snap: tweak snap install output as designed by Mark
++    - debian: fix Pre-Depends on dpkg
++    - tests: check if snap-confine --version is unknown
++    - cmd/snap-confine: allow content interface mounts
++    - tests: remove ppa:snappy-dev/image again
++    - interfaces/apparmor: allow access to core snap
++    - tests: remove snap-confine/ubuntu-core-launcher after the tests
++    - overlord,overlord/snapstate: implement snapstate.Alias
++    - cmd/snap: reject "snap disconnect foo"
++    - debian: add split ubuntu-core-launcher and snap-confine packages
++    - cmd: fix mkversion.sh and add regression test
++    - overlord/snapstate: setup/remove aliases as we link/unlink snaps
++    - cmd/snap,tests: alias support in snap run
++    - snap/snapenv: don't obscure HOME if snap uses classic confinement
++    - store: decode response.Body json inside retry loops
++    - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
++    - vendor: update tomb package fixing context support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Dec 2016 22:07:08 +0100
++
++snapd (2.19) xenial; urgency=medium
++
++  * New upstream release, LP: #1648520
++    - cmd/snap-confine: disable support for XDG_RUNTIME_DIR
++    - cmd/snap-confine/tests: fix stale path after move to snapd
++    - cmd/snap-confine: don't use __attribute__((nonull))
++    - snap: add description to `snap info`
++    - snap: show last refresh time
++    - store: switch default delta format from xdelta to xdelta3
++    - interfaces: fix system-observe interface to work with ps_mem
++    - debian: add missing ca-certificates dependency
++    - cmd/snap-confine: add support for classic confinement
++    - snapstate/backend: add backend methods to manage aliases
++    - tests: re-enable snap-confine unit tests via spread
++    - many: merge snap-confine into snapd
++    - many: add support for classic confinement
++    - snap: abort install with ctrl+c
++    - cmd/snap: change terms accept URL following UX review
++    - interfaces/apparmor: use distinct apparmor template for classic
++    - snap: add snap size to `snap info`
++    - interfaces: add unconfined access to modem-manager
++    - snap: support for parsing and exposing on snap.Info aliases
++    - debian: disable autopkgtests on ppc64el
++    - snap: disable support for socket activation
++    - tests: fix incorrect restore of the current symlink
++    - asserts: introduce auto-aliases header in snap-declaration
++    - interfaces/seccomp: add support for classic confinement
++    - tests: do not use external snaps
++    - daemon: close the dup()ed file descriptor to not leak it
++    - overlord, daemon, progress: enable building snapd without CGO
++    - daemon, store: let snap info find things in any channel
++    - store: retry tweaks and logging
++    - snap: Improve `snap --help` output as designed by Mark
++    - interfaces/builtin: fix incorrect udev rule in i2c
++    - overlord: increase test timeout and improve failure message
++    - snap: remove unused experimental command
++    - debian: remove unneeded conflict against the "snappy" package
++    - daemon, strutil: move daemon.quotedNames to strutil.Quoted
++    - docs: document SNAP_DEBUG_HTTP in HACKING.md
++    - cmd/snap: have some completers
++    - snap: support "daemon: notify" in snap.yaml
++    - snap: fix try command when daemon linie is added
++    - interfaces: apparmor support for classic confinement
++    - debian/rules: build with -buildoptions=pie
++    - tests: include /boot in saved state (including bootenv and any
++      kernels)
++    - daemon: ensure `snap try` installs core if it's missing
++    - tests: save/restore /snap/core/current symlink
++    - tests: decrease the number of expected featured apps
++    - tests: add set -e to the prepare ssh script
++    - cmd/snap: add tests for section completion; fix bugs.
++    - cmd/snap: document 'snap list --all'
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 08 Dec 2016 16:16:04 +0100
++
++snapd (2.18.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1644625
++    - daemon: fix crash when `snap refresh` contains a single update
++    - fix unhandled error from io.Copy() in download()
++    - interfaces/builtin: fix incorrect udev rule in i2c
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 05 Dec 2016 15:04:13 +0100
++
++snapd (2.18) xenial; urgency=medium
++
++  * New upstream release, LP: #1644625
++    - store: retry on io.EOF
++    - tests: skip pty tests on ppc64el and powerpc
++    - client, cmd/snap: introducing "snap info"
++    - snap: do exit 0 on install/remove if that snap is already
++      installed or already removed
++    - snap: add `snap watch <change-id>` to attach to a running change
++    - store: retry downloads using retry loop
++    - snap: try doesn't require snap-dir when run in snap's directory
++    - daemon: show what will change in the "refresh-all" changes
++    - tests: disable autorefresh for the external backend
++    - snap: add `snap list -a` to show all snaps (even inactive ones)
++    - many: unify boolean env var handling
++    - overlord/ifacestate: don't setup jailmode snaps with devmode
++      confinement
++    - snapstate: do not garbage collect the snaps used by the bootenv
++    - debian: drop hard xdelta dependency for now
++    - snap: make `snap login` ask for email if not given as argument
++    - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
++      go-arch)
++    - many: rename DevmodeConfinement to DevModeConfinement
++    - store: resp.Body.Close() missing in ReadyToBuy
++    - many: use ConfinementOptions instead of ConfinementType
++    - snap, daemon, store: fake the channel map in the REST API
++    - misc: run github.com/gordonklaus/ineffassign as part of the static
++      checks
++    - docs: add goreportcard badge and remove coveralls badge
++    - tests: force gofmt -s in static checks
++    - many: run gofmt -s -w on all the code
++    - store: DRY actual retry code
++    - many: fix various errors uncovered by goreportcard.com
++    - interfaces/builtin: allow additional shared memory for webkit
++    - many: some more missing snapState->snapst
++    - asserts: introduce an optional freeform display-name for model
++    - interfaces/builtin: rename usb-raw to raw-usb
++    - progress: init pbar with correct total value
++    - daemon/api.go: add quotedNames() helper
++    - interfaces: add ConfinementOptions type
++    - tests: add a test about the extra bits that prepare-device can
++      specify for device registration
++    - tests: check that gpio device nodes are exported after reboot
++    - tests: parameterize core channel with env var for classic too
++    - many: rename variable "ss" to "snapsup" or "snapst" or "st"
++      (depending on context)
++    - tests: do not use external snaps in spread
++    - store: retry buy request
++    - store: retry store.Find
++    - store: retry assertion store call
++    - store: retry call for snap details
++    - many: use snap.ConfinementType rather than bool devmode
++    - daemon: if a bad snap is posted it is not an internal error but a
++      bad request
++    - client: add "Snap.Screenshots" to the client API
++    - interfaces: update base declaration documentation and policy for
++      on-classic and snap-type
++    - store: check payment method before TOS for a better UX
++    - interfaces: allow sched_setaffinity in process-control
++    - tests: parameterize core channel with env var
++    - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
++    - interfaces: fcitx also listens on the session bus for Qt apps
++    - store: retry ListRefresh
++    - snap: use "Password of <email>:" in the `snap login`
++    - many: reshuffle how we load/inject tests keys so image doesn't
++      need assertstate anymore
++    - store: use range requests if we have a local file already
++    - dirs,interfaces,overlord,snap,snapenv,test: export per-snap
++      XDG_RUNTIME_DIR per user
++    - osutil: make RealUser only look at SUDO_USER when uid==0
++    - tests: do not use the ppa:snappy-dev/image in the tests
++    - store: retry readyToBuy request
++    - tests: increase `expect` timeouts
++    - static tests: add spell check
++    - tests: add debug to all flaky expect tests
++    - systemd: correct the mount arguments when mounting with squashfuse
++    - interfaces: add avahi-observe
++    - store: bring delta downloads back
++    - interfaces: add alsa
++    - interfaces/builtin: fix a broken test that snuck into master
++    - osutil: add chattr funcs
++    - image: init "snap_mode" on image creation time to avoid ugly
++      messages
++    - tests: test-snapd-fuse-consumer needs python-fuse as a build-
++      package
++    - interfaces/builtin: add i2c interface
++    - interfaces: add ofono interface
++    - tests: do not use hello-world in our tests
++    - snap: add support for classic confinement
++    - interfaces: remove LegacyAutoConnect() from the interfaces
++    - interfaces: miscellaneous policy updates
++    - tests: run autopkgtests in the autopkgtest.ubuntu.com
++      infrastructure
++    - Implement lxd-client interface exposing the lxd snap
++    - asserts: validate optional account username
++    - many: remove unnecessary snap name parameter from buying endpoint
++    - tests: do not hardcode the size of /dev/ram0
++    - tests: add test that ensures the right content for /etc/os-release
++    - spread tests: fix snap mode check
++    - docs: fix path for source files location in HACKING.md
++    - interfaces/builtin/mir: allow slot to make recvfrom syscalls
++    - store: sections/featured snaps store support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 24 Nov 2016 19:43:08 +0100
++
++snapd (2.17.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1637215:
++    - release: os-release on core has changed
++    - tests: /dev/ptmx does not work on powerpc, skip here
++    - docs: moved to github.com/snapcore/snapd/wiki (#2258)
++    - debian: golang is not installable on powerpc, use golang-any
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Nov 2016 18:13:10 +0200
++
++snapd (2.17) xenial; urgency=medium
++
++  * New upstream release, LP: #1637215:
++    - overlord/ifacestate: add unit tests for undo of setup-snap-
++      security (#2243)
++    - daemon,overlord,snap,tests: download to .partial in final dir
++      (#2237)
++    - overlord/state: marshaling tests for lanes (#2245)
++    - overlord/state: introduce state lanes (#2241)
++    - overlord/snapstate: fix revert+refresh (#2224)
++    - interfaces/sytemd: enable/disable generated service units (#2229)
++    - many: fix incorrect security files generation on undo
++    - overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
++    - interfaces: network-manager: give slot full read-write access to
++      /run/NetworkManager
++    - docs: update the name of the command for the cross-build
++    - overlord/snapstate: fix missing argument to Noticef
++    - snapstate: ensure gadget/core/kernel can not be disabled (#2218)
++    - asserts: limit to 1y only if len(models) == 0 (#2219)
++    - debian: only install share/locale if available (missing on
++      powerpc)
++    - overlrod/snapstate: fix revert followed by refresh to old-current
++      (#2214)
++    - interfaces/builtin: network-manager and bluez can change hostname
++      (#2204)
++    - snap: switch the auto-import dir to /run/snapd/auto-import
++    - docs: less details about cloud.cfg as requested in trello (#2206)
++    - spread.yaml: Ensure ubuntu user has passwordless sudo for
++      autopkgtests (#2201)
++    - interfaces/builtin: add dcdbas-control interface
++    - boot: do not set boot to try mode if the revision is unchanged
++    - interfaces: add shutdown interface (#2162)
++    - interfaces: add system-power-control interface
++    - many: use the new systemd backend for configuring GPIOs
++    - overlord/ifacestate: setup security for slots before plugs
++    - snap: spool assertion candidates if snapd is not up yet
++    - store,daemon,overlord: download things to a partials dir
++    - asserts,daemon: implement system-user-authority header/concept
++    - interfaces/builtin: home base declaration rule using on-classic
++      for its policy
++    - interfaces/builtin: finish decl based checks
++    - asserts: bump snap-declaration to allow signing with new-style
++      plugs and slots
++    - overlord: checks for kernel installation/refresh based on model
++      assertion and previous kernel
++    - tests/lib/fakestore: fix logic to distinguish assertion not found
++      errors
++    - client: add a few explicit error types (around the request cycle)
++    - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
++    - overlord/snapstate: two bugs for one
++    - snappy: disable auto-import of assertions on classic (#2122)
++    - overlord/snapstate: move trash cleanup to a cleanup handler
++      (#2173)
++    - daemon: make create-user --known fail on classic without --force-
++      managed (#2123)
++    - asserts,interfaces/policy: implement on-classic plug/slot
++      constraints
++    - overlord: check that the first installed gadget matches the model
++      assertion
++    - tests: use the snapd-control-consumer snap from the store
++    - cmd/snap: make snap run not talk to snapd for finding the revision
++    - snap/squashfs: try to hard link instead of copying. Also, switch
++      to osutil.CopyFile for cp invocation.
++    - store: send supported max-format when retrieving assertions
++    - snapstate, devicestate: do not remove seed
++    - boot,image,overlord,partition: read/write boot variables in single
++      operation
++    - tests: reenable ubuntu-core tests on qemu
++    - asserts,interfaces/policy: allow OR-ing of subrule constraints in
++      plug/slot rules
++    - many: move from flags as ints to flags as structs-of-bools (#2156)
++    - many: add supports for keeping and finding assertions with
++      different format iterations
++    - snap: stop using ubuntu-core-launcher, use snap-confine
++    - many: introduce an assertion format iteration concept, refuse to
++      add unsupported assertion
++    - interfaces: tweak wording and comment
++    - spread.yaml: dump apparmor denials on spread failure
++    - tests: unflake ubuntu-core-reboot (#2150)
++    - cmd/snap: tweak unknown command error message (#2139)
++    - client,daemon,cmd: add payment-declined error kind (#2107)
++    - cmd/snap: update remove command help (#2145)
++    - many: removed frameworks target and fixed service files (#2138)
++    - asserts,snap: validate attributes to a JSON-compatible type subset
++      (#2140)
++    - asserts: remove unused serial-proof type
++    - tests: skip auto-import tests on systems without test keys (#2142)
++    - overlord/devicestate: don't spam the debug log on classic (#2141)
++    - cmd/snap: simplify auto-import mountinfo parsing (#2135)
++    - tests: run ubuntu-core upgrades on isolated machine (#2137)
++    - overlord/devicestate: recover seeding from old external approach
++      (#2134)
++    - overlord: merge overlord/boot pkg into overlord/devicestate
++      (#2118)
++    - daemon: add postCreateUserSuite test suite (#2124)
++    - tests: abort tests if an update process is scheduled (#2119)
++    - snapstate: avoid reboots if nothing in the boot setup has changed
++      (#2117)
++    - cmd/snap: do not auto-import from loop or non-dev devices (#2121)
++    - tests: add spread test for `snap auto-import` (#2126)
++    - tests: add test for auto-mount assertion import (#2127)
++    - osutil: add missing unit tests for IsMounted (#2133)
++    - tests: check for failure creating user on managed ubuntu-core
++      systems (#2096)
++    - snap: ignore /dev/loop addings from udev (#2111)
++    - tests: remove snapd.boot-ok reference (#2109)
++    - tests: enable tests related to the home interface in all-snaps
++      (#2106)
++    - snapstate: only import defaults from gadget on install (#2105)
++    - many: move firstboot code into the snapd daemon (#2033)
++    - store: send correct JSON type of string for expected payment
++      amount (#2103)
++    - cmd/snap: rename is-managed to managed and tune (#2102)
++    - interfaces,overlord/ifacestate: initial cleaning up of no arg
++      AutoConnect related bits (#2090)
++    - client, cmd: prompt for password when buying (#2086)
++    - snapstate: fix hanging `snap remove` if snap is no longer mounted
++    - image: support gadget specific cloud.conf file (#2101)
++    - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
++    - store: local users download from the anonymous url (#2100)
++    - docs/hooks.md: fix typos (#2099)
++    - many: check installation of slots and plugs against declarations
++    - docs: fix missing "=" in the systemd-active docs
++    - store: do not set store auth for local users (#2092)
++    - interfaces,overlord/ifacestate: use declaration-based checking for
++      auto-connect (#2071)
++    - overlord, daemon, snap: support gadget config defaults (#2082)The
++      main semantic changes are:
++    - tests: fix snap-disconnect tests after core rename (#2088)
++    - client,daemon,overlord,cmd: add /v2/users and create-user on auto-
++      import (#2074)
++    - many: abbreviated forms of disconnect (#2066)
++    - asserts: require lowercase model until insensitive matching is
++      ready (#2076)
++    - cmd/snap: add version command, same as --version (#2075)
++    - all: use "core" by default but allow "ubuntu-core" still (#2070)
++    - overlord/devicestate, docs/hooks.md: nest prepare-device
++      configuration options
++    - daemon: fix login API to return local macaroons (#2078)
++    - daemon: do not hardcode UID in userLookup (#2080)
++    - client, cmd: connect fixes (#2026)
++    - many: preparations for switching most of autoconnect to use the
++      declarationsfor now:
++    - overlord/auth: update CheckMacaroon to verify local snapd
++      macaroons (#2069)
++    - cmd/snap: trivial auto-import and download tweaks (#2067)
++    - interfaces: add repo.ResolveConnect that handles name resolution
++    - interfaces/policy: introduce InstallCandidate and its checks
++    - interfaces/policy,overlord: check connection requests against the
++      declarations in ifacestate
++    - many: setup snapd macaroon for local users (#2051)Next step: do
++      snapd macaroons verification.
++    - interfaces/policy: implement snap-id/publisher-id checks
++    - many: change Connect to take ConnRef instead of strings (#2060)
++    - snap: auto mount block devices and import assertions (#2047)
++    - daemon: add `snap create-user --force-managed` support (#2041)
++    - docs: remove references to removed buying features (#2057)
++    - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
++      iface (#2063)
++    - interfaces: add Plug/Slot/Connection reference helpers (#2056)
++    - client,daemon,cmd/snap: improve create-user APIs (#2054)
++    - many: introduce snap refresh --ignore-validation <snap> to
++      override refresh validation (#2052)
++    - daemon: add support for `snap create-user --known` (#2040)
++    - interfaces/policy: start of interface policy checking code based
++      on declarations (#2050)
++    - overlord/configstate: support nested configuration (#2039)
++    - asserts,interfaces/builtin,overlord/assertstate: introduce base-
++      declaration (#2037)
++    - interfaces: builtin: Allow writing DHCP lease files to
++      /run/NetworkManager/dhcp (#2049)
++    - many: remove all traces of the /v2/buy/methods endpoint (#2045)
++    - tests: add external spread backend (#1918)
++    - asserts: parse the slot rules in snap-declarations (#2035)
++    - interfaces: allow read of /etc/ld.so.preload by default for armhf
++      on series 16 (#2048)
++    - store: change purchase to order and store clean up first pass
++      (#2043)
++    - daemon, store: switch to new store APIs in snapd (#2036)
++    - many: add email to UserState (#2038)
++    - asserts: support parsing the plugs stanza i.e. plug rules in snap-
++      declarations (#2027)
++    - store: apply deltas if explicitly enabled (#2031)
++    - tests: fix create-key/snap-sign test isolation (#2032)
++    - snap/implicit: don't restrict the camera iface to classic (#2025)
++    - client, cmd: change buy command to match UX document (#2011)
++    - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
++    - store: download deltas if explicitly enabled (#2017)
++    - many: allow use of the system user assertion with create-user
++      (#1990)
++    - asserts,overlord,snap: add prepare-device hook for device
++      registration (#2005)
++    - debian: adjust packaging for trusty/deputy systemd (#2003)
++    - asserts: introduce AttributeConstraints (#2015)
++    - interface/builtin: access system bus on screen-inhibit-control
++    - tests: add firewall-control interface test (#2009)
++    - snapstate: pass errors from ListRefresh in updateInfo (#2018)
++    - README: add links to IRC, mailing list and social media (#2022)
++    - docs: add `configure` hook to hooks list (#2024)LP: #1596629
++    - cmd/snap,configstate: rename apply-config variables to configure.
++      (#2023)
++    - store: retry download on 500 (#2019)
++    - interfaces/builtin: support time and date settings via
++      'org.freedesktop.timedate1 (#1832)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 02 Nov 2016 01:17:36 +0200
++
++snapd (2.16-1) unstable; urgency=medium
++
++  [ Michael Hudson-Doyle ]
++  * New upstream release.
++  * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb.
++  * Switch to unconditional conflict against `snap` (Closes: #826884)
++  * Update Vcs-Git and Vcs-Browser to point to alioth.
++
++  [ Steve Langasek ]
++  * Remove govendor from gbp.conf, and import Ubuntu tarball as our
++    orig.tar.gz (switching our packaging to non-native).
++  * Add Uploaders.
++  * Drop lintian overrides not used in Debian because we dynamically link
++    against golang-yaml.v2.
++  * Bump standards-version, no changes required.
++  * Add/fix various lintian overrides.
++
++ -- Steve Langasek <vorlon@debian.org>  Wed, 02 Nov 2016 12:14:52 +0000
++
++snapd (2.16) xenial; urgency=medium
++
++  * New upstream release, LP: #1628425
++    - overlord/state: prune old empty changes
++    - interfaces: ppp: load needed kernel module (#2007)
++    - interfaces/builtin: add missing rule to allow run-parts to
++      execute all resolvconf scripts
++    - many: rename apply-config hook to configure
++    - tests: use new spread `debug` feature
++    - many: finish `snap set` API.
++    - overlord: fix and simplify configstate.Transaction
++    - assertions: add system-user assertion
++    - snap: add `snap known --remote`
++    - tests: replace systemd-run with on-the-fly generation of units.
++    - overlord/boot: switch to using assertstate.Batch
++    - snap, daemon, store: pass through screenshots from store
++    - image: add meta/gadget.yaml infrastructure
++    - tests: add test benchmark script
++    - daemon: add the actual ssh keys that got added to the create-user
++      response
++    - daemon: add REST API behind `snap get`
++    - debian: re-add golang-github-gosexy-gettext-dev
++    - tests: added install_local function
++    - interfaces/builtin: fix resolvconf permissions for network-manager
++      interface
++    - tests: use apt as compatible with trusty
++    - many: discard preserved namespace after removing snap
++    - daemon, overlord, store: add ReadyToBuy API to snapd
++    - many: add support for installing/removing multiple snaps
++    - progress: use New64 and fix output newline
++    - interfaces/builtin: allow network-manager to access netplan conf
++      files
++    - tests: build once and install test snap from cache
++    - overlord/state: introduce cleanup support
++    - snap: move/clarify Info.Broken
++    - ctlcmd: add snapctl get.
++    - overlord,store: clean up serial-proof plumbing code
++    - interfaces/builtin: add network-setup-observe interface
++    - daemon,overlord/assertstate: support streams of assertions with
++      snap ack
++    - snapd: kmod backend
++    - tests: ensure HOME is also set correctly
++    - configstate,hookstate: add snapctl set
++    - tests: disable broken create-key test
++    - interfaces: adjust bluetooth-control to allow getsockopt (LP:
++      #1613572)
++    - tests: add a test for core about device initialization and device
++      registration and auth
++    - many: show snap name before the download progress bar
++    - interfaces/builtin: add rcvfrom for client connected plugs to mir
++      interface
++    - asserts: support for maps in assertions
++    - tests: increase timeout for key generation in create-key test
++    - many: validate refreshes against validation assertions by gating
++      snaps
++    - interfaces/apparmor: allow 'm' in default policy for snap-exec
++    - many: avoid snap.InfoFromSnapYaml in tests
++    - interfaces/builtin: allow /dev/net/tun with network-control
++    - tests: add spread test for snap create-key/snap sign
++    - tests: add missing quotes in security-device-cgroups/task.yaml
++    - interfaces: drop ErrUnknownSecurity
++    - store: add "ready to buy" method
++    - snap/snapenv, tests: use root's data dirs when running via sudo
++    - interfaces/builtin: add initial docker interface
++    - snap: remove extra newline after progress is done
++    - docs: fix formating of HACKING.md "Testing snapd"
++    - store : add requestOptions.ExtraHeaders so that individual
++      requests can customise headers.
++    - many: use unique plug/slot names in tests
++    - tests: add tests for the classic dimension
++    - many: add vendoring of dependencies by default
++    - tests: use in-tree snap{ctl,-exec} for all tests
++    - many: support snapctl -h
++    - tests: adjust regex after changes in stat output
++    - store,snap: initial support for delta downloads
++    - interfaces/builtin: add run/udev/data paths to mir interface
++    - snap: lessen annoyance of implicit interface tests
++    - tests: ensure http{,s}_proxy is defined inside the fake-store
++    - interfaces: allow xdg-open in unity7, unity7 cleanups
++    - daemon,store: move store login user logic to store
++    - tests: replace realpath with readlink -f for trusty support.
++    - tests: add https_proxy into environment as well
++    - interfaces/builtin: allow mmaping pulseaudio buffers
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 28 Sep 2016 11:09:27 +0200
++
++snapd (2.15.2ubuntu1) xenial; urgency=medium
++
++  * New upstream release, LP: #1623579
++    - snap/snapenv, tests: use root's data dirs when running via sudo
++      (cherry pick PR: #1857)
++    - tests: add https_proxy into environment
++      (cherry pick PR: #1926)
++    - interfaces: allow xdg-open in unity7, unity7 cleanups
++      (cherry pick PR: #1946)
++    - tests: ensure http{,s}_proxy is defined inside the fake-store
++      (cherry pick PR: #1949)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 21 Sep 2016 17:21:12 +0200
++
++snapd (2.15.2) xenial; urgency=medium
++
++  * New upstream release, LP: #1623579
++    - asserts: define a bit less terse Ref.String
++    - interfaces: disable auto-connect in libvirt interface
++    - asserts: check that validation assertions are signed by the
++      publisher of the gating snap
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Sep 2016 10:42:29 +0200
++
++snapd (2.15.1) xenial; urgency=medium
++
++  * New upstream release, LP: #1623579
++    - image: ensure local snaps are put last in seed.yaml
++    - asserts: revert change that made the account-key's name mandatory.
++    - many: refresh all snap decls
++    - interfaces/apparmor: allow reading /etc/environment
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Sep 2016 09:19:44 +0200
++
++snapd (2.15) xenial; urgency=medium
++
++  * New upstream release, LP: #1623579
++    - tests: disable prepare-image-grub test in autopkgtest
++    - interfaces: allow special casing for auto-connect until we have
++      assertions
++    - docs: add a little documentation on hooks.
++    - hookstate,daemon: don't mock HookRunner, mock command.
++    - tests: add http_proxy to /etc/environment in the autopkgtest
++      environment
++    - backends: first bits of kernel-module security backend
++    - tests: ensure openssh-server is installed in autopkgtest
++    - tests: make ubuntu-core tests more robust
++    - many: mostly work to support ABA upgrades
++    - cmd/snap: do runtime linting of descriptions
++    - spread.yaml: don't assume LANG is set
++    - snap: fix SNAP* environment merging in `snap run`
++    - CONTRIBUTING.md: remove integration-tests, include spread
++    - store: don't discard error body from request device session call
++    - docs: add create-user documentation
++    - cmd/snap: match UX document for message when buying without login
++    - firstboot: do not overwrite any existing netplan config
++    - tests: add debug output to ubuntu-core-update-rollback-
++      stresstest:
++    - tests/lib/prepare.sh: test that classic does not setting bootvars
++    - snap: run all tests with gpg2
++    - asserts: basic support for validation assertion and refresh-
++      control
++    - interfaces: miscellaneous policy updates for default, browser-
++      support and camera
++    - snap: (re)add --force-dangerous compat option
++    - tests: ensure SUDO_{USER,GID} is unset in the spread tests
++    - many: clean out left over references to integration tests
++    - overlord/auth,store: fix raciness in updating device/user in state
++      through authcontext and other issuesbonus fixes:
++    - tests: fix spread tests on yakkety
++    - store: refactor auth/refresh tests
++    - asserts: use gpg --fixed-list-mode to be compatible with both gpg1
++      and gpg2
++    - cmd/snap: i18n option descriptions
++    - asserts: required account key name header
++    - tests: add yakkety test host
++    - packaging: make sure debhelper-generated snippet is invoked on
++      postrm
++    - snap,store: capture newest digest from the store, make it
++      DownloadInfo only
++    - tests: add upower-observe spread test
++    - Merge github.com:snapcore/snapd
++    - tests: fixes to actually run the spread tests inside autopkgtest
++    - cmd/snap: make "snap find" error nicer.
++    - tests: get the gadget name from snap list
++    - cmd/snap: tweak help of 'snap download'
++    - cmd/snap,image: teach snap download to download also assertions
++    - interfaces/builtin: tweak opengl interface
++    - interfaces: serial-port use udevUsbDeviceSnippet
++    - store: ensure the payment methods method handles auth failure
++    - overlord/snapstate: support revert flags
++    - many: add snap configuration to REST API
++    - tests: use ubuntu-image for the ubuntu-core-16 image creation
++    - cmd/snap: serialise empty keys list as [] rather than null
++    - cmd/snap,client: add snap set and snap get commands
++    - asserts: update trusted account-key asserts with names
++    - overlord/snapstate: misc fixes/tweaks/cleanups
++    - image: have prepare-image set devmode correctly
++    - overlord/boot: have firstboot support assertion files with
++      multiple assertions
++    - daemon: bail from enable and disable if revision given, and from
++      multi-op if unsupported optons given
++    - osutil: call sync after cp if
++      requested.overlord/snapstate/backend: switch to use osutil instead
++      of another buggy call to cp
++    - cmd/snap: generate account-key-request "since" header in UTC
++    - many: use symlinks instead of wrappers
++    - tests: remove silly [Service] entry from snapd.socket.d/local.conf
++    - store: switch device session to use device-session-request
++      assertion
++    - snap: ensure that plug and slot names are unique
++    - cmd/snap: fix test suite (no Exit(0) on tests!)
++    - interfaces: add interface for hidraw devices
++    - tests: use the real model assertion when creating the core test
++      image
++    - interfaces/builtin: add udisks2 and removable-media interfaces
++    - interface: network_manager: enable resolvconf
++    - interfaces/builtin: usb serial-port support via udev
++    - interfaces/udev: support noneSecurityTag keyed snippets
++    - snap: switch to the new agreed regexp for snap names
++    - tests: adjust test setup after ubuntu user removal
++    - many: start services only after the snap is fully ready (link-snap
++      was run)
++    - asserts: don't have Add/Check panic in the face of unsupported no-
++      authority assertions
++    - asserts: initial support to generate/sign snap-build assertions
++    - asserts: support checking account-key-request assertions
++    - overlord: introduce AuthContext.DeviceSessionRequest with support
++      in devicestate
++    - overlord/state: fix for reloaded task/change crashing on Set if
++      checkpointed w. no custom data  yet
++    - snapd.refresh.service: require snap.socket and /snap/*/current.
++    - many: spell --force-dangerous as just --dangerous, devmode should
++      imply it
++    - overlord/devicestate: try to fetch/refresh the signing key of
++      serial (also in case is not there yet)
++    - image,overlord/boot,snap: metadata from asserts for image snaps
++    - many: automatically restart all-snap devices after os/kernel
++      updates
++    - interfaces: modem-manager: ignore camera
++    - firstboot: only configure en* and eth* interfaces by default
++    - interfaces: fix interface handling on no-app snaps
++    - snap: set user variables even if HOME is unset (like with systemd
++      services)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 16 Sep 2016 07:46:22 +0200
++
++snapd (2.14.2~16.04) xenial; urgency=medium
++
++  * New upstream release: LP: #1618095
++    - tests: use the spread tests with the adhoc interface inside
++      autopkgtest
++    - interfaces: add fwupd interface
++    - asserts,cmd/snap: add "name" header to account-key(-request)
++    - client,cmd/snap: display os-release data only on classic
++    - asserts/tool,cmd/snap: introduce hidden "snap sign"
++    - many: when installing snap file derive metadata from assertions
++      unless --force-dangerous
++    - osutil: tweak the createUserTests a bit and extract common code
++    - debian: umount --lazy before rm on snapd.postrm
++    - interfaces: updates to default policy, browser-support, and x11
++    - store: set initial device session
++    - interfaces: add upower-observe interface (LP: #1595813)
++    - tests: use beta u-d-f in test by default
++    - interfaces/builtin: allow writing on /dev/vhci in bluetooth-
++      control
++    - interfaces/builtin: allow /dev/vhci on bluetooth-control
++    - tests: port integration tests to spread
++    - snapstate: use umount --lazy when removing the mount units
++    - spread: enable halt-timeout, tweak image selection
++    - tests: fix firstboot-assertions to actually be runnable on classic
++      again
++    - asserts: introduce device-session-request
++    - interfaces: add screen-inhibit-control interface (LP: #1604880)
++    - firstboot: change location of netplan config
++    - overlord/devicestate: some cleanups and solving a couple todos
++    - daemon,overlord: add subcommand handling to snapctl
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 01 Sep 2016 18:52:05 +0200
++
++snapd (2.14.1) xenial; urgency=medium
++
++  * New upstream release: LP: #1618095
++    - snap-exec: add support for commands with internal args in snap-
++      exec
++    - store: refresh expired device sessions
++    - debian: re-add ubuntu-core-snapd-units as a transitional package
++    - image: snap assertions into image
++    - overlord/assertstate,asserts/snapasserts: give snap assertions
++      helpers a package, introduce ReconstructSideInfo
++    - docs/interfaces: Add empty line after lxd-support title
++    - README: cover the new /run/snapd-snap.socket
++    - daemon: make socket split backward-compatible.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 30 Aug 2016 16:43:29 +0200
++
++snapd (2.14) xenial; urgency=medium
++
++  * New upstream release: LP: #1618095
++    - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
++    - osutil: fix create-user on classic
++    - firstboot: disable firstboot on classic for now
++    - cmd/snap: add export-key --account= option
++    - many: split public snapd REST API into separate socket.
++    - many: drop ubuntu-core-snapd-units package, use release.OnClassic
++      instead
++    - tests: add content-shareing binary test that excersises snap-
++      confine
++    - snap: use "up to date" instead of "up-to-date"
++    - asserts: add an account-key-request assertion
++    - asserts: fix GPG key generation parameters
++    - tests, integration-tests: implement the cups-control manual test
++      as a spread test
++    - many: clarify/tie down model assertion
++    - cmd/snap: add "snap download" command
++    - integration-tests: remove them in favour of the spread tests
++    - tests: test all snap ubuntu core upgrade
++    - many: support install and remove by revision
++    - overlord/state: prevent change ready => unready
++    - tests: fixes to make the ubuntu-core-16 image usable with
++      -keep/-reuse
++    - asserts: authority-id and brand-id of serial must match
++    - firstboot: generate netplan config rather than ifupdown
++    - store: request device session macaroon from store
++    - tests: add workaround for u-d-f to unblock all-snap image tests
++    - tests: the stable ubuntu-core snap has snap run support now
++    - many: use make StripGlobalRootDir public
++    - asserts: add some stricter checks around format
++    - many: have AuthContext expose device store-id, serial and serial-
++      proof signing to the store
++    - tests: fix "tests/main/ack" to not break if asserts are alreay
++      there
++    - tests/main/ack: fix test/style
++    - snap: add key management commands
++    - firstboot: add firstboot assertions importing
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 29 Aug 2016 17:07:20 +0200
++
++snapd (2.13) xenial; urgency=medium
++
++  * New upstream release: LP: #1616157
++    - many: respect dirs.SnapSnapsDir in tests
++    - tests: update listing test for latest stable image
++    - many: hook in start of code to fetch/check assertions when
++      installing snap from store
++    - boot: add missing udevadm mock to fix FTBFS
++    - interfaces: add lxd-support interface
++    - dirs,snap: handle empty root directory in SetRootDir
++    - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
++    - tests: spread all-snap test cleanup
++    - tests: add all-snap spread image tests
++    - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
++      control talking to staging
++    - overlord/hookstate: use snap run posix parameters.
++    - interfaces/builtin: allow bind in the network interface
++    - asserts,overlord/devicestate: simplify private key/key pairs APIs,
++      they take just key ids
++    - dependencies: update godeps
++    - boot: add support for "devmode: {true,false}" in seed.yaml
++    - many: teach prepare-image to copy the model assertion (and
++      prereqs) into the seed area of the image
++    - tests: start teaching the fakestore about assertions
++    - asserts/sysdb: embed the new format official root/trusted
++      assertions
++    - overlord/devicestate: first pass at device registration logic
++    - tests: add process-control interface spread test
++    - tests: disable unity test
++    - tests: adapt to new spread version
++    - asserts: add serial-proof device assertion
++    - client, cmd/snap: use the new multi-refresh endpoint
++    - many: preparations for image code to fetch model prereqs
++    - debian: add extra checks when debian/snapd.postrm purge is run
++    - overlord/snapstate, daemon: support for multi-snap refresh
++    - tests: do not leave "squashfs-root" around
++    - snap-exec: Fix broken `snap run --shell` and add test
++    - overlord/snapstate: check changes to SnapState for conflicts also.
++    - docs/interfaces: change snappy command to snap
++    - tests: test `snap run --hook` using in-tree snap-exec.
++    - partition: ensure that snap_{kernel,core} is not overridden with an
++      empty value
++    - asserts,overlord/assertstate: introduce an assertstate task
++      handler to fetch snap assertions
++    - spread: disable re-exec to always test development tree.
++    - interfaces: implement a fuse interface
++    - interfaces/hardware-observe.go: re-add /run/udev/data
++    - overlord/assertstate,daemon: reorg how the assert manager exposes
++      the assertion db and adding to it
++    - release: Remove "UBUNTU_CODENAME" from the test data
++    - many: implement snapctl command.
++    - interfaces: mpris updates (fix unconfined introspection, add name
++      attribute)
++    - asserts: export DecodePublicKey
++    - asserts: introduce support for assertions with no authority,
++      implement serial-request
++    - interfaces: bluez: add a few more tests to verify interface
++      connection works
++    - interfaces: bluez: add missing mount security snippet case
++    - interfaces: add kernel-module interface for module insertion.
++    - integration-tests: look for ubuntu-device-flash on PATH before
++      calling sudo
++    - client, cmd, daemon, osutil: support --yaml and --sudoer flags for
++      create-user
++    - spread: use snap-confine from ppa:snappy-dev/image for the tests
++    - many: move to purely hash based key lookup and to new
++      key/signature format (v1)
++    - spread: Use /home/gopath in spread.yaml
++    - tests: base security spread tests
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 24 Aug 2016 14:48:28 +0200
++
++snapd (2.12) xenial; urgency=medium
++
++  * New upstream release: LP: #1612362
++    - many: do not require root for `snap prepare-image`
++    - tests: prevent restore error on test failure
++    - osutil: change escaping for create-user's sudoers
++    - docs: private flag doesn't exist on /v2/find (it's select)
++    - snap: do not sort the result of `snap find`
++    - interfaces/builtin: add gpio interface
++    - partition: fix cleaning of the boot variables on the second good
++      boot
++    - tests: add udev rules spread test
++    - docs: fix references to refresh action
++    - interfaces/udev,osutil: avoid doubled rules and put all in a per
++      snap file
++    - store: minor store improvements from previous reviews
++    - many: support interactive payments in snapd, filter from command
++      line
++    - docs/interfaces.md: improve interfaces documentation
++    - overlord,store: set store device authorization header
++    - store: add device nonce API support
++    - many: various fixes around the `create-user` command
++    - client, osutil: chown the auth file
++    - interfaces/builtin: add transitional browser-support interface
++    - snap: don't load unsupported implicit hooks.
++    - cmd/snap,cmd/snap-exec: support hooks again.
++    - interfaces/builtin: improve pulseaudio interface
++    - asserts: make account-key's `until` optional to represent a never-
++      expiring key
++    - store: refactor newRequest/doRequest to take requestOptions
++    - tests: allow-downgrades on upgrade test to prevent version errors
++    - daemon: stop using group membership as succedaneous of running
++      things with sudo
++    - interfaces: add bluetooth-control interfaces
++    - many: remove integration-test coverage metrics
++    - daemon,docs: drop license docs and error kind
++    - tests: add network-control interface spread test
++    - tests: add hardware-observe spread test
++    - interfaces: add system-trace interface LP: #1600085
++    - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
++    - store: soft-refresh discharge macaroon from store when required
++    - partition: clear snap_try_{kernel,core} on success
++    - tests: add snapd-control interface spread test
++    - tests: add locale-control write spread test
++    - store: fix buy method after some refactoring broke it
++    - interfaces/builtin: read perms for network devices in network-
++      observe
++    - interfaces: also allow rfkill in network_control
++    - snapstate: remove artifacts from a snap try dir that vanished
++    - client, cmd/snap: better errors for empty snap list result
++    - wrappers: set BAMF_DESKTOP_FILE_HINT for unity
++    - many: cleanup/update rest.md; improve auth errors
++    - interfaces: miscelleneous policy updates for default, log-observe,
++      mount-observe, opengl, pulseaudio, system-observe and unity7
++    - interfaces: add process-control interface (LP: #1598225)
++    - osutil: support both "nobody" and "nogroup" for grpnam tests
++    - cmd: support defaulting to the user's preferred payment method
++    - overlord: actually run hooks.
++    - overlord/state,overlord/ifacestate: define basic infrastructure
++      for and then setting up serialising of interface mgr tasks
++    - asserts: add Assertion.Prerequisites and SigningKey, Ref and
++      FindTrusted
++    - overlord/snapstate: ensure calls to store are done without the
++      state lock held
++    - asserts,client: switch snap-build and snap-revision to be indexed
++      by snap-sha3-384
++    - many: make seed.yaml on firstboot mandatory and include sideInfo
++    - asserts,many: start supporting structured headers using the new
++      parseHeaders
++    - many: update code for the new snap_mode
++    - tests: added spread find private test
++    - store: deal with 404 froms the SSO store properly
++    - snap: remove meta/kernel.yaml again
++    - daemon: always mock release info in tests
++    - snapstate: drop revisions after "current" on refresh
++    - asserts: introduce new parseHeadersThis introduces the new
++      parseHeaders returning map[string]interface{} and capable of
++      accepting:
++    - asserts: remove/disable comma separated lists and their uses
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 Aug 2016 19:30:36 +0200
++
++snapd (2.11) xenial; urgency=medium
++
++  * New upstream release: LP: #1605303
++    - increase version number to reflect the nature of the update
++      better
++    - store, daemon, client, cmd/snap, docs/rest.md: adieu search
++      grammar
++    - debian: move snapd.refresh.timer into timers.target
++    - snapstate: add daemon-reload to fix autopkgtest on yakkety
++    - Interfaces: hardware-observe
++    - snap: rework the output after a snap operation
++    - daemon, cmd/snap: refresh --devmode
++    - store, daemon, client, cmd/snap: implement `snap find --private`
++    - tests: add network-observe interface spread test
++    - interfaces/builtin: allow getsockopt for connected x11 plugs
++    - osutil: check for nogrup instead of adm
++    - store: small cleanups (more needed)
++    - snap/squashfs: fix test not to hardcode snap size
++    - client,cmd/snap: cleanup cmd/snap test suite, add extra args
++      testThis cleans up the cmd/snap test suite:
++    - wrappers: map "never" restart condition to "no."
++    - wrappers: run update-desktop-database after add/remove of desktop
++      files
++    - release: work around elementary mistake
++    - many: remove all traces of channel from the buying codepath
++    - store: kill setUbuntuStoreHeaders
++    - docs: add payment methods documentation
++    - many: present user with a choice of payment backends
++    - asserts: add cross checks for snap asserts
++    - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
++    - tests: improve snap run symlink tests
++    - tests: add content sharing interface spread test
++    - store & many: a mechanical branch shortening store names
++    - snappy: remove old snappy pkg
++    - overlord/snapstate: kill flagscompat
++    - overlord/snapstate, daemon, client, cmd/snap: devmode override
++      (aka confined)
++    - tests: extend refresh test to talk to the staging and production
++      stores
++    - asserts,daemon: cross checks for account and account-key
++      assertions
++    - client: existing JSON fixtures uses tabs for indentation
++    - snap-exec: add proper integration test for snap-exec
++    - spread.yaml, tests: replace hello-world with test-snapd-tools
++    - tests: add locale-control interface spread test
++    - tests: add mount-observe interface spread test
++    - tests: add system-observe interface spread test
++    - many: add AuthContext to mediate user updates to the state
++    - store/auth: add helper for the macaroon refresh endpoint
++    - cmd: add buy command
++    - overlord: switch snapstate.Update to use ListRefresh (aka
++      /snaps/metadata)
++    - snap-exec: fix silly off-by-one error
++    - tests: stop using hello-world.echo in the tests
++    - tests: add env command to test-snapd-tools
++    - classic: remove (most of) "classic" mode, this is implemented as a
++      snap now
++    - many: remove snapstate.Candidate and other cleanups
++    - many: removed authenticator, store gets a user instead
++    - asserts: fix minor doc comment typo
++    - snap: ensure unknown arguments to `snap run` are ignored
++    - overlord/auth: add Device/SetDevice to persist device identity in
++      state
++    - overlord: make SyncBoot work again
++    - tests: add -y flag to apt autoremove command in unity task restore
++    - many: migrate SnapSetup and SideInfo to use RealName
++    - daemon: drop auther()
++    - client: improve error from client.do() on json decode failures
++    - tests: readd the fake store tests
++    - many: allow removal of broken snaps, add spread test
++    - overlord: implement &Retry{After: duration} support for handlers
++    - interface: add new interfaces.all.SecurityBackends
++    - integration-tests: remove login tests
++    - cmd,interfaces,snap: implement hook whitelist.
++    - daemon,overlord/auth,store: update macaroon authentication to use
++      the new endpoints
++    - daemon, overlord: add buy endpoint to REST API
++    - tests: use systemd-run for starting and stopping the unity app
++    - tests, integration-tests: port systemd service check test to
++      spread
++    - store: switch search to new snap-specific endpoint
++    - store, many: start using the new details endpoint
++    - tests, integration-tests: port unity test to spread
++    - tests: add spread test for tried snaps removal
++    - tests, integration-tests: port auth errors test to spread
++    - snapstate: rename OfficialName to RealName in the new tests
++    - many: rename SideInfo.OfficialName to SideInfo.RealName
++    - snapstate: use snapstate.Type in backend.RemoveSnapFiles
++    - many: add `snap enable/disable` commands
++    - tests, integration-tests: port refresh all test to spread
++    - snap: add `snap run --shell`
++    - tests: set yaml indentation to 4 spaces
++    - snapstate: cleanup downloaded temp snap files
++    - overlord: make patch1_test more robust
++    - debian: add snapd.postrm that purges
++    - integration-tests: drop already covered refresh app test
++    - many: add concept of "broken" snaps
++    - tests, integration-tests: port remove errors tests to spread
++    - tests, integration-tests: port revert test to spread
++    - debian: fix snapbuild path
++    - overlord: fix access to the state without lock in firstboot.go and
++      add test
++    - snapstate: add very simple garbage collection on upgrade
++    - asserts: introduce assertstest with helpers to test code involving
++      assertions
++    - tests, integration tests: port undone failed install test to
++      spread
++    - snap,store: switch to the new snaps/metadata endpoint, introduce
++      and start capturing DeveloperID
++    - tests, integration-tests: port the op remove retry test to spread
++    - po: remove snappy.pot from git, it will be generated at build time
++    - many: add some missing tests, clarify some things and nitpicks as
++      follow up to `snap revert`
++    - snapstate: when doing snapsate.Update|Install, talk to the store
++      early
++    - tests, integration-tests: port the op remove test to spread
++    - interfaces: allow /usr/bin/locale in default policy
++    - many: add `snap revert`
++    - overlord/auth,store: add macaroon serialization/deserialization
++      helpers
++    - many: embed main store trusted assertions in snapd, way to have
++      test ones, spread tests for ack and known
++    - overlord/snapstate,daemon: clarify active vs current, add
++      SnapState.HasCurrent,CurrentInfo
++    - tests: do not search for a specific snap (we hit 100 items) and
++      pagination kicks in
++    - tests: use printf instead of echo where we need portability
++    - tests: rename and generalize basic-binaries to test-snapd-tools
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 26 Jul 2016 15:49:04 +0200
++
++snapd (2.0.10) xenial; urgency=medium
++
++  *  New upstream release: LP: #1597329
++    - interfaces: also allow @{PROC}/@{pid}/mountinfo and
++      @{PROC}/@{pid}/mountstats
++    - interfaces: allow read access to /etc/machine-id and
++      @{PROC}/@{pid}/smaps
++    - interfaces: miscelleneous policy updates for default, log-observe
++      and system-observe
++    - snapstate: add logging after a successful doLinkSnap
++    - tests, integration-tests: port try tests to spread
++    - store, cmd/snapd: send a basic user-agent to the store
++    - store: add buy method
++    - client: retry on failed GETs
++    - tests: actual refresh test
++    - docs: REST API update
++    - interfaces: add mount support for hooks.
++    - interfaces: add udev support for hooks.
++    - interfaces: add dbus support for hooks.
++    - tests, integration-tests: port refresh test to spread
++    - tests, integration-tests: port change errors test to spread
++    - overlord/ifacestate: don't retry snap security setup
++    - integration-tests: remove unused file
++    - tests: manage the socket unit when reseting state
++    - overlord: improve organization of state patches
++    - tests: wait for snapd listening after reset
++    - interfaces/builtin: allow other sr*/scd* optical devices
++    - systemd: add support for squashfuse
++    - snap: make snaps vanishing less fatal for the system
++    - snap-exec: os.Exec() needs argv0 in the args[] slice too
++    - many: add new `create-user` command
++    - interfaces: auto-connect content interfaces with the same content
++      and developer
++    - snapstate: add Current revision to SnapState
++    - readme: tweak readme blurb
++    - integration-tests: wait for listening port instead of active
++      service reported by systemd
++    - many: rename Current -> {CurrentSideInfo,CurrentInfo}
++    - spread: fix home interface test after suite move
++    - many: name unversioned data.
++    - interfaces: add "content" interface
++    - overlord/snapstate: defaultBackend can go away now
++    - debian: comment to remember why the timer is setup like it is
++    - tests,spread.yaml: introduce an upgrade test, support/split into
++      two suites for this
++    - overlord,overlord/snapstate: ensure we keep snap type in snapstate
++      of each snap
++    - many: rework the firstboot support
++    - integration-tests: fix test failure
++    - spread: keep core on suite restore
++    - tests: temporary fix for state reset
++    - overlord: add infrastructure for simple state format/content
++      migrations
++    - interfaces: add seccomp support for hooks.
++    - interfaces: allow gvfs shares in home and temporarily allow
++      socketcall by default (LP: #1592901, LP: #1594675)
++    - tests, integration-tests: port network-bind interface tests to
++      spread
++    - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
++      and remove MockSnapWithHooks
++    - interfaces: add mpris interface
++    - tests: enable `snap run` on i386
++    - tests, integration-tests: port network interface test to spread
++    - tests, integration-tests: port interfaces cli to spread
++    - tests, integration-tests: port leftover install tests to spread
++    - interfaces: add apparmor support for hooks.
++    - tests, integration-tests: port log-observe interface tests to
++      spread
++    - asserts: improve Decode doc comment about assertion format
++    - tests: moved snaps to lib
++    - many: add the camera interface
++    - many: add optical-drive interface
++    - interfaces: auto-connect home if running on classic
++    - spread: bump gccgo test timeout
++    - interfaces: use security tags to index security snippets.
++    - daemon, overlord/snapstate, store: send confinement header to the
++      store for install
++    - spread: run tests on 16.04 i386 concurrently
++    - tests,integration-tests: port install error tests to spread
++    - interfaces: add a serial-port interface
++    - tests, integration-tests, debian: port sideload install tests to
++      spread
++    - interfaces: add new bind security backend and refactor
++      backendtests
++    - snap: load and validate implicit hooks.
++    - tests: add a build/run test for gccgo in spread
++    - cmd/snap/cmd_login: Adjust message after adding support for wheel
++      group
++    - tests, integration-tests: ported install from store tests to
++      spread
++    - snap: make `snap change <taskid>` show task progress
++    - tests, integration-tests: port search tests to spread
++    - overlord/state,daemon: make abort proceed immediately, fix doc
++      comment, improve tests
++    - daemon: extend privileged access to users in "wheel" group
++    - snap: tweak `snap refresh` and `snap refresh --list` outputTiny
++      branch that does three things:
++    - interfaces: refactor auto-connection candidate check
++    - snap: add support for snap {install,refresh}
++      --{edge,beta,candidate,stable}
++    - release: don't force KDE Neon into devmode.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Jun 2016 21:02:39 +0200
++
++snapd (2.0.9) xenial; urgency=medium
++
++  * New upstream release: LP: #1593201
++    - snap: add the magic redirect part of `snap run`
++    - tests, integration-tests: port server related tests to spread
++    - overlord/snapstate: log restarting in the task
++    - daemon: test restart wiring, fix setup/teardown
++    - cmd: don't show the price if a snap has already been purchased
++    - tests, integration-tests: port listing tests to spread
++    - integration-tests: do not try to kill ubuntu-clock-app.clock (no
++      longer a process)
++    - several: tie up overlord's restart handler into daemon; adjust
++      snap to cope
++    - tests, integration-tests: port abort tests to spread
++    - integration-tests: fix flaky TestRemoveBusyRetries
++    - testutils: refactor/mock exec
++    - snap,cmd: add hook support to snap run.
++    - overlord/snapstate: remove Download from backend
++    - store: use a custom logging transport
++    - overlord/hookstate: implement basic HookManager.
++    - spread: move the suite restore to restore-each
++    - asserts: turn model os into model core field, making it also more
++      like the kernel and gadget fields
++    - asserts: / is not allowed in primary key headers, follow the store
++      in this
++    - release: enable full confinement on Elementary 0.4
++    - integration-tests: fix another i386 autopkgtest failure.
++    - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
++    - many: have the installation of the core snap request a restart (on
++      classic)
++    - asserts: allow to load also account assertions into the trusted
++      set
++    - many: install snaps in devmode on distributions without complete
++      apparmor and seccomp support
++    - spread: run on travis
++    - snapenv: do not hardcode amd64 in tests
++    - spread: initial harness and first test
++    - interfaces: miscelleneous policy updates for chromium, x86,
++      opengl, etc
++    - integration-tests: remove daemon to use the log-observe interface
++    - client: remove client.Revision and import snap.Revision instead
++    - integration-tests: wait for network-bind service in try test
++    - many: move over from snappy to snapstate/backend SetupSnap and
++      related code
++    - integration-tests: add interfaces cli tests
++    - snapenv: cleanup snapenv.{Basic,User}
++    - cmd/snap: also print slots that connect to the wanted snap (LP:
++      #1590704)
++    - asserts: error style, use "cannot" instead of "failed to"
++      following the main decided style
++    - integration-tests: wait until the network-bind service is up
++      before testing
++    - many: add new `snap run` command
++    - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
++    - many: add some shared testing helpers to snap/snaptest and to
++      boot/boottest
++    - rest-api: support to send apps per snap (LP: #1564076)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 16 Jun 2016 13:56:12 +0200
++
++snapd (2.0.8.1) UNRELEASED; urgency=medium
++
++  * New upstream release
++    - Cherry pick four commits that show snaps as installed in devmode on
++    distributions without full confinement dependencies available:
++
++    25634d3364a46b5e9147e4466932c59b1b572d35
++    53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
++    38771f4cc324ad9dd4aa48b03108d13a2c361aad
++    c46e069351c61e45c338c98ab12689a319790bd5
++
++ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Tue, 14 Jun 2016 15:55:30 +0200
++
++snapd (2.0.8+1) unstable; urgency=medium
++
++  * New upstream release.
++  * Update lintian-overrides for new paths.
++  * debian/copyright: fix a typo (thanks, lintian!)
++
++ -- Steve Langasek <vorlon@debian.org>  Fri, 10 Jun 2016 23:17:22 +0000
++
++snapd (2.0.8) xenial; urgency=medium
++
++  * New upstream release: LP: #1589534
++    - debian: make `snap refresh` times more random (LP: #1537793)
++    - cmd: ExecInCoreSnap looks in "core" snap first, and only in
++      "ubuntu-core" snap if rev>125.
++    - cmd/snap: have 'snap list' display helper message on stderr
++      (LP: #1587445)
++    - snap: make app names more restrictive.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 08 Jun 2016 07:56:58 +0200
++
++snapd (2.0.7) xenial; urgency=medium
++
++  * New upstream release: LP: #1589534
++    - debian: do not ship  /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
++    - debian: fix snapd.refresh.service install and usage (LP: #1588977)
++    - ovlerlord/state: actually support task setting themself as
++      done/undone
++    - snap: do not use "." import in revision_test.go, as this breaks
++      gccgo-6 (fix build failure on powerpc)
++    - interfaces: add fcitx and mozc input methods to unity7
++    - interfaces: add global gsettings interfaces
++    - interfaces: autoconnect home and doc updates (LP: #1588886)
++    - integration-tests: remove
++      abortSuite.TestAbortWithValidIdInDoingStatus
++    - many: adding backward compatible code to upgrade SnapSetup.Flags
++    - overlord/snapstate: handle sideloading over an old sideloaded snap
++      without panicing
++    - interfaces: add socketcall() to the network/network-bind
++      interfaces (LP: #1588100)
++    - overlord/snapstate,snappy: move over CanRemoveThis moves over the
++      CanRemove check to snapstate itself.overlord/snapstate
++    - snappy: move over CanRemove
++    - overlord/snapstate,snappy: move over CopyData and Remove*Data code
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 06 Jun 2016 16:35:50 +0200
++
++snapd (2.0.6) xenial; urgency=medium
++
++  * New upstream release: LP: #1588052:
++    - many: repository moved to snapcore/snapd
++    - debian: add transitional pkg for the github location change
++    - snap: ensure `snap try` work with relative paths
++    - debian: drop run/build dependency on lsb-release
++    - asserts/tool: gpg key pair manager
++    - many: add new snap-exec
++    - many: implement `snap refresh --list` and  `snap refresh`
++    - snap: add parsing support for hooks.
++    - many: add the cups interface
++    - interfaces: misc policy fixes (LP: #1583794)
++    - many: add `snap try`
++    - interfaces: allow using sysctl and scmp_sys_resolver for parsing
++      kernel logs
++    - debian: make snapd get its environ from /etc/environment
++    - daemon,client,snap: revisions are now strings
++    - interfaces: allow access to new ibus abstract socket path
++      LP: #1580463
++    - integration-tests: add remove tests
++    - asserts: stronger crypto choices and follow better latest designs
++    - snappy,daemon: hollow out more of snappy (either removing or not
++      exporting stuff on its way out), snappy/gadget.go is gone
++    - asserts: rename device-serial to serial
++    - asserts: rename identity to account (and username access)
++    - integration-tests: add changes tests
++    - backend: add tests for environment wrapper generation
++    - interfaces/builtin: add location-control interface
++    - overlord/snapstate: move over check snap logic from snappy
++    - release: use os-release instead of lsb-release for cross-distro
++      use
++    - asserts: allow empty snap-name for snap-declaration
++    - interfaces/builtin,docs,snap: add the pulseaudio interface
++    - many: add support for an environment map inside snap.yaml
++    - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
++      with sanity unit tests
++    - snap: parse epoch property
++    - snappy: do nothing in SetNextBoot when running on classic
++    - snap: validate snap type
++    - integration-tests: extend find command tests
++    - asserts: extend tests to cover mandatory and empty headers
++    - tests: stop the update-pot check in run-checks
++    - snap: parse confinement property.
++    - store: change applyUbuntuStoreHeaders to not take accept, and to
++      take a channel
++    - many: struct-based revisions, new representation
++    - interfaces: remove 'audit deny' rules from network_control.go
++    - interfaces: add  com.canonical.UrlLauncher.XdgOpen to unity7
++      interface
++    - interfaces: firewall-control can access xtables lock file
++    - interfaces: allow unity7 AppMenu
++    - interfaces: allow unity7 launcher API
++    - interfaces/builtin: add location-observe interface
++    - snap: fixed snap empty list text LP: #1587445
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Jun 2016 08:23:50 +0200
++
++snapd (2.0.5+1) unstable; urgency=medium
++
++  * Initial Debian upload.  Closes: #824943.
++  * release/release{,_test}.go: use /etc/os-release, which is guaranteed to
++    be part of base-files on both Ubuntu and Debian, instead of
++    /etc/lsb-release which doesn't exist at all on Debian.
++  * drop transitional packages, not needed in Debian.
++  * Add lintian overrides for false-positive detection of embedded libyaml.
++  * Update Vcs-* fields to point at maintainer's branch.
++  * Add a further lintian override for the /snap directory so that the
++    package is not automatically rejected by the NEW queue; this directory
++    location is certainly subject to discussion for Debian, but let's have
++    the discussion rather than blocking the package at the archive level.
++
++ -- Steve Langasek <vorlon@debian.org>  Mon, 23 May 2016 00:36:06 +0000
++
++snapd (2.0.5) xenial; urgency=medium
++
++  * New upstream release: LP: #1583085
++    - interfaces: add dbusmenu, freedesktop and kde notifications to
++      unity7 (LP: #1573188)
++    - daemon: make localSnapInfo return SnapState
++    - cmd: make snap list with no snaps not special
++    - debian: workaround for XDG_DATA_DIRS issues
++    - cmd,po: fix conflicts, apply review from #1154
++    - snap,store: load and store the private flag sent by the store in
++      SideInfo
++    - interfaces/apparmor/template.go: adjust /dev/shm to be more usable
++    - store: use purchase decorator in Snap and FindSnaps
++    - interfaces: first version of the networkmanager interface
++    - snap, snappy: implement the new (minmimal) kernel spec
++    - cmd/snap, debian: move manpage generation to depend on an environ
++      key; also, fix completion
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 May 2016 15:29:16 +0200
++
++snapd (2.0.4) xenial; urgency=medium
++
++  * New upstream release:
++    - interfaces: cleanup explicit denies
++    - integration-tests: remove the ancient integration daemon tests
++    - integration-tests: add network-bind interface test
++    - integration-tests: add actual checks for undoing install
++    - integration-tests: add store login test
++    - snap: add certain implicit slots only on classic
++    - integration-tests: add coverage flags to snapd.service ExecStart
++      setting when building from branch
++    - integration-tests: remove the tests for features removed in 16.04.
++    - daemon, overlord/snapstate: "(de)activate" is no longer a thing
++    - docs: update meta.md and security.md for current snappy
++    - debian: always start snapd
++    - integration-tests: add test for undoing failed install
++    - overlord: handle ensureNext being in the past
++    - overlord/snapstate,overlord/snapstate/backend,snappy: start
++      backend porting LinkSnap and UnlinkSnap
++    - debian/tests: add reboot capability to autopkgtest and execute
++      snapPersistsSuite
++    - daemon,snappy,progress: drop license agreement broken logic
++    - daemon,client,cmd/snap: nice access denied message
++      (LP: #1574829)
++    - daemon: add user parameter to all commands
++    - snap, store: rework purchase methods into decorators
++    - many: simplify release package and add OnClassic
++    - interfaces: miscellaneous policy updates
++    - snappy,wrappers: move desktop files handling to wrappers
++    - snappy: remove some obviously dead code
++    - interfaces/builtin: quote apparmor label
++    - many: remove the gadget yaml support from snappy
++    - snappy,systemd,wrappers: move service units generation to wrappers
++    - store: add method to determine if a snap must be bought
++    - store: add methods to read purchases from the store
++    - wrappers,snappy: move binary wrapper generation to new package
++      wrappers
++    - snap: add `snap help` command
++    - integration-tests: remove framework-test data and avoid using
++      config-snap for now
++    - add integration test to verify fix for LP: #1571721
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 May 2016 17:19:37 -0700
++
++snapd (2.0.3) xenial; urgency=medium
++
++  * New upstream micro release:
++    - integration-tests, debian/tests: add unity snap autopkg test
++    - snappy: introduce first feature flag for assumes: common-data-dir
++    - timeout,snap: add YAML unmarshal function for timeout.Timeout
++    - many: go into state.Retry state when unmounting a snap fails.
++      (LP: #1571721, #1575399)
++    - daemon,client,cmd/snap: improve output after snap
++      install/refresh/remove (LP: #1574830)
++    - integration-tests, debian/tests: add test for home interface
++    - interfaces,overlord: support unversioned data
++    - interfaces/builtin: improve the bluez interface
++    - cmd: don't include the unit tests when building with go test -c
++      for integration tests
++    - integration-tests: teach some new trick to the fake store,
++      reenable the app refresh test
++    - many: move with some simplifications test snap building to
++      snap/snaptest
++    - asserts: define type for revision related errors
++    - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
++      mocking snaps behind MockSnap
++    - snappy: fix openSnapFile's handling of sideInfo
++    - daemon: improve snap sideload form handling
++    - snap: add short and long description to the man-page
++      (LP: #1570280)
++    - snappy: remove unused SetProperty
++    - snappy: use more accurate test data
++    - integration-tests: add a integration test about remove removing
++      all revisions
++    - overlord/snapstate: make "snap remove" remove all revisions of a
++      snap (LP: #1571710)
++    - integration-tests: re-enable a bunch of integration tests
++    - snappy: remove unused dbus code
++    - overlord/ifacestate: fix setup-profiles to use new snap revision
++      for setup (LP: #1572463)
++    - integration-tests: add regression test for auth bug LP:#1571491
++    - client, snap: remove obsolete TypeCore which was used in the old
++      SystemImage days
++    - integration-tests: add apparmor test
++    - cmd: don't perform type assertion when we know error to be nil
++    - client: list correct snap types
++    - intefaces/builtin: allow getsockname on connected x11 plugs
++      (LP: #1574526)
++    - daemon,overlord/snapstate: read name out of sideloaded snap early,
++      improved change summary
++    - overlord: keep tasks unlinked from a change hidden, prune them
++    - integration-tests: snap list on fresh boot is good again
++    - integration-tests: add partial term to the find test
++    - integration-tests: changed default release to 16
++    - integration-tests: add regression test for snaps not present after
++      reboot
++    - integration-tests: network interface
++    - integration-tests: add proxy related environment variables to
++      snapd env file
++    - README.md: snappy => snap
++    - etc: trivial typo fix (LP:#1569892)
++    - debian: remove unneeded /var/lib/snapd/apparmor/additional
++      directory (LP: #1569577)
++    - builtin/unity7.go: allow using gmenu. LP: #1576287
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 03 May 2016 07:51:57 +0200
++
++snapd (2.0.2) xenial; urgency=medium
++
++  * New upstream release:
++    - systemd: add multi-user.target (LP: #1572125)
++    - release: our series is 16
++    - integration-tests: fix snapd binary path for mounting the daemon
++      built from branch
++    - overlord,snap: add firstboot state sync
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 19 Apr 2016 16:02:44 +0200
++
++snapd (2.0.1) xenial; urgency=medium
++
++  * client,daemon,overlord: fix authentication:
++    - fix incorrect authenication check (LP: #1571491)
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 18 Apr 2016 07:24:33 +0200
++
++snapd (2.0) xenial; urgency=medium
++
++  * New upstream release:
++    - debian: put snapd in /usr/lib/snapd/
++    - cmd/snap: minor polishing
++    - cmd,client,daemon: add snap abort command
++    - overlord: don't hold locks when callling backends
++    - release,store,daemon: no more default-channel, release=>series
++    - many: drop support for deprecated environment variables
++      (SNAP_APP_*)
++    - many: support individual ids in changes cmd
++    - overlord/state: use numeric change and task ids
++    - overlord/auth,daemon,client,cmd/snap: logout
++    - daemon: don't install ubuntu-core twice
++    - daemon,client,overlord/state,cmd: add changes command
++    - interfaces/dbus: drop superfluous backslash from template
++    - daemon, overlord/snapstate: updates are users too!
++    - cmd/snap,daemon,overlord/ifacestate: add support for developer
++      mode
++    - daemon,overlord/snapstate: on refresh use the remembered channel,
++      default to stable channel otherwise
++    - cmd/snap: improve UX of snap interfaces when there are no results
++    - overlord/state: include time in task log messages
++    - overlord: prune and abort old changes and tasks
++    - overlord/ifacestate: add implicit slots in setup-profiles
++    - daemon,overlord: setup authentication for store downloads
++    - daemon: macaroon-authed users are like root, and sudoers can login
++    - daemon,client,docs: send install options to daemon
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 16 Apr 2016 22:15:40 +0200
++
++snapd (1.9.4) xenial; urgency=medium
++
++  * New upstream release:
++    - etc: fix desktop file location
++    - overlord/snapstate: stop an update once download sees the revision
++      is already installed
++    - overlord: make SnapState.DevMode a method, store flags
++    - snappy: no more snapYaml in snappy.Snap
++    - daemon,cmd,dirs,lockfile: drop all lockfiles
++    - debian: use sudo in setup of the proxy environment
++    - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
++      environment
++    - snap: validate similarly to what we did with old snapYaml info
++      from squashfs snaps
++    - daemon,store: plug in authentication for store search/details
++    - overlord/snapstate: fix JSON name of SnapState.Candidate
++    - overlord/snapstate: start using revisions higher than 100000 for
++      local installs (sideloads)
++    - interfaces,overlorf/ifacestate: honor user choice and don't auto-
++      connect disconnected plugs
++    - overlord/auth,daemon,client: hide user ids again
++    - daemon,overlord/snapstate: back /snaps (and so snap list) using
++      state
++    - daemon,client,overlord/auth: rework state auth data
++    - overlord/snapstate: disable Activate and Deactivate
++    - debian: fix silly typo in autopkgtest setup
++    - overlord/ifacestate: remove connection state with discard-conns
++      task, on the removal of last snap
++    - daemon,client: rename API update action to refresh
++    - cmd/snap: rework login to be more resilient
++    - overlord/snapstate: deny two changes on one snap
++    - snappy: fix crash on certain snap.yaml
++    - systemd: use native systemctl enable instead of our own
++      implementation
++    - store: add workaround for misbehaving store
++    - debian: make autopkgtest use the right env vars
++    - state: log do/undo status too when a task is run
++    - docs: update rest.md with price information
++    - daemon: only include price property if the snap is non-free
++    - daemon, client, cmd/snap: connect/disconnect now async
++    - snap,snappy: allow snaps to require system features
++    - integration-tests: fix report of skips in SetUpTest method
++    - snappy: clean out major bits (still using Installed) now
++      unreferenced as cmd/snappy is gone
++    - daemon/api,overlord/auth: add helper to get UserState from a
++      client request
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 15 Apr 2016 23:30:00 +0200
++
++snapd (1.9.3) xenial; urgency=medium
++
++  * New upstream release:
++    - many: prepare for opengl support on classic
++    - interfaces/apparmor: load all apparmor profiles on snap setup
++    - daemon,client: move async resource to change in meta
++    - debian: disable autopilot
++    - snap: add basic progress reporting
++    - client,cmd,daemon,snap,store: show the price of snaps in the cli
++    - state: add minimal taskrunner logging
++    - daemon,snap,overlord/snapstate: in the API get the snap icon using
++      state
++    - client,daemon,overlord: don't guess snap file vs. name
++    - overlord/ifacestate: reload snap connections when setting up
++      security for a given snap
++    - snappy: remove cmd/snappy (superseded in favour of cmd/snap)
++    - interfaecs/apparmor: remove all traces of old-security from
++      apparmor backend
++    - interfaces/builtin: add bluez interface
++    - overlord/ifacestate: don't crash if connection cannot be reloaded
++    - debian: add searchSuite to autopkgtest
++    - client, daemon, cmd/snap: no more tasks; everything is changes
++    - client: send authorization header in client requests
++    - client, daemon: marshal suggested currency over REST
++    - docs, snap: enumerate snap types correctly in docs and comments
++    - many: add store authenticator parameter
++    - overlord/ifacestate,daemon: setup security on conect and
++      disconnect
++    - interfaces/apparmor: remove unused apparmor variables
++    - snapstate: add missing "TaskProgressAdapter.Write()" for working
++      progress reporting
++    - many: clean out snap config related code not for OS
++    - daemon,client,cmd: return snap list from /v2/snaps
++    - docs: update `/v2/snaps` endpoint documentation
++    - interfaces: rename developerMode to devMode
++    - daemon,client,overlord: progress current => done
++    - daemon,client,cmd/snap: move query metadata to top-level doc
++    - interfaces: add TestSecurityBackend
++    - many: replace typographic quotes with ASCII
++    - client, daemon: rework rest changes to export "ready" and "err"
++    - overlord/snapstate,snap,store: track snap-id in side-info and
++      therefore in state
++    - daemon: improve mocking  of interfaces API tests
++    - integration-tests: remove origins in default snap names for udf
++      call
++    - integration-test: use "snap list" in GetCurrentVersion
++    - many: almost no more NewInstalledSnap reading manifest from
++      snapstate and backend
++    - daemon: auto install ubuntu-core if missing
++    - oauth,store: remove OAuth authentication logic
++    - overlord/ifacestate: simplify some tests with implicit manager
++      initialization
++    - store, snappy: move away from hitting details directly
++    - overlord/ifacestate: reload connections when restarting the
++      manager
++    - overlord/ifacestate: increase flexibility of unit tests
++    - overlord: use state to discover all installed snaps
++    - overlord/ifacestate: track connections in the state
++    - many: separate copy-data from unlinking of current snap
++    - overlord/auth,store/auth: add macaroon authenticator to UserState
++    - client: support for /v2/changes and /v2/changes/{id}
++    - daemon/api,overlord/auth: rework authenticated users information
++      in state
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 14 Apr 2016 23:29:43 +0200
++
++snapd (1.9.2) xenial; urgency=medium
++
++  * New upstream release:
++    - cmd/snap,daemon,store: rework login command to use daemon login
++      API
++    - store: cache suggested currency from the store
++    - overlord/ifacestate: modularize and extend tests
++    - integration-tests: reenable failure tests
++    - daemon: include progress in rest changes
++    - daemon, overlord/state: expose individual changes
++    - overlord/ifacestate: drop duplicate package comment
++    - overlord/ifacestate: allow tests to override security backends
++    - cmd/snap: install *.snap and *.snap.* as files too
++    - interfaces/apparmor: replace /var/lib/snap with /var/snap
++    - daemon,overlord/ifacestate: connect REST API to interfaces in the
++      overlord
++    - debian: remove unneeded dependencies from snapd
++    - overlord/state: checkpoint on final progress only
++    - osutil: introduce IsUIDInAny
++    - overlord/snapstate: rename GetSnapState to Get, SetSnapState to
++      Set
++    - daemon: add id to changes json
++    - overlord/snapstate: SetSnapState() needs locks
++    - overlord: fix broken tests
++    - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
++      Info) actually using the state
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Apr 2016 17:27:00 +0200
++
++snapd (1.9.1.1) xenial; urgency=medium
++
++  * debian/tests/control:
++    - add git to make autopkgtest work
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 17:19:19 +0200
++
++snapd (1.9.1) xenial; urgency=medium
++
++  * Add warning about installing ubuntu-core-snapd-units on Desktop systems.
++  * Add ${misc:Depends} to ubuntu-core-snapd-units.
++  * interfaces,overlord: add support for auto-connecting plugs on
++    install
++  * fix sideloading snaps and (re)add tests for this
++  * add `ca-certificates` to the test-dependencies to fix autopkgtest
++    failure on armhf
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 14:39:57 +0200
++
++snapd (1.9) xenial; urgency=medium
++
++  * rename source and binary package to "snapd"
++  * update directory layout to final 16.04 layout
++  * use `snap` command instead of the previous `snappy`
++  * use `interface` based security
++  * use new state engine for install/update/remove
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 01:05:09 +0200
++
++ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium
++
++    - debian: update versionized ubuntu-core-launcher dependency
++    - debian: tweak desktop file dir, ship Xsession.d snip for seamless
++      integration
++    - snappy: fix hw-assign to work with per-app udev tags
++    - snappy: use $snap.$app as per-app udev tag
++    - snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
++    - snappy: add mksquashfs --no-xattrs parameter
++    - snap,snappy,systemd: kill SNAP_FULLNAME
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 10 Mar 2016 09:26:20 +0100
++
++ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium
++
++    - snappy,snap: move icon under meta/gui/
++    - debian: add snap.8 manpage
++    - debian: move snapd to /usr/lib/snappy/snapd
++    - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
++    - snappy,dirs: add support to use desktop files from inside snaps
++    - daemon: snapd API events endpoint redux
++    - interfaces/builtin: add "network" interface
++    - overlord/state: do small fixes (typo, id clashes paranoia)
++    - overlord: add first pass of the logic in StateEngine itself
++    - overlord/state: introduce Status/SetStatus on Change
++    - interfaces: support permanent security snippets
++    - overlord/state: introduce Status/SetStatus and
++      Progress/SetProgress on Task
++    - overlord/state: introduce Task and Change.NewTask
++    - many: selectively swap semantics of plugs and slots
++    - client,cmd/snap: remove useless indirection in Interfaces
++    - interfaces: maintain Plug and Slot connection details
++    - client,daemon,cmd/snap: change POST /2.0/interfaces to work with
++      lists
++    - overlord/state: introduce Change and NewChange on state to create
++      them
++    - snappy: bugfix for snap.yaml parsing to be more consistent with
++      the spec
++    - snappy,systemd: remove "ports" from snap.yaml
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 08 Mar 2016 11:24:09 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium
++
++  * rename:
++    debian/golang-snappy-dev.install ->
++       debian/golang-github-ubuntu-core-snappy-dev.install:
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:29:16 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium
++
++  * really fix typo in dependency name
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:21:39 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium
++
++  * fix typo in dependency name
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:05:36 +0100
++
++ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium
++
++    - debian: update build-depends for MIR
++    - many: implement new REST API: GET /2.0/interfaces
++    - integration-tests: properly stop snapd from branch
++    - cmd/snap: update tests for go-flags changes
++    - overlord/state: implement Lock/Unlock with implicit checkpointing
++    - overlord: split out the managers and State to their own
++      subpackages of overlord
++    - snappy: rename "migration-skill" to "old-security" and use new
++      interface names instead of skills
++    - client,cmd/snap: clarify name ambiguity in Plug or Slot
++    - overlord: start working on state engine along spec v2, have the
++      main skeleton follow that
++    - classic, oauth: update tests for change in MakeRandomString()
++    - client,cmd/snap: s/add/install/:-(
++    - interfaces,daemon: specialize Name to either Plug or Slot
++    - interfaces,interfaces/types: unify security snippet functions
++    - snapd: close the listener on Stop, to force the http.Serve loop to
++      exit
++    - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
++      explicit channel selection to rest api
++    - interfaces,daemon: rename package holding built-in interfaces
++    - integration-tests: add the first classic dimension tests
++    - client,deaemon,docs: rename skills to interfaces on the wire
++    - asserts: add identity assertion type
++    - integration-tests: add the no_proxy env var
++    - debian: update build-depends for new package names
++    - oauth: fix oauth & quoting in the oauth_signature
++    - integration-tests: remove unused field
++    - integration-tests: add the http proxy argument
++    - interfaces,interfaces/types,deamon: mass internal rename to
++      interfaces
++    - client,cmd/snap: rename skills to interfaces (part 2)
++    - arch: fix missing mapping for powerpc
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 11:00:19 +0100
++
++ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium
++
++    - integration-tests: always use the built snapd when compiling
++      binaries from branch
++    - cmd/snap: rename skills to interfaces
++    - testutil,skills/types,skills,daemon: tweak discovery of know skill
++      types
++    - docs: add docs for arm64 cross building
++    - overlord: implement basic ReadState/WriteState
++    - overlord: implement Get/Set/Copy on State
++    - integration-tests: fix dd output check
++    - integration-tests: add fromBranch config field
++    - integration-tests: use cli pkg methods in hwAssignSuite
++    - debian: do not create the snappypkg user, we don't need it anymore
++    - arch: fix build failure on s390x
++    - classic: cleanup downloaded lxd tarball
++    - cmd/snap,client,integration-tests: rename snap subcmds
++      'assert'=>'ack', 'asserts'=>'known'
++    - skills: fix broken tests builds
++    - skills,skills/types: pass slot to SlotSecuritySnippet()
++    - skills/types: teach bool-file about udev security
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 25 Feb 2016 16:17:19 +0100
++
++ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium
++
++  * New git snapshot:
++    - asserts: introduce snap-declaration
++    - cmd/snap: fix integration tests for the "cmd_asserts"
++    - integration-tests: fix fanctl output check
++    - cmd/snap: fix test failure after merging 23a64e6
++    - cmd/snap: replace skip-help with empty description
++    - docs: update security.md to match current migration-skill
++      semantics
++    - snappy: treat commands with 'daemon' field as services
++    - asserts: use more consistent names for receivers in
++      snap_asserts*.go
++    - debian: add missing golang-websocket-dev build-dependency
++    - classic: if classic fails to get created, undo the bind mounts
++    - snappy: never return nil in NewLocalSnapRepository()
++    - notifications: A simple notification system
++    - snappy: when using staging, authenticate there instead
++    - integration-tests/snapd: fix the start of the test snapd socket
++    - skills/types: use CamelCase for security names
++    - skills: add support for implicit revoke
++    - skills: add security layer
++    - integration-tests: use exec.Command wrapper for updates
++    - cmd/snap: add 'snap skills'
++    - cms/snap: add 'snap revoke'
++    - docs: add docs for skills API
++    - cmd/snap: add 'snap grant'
++    - cmd/snappy, coreconfig, daemon, snappy: move config to always be
++      bytes (in and out)
++    - overlord: start with a skeleton and stubs for Overlord,
++      StateEngine, StateJournal and managers
++    - integration-tests: skip tests affected by LP: #1544507
++    - skills/types: add bool-file
++    - po: refresh translation templates
++    - cmd/snap: add 'snap experimental remove-skill-slot'
++    - asserts: introduce device assertion
++    - cmd/snap: implemented add, remove, purge, refresh, rollback,
++      activate, deactivate
++    - cmd/snap: add 'snap experimental add-skill-slot'
++    - cmd/snap: add 'snap experimental remove-skill'
++    - cmd/snap: add tests for common skills code
++    - cmd/snap: add 'snap experimental add-skill'
++    - asserts: make assertion checkers used by db.Check modular and
++      pluggable
++    - cmd,client,daemon,caps,docs,po: remove capabilities
++    - scripts: move the script to get dependencies to a separate file
++    - asserts: make the disk layout compatible for storing more than one
++      revision
++    - cmd/snap: make the assert command options exported
++    - integration-tests: Remove the target release and channel
++    - asserts: introduce model assertion
++    - integration-tests: add exec.Cmd wrapper
++    - cmd/snap: add client test support methods
++    - cmd/snap: move key=value attribute parsing to commmon
++    - cmd/snap: apply new style consistency to "snap" commands.
++    - cmd/snap: support redirecting the client for testing
++    - cmd/snap: support testing command output
++    - snappy,daemon: remove the meta repositories abstractions
++    - cmd: add support for experimental commands
++    - cmd/snappy,daemon,snap,snappy: remove SetActive from parts
++    - cmd/snappy,daemon,snappy,snap: remove config from parts interface
++    - client: improve test data
++    - cmd: allow to construct a fresh parser
++    - cmd: don't treat help as an error
++    - cmd/snappy,snappy: remove "Details" from the repository interface
++    - asserts: check that primary keys are set when
++      Decode()ing/assembling assertions
++    - snap,snappy: refactor to remove "Install" from the Part interface
++    - client,cmd: make client.New() configurable
++    - client: enable retrieving asynchronous operation information with
++      `Client.Operation`.
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 23 Feb 2016 11:28:18 +0100
++
++ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium
++
++  * New git snapshot:
++    - integration-tests: fix the rollback error messages
++    - integration-test: use the common cli method when trying to install
++      an unexisting snap
++    - integration-tests: rename snap find test
++    - daemon: refactor makeErrorResponder()
++    - integration: add regression test for LP: #1541317
++    - integration-tests: reenable TestRollbackMustRebootToOtherVersion
++    - asserts: introduce "snap asserts" subcmd to show assertions in the
++      system db
++    - docs: fix parameter style
++    - daemon: use underscore in JSON interface
++    - client: add skills API
++    - asserts,docs/rest.md: change Encoder not to add extra newlines at
++      the end of the stream
++    - integration-tests: "snappy search" is no more, its "snap search"
++      now
++    - README, integration-tests/tests: chmod snapd.socket after manual
++      start.
++    - snappy: add default security profile if none is specified
++    - skills,daemon: add REST APIs for skills
++    - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
++    - The first step towards REST world domination: search is now done
++      via
++    - debian: remove obsolete /etc/grub.d/09_snappy on upgrade
++    - skills: provide different security snippets for skill and slot
++      side
++    - osutil: make go vet happy again
++    - snappy,systemd: use Type field in systemd.ServiceDescription
++    - skills: add basic grant-revoke methods
++    - client,daemon,asserts: expose the ability to query assertions in
++      the system db
++    - skills: add basic methods for slot handling
++    - snappy,daemon,snap: move "Uninstall" into overlord
++    - snappy: move SnapFile.Install() into Overlord.Install()
++    - integration-tests: re-enable some failover tests
++    - client: remove snaps
++    - asserts: uniform searching across trusted (account keys) and main
++      backstore
++    - asserts: introduce Decoder to parse streams of assertions and
++      Encoder to build them
++    - client: filter snaps with a search query
++    - client: pass query as well as path in client internals
++    - skills: provide different security snippets for skill and slot
++      side
++    - snappy: refactor snapYaml to remove methods on snapYaml type
++    - snappy: remove unused variable from test
++    - skills: add basic methods for skill handing
++    - snappy: remove support for meta/package.yaml and implement new
++      meta/snap.yaml
++    - snappy: add new overlord type responsible for
++      Installed/Install/Uninstall/SetActive and stub it out
++    - skills: add basic methods for type handling
++    - daemon, snappy: add find (aka search)
++    - client: filter snaps by type
++    - skills: tweak valid names and error messages
++    - skills: add special skill type for testing
++    - cmd/snapd,daemon: filter snaps by type
++    - partition: remove obsolete uEnv.txt
++    - skills: add Type interface
++    - integration-tests: fix the bootloader path
++    - asserts: introduce a memory backed assertion backstore
++    - integration-tests: get name of OS snap from bootloader
++    - cmd/snapd,daemon: filter snaps by source
++    - asserts,daemon: bump some copyright years for things that have
++      been touched in the new year
++    - skills: add the initial Repository type
++    - skills: add a name validation function
++    - client: filter snaps by source
++    - snappy: unmount the squashfs snap again if it fails to install
++    - snap: make a copy of the search uri before mutating it
++      Closes: LP#1537005
++    - cmd/snap,client,daemon,asserts: introduce "assert " snap
++      subcommand
++    - cmd/snappy, snappy: fix failover handling of the "active"
++      kernel/os snap
++    - daemon, client, docs/rest.md, snapd integration tests: move to the
++      new error response
++    - asserts: change Backstore interface, backstores can now access
++      primary key names from types
++    - asserts: make AssertionType into a real struct exposing the
++      metadata Name and PrimaryKey
++    - caps: improve bool-file sanitization
++    - asserts: fixup toolbelt to use exposed key ID.
++    - client: return by reference rather than by value
++    - asserts: exported filesystem backstores + explicit backstores
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 04 Feb 2016 16:35:31 +0100
++
++ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium
++
++  * New git snapshot
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Jan 2016 11:25:40 +0100
++
++ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium
++
++  * New upstream release:
++    - bin-path integration
++    - assertions/capability work
++    - fix squashfs based snap building
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Dec 2015 08:46:35 +0100
++
++ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium
++
++  * New upstream release:
++    - fix dependencies
++    - fix armhf builds
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 02 Dec 2015 07:46:07 +0100
++
++ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium
++
++  * New upstream release:
++    - kernel/os snap support
++    - squashfs snap support
++    - initial capabilities work
++    - initial assertitions work
++    - rest API support
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 18 Nov 2015 19:59:51 +0100
++
++ubuntu-snappy (1.6ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
++    - Fix handleAssets name normalization
++    - Run boot-ok job late (LP: #1476129)
++    - Add support for systemd socket files
++    - Add "snappy service" command
++    - Documentation improvements
++    - Many test improvements (unit and integration)
++    - Override sideload versions
++    - Go1.5 fixes
++    - Add i18n
++    - Add man-page
++    - Add .snapignore
++    - Run services that uses external ports only after the network is up
++    - Bufix in Synbootloader (LP: 1474125)
++    - Use uboot.env for boot state tracking
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 09 Sep 2015 14:20:22 +0200
++
++ubuntu-snappy (1.5ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Use O_TRUNC when copying files
++    - Added path redefinition to include test's binaries location
++    - Don't run update-grub, instead use grub.cfg from the oem
++      package
++    - Do network configuration from first boot
++    - zero size systemd of new partition made executable to
++      prevent unrecoverable boot failure
++    - Close downloaded files
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Mon, 06 Jul 2015 15:14:37 -0300
++
++ubuntu-snappy (1.4ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Allow to run the integration tests using snappy from branch
++    - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
++    - add a bunch of missing i18n.G() now that we have gettext
++    - Generate only the translators comments that start with
++      TRANSLATORS
++    - Try both clickpkg and snappypkg when dropping privs
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Thu, 02 Jul 2015 16:21:53 -0300
++
++ubuntu-snappy (1.3ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - gettext support
++    - use snappypkg user for the installed snaps
++    - switch to system-image-3.x as the system-image backend
++    - more reliable developer mode detection
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 01 Jul 2015 10:37:05 +0200
++
++ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Consider the root directory when installing and removing policies
++    - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
++      before creating the partition type
++    - In the PartitionTestSuite, remove the unnecessary patches for
++      defaultCacheDir
++    - Fix the help output of "snappy install -h"
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Wed, 17 Jun 2015 11:42:47 -0300
++
++ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Remove compatibility for click-bin-path in generated exec-wrappers
++    - Release the readme.md after parsing it
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Thu, 11 Jun 2015 23:42:49 -0300
++
++ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium
++
++  * New upstream release, including the following changes:
++    - Set all app services to restart on failure
++    - Fixes the missing oauth quoting and makes the code a bit nicer
++    - Added integrate() to set Integration to default values needed for
++      integration
++    - Moved setActivateClick to be a method of SnapPart
++    - Make unsetActiveClick a method of SnapPart
++    - Check the package.yaml for the required fields
++    - Integrate lp:snappy/selftest branch into snappy itself
++    - API to record information about the image and to check if the kernel was
++      sideloaded.
++    - Factor out update from cmd
++    - Continue updating when a sideload error is returned
++
++ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Wed, 10 Jun 2015 15:54:12 -0300
++
++ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low
++
++  * New wily upload with fix for go 1.4 syscall.Setgid() breakage
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 09 Jun 2015 10:02:04 +0200
++
++ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low
++
++  * fix symlink unpacking
++  * fix typo in apparmor rules generation
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 23 Apr 2015 16:09:56 +0200
++
++ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low
++
++  * 15.04 archive upload
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 23 Apr 2015 11:08:22 +0200
++
++ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium
++
++  * initial ubuntu archive upload
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 13 Apr 2015 22:48:13 -0500
++
++ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low
++
++  * new snapshot
++
++ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 12 Feb 2015 13:51:22 +0100
++
++ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium
++
++  * Initial packaging
++
++ -- Sergio Schvezov <sergio.schvezov@canonical.com>  Fri, 06 Feb 2015 02:25:43 -0200
diff --cc debian/compat
index 00000000,00000000..ec635144
new file mode 100644
--- /dev/null
+++ b/debian/compat
@@@ -1,0 -1,0 +1,1 @@@
++9
diff --cc debian/control
index 00000000,00000000..e100a84f
new file mode 100644
--- /dev/null
+++ b/debian/control
@@@ -1,0 -1,0 +1,124 @@@
++Source: snapd
++Section: devel
++Priority: optional
++Maintainer: Michael Hudson-Doyle <mwhudson@debian.org>
++Uploaders: Steve Langasek <vorlon@debian.org>,
++	Zygmunt Krynicki <me@zygoon.pl>,
++	Luke Faraone <lfaraone@debian.org>
++Build-Depends: autoconf,
++               automake,
++               autotools-dev,
++               bash-completion,
++               dbus,
++               debhelper (>= 9.20160709),
++               dh-apparmor,
++               dh-autoreconf,
++               dh-golang (>=1.7),
++               fakeroot,
++               gettext,
++               grub-common,
++               gnupg2,
++               golang-check.v1-dev,
++               golang-context-dev,
++               golang-dbus-dev,
++               golang-github-boltdb-bolt-dev,
++               golang-github-coreos-go-systemd-dev,
++               golang-github-juju-ratelimit-dev,
++               golang-github-gorilla-mux-dev,
++               golang-github-gosexy-gettext-dev,
++               golang-github-kr-pretty-dev,
++               golang-github-kr-text-dev,
++               golang-github-mvo5-goconfigparser-dev,
++               golang-github-seccomp-libseccomp-golang-dev,
++               golang-go,
++               golang-go-flags-dev,
++               golang-golang-x-crypto-dev,
++               golang-golang-x-net-dev,
++               golang-golang-x-xerrors-dev,
++               golang-gopkg-tomb.v2-dev (>= 0.0~git20161208.0.d5d1b58),
++               golang-yaml.v2-dev,
++               golang-gopkg-macaroon.v1-dev,
++               golang-gopkg-mgo.v2-dev,
++               golang-gopkg-retry.v1-dev,
++               golang-gopkg-tylerb-graceful.v1-dev,
++               golang-github-gosexy-gettext-dev,
++               golang-go (>=2:1.10),
++               indent,
++               libcap-dev,
++               libapparmor-dev,
++               libglib2.0-dev,
++               libseccomp-dev,
++               libudev-dev,
++               openssh-client,
++               pkg-config,
++               python3,
++               python3-docutils,
++               python3-markdown,
++               squashfs-tools,
++               tzdata,
++               udev,
++               xfslibs-dev
++Standards-Version: 3.9.8
++Homepage: https://github.com/snapcore/snapd
++Vcs-Browser: https://salsa.debian.org/debian/snapd
++Vcs-Git: https://salsa.debian.org/debian/snapd.git
++XS-Go-Import-Path: github.com/snapcore/snapd
++
++Package: golang-github-ubuntu-core-snappy-dev
++Architecture: all
++Depends: golang-github-snapcore-snapd-dev, ${misc:Depends}
++Section: oldlibs
++Description: transitional dummy package
++ This is a transitional dummy package. It can safely be removed.
++
++Package: golang-github-snapcore-snapd-dev
++Architecture: all
++Breaks: golang-github-ubuntu-core-snappy-dev (<< 2.0.6),
++        golang-snappy-dev (<< 1.7.3+20160303ubuntu4)
++Replaces: golang-github-ubuntu-core-snappy-dev (<< 2.0.6),
++          golang-snappy-dev (<< 1.7.3+20160303ubuntu4)
++Depends: ${misc:Depends}
++Description: snappy development go packages.
++ Use these to use the snappy API.
++
++Package: snapd
++Architecture: any
++Depends: adduser,
++         apparmor (>= 2.10.95-5),
++         ca-certificates,
++         gnupg1 | gnupg,
++         openssh-client,
++         squashfs-tools,
++         systemd,
++         udev,
++         ${misc:Depends},
++         ${shlibs:Depends}
++Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<= 0.0.0)
++Breaks: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<= 0.0.0), ${snapd:Breaks}
++Recommends: gnupg
++Suggests: zenity | kdialog
++Conflicts: snap (<< 2013-11-29-1ubuntu1)
++Built-Using: ${Built-Using} ${misc:Built-Using}
++Description: Daemon and tooling that enable snap packages
++ Install, configure, refresh and remove snap packages. Snaps are
++ 'universal' packages that work across many different Linux systems,
++ enabling secure distribution of the latest apps and utilities for
++ cloud, servers, desktops and the internet of things.
++ .
++ Start with 'snap list' to see installed snaps.
++
++Package: snap-confine
++Architecture: any
++Section: oldlibs
++Depends: snapd (= ${binary:Version}), ${misc:Depends}
++Description: Transitional package for snapd
++ This is a transitional dummy package. It can safely be removed.
++
++Package: ubuntu-core-launcher
++Architecture: any
++Depends: snapd (= ${binary:Version}), ${misc:Depends}
++Section: oldlibs
++Pre-Depends: dpkg (>= 1.15.7.2)
++Description: Transitional package for snapd
++ This is a transitional dummy package. It can safely be removed.
++
diff --cc debian/copyright
index 00000000,00000000..1b8c6a7d
new file mode 100644
--- /dev/null
+++ b/debian/copyright
@@@ -1,0 -1,0 +1,22 @@@
++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
++Upstream-Name: snappy
++Source: https://github.com/snapcore/snapd
++
++Files: *
++Copyright: Copyright (C) 2014,2015 Canonical, Ltd.
++License: GPL-3
++ This program is free software: you can redistribute it and/or modify it
++ under the terms of the GNU General Public License version 3, as
++ published by the Free Software Foundation.
++ .
++ This program is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranties of
++ MERCHANTABILITY, SATISFACTORY QUALITY or FITNESS FOR A PARTICULAR
++ PURPOSE.  See the applicable version of the GNU Lesser General Public
++ License for more details.
++ .
++ You should have received a copy of the GNU General Public License
++ along with this program.  If not, see <http://www.gnu.org/licenses/>.
++ .
++ On Debian systems, the complete text of the GNU General Public License
++ can be found in `/usr/share/common-licenses/GPL-3'
diff --cc debian/gbp.conf
index 00000000,00000000..2e861e7b
new file mode 100644
--- /dev/null
+++ b/debian/gbp.conf
@@@ -1,0 -1,0 +1,4 @@@
++[DEFAULT]
++debian-branch = debian
++export-dir = ../build-area
++upstream-tag = %(version)s
diff --cc debian/golang-github-snapcore-snapd-dev.install
index 00000000,00000000..1dfbabc8
new file mode 100644
--- /dev/null
+++ b/debian/golang-github-snapcore-snapd-dev.install
@@@ -1,0 -1,0 +1,1 @@@
++debian/tmp/usr/share/gocode/src/*
diff --cc debian/not-installed
index 00000000,00000000..0ee03974
new file mode 100644
--- /dev/null
+++ b/debian/not-installed
@@@ -1,0 -1,0 +1,6 @@@
++usr/bin/snap-repair
++usr/bin/snap-failure
++usr/lib/snapd/system-shutdown
++usr/bin/snap-bootstrap
++usr/bin/snap-recovery-chooser
++usr/bin/snap-preseed
diff --cc debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
index 00000000,00000000..f804931c
new file mode 100644
--- /dev/null
+++ b/debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
@@@ -1,0 -1,0 +1,78 @@@
++From cb851cfe883af568e56e50b492579b49869928ab Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 15:48:46 +0200
++Subject: [PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package
++
++Upstream snapd uses a fork that carries additional compatibility patch
++required to build snapd for Ubuntu 14.04. This patch is not required with
++the latest snapshot of the upstream seccomp golang bindings but they are
++neither released upstream nor backported (in their entirety) to Ubuntu
++14.04.
++
++The forked seccomp library is not packaged in Debian. As such, to build
++snapd, we need to switch to the regular, non-forked package name.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
++---
++ cmd/snap-seccomp/main.go             | 5 +----
++ cmd/snap-seccomp/main_test.go        | 2 +-
++ cmd/snap-seccomp/versioninfo.go      | 2 +-
++ cmd/snap-seccomp/versioninfo_test.go | 2 +-
++ 4 files changed, 4 insertions(+), 7 deletions(-)
++
++Index: snapd/cmd/snap-seccomp/main.go
++===================================================================
++--- snapd.orig/cmd/snap-seccomp/main.go
+++++ snapd/cmd/snap-seccomp/main.go
++@@ -180,10 +180,7 @@ import (
++ 	"strings"
++ 	"syscall"
++ 
++-	// FIXME: we want github.com/seccomp/libseccomp-golang but that
++-	// will not work with trusty because libseccomp-golang checks
++-	// for the seccomp version and errors if it find one < 2.2.0
++-	"github.com/mvo5/libseccomp-golang"
+++	"github.com/seccomp/libseccomp-golang"
++ 
++ 	"github.com/snapcore/snapd/arch"
++ 	"github.com/snapcore/snapd/osutil"
++Index: snapd/cmd/snap-seccomp/main_test.go
++===================================================================
++--- snapd.orig/cmd/snap-seccomp/main_test.go
+++++ snapd/cmd/snap-seccomp/main_test.go
++@@ -32,7 +32,7 @@ import (
++ 
++ 	. "gopkg.in/check.v1"
++ 
++-	"github.com/mvo5/libseccomp-golang"
+++	"github.com/seccomp/libseccomp-golang"
++ 
++ 	"github.com/snapcore/snapd/arch"
++ 	main "github.com/snapcore/snapd/cmd/snap-seccomp"
++Index: snapd/cmd/snap-seccomp/versioninfo.go
++===================================================================
++--- snapd.orig/cmd/snap-seccomp/versioninfo.go
+++++ snapd/cmd/snap-seccomp/versioninfo.go
++@@ -25,7 +25,7 @@ import (
++ 	"os"
++ 	"strings"
++ 
++-	"github.com/mvo5/libseccomp-golang"
+++	"github.com/seccomp/libseccomp-golang"
++ 
++ 	"github.com/snapcore/snapd/cmd/snap-seccomp/syscalls"
++ 	"github.com/snapcore/snapd/osutil"
++Index: snapd/cmd/snap-seccomp/versioninfo_test.go
++===================================================================
++--- snapd.orig/cmd/snap-seccomp/versioninfo_test.go
+++++ snapd/cmd/snap-seccomp/versioninfo_test.go
++@@ -25,7 +25,7 @@ import (
++ 
++ 	. "gopkg.in/check.v1"
++ 
++-	"github.com/mvo5/libseccomp-golang"
+++	"github.com/seccomp/libseccomp-golang"
++ 
++ 	main "github.com/snapcore/snapd/cmd/snap-seccomp"
++ 	"github.com/snapcore/snapd/osutil"
diff --cc debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
index 00000000,00000000..975f779d
new file mode 100644
--- /dev/null
+++ b/debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
@@@ -1,0 -1,0 +1,46 @@@
++From 24691d974797f1537897f43c8aab7d4eec69d36d Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 17:11:12 +0200
++Subject: [PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19
++
++It seems that the Debian 4.19.0-1 kernel contains a regression in
++seccomp execution. While this issue is investigated in parallel along
++with the security team, the release of updated snapd package should not
++be held by this issue.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ cmd/snap-seccomp/main_test.go | 3 +++
++ 1 file changed, 3 insertions(+)
++
++diff --git a/cmd/snap-seccomp/main_test.go b/cmd/snap-seccomp/main_test.go
++index 5c64abf52..d4ca193b2 100644
++--- a/cmd/snap-seccomp/main_test.go
+++++ b/cmd/snap-seccomp/main_test.go
++@@ -217,6 +217,7 @@ func (s *snapSeccompSuite) SetUpSuite(c *C) {
++ //   sync_file_range, and truncate64.
++ // Once we start using those. See `man syscall`
++ func (s *snapSeccompSuite) runBpf(c *C, seccompWhitelist, bpfInput string, expected int) {
+++	c.Skip(`setpriority PRIO_PROCESS 0 >=0" "setpriority;native;99`)
++ 	// Common syscalls we need to allow for a minimal statically linked
++ 	// c program.
++ 	//
++@@ -583,6 +584,7 @@ func (s *snapSeccompSuite) TestCompileBadInput(c *C) {
++ 
++ // ported from test_restrictions_working_args_socket
++ func (s *snapSeccompSuite) TestRestrictionsWorkingArgsSocket(c *C) {
+++	c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "socket AF_UNIX SOCK_STREAM" "socket;native;AF_UNIX,9999" (ran but should have failed)`)
++ 	if release.ReleaseInfo.ID == "ubuntu" && release.ReleaseInfo.VersionID == "14.04" {
++ 		c.Skip("14.04/i386 uses socketcall which cannot be tested here")
++ 	}
++@@ -643,6 +645,7 @@ func (s *snapSeccompSuite) TestRestrictionsWorkingArgsPrctl(c *C) {
++ 		}
++ 
++ 		if arg == "PR_CAP_AMBIENT" {
+++			c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "prctl PR_CAP_AMBIENT PR_CAP_AMBIENT_RAISE" "prctl;native;PR_CAP_AMBIENT,99999" (ran but should have failed)`)
++ 			for _, j := range []string{"PR_CAP_AMBIENT_RAISE", "PR_CAP_AMBIENT_LOWER", "PR_CAP_AMBIENT_IS_SET", "PR_CAP_AMBIENT_CLEAR_ALL"} {
++ 				seccompWhitelist := fmt.Sprintf("prctl %s %s", arg, j)
++ 				bpfInputGood := fmt.Sprintf("prctl;native;%s,%s", arg, j)
++-- 
++2.17.1
++
diff --cc debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
index 00000000,00000000..f6e032a0
new file mode 100644
--- /dev/null
+++ b/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
@@@ -1,0 -1,0 +1,45 @@@
++From 3b9980d774be5ae8458ed006f712e584ae0ce97d Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 17:21:22 +0200
++Subject: [PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
++
++Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
++binaries. The compilation error is:
++
++	multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
++	cannot build multi-lib syscall runner: exit status 1
++	In file included from /usr/include/errno.h:25,
++			 from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
++	/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
++	 #  include <sys/cdefs.h>
++		    ^~~~~~~~~~~~~
++	compilation terminated.
++	OK: 2 passed, 11 skipped
++
++I was unable to resolve this issue, let's disable this test until we can get to
++the bottom of it.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ cmd/snap-seccomp/main_test.go | 8 ++++++++
++ 1 file changed, 8 insertions(+)
++
++Index: snapd/cmd/snap-seccomp/main_test.go
++===================================================================
++--- snapd.orig/cmd/snap-seccomp/main_test.go
+++++ snapd/cmd/snap-seccomp/main_test.go
++@@ -192,6 +192,14 @@ func (s *snapSeccompSuite) SetUpSuite(c
++ 	// Ideally we would build for ppc64el->powerpc and arm64->armhf but
++ 	// it seems tricky to find the right gcc-multilib for this.
++ 	if arch.DpkgArchitecture() == "amd64" && s.canCheckCompatArch {
+++		// This test fails on Debian amd64
+++		// cannot build multi-lib syscall runner: exit status 1
+++		// In file included from /usr/include/errno.h:25,
+++		//                  from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
+++		// /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
+++		//  #  include <sys/cdefs.h>
+++		//             ^~~~~~~~~~~~~
+++		c.Skip(`This test fails to build on Debian amd64`)
++ 		cmd = exec.Command(cmd.Args[0], cmd.Args[1:]...)
++ 		cmd.Args = append(cmd.Args, "-m32")
++ 		for i, k := range cmd.Args {
diff --cc debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
index 00000000,00000000..659f9fe7
new file mode 100644
--- /dev/null
+++ b/debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
@@@ -1,0 -1,0 +1,132 @@@
++From cc4da7a206ef99064056f29d4882c73684b4af25 Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 17:38:41 +0200
++Subject: [PATCH 4/9] cmd/snap: skip tests depending on text wrapping
++
++Upstream snapd contains tests that check the output of various commands
++along with the --help command-line argument. The output is wrapped to
++match terminal width and for readability. The algorithm for wrapping
++has apparently changed across versions of github.com/jessevdk/go-flags.
++
++Since this test is not critical for anything it can be disabled to let
++the package build.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ cmd/snap/cmd_alias_test.go      | 1 +
++ cmd/snap/cmd_connect_test.go    | 1 +
++ cmd/snap/cmd_disconnect_test.go | 1 +
++ cmd/snap/cmd_info_test.go       | 2 ++
++ cmd/snap/cmd_interface_test.go  | 1 +
++ cmd/snap/cmd_list_test.go       | 1 +
++ cmd/snap/cmd_prefer_test.go     | 1 +
++ cmd/snap/cmd_unalias_test.go    | 1 +
++ 8 files changed, 9 insertions(+)
++
++diff --git a/cmd/snap/cmd_alias_test.go b/cmd/snap/cmd_alias_test.go
++index bede9d62b..71a7861ad 100644
++--- a/cmd/snap/cmd_alias_test.go
+++++ b/cmd/snap/cmd_alias_test.go
++@@ -29,6 +29,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestAliasHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test alias [alias-OPTIONS] [<snap.app>] [<alias>]
++ 
++diff --git a/cmd/snap/cmd_connect_test.go b/cmd/snap/cmd_connect_test.go
++index c7a85dcef..9571d735b 100644
++--- a/cmd/snap/cmd_connect_test.go
+++++ b/cmd/snap/cmd_connect_test.go
++@@ -32,6 +32,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestConnectHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test connect [connect-OPTIONS] [<snap>:<plug>] [<snap>:<slot>]
++ 
++diff --git a/cmd/snap/cmd_disconnect_test.go b/cmd/snap/cmd_disconnect_test.go
++index 6e88ed22a..1e4c9fd00 100644
++--- a/cmd/snap/cmd_disconnect_test.go
+++++ b/cmd/snap/cmd_disconnect_test.go
++@@ -31,6 +31,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestDisconnectHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test disconnect [disconnect-OPTIONS] [<snap>:<plug>] [<snap>:<slot>]
++ 
++diff --git a/cmd/snap/cmd_info_test.go b/cmd/snap/cmd_info_test.go
++index 185fd7df9..c0066300c 100644
++--- a/cmd/snap/cmd_info_test.go
+++++ b/cmd/snap/cmd_info_test.go
++@@ -352,6 +352,7 @@ installed:    2.10 (1) 1kB disabled
++ }
++ 
++ func (s *infoSuite) TestInfoWithLocalNoLicense(c *check.C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	n := 0
++ 	s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) {
++ 		switch n {
++@@ -388,6 +389,7 @@ installed:    2.10 (100) 1kB disabled
++ }
++ 
++ func (s *infoSuite) TestInfoWithChannelsAndLocal(c *check.C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	n := 0
++ 	s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) {
++ 		switch n {
++diff --git a/cmd/snap/cmd_interface_test.go b/cmd/snap/cmd_interface_test.go
++index b5e98d555..cd0a95f65 100644
++--- a/cmd/snap/cmd_interface_test.go
+++++ b/cmd/snap/cmd_interface_test.go
++@@ -32,6 +32,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestInterfaceHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test interface [interface-OPTIONS] [<interface>]
++ 
++diff --git a/cmd/snap/cmd_list_test.go b/cmd/snap/cmd_list_test.go
++index 98312c8ae..e198ebdc9 100644
++--- a/cmd/snap/cmd_list_test.go
+++++ b/cmd/snap/cmd_list_test.go
++@@ -29,6 +29,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestListHelp(c *check.C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test list [list-OPTIONS] [<snap>...]
++ 
++diff --git a/cmd/snap/cmd_prefer_test.go b/cmd/snap/cmd_prefer_test.go
++index b47cb5c43..fb9e009e7 100644
++--- a/cmd/snap/cmd_prefer_test.go
+++++ b/cmd/snap/cmd_prefer_test.go
++@@ -29,6 +29,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestPreferHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test prefer [prefer-OPTIONS] [<snap>]
++ 
++diff --git a/cmd/snap/cmd_unalias_test.go b/cmd/snap/cmd_unalias_test.go
++index e6ec99761..e1903740f 100644
++--- a/cmd/snap/cmd_unalias_test.go
+++++ b/cmd/snap/cmd_unalias_test.go
++@@ -29,6 +29,7 @@ import (
++ )
++ 
++ func (s *SnapSuite) TestUnaliasHelp(c *C) {
+++	c.Skip("the rendering of this text depends on the version of go-flags")
++ 	msg := `Usage:
++   snap.test unalias [unalias-OPTIONS] [<alias-or-snap>]
++ 
++-- 
++2.17.1
++
diff --cc debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch
index 00000000,00000000..21deddcd
new file mode 100644
--- /dev/null
+++ b/debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch
@@@ -1,0 -1,0 +1,49 @@@
++From ccb008b459fb1fce6614e33c44ee7faed9a366a2 Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 15:46:00 +0200
++Subject: [PATCH 5/9] advisor,errtracker: use upstream bolt package
++
++Upstream snapd uses a fork of the bolt package that carries additional
++patches for bugs that were discovered by snapd developers. Bolt itself
++appears to be an abandoned project and is not accepting any new patches.
++
++In various distributions the upstream bolt package may or may not have
++been patched but the forked version was definitely not packaged. As
++such, to build snapd in Debian the upstream bolt package name must be
++used.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ advisor/backend.go       | 2 +-
++ errtracker/errtracker.go | 2 +-
++ 2 files changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/advisor/backend.go b/advisor/backend.go
++index d74aa14fe..42a4ba051 100644
++--- a/advisor/backend.go
+++++ b/advisor/backend.go
++@@ -25,7 +25,7 @@ import (
++ 	"path/filepath"
++ 	"time"
++ 
++-	"github.com/snapcore/bolt"
+++	"github.com/boltdb/bolt"
++ 
++ 	"github.com/snapcore/snapd/dirs"
++ 	"github.com/snapcore/snapd/osutil"
++diff --git a/errtracker/errtracker.go b/errtracker/errtracker.go
++index d7507a9a3..1910b7d7c 100644
++--- a/errtracker/errtracker.go
+++++ b/errtracker/errtracker.go
++@@ -33,7 +33,7 @@ import (
++ 	"strings"
++ 	"time"
++ 
++-	"github.com/snapcore/bolt"
+++	"github.com/boltdb/bolt"
++ 	"gopkg.in/mgo.v2/bson"
++ 
++ 	"github.com/snapcore/snapd/arch"
++-- 
++2.17.1
++
diff --cc debian/patches/0006-systemd-disable-snapfuse-system.patch
index 00000000,00000000..2f64ff27
new file mode 100644
--- /dev/null
+++ b/debian/patches/0006-systemd-disable-snapfuse-system.patch
@@@ -1,0 -1,0 +1,30 @@@
++From d6e78fe580f612754503e0b4ffd075443cafa6fc Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 15:51:14 +0200
++Subject: [PATCH 6/9] systemd: disable snapfuse system
++
++Upstream snapd uses an elaborate hack to bundle squashfuse under the
++name snapfuse, and built as a fake go package. This component is not
++available in Debian where bundling elements is not allowed.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ systemd/systemd.go | 2 --
++ 1 file changed, 2 deletions(-)
++
++diff --git a/systemd/systemd.go b/systemd/systemd.go
++index f1863732a..d4e09a9a0 100644
++--- a/systemd/systemd.go
+++++ b/systemd/systemd.go
++@@ -33,8 +33,6 @@ import (
++ 	"sync/atomic"
++ 	"time"
++ 
++-	_ "github.com/snapcore/squashfuse"
++-
++ 	"github.com/snapcore/snapd/dirs"
++ 	"github.com/snapcore/snapd/osutil"
++ 	"github.com/snapcore/snapd/osutil/squashfs"
++-- 
++2.17.1
++
diff --cc debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
index 00000000,00000000..3fa88c6c
new file mode 100644
--- /dev/null
+++ b/debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
@@@ -1,0 -1,0 +1,285 @@@
++From b8cbff70f32d88d14b1ff4fed35d83bd99f37a3a Mon Sep 17 00:00:00 2001
++From: Zygmunt Krynicki <me@zygoon.pl>
++Date: Thu, 17 Jan 2019 16:42:35 +0200
++Subject: [PATCH 7/9] i18n: use dummy localizations to avoid dependencies
++
++Upstream snapd uses the github.com/ojii/gettext.go package for access to
++translation catalogs. This package is currently not available in Debian
++and prevents building the package. As such, replace the real
++implementation with a simple dummy one that always uses the English
++input strings.
++
++Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
++---
++ i18n/i18n.go      |  97 +++--------------------------------
++ i18n/i18n_test.go | 125 ++--------------------------------------------
++ 2 files changed, 11 insertions(+), 211 deletions(-)
++
++diff --git a/i18n/i18n.go b/i18n/i18n.go
++index fb50901a8..79f28545b 100644
++--- a/i18n/i18n.go
+++++ b/i18n/i18n.go
++@@ -19,101 +19,16 @@
++ 
++ package i18n
++ 
++-//go:generate update-pot
++-
++-import (
++-	"fmt"
++-	"os"
++-	"path/filepath"
++-	"strings"
++-
++-	"github.com/snapcore/go-gettext"
++-
++-	"github.com/snapcore/snapd/dirs"
++-	"github.com/snapcore/snapd/osutil"
++-)
++-
++-// TEXTDOMAIN is the message domain used by snappy; see dgettext(3)
++-// for more information.
++-var (
++-	TEXTDOMAIN   = "snappy"
++-	locale       gettext.Catalog
++-	translations gettext.Translations
++-)
++-
++-func init() {
++-	bindTextDomain(TEXTDOMAIN, "/usr/share/locale")
++-	setLocale("")
++-}
++-
++-func langpackResolver(baseRoot string, locale string, domain string) string {
++-	// first check for the real locale (e.g. de_DE)
++-	// then try to simplify the locale (e.g. de_DE -> de)
++-	locales := []string{locale, strings.SplitN(locale, "_", 2)[0]}
++-	for _, locale := range locales {
++-		r := filepath.Join(locale, "LC_MESSAGES", fmt.Sprintf("%s.mo", domain))
++-
++-		// look into the core snaps first for translations,
++-		// then the main system
++-		candidateDirs := []string{
++-			filepath.Join(dirs.SnapMountDir, "/core/current/", baseRoot),
++-			baseRoot,
++-		}
++-		for _, root := range candidateDirs {
++-			// ubuntu uses /usr/lib/locale-langpack and patches the glibc gettext
++-			// implementation
++-			langpack := filepath.Join(root, "..", "locale-langpack", r)
++-			if osutil.FileExists(langpack) {
++-				return langpack
++-			}
++-
++-			regular := filepath.Join(root, r)
++-			if osutil.FileExists(regular) {
++-				return regular
++-			}
++-		}
++-	}
++-
++-	return ""
++-}
++-
++-func bindTextDomain(domain, dir string) {
++-	translations = gettext.NewTranslations(dir, domain, langpackResolver)
++-}
++-
++-func setLocale(loc string) {
++-	if loc == "" {
++-		loc = os.Getenv("LC_MESSAGES")
++-		if loc == "" {
++-			loc = os.Getenv("LANG")
++-		}
++-	}
++-	// de_DE.UTF-8, de_DE@euro all need to get simplified
++-	loc = strings.Split(loc, "@")[0]
++-	loc = strings.Split(loc, ".")[0]
++-
++-	locale = translations.Locale(loc)
++-}
++-
++ // G is the shorthand for Gettext
++ func G(msgid string) string {
++-	return locale.Gettext(msgid)
++-}
++-
++-// https://www.gnu.org/software/gettext/manual/html_node/Plural-forms.html
++-// (search for 1000)
++-func ngn(d int) uint32 {
++-	const max = 1000000
++-	if d < 0 {
++-		d = -d
++-	}
++-	if d > max {
++-		return uint32((d % max) + max)
++-	}
++-	return uint32(d)
+++	return msgid
++ }
++ 
++ // NG is the shorthand for NGettext
++ func NG(msgid string, msgidPlural string, n int) string {
++-	return locale.NGettext(msgid, msgidPlural, ngn(n))
+++	if n == 1 {
+++		return msgid
+++	} else {
+++		return msgidPlural
+++	}
++ }
++diff --git a/i18n/i18n_test.go b/i18n/i18n_test.go
++index 81cb050a7..86b59f3b4 100644
++--- a/i18n/i18n_test.go
+++++ b/i18n/i18n_test.go
++@@ -20,143 +20,28 @@
++ package i18n
++ 
++ import (
++-	"io/ioutil"
++-	"os"
++-	"os/exec"
++-	"path/filepath"
++ 	"testing"
++ 
++ 	. "gopkg.in/check.v1"
++-
++-	"github.com/snapcore/snapd/dirs"
++ )
++ 
++ // Hook up check.v1 into the "go test" runner
++ func Test(t *testing.T) { TestingT(t) }
++ 
++-var mockLocalePo = []byte(`
++-msgid ""
++-msgstr ""
++-"Project-Id-Version: snappy-test\n"
++-"Report-Msgid-Bugs-To: snappy-devel@lists.ubuntu.com\n"
++-"POT-Creation-Date: 2015-06-16 09:08+0200\n"
++-"Language: en_DK\n"
++-"MIME-Version: 1.0\n"
++-"Content-Type: text/plain; charset=UTF-8\n"
++-"Content-Transfer-Encoding: 8bit\n"
++-"Plural-Forms: nplurals=2; plural=n != 1;>\n"
++-
++-msgid "plural_1"
++-msgid_plural "plural_2"
++-msgstr[0] "translated plural_1"
++-msgstr[1] "translated plural_2"
++-
++-msgid "singular"
++-msgstr "translated singular"
++-`)
++-
++-func makeMockTranslations(c *C, localeDir string) {
++-	fullLocaleDir := filepath.Join(localeDir, "en_DK", "LC_MESSAGES")
++-	err := os.MkdirAll(fullLocaleDir, 0755)
++-	c.Assert(err, IsNil)
++-
++-	po := filepath.Join(fullLocaleDir, "snappy-test.po")
++-	mo := filepath.Join(fullLocaleDir, "snappy-test.mo")
++-	err = ioutil.WriteFile(po, mockLocalePo, 0644)
++-	c.Assert(err, IsNil)
++-
++-	cmd := exec.Command("msgfmt", po, "--output-file", mo)
++-	cmd.Stdout = os.Stdout
++-	cmd.Stderr = os.Stderr
++-	err = cmd.Run()
++-	c.Assert(err, IsNil)
++-}
++-
++-type i18nTestSuite struct {
++-	origLang       string
++-	origLcMessages string
++-}
+++type i18nTestSuite struct{}
++ 
++ var _ = Suite(&i18nTestSuite{})
++ 
++-func (s *i18nTestSuite) SetUpTest(c *C) {
++-	// this dir contains a special hand-crafted en_DK/snappy-test.mo
++-	// file
++-	localeDir := c.MkDir()
++-	makeMockTranslations(c, localeDir)
++-
++-	// we use a custom test mo file
++-	TEXTDOMAIN = "snappy-test"
++-
++-	s.origLang = os.Getenv("LANG")
++-	s.origLcMessages = os.Getenv("LC_MESSAGES")
++-
++-	bindTextDomain("snappy-test", localeDir)
++-	os.Setenv("LANG", "en_DK.UTF-8")
++-	setLocale("")
++-}
++-
++-func (s *i18nTestSuite) TearDownTest(c *C) {
++-	os.Setenv("LANG", s.origLang)
++-	os.Setenv("LC_MESSAGES", s.origLcMessages)
++-}
++-
++ func (s *i18nTestSuite) TestTranslatedSingular(c *C) {
++ 	// no G() to avoid adding the test string to snappy-pot
++ 	var Gtest = G
++-	c.Assert(Gtest("singular"), Equals, "translated singular")
+++	c.Assert(Gtest("singular"), Equals, "singular")
++ }
++ 
++ func (s *i18nTestSuite) TestTranslatesPlural(c *C) {
++ 	// no NG() to avoid adding the test string to snappy-pot
++ 	var NGtest = NG
++-	c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "translated plural_1")
++-}
++-
++-func (s *i18nTestSuite) TestTranslatedMissingLangNoCrash(c *C) {
++-	setLocale("invalid")
++-
++-	// no G() to avoid adding the test string to snappy-pot
++-	var Gtest = G
++-	c.Assert(Gtest("singular"), Equals, "singular")
++-}
++-
++-func (s *i18nTestSuite) TestInvalidTextDomainDir(c *C) {
++-	bindTextDomain("snappy-test", "/random/not/existing/dir")
++-	setLocale("invalid")
++-
++-	// no G() to avoid adding the test string to snappy-pot
++-	var Gtest = G
++-	c.Assert(Gtest("singular"), Equals, "singular")
++-}
++-
++-func (s *i18nTestSuite) TestLangpackResolverFromLangpack(c *C) {
++-	root := c.MkDir()
++-	localeDir := filepath.Join(root, "/usr/share/locale")
++-	err := os.MkdirAll(localeDir, 0755)
++-	c.Assert(err, IsNil)
++-
++-	d := filepath.Join(root, "/usr/share/locale-langpack")
++-	makeMockTranslations(c, d)
++-	bindTextDomain("snappy-test", localeDir)
++-	setLocale("")
++-
++-	// no G() to avoid adding the test string to snappy-pot
++-	var Gtest = G
++-	c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d))
++-}
++-
++-func (s *i18nTestSuite) TestLangpackResolverFromCore(c *C) {
++-	origSnapMountDir := dirs.SnapMountDir
++-	defer func() { dirs.SnapMountDir = origSnapMountDir }()
++-	dirs.SnapMountDir = c.MkDir()
++-
++-	d := filepath.Join(dirs.SnapMountDir, "/core/current/usr/share/locale")
++-	makeMockTranslations(c, d)
++-	bindTextDomain("snappy-test", "/usr/share/locale")
++-	setLocale("")
++-
++-	// no G() to avoid adding the test string to snappy-pot
++-	var Gtest = G
++-	c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d))
+++	c.Assert(NGtest("plural_1", "plural_2", 0), Equals, "plural_2")
+++	c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "plural_1")
+++	c.Assert(NGtest("plural_1", "plural_2", 2), Equals, "plural_2")
++ }
++-- 
++2.17.1
++
diff --cc debian/patches/0010-man-page-sections.patch
index 00000000,00000000..dc865598
new file mode 100644
--- /dev/null
+++ b/debian/patches/0010-man-page-sections.patch
@@@ -1,0 -1,0 +1,22 @@@
++--- a/cmd/snap-discard-ns/snap-discard-ns.rst
+++++ b/cmd/snap-discard-ns/snap-discard-ns.rst
++@@ -10,7 +10,7 @@
++ :Date:   2018-10-17
++ :Copyright: Canonical Ltd.
++ :Version: 2.36
++-:Manual section: 5
+++:Manual section: 8
++ :Manual group: snappy
++ 
++ SYNOPSIS
++--- a/cmd/snapd-env-generator/snapd-env-generator.rst
+++++ b/cmd/snapd-env-generator/snapd-env-generator.rst
++@@ -10,7 +10,7 @@
++ :Date:   2018-08-31
++ :Copyright: Canonical Ltd.
++ :Version: 2.35
++-:Manual section: 7
+++:Manual section: 8
++ :Manual group: snappy
++ 
++ SYNOPSIS
diff --cc debian/patches/no-seccomp-fork.patch
index 00000000,00000000..97f6418a
new file mode 100644
--- /dev/null
+++ b/debian/patches/no-seccomp-fork.patch
@@@ -1,0 -1,0 +1,21 @@@
++Description: Do not use a fork of github.com/seccomp/libseccomp-golang
++ Upstream uses a fork of this library so it can work on Ubuntu 14.04. The
++ Debian package does not have to care about this so we can just use the
++ version from the archive.
++Author: Michael Hudson-Doyle <michael.hudson@ubuntu.com>
++Origin: vendor
++Forwarded: not-needed
++Last-Update: 2017-08-15
++---
++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
++--- a/cmd/snap-seccomp/main.go
+++++ b/cmd/snap-seccomp/main.go
++@@ -184,7 +184,7 @@
++ 	// FIXME: we want github.com/seccomp/libseccomp-golang but that
++ 	// will not work with trusty because libseccomp-golang checks
++ 	// for the seccomp version and errors if it find one < 2.2.0
++-	"github.com/mvo5/libseccomp-golang"
+++	"github.com/seccomp/libseccomp-golang"
++ 
++ 	"github.com/snapcore/snapd/arch"
++ 	"github.com/snapcore/snapd/osutil"
diff --cc debian/patches/no-snapfuse.patch
index 00000000,00000000..e5ccf55a
new file mode 100644
--- /dev/null
+++ b/debian/patches/no-snapfuse.patch
@@@ -1,0 -1,0 +1,11 @@@
++--- a/systemd/systemd.go
+++++ b/systemd/systemd.go
++@@ -33,8 +33,6 @@
++ 	"sync/atomic"
++ 	"time"
++ 
++-	_ "github.com/snapcore/squashfuse"
++-
++ 	"github.com/snapcore/snapd/dirs"
++ 	"github.com/snapcore/snapd/osutil"
++ 	"github.com/snapcore/snapd/osutil/squashfs"
diff --cc debian/patches/series
index 00000000,00000000..25176ed8
new file mode 100644
--- /dev/null
+++ b/debian/patches/series
@@@ -1,0 -1,0 +1,8 @@@
++0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
++0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
++0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
++0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
++0005-advisor-errtracker-use-upstream-bolt-package.patch
++0006-systemd-disable-snapfuse-system.patch
++0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
++0010-man-page-sections.patch
diff --cc debian/rules
index 00000000,00000000..4c82e96d
new file mode 100755
--- /dev/null
+++ b/debian/rules
@@@ -1,0 -1,0 +1,276 @@@
++#!/usr/bin/make -f
++# -*- makefile -*-
++#
++# These rules should work for any debian-ish distro that uses systemd
++# as init.  That does _not_ include Ubuntu 14.04 ("trusty"); look for
++# its own special rule file.
++#
++# Please keep the diff between that and this relatively small, even if
++# it means having suboptimal code; these need to be kept in sync by
++# sentient bags of meat.
++
++#export DH_VERBOSE=1
++export DH_OPTIONS
++export DH_GOPKG := github.com/snapcore/snapd
++#export DEB_BUILD_OPTIONS=nocheck
++export DH_GOLANG_EXCLUDES=tests
++export DH_GOLANG_GO_GENERATE=1
++
++export PATH:=${PATH}:${CURDIR}
++
++include /etc/os-release
++
++# On 18.04 the released version of apt (1.6.1) has a bug that causes
++# problem on "apt purge snapd". To ensure this won't happen add the
++# right dependency on 18.04.
++ifeq (${VERSION_ID},"18.04")
++	SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.6.3)"
++endif
++# Same as above for 18.10 just a different version.
++ifeq (${VERSION_ID},"18.10")
++	SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.7.0~alpha2)"
++endif
++
++# this is overridden in the ubuntu/14.04 release branch
++SYSTEMD_UNITS_DESTDIR="lib/systemd/system/"
++
++# The go tool does not fully support vendoring with gccgo, but we can
++# work around that by constructing the appropriate -I flag by hand.
++GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes)
++
++# Disable -buildmode=pie mode on i386 as can panics in spectacular
++# ways (LP: #1711052).
++# See also https://forum.snapcraft.io/t/artful-i386-panics/
++# Note while the panic is only on artful, that's because artful
++# detects it; the issue potentially there on older things.
++BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std
++ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),i386)
++BUILDFLAGS+= -buildmode=pie
++endif
++
++GCCGOFLAGS=
++ifeq ($(GCCGO),yes)
++GOARCH := $(shell go env GOARCH)
++GOOS := $(shell go env GOOS)
++BUILDFLAGS:=
++GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor"
++export DH_GOLANG_GO_GENERATE=0
++# workaround for https://github.com/golang/go/issues/23721
++export GOMAXPROCS=2
++endif
++
++# check if we need to include the testkeys in the binary
++TAGS=nosecboot
++ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS)))
++	TAGS+= withtestkeys
++endif
++
++DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
++
++BUILT_USING_PACKAGES=
++# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
++# DPKG_EXPORT_BUILDFLAGS = 1
++# include /usr/share/dpkg/buildflags.mk
++
++# Currently, we enable confinement for Ubuntu only, not for derivatives,
++# because derivatives may have different kernels that don't support all the
++# required confinement features and we don't to mislead anyone about the
++# security of the system.  Discuss a proper approach to this for downstreams
++# if and when they approach us.
++ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu)
++    # On Ubuntu 16.04 we need to produce a build that can be used on wide
++    # variety of systems. As such we prefer static linking over dynamic linking
++    # for stability, predicability and easy of deployment. We need to link some
++    # things dynamically though: udev has no stable IPC protocol between
++    # libudev and udevd so we need to link with it dynamically.
++    VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp --with-host-arch-triplet=$(DEB_HOST_MULTIARCH)
++ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64)
++		VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH)
++endif
++    BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
++else
++ifeq ($(shell dpkg-vendor --query Vendor),Debian)
++    VENDOR_ARGS=--enable-nvidia-multiarch
++    BUILT_USING_PACKAGES=libcap-dev
++else
++    VENDOR_ARGS=--disable-apparmor
++endif
++endif
++BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES))
++
++%:
++	dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build
++
++override_dh_fixperms:
++	dh_fixperms -Xusr/lib/snapd/snap-confine
++
++
++# The .real profile is a workaround for a bug in dpkg LP: #1673247 that causes
++# ubiquity to crash. It allows us to "move" the snap-confine profile from
++# snap-confine into snapd in a way that works with old dpkg that is in the live
++# CD image.
++#
++# Because both the usual and the .real profile describe the same binary the
++# .real profile takes priority (as it is loaded later).
++override_dh_installdeb:
++	dh_apparmor --profile-name=usr.lib.snapd.snap-confine.real -psnapd
++	dh_installdeb
++
++override_dh_clean:
++ifneq (,$(TEST_GITHUB_AUTOPKGTEST))
++	# this will be set by the GITHUB webhook to trigger a autopkgtest
++	# we only need to run "govendor sync" here and then its ready
++	(export GOPATH="/tmp/go"; \
++	  mkdir -p /tmp/go/src/github.com/snapcore/; \
++          cp -ar . /tmp/go/src/github.com/snapcore/snapd; \
++	  go get -u github.com/kardianos/govendor; \
++	  (cd /tmp/go/src/github.com/snapcore/snapd ; /tmp/go/bin/govendor sync); \
++	  cp -ar /tmp/go/src/github.com/snapcore/snapd/vendor/ .; \
++        )
++endif
++	dh_clean
++	$(MAKE) -C data clean
++	# XXX: hacky
++	$(MAKE) -C cmd distclean || true
++
++override_dh_auto_build:
++	# usually done via `go generate` but that is not supported on powerpc
++	./mkversion.sh
++	# Build golang bits
++	mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data
++	cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/
++	# exclude certain parts that won't be used by debian
++	find _build/src/$(DH_GOPKG)/cmd/snap-bootstrap -name "*.go" | grep -vE '(bootstrap_dummy\.go|options\.go)'| xargs rm -f
++	# XXX: once dh-golang understands go build tags this would not be needed
++	find _build/src/$(DH_GOPKG)/secboot/ -name "*.go" | grep -Ev '(secboot_dummy\.go|secboot\.go)' | xargs rm -f
++	# and build
++	dh_auto_build -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS)
++
++	# (static linking on powerpc with cgo is broken)
++ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc)
++	# Generate static snap-exec, snapctl and snap-update-ns - it somehow includes CGO so
++	# we must force a static build here. We need a static snap-{exec,update-ns}
++	# inside the core snap because not all bases will have a libc
++	(cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build CGO_ENABLED=0 go build $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-exec)
++	(cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build CGO_ENABLED=0 go build $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snapctl)
++	(cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build go build --ldflags '-extldflags "-static"' $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-update-ns)
++
++	# ensure we generated a static build
++	$(shell	if ldd _build/bin/snap-exec; then false "need static build"; fi)
++	$(shell	if ldd _build/bin/snap-update-ns; then false "need static build"; fi)
++	$(shell	if ldd _build/bin/snapctl; then false "need static build"; fi)
++endif
++
++	# ensure snap-seccomp is build with a static libseccomp on Ubuntu
++ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu)
++	# (static linking on powerpc with cgo is broken)
++ ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc)
++	sed -i "s|#cgo LDFLAGS:|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go
++	(cd _build/bin && GOPATH=$$(pwd)/.. CGO_LDFLAGS_ALLOW="/.*/libseccomp.a" go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-seccomp)
++	# ensure that libseccomp is not dynamically linked
++	ldd _build/bin/snap-seccomp
++	test "$$(ldd _build/bin/snap-seccomp | grep libseccomp)" = ""
++	# revert again so that the subsequent tests work
++	sed -i "s|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|#cgo LDFLAGS:|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go
++ endif
++endif
++
++	# Build C bits, sadly manually
++	cd cmd && ( autoreconf -i -f )
++	cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS))
++	$(MAKE) -C cmd all
++
++	# Generate the real systemd/dbus/env config files
++	$(MAKE) -C data all
++
++override_dh_auto_test:
++	dh_auto_test -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS)
++# a tested default (production) build should have no test keys
++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
++	# check that only the main trusted account-keys are included
++	[ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ]
++	strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$"
++	strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$"
++	# same for snap-repair
++	[ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ]
++	# common with snapd
++	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$"
++	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$"
++	# repair-root
++	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$"
++endif
++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
++	# run the snap-confine tests
++	$(MAKE) -C cmd check
++endif
++
++override_dh_install-indep:
++	# we do not need this in the package, its just needed during build
++	rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go
++	# toolbelt is not shippable
++	rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt
++	# we do not like /usr/bin/snappy anymore
++	rm -f ${CURDIR}/debian/tmp/usr/bin/snappy
++	# chrorder generator
++	rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder
++	dh_install
++
++override_dh_install-arch:
++	# we do not need this in the package, its just needed during build
++	rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go
++	# toolbelt is not shippable
++	rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt
++	# we do not like /usr/bin/snappy anymore
++	rm -f ${CURDIR}/debian/tmp/usr/bin/snappy
++	# i18n stuff
++	mkdir -p debian/snapd/usr/share
++	if [ -d share/locale ]; then \
++		cp -R share/locale debian/snapd/usr/share; \
++	fi
++	# chrorder generator
++	rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder
++
++	# Install snapd's systemd units / upstart jobs, done
++	# here instead of debian/snapd.install because the
++	# ubuntu/14.04 release branch adds/changes bits here
++	$(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \
++		SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR)
++	# We called this apps-bin-path.sh instead of snapd.sh, and
++	# it's a conf file so we're stuck with it
++	mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh
++
++	$(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp
++
++	# Rename the apparmor profile, see dh_apparmor call above for an explanation.
++	mv $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine.real
++
++	# On Ubuntu and Debian we don't need to install the apparmor helper service.
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.apparmor.service
++	rm $(CURDIR)/debian/tmp/usr/lib/snapd/snapd-apparmor
++
++	# Ouside of core we don't need to install the following files:
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.autoimport.service
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.core-fixup.service
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.failure.service
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.service
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.timer
++	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.system-shutdown.service
++	rm $(CURDIR)/debian/snapd/usr/lib/snapd/snapd.run-from-snap
++
++	dh_install
++
++override_dh_auto_install: snap.8
++	dh_auto_install -O--buildsystem=golang
++
++snap.8:
++	# fix reproducible builds as reported by:
++	#   https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/snapd.html
++	# once golang-go-flags is fixed we can remove the "sed" expression
++	$(CURDIR)/_build/bin/snap help --man | sed '1 s/^.*/.TH snap 8 "$(shell date --reference=debian/changelog +"%d %B %Y")"/' > $@
++
++override_dh_auto_clean:
++	dh_auto_clean -O--buildsystem=golang
++	rm -vf snap.8
++
++override_dh_gencontrol:
++	dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"
diff --cc debian/snap-confine.maintscript
index 00000000,00000000..16bc8774
new file mode 100644
--- /dev/null
+++ b/debian/snap-confine.maintscript
@@@ -1,0 -1,0 +1,1 @@@
++rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~
diff --cc debian/snapd.autoimport.udev
index 00000000,00000000..f06a9f3e
new file mode 100644
--- /dev/null
+++ b/debian/snapd.autoimport.udev
@@@ -1,0 -1,0 +1,3 @@@
++# probe for assertions, must run before udisks2
++ACTION=="add", SUBSYSTEM=="block" \
++    RUN+="/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/%k"
diff --cc debian/snapd.dirs
index 00000000,00000000..3add9c7a
new file mode 100644
--- /dev/null
+++ b/debian/snapd.dirs
@@@ -1,0 -1,0 +1,14 @@@
++snap
++var/cache/snapd
++usr/lib/snapd
++var/lib/snapd/apparmor/snap-confine
++var/lib/snapd/auto-import
++var/lib/snapd/desktop
++var/lib/snapd/environment
++var/lib/snapd/firstboot
++var/lib/snapd/lib/gl
++var/lib/snapd/lib/gl32
++var/lib/snapd/lib/vulkan
++var/lib/snapd/snaps/partial
++var/lib/snapd/void
++var/snap
diff --cc debian/snapd.install
index 00000000,00000000..3afdd39f
new file mode 100644
--- /dev/null
+++ b/debian/snapd.install
@@@ -1,0 -1,0 +1,39 @@@
++usr/bin/snap
++usr/bin/snapctl /usr/lib/snapd/
++
++usr/bin/snap-exec /usr/lib/snapd/
++usr/bin/snap-update-ns /usr/lib/snapd/
++usr/bin/snapd /usr/lib/snapd/
++usr/bin/snap-seccomp /usr/lib/snapd/
++
++# bash completion
++data/completion/bash/snap /usr/share/bash-completion/completions
++data/completion/bash/complete.sh /usr/lib/snapd/
++data/completion/bash/etelpmoc.sh /usr/lib/snapd/
++# zsh completion
++data/completion/zsh/_snap /usr/share/zsh/vendor-completions
++# snap/snapd version information
++data/info /usr/lib/snapd/
++# polkit actions
++data/polkit/io.snapcraft.snapd.policy /usr/share/polkit-1/actions/
++# apt hook
++data/apt/20snapd.conf /etc/apt/apt.conf.d/
++
++# snap-confine stuff
++etc/apparmor.d/usr.lib.snapd.snap-confine.real
++usr/lib/snapd/snap-device-helper
++usr/lib/snapd/snap-mgmt
++usr/lib/snapd/snap-confine
++usr/lib/snapd/snap-discard-ns
++usr/share/man/
++# for compatibility with ancient snap installs that wrote the shell based
++# wrapper scripts instead of the modern symlinks
++usr/bin/ubuntu-core-launcher
++
++# gdb helper
++usr/lib/snapd/snap-gdb-shim
++
++# use "usr/lib" here because apparently systemd looks only there
++usr/lib/systemd/system-environment-generators
++# but system generators end up in lib
++lib/systemd/system-generators
diff --cc debian/snapd.links
index 00000000,00000000..2b9a1308
new file mode 100644
--- /dev/null
+++ b/debian/snapd.links
@@@ -1,0 -1,0 +1,6 @@@
++/usr/lib/snapd/snap-device-helper  /lib/udev/snappy-app-dev
++usr/lib/snapd/snapctl usr/bin/snapctl
++
++# This should be removed once we can rely on debhelper >= 11.5:
++#     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764678
++/usr/lib/systemd/user/snapd.session-agent.socket /usr/lib/systemd/user/sockets.target.wants/snapd.session-agent.socket
diff --cc debian/snapd.lintian-overrides
index 00000000,00000000..b5be2587
new file mode 100644
--- /dev/null
+++ b/debian/snapd.lintian-overrides
@@@ -1,0 -1,0 +1,13 @@@
++# Up for discussion whether we should use this directory on Debian, or
++# patch snap to use some different mountpoint; in the meantime, override to
++# pass the NEW queue.
++snapd: non-standard-toplevel-dir snap/
++# Up for discussion whether we should use this directory on Debian, or
++# patch snap to use some different mountpoint; in the meantime, override.
++snapd: non-standard-dir-in-var var/snap/
++# snapd is a very special case which needs to tear out its self-managed
++# units on purge, we certainly would not be able to use the Debian
++# abstractions for this
++snapd: maintainer-script-calls-systemctl postrm:9
++# fortify functions aren't here because we use none of the libc functions.
++snapd: hardening-no-fortify-functions *
diff --cc debian/snapd.maintscript
index 00000000,00000000..4373efdc
new file mode 100644
--- /dev/null
+++ b/debian/snapd.maintscript
@@@ -1,0 -1,0 +1,5 @@@
++# keep mount point busy
++# we used to ship a custom grub config that is no longer needed
++rm_conffile /etc/grub.d/09_snappy 1.7.3ubuntu1
++rm_conffile /etc/ld.so.conf.d/snappy.conf 2.0.7~
++rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ snap-confine
diff --cc debian/snapd.manpages
index 00000000,00000000..b383785e
new file mode 100644
--- /dev/null
+++ b/debian/snapd.manpages
@@@ -1,0 -1,0 +1,1 @@@
++snap.8
diff --cc debian/snapd.postinst
index 00000000,00000000..ac9a4d50
new file mode 100644
--- /dev/null
+++ b/debian/snapd.postinst
@@@ -1,0 -1,0 +1,41 @@@
++#!/bin/sh
++
++set -e
++
++
++case "$1" in
++    configure)
++        # ensure /var/lib/snapd/lib/gl is cleared
++        if dpkg --compare-versions "$2" lt-nl "2.0.7"; then
++            ldconfig
++        fi
++
++        # Ensure that we undo the damage done by the snap.mount unit that was present
++        # in snapd 2.31.
++        #
++        # We found that update scripts make systemd stop inactive mount units and this
++        # in turn stops all the units that depend on it so when the snap.mount unit is
++        # stopped all the per-snap mount units gets stopped along with them.  The 2.31
++        # release was only out briefly in xenial-proposed and bionic but to keep the
++        # affected users safe let's start all the per-snap mount units so that snaps no
++        # longer appear as broken after update.
++        if dpkg --compare-versions "$2" ge-nl "2.31" && \
++                dpkg --compare-versions "$2" lt-nl "2.32"; then
++            units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
++            mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true)
++            for unit in $mounts; do
++                # ensure its really a snap mount unit or systemd unit
++                if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
++                    echo "Skipping non-snapd systemd unit $unit"
++                    continue
++                fi
++
++                echo "Starting $unit"
++                deb-systemd-invoke start "$unit" || true
++            done
++        fi
++        # Ensure that the void directory has correct permissions.
++        chmod 111 /var/lib/snapd/void
++esac
++
++#DEBHELPER#
diff --cc debian/snapd.postrm
index 00000000,00000000..373ff1f8
new file mode 100644
--- /dev/null
+++ b/debian/snapd.postrm
@@@ -1,0 -1,0 +1,130 @@@
++#!/bin/sh
++
++set -e
++
++systemctl_stop() {
++    unit="$1"
++
++    echo "Stopping unit $unit"
++    systemctl stop -q "$unit" || true
++
++    for i in $(seq 20); do
++        echo "Waiting until unit $unit is stopped [attempt $i]"
++        if ! systemctl is-active -q "$unit"; then
++            echo "$unit is stopped."
++            return
++        fi
++        sleep .1
++    done
++}
++
++if [ "$1" = "purge" ]; then
++    # Undo any bind mounts to ${SNAP_MOUNT_DIR} or /var/snap done by parallel
++    # installs or LP:#1668659
++    for mp in /snap /var/snap; do
++        if grep -q " $mp $mp" /proc/self/mountinfo; then
++            umount -l "$mp" || true
++        fi
++    done
++
++    units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
++    mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true)
++    services=$(echo "$units" | grep '^snap[-.].*\.service$' || true)
++
++    for unit in $services $mounts; do
++        # ensure its really a snap mount unit or systemd unit
++        if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
++            echo "Skipping non-snapd systemd unit $unit"
++            continue
++        fi
++
++        echo "Stopping $unit"
++        systemctl_stop "$unit"
++
++        # if it is a mount unit, we can find the snap name in the mount
++        # unit (we just ignore unit files)
++        snap=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f3 -d/)
++        rev=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f4 -d/)
++        if [ -n "$snap" ]; then
++            echo "Removing snap $snap and revision $rev"
++            # aliases
++            if [ -d /snap/bin ]; then
++                find /snap/bin -maxdepth 1 -lname "$snap" -delete
++                find /snap/bin -maxdepth 1 -lname "$snap.*" -delete
++            fi
++            # generated binaries
++            rm -f "/snap/bin/$snap"
++            rm -f "/snap/bin/$snap".*
++            # snap mount dir
++            # we pass -d (clean up loopback devices) for trusty compatibility
++            umount -d -l "/snap/$snap/$rev" 2> /dev/null || true
++            rm -rf "/snap/$snap/$rev"
++            rm -f "/snap/$snap/current"
++            # snap data dir
++            rm -rf "/var/snap/$snap/$rev"
++            rm -rf "/var/snap/$snap/common"
++            rm -f "/var/snap/$snap/current"
++            # opportunistic remove (may fail if there are still revisions left
++            for d in "/snap/$snap" "/var/snap/$snap"; do
++                if [ -d "$d" ]; then
++                    rmdir --ignore-fail-on-non-empty "$d" || true
++                fi
++            done
++            # udev rules
++            find /etc/udev/rules.d -name "*-snap.${snap}.rules" -execdir rm -f "{}" \;
++            # dbus policy files
++            if [ -d /etc/dbus-1/system.d ]; then
++                find /etc/dbus-1/system.d -name "snap.${snap}.*.conf" -execdir rm -f "{}" \;
++            fi
++            # timer and socket units
++            find /etc/systemd/system -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" | while read -r f; do
++                systemctl_stop "$(basename "$f")"
++                rm -f "$f"
++            done
++        fi
++
++        echo "Removing $unit"
++        rm -f "/etc/systemd/system/$unit"
++        rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
++    done
++
++    # generated readme files
++    rm -f "/snap/README"
++
++    echo "Final directory cleanup"
++    for d in "/snap/bin" "/snap" "/var/snap"; do
++        # Force remove due to directories for old revisions could still exist
++        rm -rf "$d"
++        if [ -d "$d" ]; then
++            echo "Cannot remove directory $d"
++        fi
++    done
++
++    echo "Discarding preserved snap namespaces"
++    # opportunistic as those might not be actually mounted
++    if [ -d /run/snapd/ns ]; then
++        if [ "$(find /run/snapd/ns/ -name "*.mnt" | wc -l)" -gt 0 ]; then
++            for mnt in /run/snapd/ns/*.mnt; do
++                umount -l "$mnt" || true
++                rm -f "$mnt"
++            done
++        fi
++        if [ "$(find /run/snapd/ns/ -name "*.fstab" | wc -l)" -gt 0 ]; then
++            for fstab in /run/snapd/ns/*.fstab; do
++                rm -f "$fstab"
++            done
++        fi
++        umount -l /run/snapd/ns/ || true
++    fi
++
++    echo "Removing extra snap-confine apparmor rules"
++    rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine
++
++    echo "Removing snapd cache"
++    rm -rf /var/cache/snapd/*
++
++    echo "Removing snapd state"
++    rm -rf /var/lib/snapd
++fi
++
++#DEBHELPER#
diff --cc debian/snapd.prerm
index 00000000,00000000..63824a2b
new file mode 100755
--- /dev/null
+++ b/debian/snapd.prerm
@@@ -1,0 -1,0 +1,37 @@@
++#!/bin/sh
++
++set -e
++
++systemctl_stop() {
++    unit="$1"
++
++    echo "Stopping unit $unit"
++    systemctl stop -q "$unit" || true
++
++    for i in $(seq 20); do
++        echo "Waiting until unit $unit is stopped [attempt $i]"
++        if ! systemctl is-active -q "$unit"; then
++            echo "$unit is stopped."
++            return
++        fi
++        sleep .1
++    done
++}
++
++if [ "$1" = "remove" ]; then
++    units=$(systemctl list-unit-files --full | grep '^snap\.' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
++    tostop=$(echo "$units" | grep -E '^snap\..*\.(service|timer|socket)$' || true)
++
++    for unit in $tostop; do
++        # ensure it's really a snap mount unit or systemd unit
++        if  ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
++            echo "Skipping non-snapd systemd unit $unit"
++            continue
++        fi
++
++        echo "Stopping $unit"
++        systemctl_stop "$unit"
++    done
++fi
++
++#DEBHELPER#
diff --cc debian/source/format
index 00000000,00000000..163aaf8d
new file mode 100644
--- /dev/null
+++ b/debian/source/format
@@@ -1,0 -1,0 +1,1 @@@
++3.0 (quilt)
diff --cc debian/source/options
index 00000000,00000000..8a90ced6
new file mode 100644
--- /dev/null
+++ b/debian/source/options
@@@ -1,0 -1,0 +1,1 @@@
++include-removal
diff --cc debian/tests/README.md
index 00000000,00000000..c32e6db3
new file mode 100644
--- /dev/null
+++ b/debian/tests/README.md
@@@ -1,0 -1,0 +1,10 @@@
++## Autopkgtest
++
++In order to run the autopkgtest suite locally you need first to generate an image:
++
++    $ adt-buildvm-ubuntu-cloud -a amd64 -r xenial -v
++
++This will create a `adt-xenial-amd64-cloud.img` file, then you can run the tests from
++the project's root with:
++
++    $ adt-run --unbuilt-tree . --- qemu ./adt-xenial-amd64-cloud.img
diff --cc debian/tests/control
index 00000000,00000000..7fce6df4
new file mode 100644
--- /dev/null
+++ b/debian/tests/control
@@@ -1,0 -1,0 +1,12 @@@
++Tests: integrationtests
++Restrictions: allow-stderr, rw-build-tree, needs-root, breaks-testbed, isolation-machine
++Depends: @builddeps@,
++         bzr,
++         ca-certificates,
++         git,
++         golang-golang-x-net-dev,
++         locales,
++         openssh-server,
++         netcat-openbsd,
++         net-tools,
++         snapd
diff --cc debian/tests/integrationtests
index 00000000,00000000..81dfd8c2
new file mode 100644
--- /dev/null
+++ b/debian/tests/integrationtests
@@@ -1,0 -1,0 +1,51 @@@
++#!/bin/sh
++
++set -ex
++
++# required for the debian adt host
++mkdir -p /etc/systemd/system/snapd.service.d/
++if [ "${http_proxy:-}" != "" ]; then
++    cat <<EOF | tee /etc/systemd/system/snapd.service.d/proxy.conf
++[Service]
++Environment=http_proxy=$http_proxy
++Environment=https_proxy=$http_proxy
++EOF
++
++    # ensure environment is updated
++    echo "http_proxy=$http_proxy" >> /etc/environment
++    echo "https_proxy=$http_proxy" >> /etc/environment
++fi
++systemctl daemon-reload
++
++# ensure we are not get killed too easily
++printf '%s\n' "-950" > /proc/$$/oom_score_adj
++
++# see what mem we have (for debugging)
++cat /proc/meminfo
++
++# ensure we can do a connect to localhost
++echo ubuntu:ubuntu|chpasswd
++sed -i 's/\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/' /etc/ssh/sshd_config
++systemctl reload sshd.service
++
++# Map snapd deb package pockets to core snap channels. This is intended to cope
++# with the autopkgtest execution when testing packages from the different pockets
++if apt -qq list snapd | grep -q -- -proposed; then
++    export SPREAD_CORE_CHANNEL=candidate
++elif apt -qq list snapd | grep -q -- -updates; then
++    export SPREAD_CORE_CHANNEL=stable
++fi
++
++# Spread will only buid with recent go
++snap install --classic go
++
++# and now run spread against localhost
++# shellcheck disable=SC1091
++. /etc/os-release
++export GOPATH=/tmp/go
++/snap/bin/go get -u github.com/snapcore/spread/cmd/spread
++/tmp/go/bin/spread -v "autopkgtest:${ID}-${VERSION_ID}-$(dpkg --print-architecture)":tests/smoke/
++
++# store journal info for inspectsion
++journalctl --sync
++journalctl -ab > "$ADT_ARTIFACTS"/journal.txt
diff --cc debian/tests/testconfig.json
index 00000000,00000000..c1669d09
new file mode 100644
--- /dev/null
+++ b/debian/tests/testconfig.json
@@@ -1,0 -1,0 +1,3 @@@
++{
++    "FromBranch": false
++}
diff --cc debian/watch
index 00000000,00000000..f24cda73
new file mode 100644
--- /dev/null
+++ b/debian/watch
@@@ -1,0 -1,0 +1,4 @@@
++version=3
++opts=filenamemangle=s/.+\/snapd_(\d\S*)\.no-vendor\.tar\.xz/snapd-\$1\.tar\.gz/,\
++uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/ \
++  https://github.com/snapcore/snapd/releases .*/snapd_(\d\S*)\.no-vendor\.tar\.xz