From: Alex Murray Date: Mon, 28 Nov 2022 10:37:00 +0000 (+0000) Subject: snapd (2.49-1+deb11u2) bullseye-security; urgency=high X-Git-Tag: archive/raspbian/2.49-1+rpi1+deb11u2^2~15 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=7eefcfb027c65f9441a42462c9c8bc2f018fec2e;p=snapd.git snapd (2.49-1+deb11u2) bullseye-security; urgency=high * SECURITY UPDATE: Local privilege escalation - snap-confine: Fix race condition in snap-confine when preparing a private tmp mount namespace for a snap - CVE-2022-3328 [dgit import unpatched snapd 2.49-1+deb11u2] --- 7eefcfb027c65f9441a42462c9c8bc2f018fec2e diff --cc debian/README.Source index 00000000,00000000..2a4c1231 new file mode 100644 --- /dev/null +++ b/debian/README.Source @@@ -1,0 -1,0 +1,35 @@@ ++# Overview ++ ++The packaging is maintained in the upstream git repo at ++ ++github.com/snapcore/snapd in the packaging/debian-sid dir ++ ++Please push any debian changes back there to make packaging ++easier. ++ ++## Release a new version ++ ++To release a new upstream version the following steps are ++recommended: ++ ++ # one time setup ++ $ git clone git@salsa.debian.org:debian/snapd ++ $ cd snapd ++ $ git remote add upstream https://github.com/snapcore/snapd ++ ++ # releasing a new version ++ $ git fetch upstream ++ $ git merge upstream/ # e.g. upstream/2.44 ++ $ cp -ar packaging/debian-sid/* debian/ ++ # ensure to git add any new files ++ # set debian/changelog to UNRELEASED ++ $ git commit -a -m 'debian: sync packaging changes from upstream' ++ # update changelog ++ $ debcommit -ar ++ $ gbp buildpackage -S -d ++ # testbuild ++ $ pbuilder-dist sid update ++ $ pbuilder-dist sid build ../build-area/snapd_.dsc ++ $ dput ftp-master ../build-area/snapd__source.changes ++ ++ -- Michael Vogt , Wed, 18 Mar 2020 13:11:03 +0100 diff --cc debian/changelog index 00000000,00000000..2499adb4 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,6330 @@@ ++snapd (2.49-1+deb11u2) bullseye-security; urgency=high ++ ++ * SECURITY UPDATE: Local privilege escalation ++ - snap-confine: Fix race condition in snap-confine when preparing a ++ private tmp mount namespace for a snap ++ - CVE-2022-3328 ++ ++ -- Alex Murray Mon, 28 Nov 2022 21:07:00 +1030 ++ ++snapd (2.49-1+deb11u1) bullseye-security; urgency=high ++ ++ * SECURITY UPDATE: local privilege escalation ++ - 0015-cve-2021-44730-44731-4120.patch: Add validations of the ++ location of the snap-confine binary within snapd. ++ - 0015-cve-2021-44730-44731-4120: Fix race condition in snap-confine ++ when preparing a private mount namespace for a snap. ++ - 0016-cve-2021-2021-44730-44731-4120-auto-remove.patch: automatic ++ remove vulnerable inactive core/snapd snaps ++ - CVE-2021-44730 ++ - CVE-2021-44731 ++ * SECURITY UPDATE: data injection from malicious snaps ++ - 0015-cve-2021-44730-44731-4120: Add validations of snap content ++ interface and layout paths in snapd ++ - CVE-2021-4120 ++ - LP: #1949368 ++ ++ -- Michael Vogt Wed, 16 Feb 2022 10:56:34 +0100 ++ ++snapd (2.49-1) unstable; urgency=high ++ ++ * New upstream release with security updates: ++ * SECURITY UPDATE: sandbox escape vulnerability for containers ++ (LP: #1910456) ++ - many: add Delegate=true to generated systemd units for special ++ interfaces ++ - interfaces/greengrass-support: back-port interface changes to ++ 2.48 ++ - CVE-2020-27352 ++ * interfaces/builtin/docker-support: allow /run/containerd/s/... ++ - This is a new path that docker 19.03.14 (with a new version of ++ containerd) uses to avoid containerd CVE issues around the unix ++ socket. See also CVE-2020-15257. ++ * debian/patches/0013-cherry-pick-pr9936.patch: ++ - cherry pick PR#9936 to use all apparmor available (closes: 923500) ++ * d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844: ++ - dropped, applied upstream ++ ++ -- Michael Vogt Wed, 24 Feb 2021 09:23:51 +0100 ++ ++snapd (2.48.2-3) unstable; urgency=medium ++ ++ * debian/patches/0012-cherry-pick-pr9844: ++ - cherry pick PR#9844 to avoid leaking of errno in snap-confine ++ tests that caused i386 to FTBFS ++ ++ -- Michael Vogt Fri, 22 Jan 2021 10:13:11 +0100 ++ ++snapd (2.48.2-2) unstable; urgency=medium ++ ++ * debian/rules: ++ - ignore usr/bin/genasset during arch-indep build too ++ ++ -- Michael Vogt Fri, 15 Jan 2021 18:32:45 +0100 ++ ++snapd (2.48.2-1) unstable; urgency=medium ++ ++ * debian/patch/0011-cherry-pick-pr9809 ++ - Cherry-pick https://github.com/snapcore/snapd/pull/9809. ++ This skips the --help output unit tests for older go-flags ++ versions. ++ * New upstream release, LP: #1906690 ++ - tests: sign new nested-18|20* models to allow for generic serials ++ - secboot: add extra paranoia when waiting for that fde-reveal-key ++ - tests: backport netplan workarounds from #9785 ++ - secboot: add workaround for snapcore/core-initrd issue #13 ++ - devicestate: log checkEncryption errors via logger.Noticef ++ - tests: add nested spread end-to-end test for fde-hooks ++ - devicestate: implement checkFDEFeatures() ++ - boot: tweak resealing with fde-setup hooks ++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- ++ init restrict file ++ - secboot: add new LockSealedKeys() that uses either TPM or ++ fde-reveal-key ++ - gadget: use "sealed-keys" to determine what method to use for ++ reseal ++ - boot: add sealKeyToModeenvUsingFdeSetupHook() ++ - secboot: use `fde-reveal-key` if available to unseal key ++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt ++ other entries ++ - o/devicestate: save model with serial in the device save db ++ - devicestate: add runFDESetupHook() helper ++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support ++ - hookstate: add new HookManager.EphemeralRunHook() ++ - update-pot: fix typo in plural keyword spec ++ - store,cmd/snap-repair: increase initial expontential time ++ intervals ++ - o/devicestate,daemon: fix reboot system action to not require a ++ system label ++ - github: run nested suite when commit is pushed to release branch ++ - tests: reset fakestore unit status ++ - tests: fix uc20-create-parition-* tests for updated gadget ++ - hookstate: implement snapctl fde-setup-{request,result} ++ - devicestate: make checkEncryption fde-setup hook aware ++ - client,snapctl: add naive support for "stdin" ++ - devicestate: support "storage-safety" defaults during install ++ - snap: use the boot-base for kernel hooks ++ - vendor: update secboot repo to avoid including secboot.test binary ++ ++ -- Michael Vogt Fri, 15 Jan 2021 09:11:00 +0100 ++ ++snapd (2.48.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1906690 ++ - gadget: disable ubuntu-boot role validation check ++ ++ -- Michael Vogt Thu, 03 Dec 2020 17:43:30 +0100 ++ ++snapd (2.48-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1904098 ++ - osutil: add KernelCommandLineKeyValue ++ - devicestate: implement boot.HasFDESetupHook ++ - boot/makebootable.go: set snapd_recovery_mode=install at image- ++ build time ++ - bootloader: use ForGadget when installing boot config ++ - interfaces/raw_usb: allow read access to /proc/tty/drivers ++ - boot: add scaffolding for "fde-setup" hook support for sealing ++ - tests: fix basic20 test on arm devices ++ - seed: make a shared seed system label validation helper ++ - snap: add new "fde-setup" hooktype ++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test ++ - secboot,cmd/snap-bootstrap: fix degraded mode cases with better ++ device handling ++ - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some ++ messiness ++ - tests/nested/manual/refresh-revert-fundamentals: temporarily ++ disable secure boot ++ - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all ++ boot modes ++ - many: address degraded recover mode feedback, cleanups ++ - tests: Use systemd-run on tests part2 ++ - tests: set the opensuse tumbleweed system as manual in spread.yaml ++ - secboot: call BlockPCRProtectionPolicies even if the TPM is ++ disabled ++ - vendor: update to current secboot ++ - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and ++ save ++ - spread.yaml: increase number of workers on 20.10 ++ - snap: add new `snap recovery --show-keys` option ++ - tests: minor test tweaks suggested in the review of 9607 ++ - snapd-generator: set standard snapfuse options when generating ++ units for containers ++ - tests: enable lxd test on ubuntu-core-20 and 16.04-32 ++ - interfaces: share /tmp/.X11-unix/ from host or provider ++ - tests: enable main lxd test on 20.10 ++ - cmd/s-b/initramfs-mounts: refactor recover mode to implement ++ degraded mode ++ - gadget/install: add progress logging ++ - packaging: keep secboot/encrypt_dummy.go in debian ++ - interfaces/udev: use distro specific path to snap-device-helper ++ - o/devistate: fix chaining of tasks related to regular snaps when ++ preseeding ++ - gadget, overlord/devicestate: validate that system supports ++ encrypted data before install ++ - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ++ ESP layout ++ - many: add /v2/system-recovery-keys API and client ++ - secboot, many: return UnlockMethod from Unlock* methods for future ++ usage ++ - many: mv keys to ubuntu-boot, move model file, rename keyring ++ prefix for secboot ++ - tests: using systemd-run instead of manually create a systemd unit ++ - part 1 ++ - secboot, cmd/snap-bootstrap: enable or disable activation with ++ recovery key ++ - secboot: refactor Unlock...IfEncrypted to take keyfile + check ++ disks first ++ - secboot: add LockTPMSealedKeys() to lock access to keys ++ independently ++ - gadget: correct sfdisk arguments ++ - bootloader/assets/grub: adjust fwsetup menuentry label ++ - tests: new boot state tool ++ - spread: use the official image for Ubuntu 20.10, no longer an ++ unstable system ++ - tests/lib/nested: enable snapd logging to console for core18 ++ - osutil/disks: re-implement partition searching for disk w/ non- ++ adjacent parts ++ - tests: using the nested-state tool in nested tests ++ - many: seal a fallback object to the recovery boot chain ++ - gadget, gadget/install: move helpers to install package, refactor ++ unit tests ++ - dirs: add "gentoo" to altDirDistros ++ - update-pot: include file locations in translation template, and ++ extract strings from desktop files ++ - gadget/many: drop usage of gpt attr 59 for indicating creation of ++ partitions ++ - gadget/quantity: tweak test name ++ - snap: fix failing unittest for quantity.FormatDuration() ++ - gadget/quantity: introduce a new package that captures quantities ++ - o/devicestate,a/sysdb: make a backup of the device serial to save ++ - tests: fix rare interaction of tests.session and specific tests ++ - features: enable classic-preserves-xdg-runtime-dir ++ - tests/nested/core20/save: check the bind mount and size bump ++ - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 ++ - tests: rename hasHooks to hasInterfaceHooks in the ifacestate ++ tests ++ - o/devicestate: unit test tweaks ++ - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save ++ - testutil, cmd/snap/version: fix misc little errors ++ - overlord/devicestate: bind mount ubuntu-save under ++ /var/lib/snapd/save on startup ++ - gadget/internal: tune ext4 setting for smaller filesystems ++ - tests/nested/core20/save: a test that verifies ubuntu-save is ++ present and set up ++ - tests: update google sru backend to support groovy ++ - o/ifacestate: handle interface hooks when preseeding ++ - tests: re-enable the apt hooks test ++ - interfaces,snap: use correct type: {os,snapd} for test data ++ - secboot: set metadata and keyslots sizes when formatting LUKS2 ++ volumes ++ - tests: improve uc20-create-partitions-reinstall test ++ - client, daemon, cmd/snap: cleanups from #9489 + more unit tests ++ - cmd/snap-bootstrap: mount ubuntu-save during boot if present ++ - secboot: fix doc comment on helper for unlocking volume with key ++ - tests: add spread test for refreshing from an old snapd and core18 ++ - o/snapstate: generate snapd snap wrappers again after restart on ++ refresh ++ - secboot: version bump, unlock volume with key ++ - tests/snap-advise-command: re-enable test ++ - cmd/snap, snapmgr, tests: cleanups after #9418 ++ - interfaces: deny connected x11 plugs access to ICE ++ - daemon,client: write and read a maintenance.json file for when ++ snapd is shut down ++ - many: update to secboot v1 (part 1) ++ - osutil/disks/mockdisk: panic if same mountpoint shows up again ++ with diff opts ++ - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the ++ reseal tests ++ - many: implement snap routine console-conf-start for synchronizing ++ auto-refreshes ++ - dirs, boot: add ubuntu-save directories and related locations ++ - usersession: fix typo in test name ++ - overlord/snapstate: refactor ihibitRefresh ++ - overlord/snapstate: stop warning about inhibited refreshes ++ - cmd/snap: do not hardcode snapshot age value ++ - overlord,usersession: initial notifications of pending refreshes ++ - tests: add a unit test for UpdateMany where a single snap fails ++ - o/snapstate/catalogrefresh.go: don't refresh catalog in install ++ mode uc20 ++ - tests: also check snapst.Current in undo-unlink tests ++ - tests: new nested tool ++ - o/snapstate: implement undo handler for unlink-snap ++ - tests: clean systems.sh helper and migrate last set of tests ++ - tests: moving the lib section from systems.sh helper to os.query ++ tool ++ - tests/uc20-create-partitions: don't check for grub.cfg ++ - packaging: make sure that static binaries are indeed static, fix ++ openSUSE ++ - many: have install return encryption keys for data and save, ++ improve tests ++ - overlord: add link participant for linkage transitions ++ - tests: lxd smoke test ++ - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- ++ seed too ++ - tests: moving main suite from systems.sh to os.query tool ++ - tests: moving the core test suite from systems.sh to os.query tool ++ - cmd/snap-confine: mask host's apparmor config ++ - o/snapstate: move setting updated SnapState after error paths ++ - tests: add value to INSTANCE_KEY/regular ++ - spread, tests: tweaks for openSUSE ++ - cmd/snap-confine: update path to snap-device-helper in AppArmor ++ profile ++ - tests: new os.query tool ++ - overlord/snapshotstate/backend: specify tar format for snapshots ++ - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested ++ UC20 ++ - client,daemon,snap: auto-import does not error on managed devices ++ - interfaces: PTP hardware clock interface ++ - tests: use tests.backup tool ++ - many: verify that unit tests work with nosecboot tag and without ++ secboot package ++ - wrappers: do not error out on read-only /etc/dbus-1/session.d ++ filesystem on core18 ++ - snapshots: import of a snapshot set ++ - tests: more output for sbuild test ++ - o/snapstate: re-order remove tasks for individual snap revisions ++ to remove current last ++ - boot: skip some unit tests when running as root ++ - o/assertstate: introduce ++ ValidationTrackingKey/ValidationSetTracking and basic methods ++ - many: allow ignoring running apps for specific request ++ - tests: allow the searching test to fail under load ++ - overlord/snapstate: inhibit startup while unlinked ++ - seed/seedwriter/writer.go: check DevModeConfinement for dangerous ++ features ++ - tests/main/sudo-env: snap bin is available on Fedora ++ - boot, overlord/devicestate: list trusted and managed assets ++ upfront ++ - gadget, gadget/install: support for ubuntu-save, create one during ++ install if needed ++ - spread-shellcheck: temporary workaround for deadlock, drop ++ unnecessary test ++ - snap: support different exit-code in the snap command ++ - logger: use strutil.KernelCommandLineSplit in ++ debugEnabledOnKernelCmdline ++ - logger: fix snapd.debug=1 parsing ++ - overlord: increase refresh postpone limit to 14 days ++ - spread-shellcheck: use single thread pool executor ++ - gadget/install,secboot: add debug messages ++ - spread-shellcheck: speed up spread-shellcheck even more ++ - spread-shellcheck: process paths from arguments in parallel ++ - tests: tweak error from tests.cleanup ++ - spread: remove workaround for openSUSE go issue ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - tests: new tests.backup tool ++ - tests: add tests.cleanup pop sub-command ++ - tests: migration of the main suite to snaps-state tool part 6 ++ - tests: fix journal-state test ++ - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc ++ recover files ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - boot, gadget, bootloader: observer preserves managed bootloader ++ configs ++ - tests/nested/manual: add uc20 grade signed cloud-init test ++ - o/snapstate/autorefresh.go: eliminate race when launching ++ autorefresh ++ - daemon,snapshotstate: do not return "size" from Import() ++ - daemon: limit reading from snapshot import to Content-Length ++ - many: set/expect Content-Length header when importing snapshots ++ - github: switch from ::set-env command to environment file ++ - tests: migration of the main suite to snaps-state tool part 5 ++ - client: cleanup the Client.raw* and Client.do* method families ++ - tests: moving main suite to snaps-state tool part 4 ++ - client,daemon,snap: use constant for snapshot content-type ++ - many: fix typos and repeated "the" ++ - secboot: fix tpm connection leak when it's not enabled ++ - many: scaffolding for snapshots import API ++ - run-checks: run spread-shellcheck too ++ - interfaces: update network-manager interface to allow ++ ObjectManager access from unconfined clients ++ - tests: move core and regression suites to snaps-state tool ++ - tests: moving interfaces tests to snaps-state tool ++ - gadget: preserve files when indicated by content change observer ++ - tests: moving smoke test suite and some tests from main suite to ++ snaps-state tool ++ - o/snapshotstate: pass set id to backend.Open, update tests ++ - asserts/snapasserts: introduce ValidationSets ++ - o/snapshotstate: improve allocation of new set IDs ++ - boot: look at the gadget for run mode bootloader when making the ++ system bootable ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - usersession/userd: separate bus name ownership from defining ++ interfaces ++ - o/snapshotstate: set snapshot set id from its filename ++ - o/snapstate: move remove-related tests to snapstate_remove_test.go ++ - desktop/notification: switch ExpireTimeout to time.Duration ++ - desktop/notification: add unit tests ++ - snap: snap help output refresh ++ - tests/nested/manual/preseed: include a system-usernames snap when ++ preseeding ++ - tests: fix sudo-env test ++ - tests: fix nested core20 shellcheck bug ++ - tests/lib: move to new directory when restoring PWD, cleanup ++ unpacked unpacked snap directories ++ - desktop/notification: add bindings for FDO notifications ++ - dbustest: fix stale comment references ++ - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, ++ drop former ++ - snap-repair: add uc20 support ++ - tests: print all the serial logs for the nested test ++ - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid ++ bug in test ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} ++ as Unknown* ++ - asserts: deserialize grouping only once in Pool.AddBatch if needed ++ - gadget: allow content observer to have opinions about a change ++ - tests: new snaps-state command - part1 ++ - o/assertstate: support refreshing any number of snap-declarations ++ - boot: use test helpers ++ - tests/core/snap-debug-bootvars: also check snap_mode ++ - many/apparmor: adjust rules for reading profile/ execing new ++ profiles for new kernel ++ - tests/core/snap-debug-bootvars: spread test for snap debug boot- ++ vars ++ - tests/lib/nested.sh: more little tweaks ++ - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - overlord: explicitly set refresh-app-awareness in tests ++ - kernel: remove "edition" from kernel.yaml and add "update" ++ - spread: drop vendor from the packed project archive ++ - boot: fix debug bootloader variables dump on UC20 systems ++ - wrappers, systemd: allow empty root dir and conditionally do not ++ pass --root to systemctl ++ - tests/nested/manual: add test for grades above signed booting with ++ testkeys ++ - tests/nested: misc robustness fixes ++ - o/assertstate,asserts: use bulk refresh to refresh snap- ++ declarations ++ - tests/lib/prepare.sh: stop patching the uc20 initrd since it has ++ been updated now ++ - tests/nested/manual/refresh-revert-fundamentals: re-enable test ++ - update-pot: ignore .go files inside .git when running xgettext-go ++ - tests: disable part of the lxd test completely on 16.04. ++ - o/snapshotstate: tweak comment regarding snapshot filename ++ - o/snapstate: improve snapshot iteration ++ - bootloader: lk cleanups ++ - tests: update to support nested kvm without reboots on UC20 ++ - tests/nested/manual/preseed: disable system-key check for 20.04 ++ image ++ - spread.yaml: add ubuntu-20.10-64 to qemu ++ - store: handle v2 error when fetching assertions ++ - gadget: resolve device mapper devices for fallback device lookup ++ - tests/nested/cloud-init-many: simplify tests and unify ++ helpers/seed inputs ++ - tests: copy /usr/lib/snapd/info to correct directory ++ - check-pr-title.py * : allow "*" in the first part of the title ++ - many: typos and small test tweak ++ - tests/main/lxd: disable cgroup combination for 16.04 that is ++ failing a lot ++ - tests: make nested signing helpers less confusing ++ - tests: misc nested changes ++ - tests/nested/manual/refresh-revert-fundamentals: disable ++ temporarily ++ - tests/lib/cla_check: default to Python 3, tweaks, formatting ++ - tests/lib/cl_check.py: use python3 compatible code ++ ++ -- Michael Vogt Thu, 19 Nov 2020 17:51:02 +0100 ++ ++snapd (2.47.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - snap: snap help output refresh ++ ++ -- Michael Vogt Thu, 08 Oct 2020 09:30:44 +0200 ++ ++snapd (2.47-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - tests: fix nested core20 shellcheck bug ++ - many/apparmor: adjust rule for reading apparmor profile for new ++ kernel ++ - snap-repair: add uc20 support ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - gadget: resolve device mapper devices for fallback device lookup ++ - secboot: add boot manager profile to pcr protection profile ++ - sysconfig,o/devicestate: mv DisableNoCloud to ++ DisableAfterLocalDatasourcesRun ++ - tests: make gadget-reseal more robust ++ - tests: skip nested images pre-configuration by default ++ - tests: fix for basic20 test running on external backend and rpi ++ - tests: improve kernel reseal test ++ - boot: adjust comments, naming, log success around reseal ++ - tests/nested, fakestore: changes necessary to run nested uc20 ++ signed/secured tests ++ - tests: add nested core20 gadget reseal test ++ - boot/modeenv: track unknown keys in Read and put back into modeenv ++ during Write ++ - interfaces/process-control: add sched_setattr to seccomp ++ - boot: with unasserted kernels reseal if there's a hint modeenv ++ changed ++ - client: bump the default request timeout to 120s ++ - configcore: do not error in console-conf.disable for install mode ++ - boot: streamline bootstate20.go reseal and tests changes ++ - boot: reseal when changing kernel ++ - cmd/snap/model: specify grade in the model command output ++ - tests: simplify ++ repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks ++ - test: improve logging in nested tests ++ - nested: add support to telnet to serial port in nested VM ++ - secboot: use the snapcore/secboot native recovery key type ++ - tests/lib/nested.sh: use more focused cloud-init config for uc20 ++ - tests/lib/nested.sh: wait for the tpm socket to exist ++ - spread.yaml, tests/nested: misc changes ++ - tests: add more checks to disk space awareness spread test ++ - tests: disk space awareness spread test ++ - boot: make MockUC20Device use a model and MockDevice more ++ realistic ++ - boot,many: reseal only when meaningful and necessary ++ - tests/nested/core20/kernel-failover: add test for failed refresh ++ of uc20 kernel ++ - tests: fix nested to work with qemu and kvm ++ - boot: reseal when updating boot assets ++ - tests: fix snap-routime-portal-info test ++ - boot: verify boot chain file in seal and reseal tests ++ - tests: use full path to test-snapd-refresh.version binary ++ - boot: store boot chains during install, helper for checking ++ whether reseal is needed ++ - boot: add call to reseal an existing key ++ - boot: consider boot chains with unrevisioned kernels incomparable ++ - overlord: assorted typos and miscellaneous changes ++ - boot: group SealKeyModelParams by model, improve testing ++ - secboot: adjust parameters to buildPCRProtectionProfile ++ - strutil: add SortedListsUniqueMergefrom the doc comment: ++ - snap/naming: upgrade TODO to TODO:UC20 ++ - secboot: add call to reseal an existing key ++ - boot: in seal.go adjust error message and function names ++ - o/snapstate: check available disk space in RemoveMany ++ - boot: build bootchains data for sealing ++ - tests: remove "set -e" from function only shell libs ++ - o/snapstate: disk space check on UpdateMany ++ - o/snapstate: disk space check with snap update ++ - snap: implement new `snap reboot` command ++ - boot: do not reorder boot assets when generating predictable boot ++ chains and other small tweaks ++ - tests: some fixes and improvements for nested execution ++ - tests/core/uc20-recovery: fix check for at least specific calls to ++ mock-shutdown ++ - boot: be consistent using bootloader.Role* consts instead of ++ strings ++ - boot: helper for generating secboot load chains from a given boot ++ asset sequence ++ - boot: tweak boot chains to support a list of kernel command lines, ++ keep track of model and kernel boot file ++ - boot,secboot: switch to expose and use snapcore/secboot load event ++ trees ++ - tests: use `nested_exec` in core{20,}-early-config test ++ - devicestate: enable cloud-init on uc20 for grade signed and ++ secured ++ - boot: add "rootdir" to baseBootenvSuite and use in tests ++ - tests/lib/cla_check.py: don't allow users.noreply.github.com ++ commits to pass CLA ++ - boot: represent boot chains, helpers for marshalling and ++ equivalence checks ++ - boot: mark successful with boot assets ++ - client, api: handle insufficient space error ++ - o/snapstate: disk space check with single snap install ++ - configcore: "service.console-conf.disable" is gadget defaults only ++ - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode ++ AppArmor profile path ++ - tests: skip udp protocol in nfs-support test on ubuntu-20.10 ++ - packaging/debian-sid: tweak code preparing _build tree ++ - many: move seal code from gadget/install to boot ++ - tests: remove workaround for cups on ubuntu-20.10 ++ - client: implement RebootToSystem ++ - many: seed.Model panics now if called before LoadAssertions ++ - daemon: add /v2/systems "reboot" action API ++ - github: run tests also on push to release branches ++ - interfaces/bluez: let slot access audio streams ++ - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with ++ new seed.ReadSystemEssential ++ - interfaces: allow snap-update-ns to read /proc/cmdline ++ - tests: new organization for nested tests ++ - o/snapstate, features: add feature flags for disk space awareness ++ - tests: workaround for cups issue on 20.10 where default printer is ++ not configured. ++ - interfaces: update cups-control and add cups for providing snaps ++ - boot: keep track of the original asset when observing updates ++ - tests: simplify and fix tests for disk space checks on snap remove ++ - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for ++ cloud.conf ++ - tests/main: mv core specific tests to core suite ++ - tests/lib/nested.sh: reset the TPM when we create the uc20 vm ++ - devicestate: rename "mockLogger" to "logbuf" ++ - many: introduce ContentChange for tracking gadget content in ++ observers ++ - many: fix partion vs partition typo ++ - bootloader: retrieve boot chains from bootloader ++ - devicestate: add tests around logging in RequestSystemAction ++ - boot: handle canceled update ++ - bootloader: tweak doc comments (thanks Samuele) ++ - seed/seedwriter: test local asserted snaps with UC20 grade signed ++ - sysconfig/cloudinit.go: add DisableNoCloud to ++ CloudInitRestrictOptions ++ - many: use BootFile type in load sequences ++ - boot,bootloader: clarifications after the changes to introduce ++ bootloader.Options.Role ++ - boot,bootloader,gadget: apply new bootloader.Options.Role ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - testutil: add checkers for symbolic link target ++ - many: refactor tpm seal parameter setting ++ - boot/bootstate20: reboot to rollback to previous kernel ++ - boot: add unit test helpers ++ - boot: observe update & rollback of trusted assets ++ - interfaces/utf: Add MIRKey to u2f devices ++ - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 ++ cloud-init tests ++ - many: check that users of BaseTest don't forget to consume ++ cleanups ++ - tests/nested/core20/tpm: verify trusted boot assets tracking ++ - github: run macOS job with Go 1.14 ++ - many: misc doc-comment changes and typo fixes ++ - o/snapstate: disk space check with InstallMany ++ - many: cloud-init cleanups from previous PR's ++ - tests: running tests on opensuse leap 15.2 ++ - run-checks: check for dirty build tree too ++ - vendor: run ./get-deps.sh to update the secboot hash ++ - tests: update listing test for "-dirty" versions ++ - overlord/devicestate: do not release the state lock when updating ++ gadget assets ++ - secboot: read kernel efi image from snap file ++ - snap: add size to the random access file return interface ++ - daemon: correctly parse Content-Type HTTP header. ++ - tests: account for apt-get on core18 ++ - cmd/snap-bootstrap/initramfs-mounts: compute string outside of ++ loop ++ - mkversion.sh: simple hack to include dirty in version if the tree ++ is dirty ++ - cgroup,snap: track hooks on system bus only ++ - interfaces/systemd: compare dereferenced Service ++ - run-checks: only check files in git for misspelling ++ - osutil: add a package doc comment (via doc.go) ++ - boot: complain about reused asset name during initial install ++ - snapstate: installSize helper that calculates total size of snaps ++ and their prerequisites ++ - snapshots: export of snapshots ++ - boot/initramfs_test.go: reset boot vars on the bootloader for each ++ iteration ++ ++ -- Michael Vogt Tue, 29 Sep 2020 17:19:13 +0200 ++ ++snapd (2.46.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - interfaces: allow snap-update-ns to read ++ /proc/cmdline ++ - github: run macOS job with Go 1.14 ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - tests: account for apt-get on core18 ++ - mkversion.sh: include dirty in version if the tree ++ is dirty ++ - interfaces/systemd: compare dereferenced Service ++ - vendor.json: update mysterious secboot SHA again ++ ++ -- Michael Vogt Fri, 04 Sep 2020 17:42:54 +0200 ++ ++snapd (2.46-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - logger: add support for setting snapd.debug=1 on kernel cmdline ++ - o/snapstate: check disk space before creating automatic snapshot ++ on remove ++ - boot, o/devicestate: observe existing recovery bootloader trusted ++ boot assets ++ - many: use transient scope for tracking apps and hooks ++ - features: add HiddenSnapFolder feature flag ++ - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 ++ too ++ - runinhibit: open the lock file in read-only mode in IsLocked ++ - cmd/s-b/initramfs-mounts: make recover -> run mode transition ++ automatic ++ - tests: update spread test for unknown plug/slot with snapctl is- ++ connected ++ - osutil: add OpenExistingLockForReading ++ - kernel: add kernel.Validate() ++ - interfaces: add vcio interface ++ - interfaces/{docker,kubernetes}-support: load overlay and support ++ systemd cgroup driver ++ - tests/lib/nested.sh: use more robust code for finding what loop ++ dev we mounted ++ - cmd/snap-update-ns: detach all bind-mounted file ++ - snap/snapenv: set SNAP_REAL_HOME ++ - packaging: umount /snap on purge in containers ++ - interfaces: misc policy updates xlvi ++ - secboot,cmd/snap-bootstrap: cross-check partitions before ++ unlocking, mounting ++ - boot: copy boot assets cache to new root ++ - gadget,kernel: add new kernel.{Info,Asset} struct and helpers ++ - o/hookstate/ctlcmd: make is-connected check whether the plug or ++ slot exists ++ - tests: find -ignore_readdir_race when scanning cgroups ++ - interfaces/many: deny arbitrary desktop files and misc from ++ /usr/share ++ - tests: use "set -ex" in prep-snapd-in-lxd.sh ++ - tests: re-enable udisks test on debian-sid ++ - cmd/snapd-generator: use PATH fallback if PATH is not set ++ - tests: disable udisks2 test on arch linux ++ - github: use latest/stable go, not latest/edge ++ - tests: remove support for ubuntu 19.10 from spread tests ++ - tests: fix lxd test wrongly tracking 'latest' ++ - secboot: document exported functions ++ - cmd: compile snap gdbserver shim correctly ++ - many: correctly calculate the desktop file prefix everywhere ++ - interfaces: add kernel-crypto-api interface ++ - corecfg: add "system.timezone" setting to the system settings ++ - cmd/snapd-generator: generate drop-in to use fuse in container ++ - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments ++ from previous PR ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - secboot,cmd/snap-bootstrap: don't import boot package from secboot ++ - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of ++ the-tool ++ - tests: work around broken update of systemd-networkd ++ - tests/main/install-fontconfig-cache-gen: enhance test by ++ verifying, add fonts to test ++ - o/devicestate: wrap asset update observer error ++ - boot: refactor such that bootStateUpdate20 mainly carries Modeenv ++ - mkversion.sh: disallow changelog versions that have git in it, if ++ we also have git version ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - snap: fix repeated "cannot list recovery system" and add test ++ - boot: track trusted assets during initial install, assets cache ++ - vendor: update secboot to fix key data validation ++ - tests: unmount FUSE file-systems from XDG runtime dir ++ - overlord/devicestate: workaround non-nil interface with nil struct ++ - sandbox/cgroup: remove temporary workaround for multiple cgroup ++ writers ++ - sandbox/cgroup: detect dangling v2 cgroup ++ - bootloader: add helper for creating a bootloader based on gadget ++ - tests: support different images on nested execution ++ - many: reorg cmd/snapinfo.go into snap and new client/clientutil ++ - packaging/arch: use external linker when building statically ++ - tests: cope with ghost cgroupv2 ++ - tests: fix issues related to restarting systemd-logind.service ++ - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to ++ gadget updates ++ - vendor: update github.com/kr/pretty to fix diffs of values with ++ pointer cycles ++ - boot: move bootloaderKernelState20 impls to separate file ++ - .github/workflows: move snap building to test.yaml as separate ++ cached job ++ - tests/nested/manual/minimal-smoke: run core smoke tests in a VM ++ meeting minimal requirements ++ - osutil: add CommitAs to atomic file ++ - gadget: introduce content update observer ++ - bootloader: introduce TrustedAssetsBootloader, implement for grub ++ - o/snapshotstate: helpers for calculating disk space needed for an ++ automatic snapshot ++ - gadget/install: retrieve command lines from bootloader ++ - boot/bootstate20: unify commit method impls, rm ++ bootState20MarkSuccessful ++ - tests: add system information and image information when debug ++ info is displayed ++ - tests/main/cgroup-tracking: try to collect some information about ++ cgroups ++ - boot: introduce current_boot_assets and ++ current_recovery_boot_assets to modeenv ++ - tests: fix for timing issues on journal-state test ++ - many: remove usage and creation of hijacked pid cgroup ++ - tests: port regression-home-snap-root-owned to tests.session ++ - tests: run as hightest via tests.session ++ - github: run CLA checks on self-hosted workers ++ - github: remove Ubuntu 19.10 from actions workflow ++ - tests: remove End-Of-Life opensuse/fedora releases ++ - tests: remove End-Of-Life releases from spread.yaml ++ - tests: fix debug section of appstream-id test ++ - interfaces: check !b.preseed earlier ++ - tests: work around bug in systemd/debian ++ - boot: add deepEqual, Copy helpers for Modeenv to simplify ++ bootstate20 refactor ++ - cmd: add new "snap recovery" command ++ - interfaces/systemd: use emulation mode when preseeding ++ - interfaces/kmod: don't load kernel modules in kmod backend when ++ preseeding ++ - interfaces/udev: do not reload udevadm rules when preseeding ++ - cmd/snap-preseed: use snapd from the deb if newer than from seeds ++ - boot: fancy marshaller for modeenv values ++ - gadget, osutil: use atomic file copy, adjust tests ++ - overlord: use new tracking cgroup for refresh app awareness ++ - github: do not skip gofmt with Go 1.9/1.10 ++ - many: introduce content write observer, install mode glue, initial ++ seal stubs ++ - daemon,many: switch to use client.ErrorKind and drop the local ++ errorKind... ++ - tests: new parameters for nested execution ++ - client: move all error kinds into errors.go and add doc strings ++ - cmd/snap: display the error in snap debug seeding if seeding is in ++ error ++ - cmd/snap/debug/seeding: use unicode for proper yaml ++ - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty ++ recovery_mode ++ - osutil/disks: add mock disk and tests for happy path of mock disks ++ - tests: refresh/revert snapd in uc20 ++ - osutil/disks: use a dedicated error to indicate a fs label wasn't ++ found ++ - interfaces/system-key: in WriteSystemKey during tests, don't call ++ ParserFeatures ++ - boot: add current recovery systems to modeenv ++ - bootloader: extend managed assets bootloader interface to compose ++ a candidate command line ++ - interfaces: make the unmarshal test match more the comment ++ - daemon/api: use pointers to time.Time for debug seeding aspect ++ - o/ifacestate: update security profiles in connect undo handler ++ - interfaces: add uinput interface ++ - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit ++ tests ++ - o/devicestate: save seeding/preseeding times for use with debug ++ seeding api ++ - cmd/snap/debug: add "snap debug seeding" command for preseeding ++ debugging ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ - bootloader: compose command line with mode and extra arguments ++ - cmd/snap, daemon: detect and bail purge on multi-snap ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - interfaces/builtin/multipass: replace U+00A0 no-break space with ++ simple space ++ - bootloader/assets: generate bootloader assets from files ++ - many/tests/preseed: reset the preseeded images before preseeding ++ them ++ - tests: drop accidental accents from e ++ - secboot: improve key sealing tests ++ - tests: replace _wait_for_file_change with retry ++ - tests: new fs-state which replaces the files.sh helper ++ - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" ++ from path ++ - cmd/snap: track started apps and hooks ++ - tests/main/interfaces-pulseaudio: disable start limit checking for ++ pulseaudio service ++ - api: seeding debug api ++ - .github/workflows/snap-build.yaml: build the snapd snap via GH ++ Actions too ++ - tests: moving journalctl.sh to a new journal-state tool ++ - tests/nested/manual: add spread tests for cloud-init vuln ++ - bootloader/assets: helpers for registering per-edition snippets, ++ register snippets for grub ++ - data,packaging,wrappers: extend D-Bus service activation search ++ path ++ - spread: add opensuse 15.2 and tumbleweed for qemu ++ - overlord,o/devicestate: restrict cloud-init on Ubuntu Core ++ - sysconfig/cloudinit: add RestrictCloudInit ++ - cmd/snap-preseed: check that target path exists and is a directory ++ on --reset ++ - tests: check for pids correctly ++ - gadget,gadget/install: refactor partition table update ++ - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState ++ type ++ - interface/fwupd: add more policies for making fwupd upstream ++ strict ++ - tests: new to-one-line tool which replaces the strings.sh helper ++ - interfaces: new helpers to get and compare system key, for use ++ with seeding debug api ++ - osutil, many: add helper for checking whether the process is a go ++ test binary ++ - cmd/snap-seccomp/syscalls: add faccessat2 ++ - tests: adjust xdg-open after launcher changes ++ - tests: new core config helper ++ - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- ++ open ++ - cmd/snap-preseed: handle relative chroot path ++ - snapshotstate: move sizer to osutil.Sizer() ++ - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref ++ kernel tests ++ - gadget/install,secboot: use snapcore/secboot luks2 api ++ - boot/initramfs_test.go: add Commentf to more Assert()'s ++ - tests/lib: account for changes in arch package file name extension ++ - bootloader/bootloadertest: fix comment typo ++ - bootloader: add helper for getting recovery system environment ++ variables ++ - tests: preinstall shellcheck and run tests on focal ++ - strutil: add a helper for parsing kernel command line ++ - osutil: add CheckFreeSpace helper ++ - secboot: update tpm connection error handling ++ - packaging, cmd/snap-mgmt, tests: remove modules files on purge ++ - tests: add tests.cleanup helper ++ - packaging: add "ca-certificates" to build-depends ++ - tests: more checks in core20 early config spread test ++ - tests: fix some snapstate tests to use pointers for ++ snapmgrTestSuite ++ - boot: better naming of helpers for obtaining kernel command line ++ - many: use more specific check for unit test mocking ++ - systemd/escape: fix issues with "" and "\t" handling ++ - asserts: small improvements and corrections for sequence-forming ++ assertions' support ++ - boot, bootloader: query kernel command line of run mod and ++ recovery mode systems ++ - snap/validate.go: disallow snap layouts with new top-level ++ directories ++ - tests: allow to add a new label to run nested tests as part of PR ++ validation ++ - tests/core/gadget-update-pc: port to UC20 ++ - tests: improve nested tests flexibility ++ - asserts: integer headers: disallow prefix zeros and make parsing ++ more uniform ++ - asserts: implement Database.FindSequence ++ - asserts: introduce SequenceMemberAfter in the asserts backstores ++ - spread.yaml: remove tests/lib/tools from PATH ++ - overlord: refuse to install snaps whose activatable D-Bus services ++ conflict with installed snaps ++ - tests: shorten lxd-state undo-mount-changes ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - tests: fix argument handling of apt-state ++ - tests: rename lxd-tool to lxd-state ++ - tests: rename user-tool to user-state, fix --help ++ - interfaces: add gconf interface ++ - sandbox/cgroup: avoid parsing security tags twice ++ - tests: rename version-tool to version-compare ++ - cmd/snap-update-ns: handle anomalies better ++ - tests: fix call to apt.Package.mark_install(auto_inst=True) ++ - tests: rename mountinfo-tool to mountinfo.query ++ - tests: rename memory-tool to memory-observe-do ++ - tests: rename invariant-tool to tests.invariant ++ - tests: rename apt-tool to apt-state ++ - many: managed boot config during run mode setup ++ - asserts: introduce the concept of sequence-forming assertion types ++ - tests: tweak comments/output in uc20-recovery test ++ - tests/lib/pkgdb: do not use quiet when purging debs ++ - interfaces/apparmor: allow snap-specific /run/lock ++ - interfaces: add system-source-code for access to /usr/src ++ - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data ++ - gadget/install: move udev trigger to gadget/install ++ - many: make nested spread tests more reliable ++ - tests/core/uc20-recovery: apply hack to get gopath in recover mode ++ w/ external backend ++ - tests: enable tests on uc20 which now work with the real model ++ assertion ++ - tests: enable system-snap-refresh test on uc20 ++ - gadget, bootloader: preserve managed boot assets during gadget ++ updates ++ - tests: fix leaked dbus-daemon in selinux-clean ++ - tests: add servicestate.Control tests ++ - tests: fix "restart.service" ++ - wrappers: helper for enabling services - extract and move enabling ++ of services into a helper ++ - tests: new test to validate refresh and revert of kernel and ++ gadget on uc20 ++ - tests/lib/prepare-restore: collect debug info when prepare purge ++ fails ++ - bootloader: allow managed bootloader to update its boot config ++ - tests: Remove unity test from nightly test suite ++ - o/devicestate: set mark-seeded to done in the task itself ++ - tests: add spread test for disconnect undo caused by failing ++ disconnect hook ++ - sandbox/cgroup: allow discovering PIDs of given snap ++ - osutil/disks: support IsDecryptedDevice for mountpoints which are ++ dm devices ++ - osutil: detect autofs mounted in /home ++ - spread.yaml: allow amazon-linux-2-64 qemu with ++ ec2-user/ec2-user ++ - usersession: support additional zoom URL schemes ++ - overlord: mock timings.DurationThreshold in TestNewWithGoodState ++ - sandbox/cgroup: add tracking helpers ++ - tests: detect stray dbus-daemon ++ - overlord: refuse to install snaps providing user daemons on Ubuntu ++ 14.04 ++ - many: move encryption and installer from snap-boostrap to gadget ++ - o/ifacestate: fix connect undo handler ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - bootloader: introduce managed bootloader, implement for grub ++ - tests: fix incorrect check in smoke/remove test ++ - asserts,seed: split handling of essential/not essential model ++ snaps ++ - gadget: fix typo in mounted filesystem updater ++ - gadget: do only one mount point lookup in mounted fs updater ++ - tests/core/snap-auto-mount: try to make the test more robust ++ - tests: adding ubuntu-20.04 to google-sru backend ++ - o/servicestate: add updateSnapstateServices helper ++ - bootloader: pull recovery grub config from internal assets ++ - tests/lib/tools: apply linger workaround when needed ++ - overlord/snapstate: graceful handling of denied "managed" refresh ++ schedule ++ - snapstate: fix autorefresh from classic->strict ++ - overlord/configstate: add system.kernel.printk.console-loglevel ++ option ++ - tests: fix assertion disk handling for nested UC systems ++ - snapstate: use testutil.HostScaledTimeout() in snapstate tests ++ - tests: extra worker for google-nested backend to avoid timeout ++ error on uc20 ++ - snapdtool: helper to check whether the current binary is reexeced ++ from a snap ++ - tests: mock servicestate in api tests to avoid systemctl checks ++ - many: rename back snap.Info.GetType to Type ++ - tests/lib/cla_check: expect explicit commit range ++ - osutil/disks: refactor diskFromMountPointImpl a bit ++ - o/snapstate: service-control task handler ++ - osutil: add disks pkg for associating mountpoints with ++ disks/partitions ++ - gadget,cmd/snap-bootstrap: move partitioning to gadget ++ - seed: fix LoadEssentialMeta when gadget is not loaded ++ - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo ++ secure_path ++ - asserts: introduce new assertion validation-set ++ - asserts,daemon: add support for "serials" field in system-user ++ assertion ++ - data/sudo: drop a failed sudo secure_path workaround ++ - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat ++ - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg ++ - spread.yaml: update secure boot attribute name ++ - interfaces/block_devices: add NVMe subsystem devices, support ++ multipath paths ++ - tests: use the "jq" snap from the edge channel ++ - tests: simplify the tpm test by removing the test-snapd-mokutil ++ snap ++ - boot/bootstate16.go: clean snap_try_* vars when not in Trying ++ status too ++ - tests/main/sudo-env: check snap path under sudo ++ - tests/main/lxd: add test for snaps inside nested lxd containers ++ not working ++ - asserts/internal: expand errors about invalid serialized grouping ++ labels ++ - usersession/userd: add msteams url support ++ - tests/lib/prepare.sh: adjust comment about sgdisk ++ - tests: fix how gadget pc is detected when the snap does not exist ++ and ls fails ++ - tests: move a few more tests to snapstate_update_test.go ++ - tests/main: add spread test for running svc from install hook ++ - tests/lib/prepare: increase the size of the uc16/uc18 partitions ++ - tests/special-home-can-run-classic-snaps: re-enable ++ - workflow: test PR title as part of the static checks again ++ - tests/main/xdg-open-compat: backup and restore original xdg-open ++ - tests: move update-related tests to snapstate_update_test.go ++ - cmd,many: move Version and bits related to snapd tools to ++ snapdtool, merge cmdutil ++ - tests/prepare-restore.sh: reset-failed systemd-journald before ++ restarting ++ - interfaces: misc small interface updates ++ - spread: use find rather than recursive ls, skip mounted snaps ++ - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls ++ /var/lib/snapd ++ - tests: enable snap-auto-mount test on core20 ++ - cmd/snap: do not show $PATH warning when executing under sudo on a ++ known distro ++ - asserts/internal: add some iteration benchmarks ++ - sandbox/cgroup: improve pid parsing code ++ - snap: add new `snap run --experimental-gdbserver` option ++ - asserts/internal: limit Grouping size switching to a bitset ++ representationWe don't always use the bit-set representation ++ because: ++ - snap: add an activates-on property to apps for D-Bus activation ++ - dirs: delete unused Cloud var, fix typo ++ - sysconfig/cloudinit: make callers of DisableCloudInit use ++ WritableDefaultsDir ++ - tests: fix classic ubuntu core transition auth ++ - tests: fail in setup_reflash_magic() if there is snapd state left ++ - tests: port interfaces-many-core-provided to tests.session ++ - tests: wait after creating partitions with sfdisk ++ - bootloader: introduce bootloarder assets, import grub.cfg with an ++ edition marker ++ - riscv64: bump timeouts ++ - gadget: drop dead code, hide exports that are not used externally ++ - tests: port 2 uc20 part1 ++ - tests: fix bug waiting for snap command to be ready ++ - tests: move try-related tests to snapstate_try_test.go ++ - tests: add debug for 20.04 prepare failure ++ - travis.yml: removed, all our checks run in GH actions now ++ - tests: clean up up the use of configcoreSuite in the configcore ++ tests ++ - sandbox/cgroup: remove redundant pathOfProcPidCgroup ++ - sandbox/cgroup: add tests for ParsePids ++ - tests: fix the basic20 test for uc20 on external backend ++ - tests: use configcoreSuite in journalSuite and remove some ++ duplicated code ++ - tests: move a few more tests to snapstate_install_test ++ - tests: assorted small patches ++ - dbusutil/dbustest: separate license from package ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ - tests: check that host settings like hostname are settable on core ++ - tests: port xdg-settings test to tests.session ++ - tests: port snap-handle-link test to tests.session ++ - arch: add riscv64 ++ - tests: core20 early defaults spread test ++ - tests: move install tests from snapstate_test.go to ++ snapstate_install_test.go ++ - github: port macOS sanity checks from travis ++ - data/selinux: allow checking /var/cache/app-info ++ - o/devicestate: core20 early config from gadget defaults ++ - tests: autoremove after removing lxd in preseed-lxd test ++ - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot ++ - sandbox/cgroup: move FreezerCgroupDir from dirs.go ++ - tests: update the file used to detect the boot path on uc20 ++ - spread.yaml: show /var/lib/snapd in debug ++ - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + ++ netplan files ++ - snap/naming: add helpers to parse app and hook security tags ++ - tests: modernize retry tool ++ - tests: fix and trim debug section in xdg-open-portal ++ - tests: modernize and use snapd.tool ++ - vendor: update to latest github.com/snapcore/bolt for riscv64 ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - interfaces/system-packages-doc: fix typo in variable names ++ - tests: port interfaces-calendar-service to tests.session ++ - tests: install/run the lzo test snap too ++ - snap: (small) refactor of `snap download` code for ++ testing/extending ++ - data: fix shellcheck warnings in snapd.sh.in ++ - packaging: disable buildmode=pie for riscv64 ++ - tests: install test-snapd-rsync snap from edge channel ++ - tests: modernize tests.session and port everything using it ++ - tests: add ubuntu 20.10 to spread tests ++ - cmd/snap/remove: mention snap restore/automatic snapshots ++ - dbusutil: move all D-Bus helpers and D-Bus test helpers ++ - wrappers: pass 'disable' flag to StopServices wrapper ++ - osutil: enable riscv64 build ++ - snap/naming: add ParseSecurityTag and friends ++ - tests: port document-portal-activation to session-tool ++ - bootloader: rename test helpers to reflect we are mocking EFI boot ++ locations ++ - tests: disable test of nfs v3 with udp proto on debian-sid ++ - tests: plan to improve the naming and uniformity of utilities ++ - tests: move *-tool tests to their own suite ++ - snap-bootstrap: remove sealed key file on reinstall ++ - bootloader/ubootenv: don't panic with an empty uboot env ++ - systemd: rename actualFsTypeAndMountOptions to ++ hostFsTypeAndMountOptions ++ - daemon: fix filtering of service-control changes for snap.app ++ - tests: spread test for preseeding in lxd container ++ - tests: fix broken snapd.session agent.socket ++ - wrappers: add RestartServices function and ReloadOrRestart to ++ systemd ++ - o/cmdstate: handle ignore flag on exec-command tasks ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - tests: update statx test to run on all LTS releases ++ - configcore: show better error when disabling services ++ - interfaces: add hugepages-control ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases ++ - tests: skip interfaces-openvswitch for centos 8 in nightly suite ++ - tests: reload systemd --user for root, if present ++ - tests: reload systemd after editing /etc/fstab ++ - tests: add missing dependencies needed for sbuild test on debian ++ - tests: reload systemd after removing pulseaudio ++ - image, tests: core18 early config. ++ - interfaces: add system-packages-doc interface ++ - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when ++ preseeding ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: improve oom-vitality tests ++ - tests: add fedora 32 to spread.yaml ++ - config: apply vitality-hint immediately when the config changes ++ - tests: port snap-routine-portal-info to session-tool ++ - configcore: add "service.console-conf.disable" config option ++ - tests: port xdg-open to session-tool ++ - tests: port xdg-open-compat to session-tool ++ - tests: port interfaces-desktop-* to session-tool ++ - spread.yaml: apply yaml formatter/linter ++ - tests: port interfaces-wayland to session-tool ++ - o/devicestate: refactor current system handling ++ - snap-mgmt: perform cleanup of user services ++ - snap/snapfile,squashfs: followups from 8729 ++ - boot, many: require mode in modeenv ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests: log stderr from dbus-monitor ++ - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers ++ tag ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - data/selinux: allow snapd to remove/create the its socket ++ - testutil/exec.go: set PATH after running shellcheck ++ - tests: silence stderr from dbus-monitor ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - github: remove workaround for bug 133 in actions/cache ++ - tests: remove dbus.sh ++ - cmd/snap-preseed: improve mountpoint checks of the preseeded ++ chroot ++ - spread.yaml: add ps aux to debug section ++ - github: run all spread systems in a single go with cached results ++ - test: session-tool cli tweaks ++ - asserts: rest of the Pool API ++ - tests: port interfaces-network-status-classic to session-tool ++ - packaging: remove obsolete 16.10,17.04 symlinks ++ - tests: setup portals before starting user session ++ - o/devicestate: typo fix ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - cmd/snap/model: support store, system-user-authority keys in ++ --verbose ++ - o/devicestate: raise conflict when requesting system action while ++ seeding ++ - tests: detect signs of crashed snap-confine ++ - tests: sign kernel and gadget to run nested tests using current ++ snapd code ++ - tests: remove gnome-online-accounts we install ++ - tests: fix the issue where all the tests were executed on secboot ++ system ++ - tests: port interfaces-accounts-service to session-tool ++ - interfaces/network-control: bring /var/lib/dhcp from host ++ - image,cmd/snap,tests: add support for store-wide cohort keys ++ - configcore: add nomanagers buildtag for conditional build ++ - tests: port interfaces-password-manager-service to session-tool ++ - o/devicestate: cleanup system actions supported by recover mode ++ - snap-bootstrap: remove create-partitions and update tests ++ - tests: fix nested tests ++ - packaging/arch: update PKGBUILD to match one in AUR ++ - tests: port interfaces-location-control to session-tool ++ - tests: port interfaces-contacts-service to session-tool ++ - state: log task errors in the journal too ++ - o/devicestate: change how current system is reported for different ++ modes ++ - devicestate: do not report "ErrNoState" for seeded up ++ - tests: add a note about broken test sequence ++ - tests: port interfaces-autopilot-introspection to session-tool ++ - tests: port interfaces-dbus to session-tool ++ - packaging: update sid packaging to match 16.04+ ++ - tests: enable degraded test on uc20 ++ - c/snaplock/runinhibit: add run inhibition operations ++ - tests: detect and report root-owned files in /home ++ - tests: reload root's systemd --user after snapd tests ++ - tests: test registration with serial-authority: [generic] ++ - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- ++ key in recover ++ - tests/mount-ns: stop binfmt_misc mount unit ++ - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition ++ uuid if available ++ - daemon, tests: indicate system mode, test switching to recovery ++ and back to run ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - tests/mount-ns: update to reflect new UEFI boot mode ++ - usersession,tests: clean ups for userd/settings.go and move ++ xdgopenproxy under usersession ++ - tests: disable mount-ns test ++ - tests: test user belongs to systemd-journald, on core20 ++ - tests: run core/snap-set-core-config on uc20 too ++ - tests: remove generated session-agent units ++ - sysconfig: use new _writable_defaults dir to create cloud config ++ - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for ++ future work ++ - asserts: make clearer that with label we mean a serialized label ++ - cmd/snap-bootstrap: tweak recovery trigger log messages ++ - asserts: introduce PoolTo ++ - userd: allow setting default-url-scheme-handler ++ - secboot: append uuid to ubuntu-data when decrypting ++ - o/configcore: pass extra options to FileSystemOnlyApply ++ - tests: add dbus-user-session to bionic and reorder package names ++ - boot, bootloader: adjust comments, expand tests ++ - tests: improve debugging of user session agent tests ++ - packaging: add the inhibit directory ++ - many: add core.resiliance.vitality-hint config setting ++ - tests: test adjustments and fixes for recently published images ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to ++ secboot ++ - tests: not fail when boot dir cannot be determined ++ - tests: new directory used to store the cloud images on gce ++ - tests: inject snapd from edge into seeds of the image in manual ++ preseed test ++ - usersession/agent,wrappers: fix races between Shutdown and Serve ++ - tests: add dependency needed for next upgrade of bionic ++ - tests: new test user is used for external backend ++ - cmd/snap: fix the order of positional parameters in help output ++ - tests: don't create root-owned things in ~test ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - progress: tweak multibyte label unit test data ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data ++ - wrappers: allow user mode systemd daemons ++ - progress: fix progress bar with multibyte duration units ++ - tests: fix raciness in pulseaudio test ++ - asserts/internal: introduce Grouping and Groupings ++ - tests: remove user.sh ++ - tests: pair of follow-ups from earlier reviews ++ - overlord/snapstate: warn of refresh/postpone events ++ - configcore,tests: use daemon-reexec to apply watchdog config ++ - c/snap-bootstrap: check mount states via initramfsMountStates ++ - store: implement DownloadAssertions ++ - tests: run smoke test with different bases ++ - tests: port user-mounts test to session-tool ++ - store: handle error-list in fetch-assertions results ++ - tests: port interfaces-audio-playback-record to session-tool ++ - data/completion: add `snap` command completion for zsh ++ - tests/degraded: ignore failure in systemd-vconsole-setup.service ++ - image: stub implementation of image.Prepare for darwin ++ - tests: session-tool --restore -u stops user-$UID.slice ++ - o/ifacestate/handlers.go: fix typo ++ - tests: port pulseaudio test to session-tool ++ - tests: port user-session-env to session-tool ++ - tests: work around journald bug in core16 ++ - tests: add debug to core-persistent-journal test ++ - tests: port selinux-clean to session-tool ++ - tests: port portals test to session-tool, fix portal tests on sid ++ - tests: adding option --no-install-recommends option also when ++ install all the deps ++ - tests: add session-tool --has-systemd-and-dbus ++ - packaging/debian-sid: add gcc-multilib to build deps ++ - osutil: expand FileLock to support shared locks and more ++ - packaging: stop depending on python-docutils ++ - store,asserts,many: support the new action fetch-assertions ++ - tests: port snap-session-agent-* to session-tool ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - tests: fix for preseeding failures ++ ++ -- Michael Vogt Tue, 25 Aug 2020 17:26:21 +0200 ++ ++snapd (2.45.3.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ ++ -- Samuele Pedroni Tue, 28 Jul 2020 21:43:38 +0200 ++ ++snapd (2.45.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - many: backport _writable_defaults dir changes ++ - tests: fix incorrect check in smoke/remove test ++ - cmd/snap-bootstrap,seed: backport of uc20 PRs ++ - tests: avoid exit when nested type var is not defined ++ - cmd/snap-preseed: backport fixes ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - many: cherry-picks for 2.45, gh-action, test fixes ++ - tests/lib: account for changes in arch package file name extension ++ - postrm, snap-mgmt: cleanup modules and other cherry-picks ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests/main/interfaces-time-control: exercise setting time via date ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ ++ -- Zygmunt Krynicki Mon, 27 Jul 2020 12:01:14 +0200 ++ ++snapd (2.45.2-1) unstable; urgency=high ++ ++ * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open ++ implementation ++ - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment ++ variable modification when calling the system xdg-open. Patch ++ thanks to James Henstridge ++ - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is ++ restarted. Patch thanks to Michael Vogt ++ - CVE-2020-11934 ++ * SECURITY UPDATE: arbitrary code execution vulnerability on core ++ devices with access to physical removable media ++ - devicestate: Disable/restrict cloud-init after seeding. ++ - CVE-2020-11933 ++ ++ -- Michael Vogt Fri, 10 Jul 2020 20:06:29 +0200 ++ ++snapd (2.45.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - data/selinux: allow checking /var/cache/app-info ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - snap-bootstrap: remove sealed key file on reinstall ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: cherry-pick test fixes from master ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - data/completion, packaging: cherry-pick zsh completion ++ - state: log task errors in the journal too ++ - devicestate: do not report "ErrNoState" for seeded up ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - packaging: stop depending on python-docutils ++ ++ -- Michael Vogt Fri, 05 Jun 2020 15:13:49 +0200 ++ ++snapd (2.45-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/devicestate: support doing system action reboots from recover ++ mode ++ - vendor: update to latest secboot ++ - tests: not fail when boot dir cannot be determined ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data ++ when decrypting ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - cmd/snap: fix the order of positional parameters in help output ++ - c/snap-bootstrap: port mount state mocking to the new style on ++ master ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, ++ unlock in recover mode initramfs ++ - progress: tweak multibyte label unit test data ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - progress: fix progress bar with multibyte duration units ++ - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 ++ - many: put the sealed keys in a directory on seed for tidiness ++ - cmd/snap-bootstrap: measure epoch and model before unlocking ++ encrypted data ++ - o/configstate: core config handler for persistent journal ++ - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 ++ - packaging: add "$TAGS" to dh_auto_test for debian packaging ++ - tests: ensure $cache_dir is actually available ++ - secboot,cmd/snap-bootstrap: add model to pcr protection profile ++ - devicestate: do not use snap-boostrap in devicestate to install ++ - tests: fix a typo in nested.sh helper ++ - devicestate: add support for cloud.cfg.d config from the gadget ++ - cmd/snap-bootstrap: cleanups, naming tweaks ++ - testutil: add NewDBusTestConn ++ - snap-bootstrap: lock access to sealed keys ++ - overlord/devicestate: preserve the current model inside ubuntu- ++ boot ++ - interfaces/apparmor: use differently templated policy for non-core ++ bases ++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing ++ syscalls ++ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, ++ other misc changes ++ - o/snapstate: tweak "waiting for restart" message ++ - boot: store model model and grade information in modeenv ++ - interfaces/firewall-control: allow -legacy and -nft for core20 ++ - boot: enable makeBootable20RunMode for EnvRefExtractedKernel ++ bootloaders ++ - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 ++ implementation ++ - daemon: fix error message from `snap remove-user foo` on classic ++ - overlord: have a variant of Mock that can take a state.State ++ - tests: 16.04 and 18.04 now have mediating pulseaudio (again) ++ - seed: clearer errors for missing essential snapd or core snap ++ - cmd/snap-bootstrap/initramfs-mounts: support ++ EnvRefExtractedKernelBootloader's ++ - gadget, cmd/snap-bootstrap: MBR schema support ++ - image: improve/adjust DownloadSnap doc comment ++ - asserts: introduce ModelGrade.Code ++ - tests: ignore user-12345 slice and service ++ - image,seed/seedwriter: support redirect channel aka default ++ tracks ++ - bootloader: use binary.Read/Write ++ - tests: uc20 nested suite part II ++ - tests/boot: refactor to make it easier for new ++ bootloaderKernelState20 impl ++ - interfaces/openvswitch: support use of ovs-appctl ++ - snap-bootstrap: copy auth data from real ubuntu-data in recovery ++ mode ++ - snap-bootstrap: seal and unseal encryption key using tpm ++ - tests: disable special-home-can-run-classic-snaps due to jenkins ++ repo issue ++ - packaging: fix build on Centos8 to support BUILDTAGS ++ - boot/bootstate20: small changes to bootloaderKernelState20 ++ - cmd/snap: Implement a "snap routine file-access" command ++ - spread.yaml: switch back to latest/candidate for lxd snap ++ - boot/bootstate20: re-factor kernel methods to use new interface ++ for state ++ - spread.yaml,tests/many: use global env var for lxd channel ++ - boot/bootstate20: fix bug in try-kernel cleanup ++ - config: add system.store-certs.[a-zA-Z0-9] support ++ - secboot: key sealing also depends on secure boot enabled ++ - httputil: fix client timeout retry tests ++ - cmd/snap-update-ns: handle EBUSY when unlinking files ++ - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 ++ vars ++ - secboot: add tpm support helpers ++ - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for ++ kernel and gadget ++ - cmd/snap-bootstrap: switch to a 64-byte key for unlocking ++ - tests: preserve size for centos images on spread.yaml ++ - github: partition the github action workflows ++ - run-checks: use consistent "Checking ..." style messages ++ - bootloader: add efi pkg for reading efi variables ++ - data/systemd: do not run snapd.system-shutdown if finalrd is ++ available ++ - overlord: update tests to work with latest go ++ - cmd/snap: do not hide debug boot-vars on core ++ - cmd/snap-bootstrap: no error when not input devices are found ++ - snap-bootstrap: fix partition numbering in create-partitions ++ - httputil/client_test.go: add two TLS version tests ++ - tests: ignore user@12345.service hierarchy ++ - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things ++ - tests: rewrite timeserver-control test ++ - tests: fix racy pulseaudio tests ++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS ++ - tests: update snap-preseed --reset logic to accommodate for 2.44 ++ change ++ - cmd/snap: don't wait for system key when stopping ++ - sandbox/cgroup: avoid making arrays we don't use ++ - osutil: mock proc/self/mountinfo properly everywhere ++ - selinux: export MockIsEnforcing; systemd: use in tests ++ - tests: add 32 bit machine to GH actions ++ - tests/session-tool: kill cron session, if any ++ - asserts: it should be possible to omit many snap-ids if allowed, ++ fix ++ - boot: cleanup more things, simplify code ++ - github: skip spread jobs when corresponding label is set ++ - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor ++ pkg ++ - tests/session-tool: add session-tool --dump ++ - github: allow cached debian downloads to restore ++ - tests/session-tool: session ordering is non-deterministic ++ - tests: enable unit tests on debian-sid again ++ - github: move spread to self-hosted workers ++ - secboot: import secboot on ubuntu, provide dummy on !ubuntu ++ - overlord/devicestate: support for recover and run modes ++ - snap/naming: add validator for snap security tag ++ - interfaces: add case for rootWritableOverlay + NFS ++ - tests/main/uc20-create-partitions: tweaks, renames, switch to ++ 20.04 ++ - github: port CLA check to Github Actions ++ - interfaces/many: miscellaneous policy updates xliv ++ - configcore,tests: fix setting watchdog options on UC18/20 ++ - tests/session-tool: collect information about services on startup ++ - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- ++ partitions ++ - state: add state.CopyState() helper ++ - tests/session-tool: stop anacron.service in prepare ++ - interfaces: don't use the owner modifier for files shared via ++ document portal ++ - systemd: move the doc comments to the interface so they are ++ visible ++ - cmd/snap-recovery-chooser: tweaks ++ - interfaces/docker-support: add overlayfs file access ++ - packaging: use debian/not-installed to ignore snap-preseed ++ - travis.yml: disable unit tests on travis ++ - store: start splitting store.go and store_test.go into subtopic ++ files ++ - tests/session-tool: stop cron/anacron from meddling ++ - github: disable fail-fast as spread cannot be interrupted ++ - github: move static checks and spread over ++ - tests: skip "/etc/machine-id" in "writablepaths" test ++ - snap-bootstrap: store encrypted partition recovery key ++ - httputil: increase testRetryStrategy max timelimit to 5s ++ - tests/session-tool: kill leaking closing session ++ - interfaces: allow raw access to USB printers ++ - tests/session-tool: reset failed session-tool units ++ - httputil: increase httpclient timeout in ++ TestRetryRequestTimeoutHandling ++ - usersession: extend timerange in TestExitOnIdle ++ - client: increase timeout in client tests to 100ms ++ - many: disentagle release and snapdenv from sandbox/* ++ - boot: simplify modeenv mocking to always write a modeenv ++ - snap-bootstrap: expand data partition on install ++ - o/configstate: add backlight option for core config ++ - cmd/snap-recovery-chooser: add recovery chooser ++ - features: enable robust mount ns updates ++ - snap: improve TestWaitRecovers test ++ - sandbox/cgroup: add ProcessPathInTrackingCgroup ++ - interfaces/policy: fix comment in recent new test ++ - tests: make session tool way more robust ++ - interfaces/seccomp: allow passing an address to setgroups ++ - o/configcore: introduce core config handlers (3/N) ++ - interfaces: updates to login-session-observe, network-manager and ++ modem-manager interfaces ++ - interfaces/policy/policy_test.go: add more tests'allow- ++ installation: false' and we grant based on interface attributes ++ - packaging: detect/disable broken seed in the postinst ++ - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia ++ library ++ - tests: remove google-tpm backend from spread.yaml ++ - tests: install dependencies with apt using --no-install-recommends ++ - usersession/userd: add zoommtg url support ++ - snap-bootstrap: fix disk layout sanity check ++ - snap: add `snap debug state --is-seeded` helper ++ - devicestate: generate warning if seeding fails ++ - config, features: move and rename config.GetFeatureFlag helper to ++ features.Flag ++ - boot, overlord/devicestate, daemon: implement requesting boot ++ into a given recovery system ++ - xdgopenproxy: forward requests to the desktop portal ++ - many: support immediate reboot ++ - store: search v2 tweaks ++ - tests: fix cross build tests when installing dependencies ++ - daemon: make POST /v2/systems/ root only ++ - tests/lib/prepare.sh: use only initrd from the kernel snap ++ - cmd/snap,seed: validate full seeds (UC 16/18) ++ - tests/main/user-session-env: stop the user session before deleting ++ the test-zsh user ++ - overlord/devicestate, daemon: record the seed current system was ++ installed from ++ - gadget: SystemDefaults helper function to convert system defaults ++ config into a flattened map suitable for FilesystemOnlyApply. ++ - many: comment or avoid cryptic snap-ids in tests ++ - tests: add LXD_CHANNEL environment ++ - store: support for search API v2 ++ - .github: register a problem matcher to detect spread failures ++ - seed: add Info() method for seed.Snap ++ - github: always run the "Discard spread workers" step, even if the ++ job fails ++ - github: offload self-hosted workers ++ - cmd/snap: the model command needs just a client, no waitMixin ++ - github: combine tests into one workflow ++ - github: fix order of go get caches ++ - tests: adding more workers for ubuntu 20.04 ++ - boot,overlord: rename operating mode to system mode ++ - config: add new Transaction.GetPristine{,Maybe}() function ++ - o/devicestate: rename readMaybe* to maybeRead* ++ - github: cache Debian dependencies for unit tests ++ - wrappers: respect pre-seeding in error path ++ - seed: validate UC20 seed system label ++ - client, daemon, overlord/devicestate: request system action API ++ and stubs ++ - asserts,o/devicestate: support model specified alternative serial- ++ authority ++ - many: introduce naming.WellKnownSnapID ++ - o/configcore: FilesystemOnlyApply method for early configuration ++ of core (1/N) ++ - github: run C unit tests ++ - github: run spread tests on PRs only ++ - interfaces/docker-support: make containerd abstract socket more ++ generic ++ - tests: cleanup security-private-tmp properly ++ - overlord/devicestate,boot: do not hold to the originally read ++ modeenv ++ - dirs: rm RunMnt; boot: add vars for early boot env layout; ++ sysconfig: take targetdir arg ++ - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over ++ s.runMnt ++ - tests: add regression test for MAAS refresh bug ++ - errtracker: add missing mocks ++ - github: apt-get update before installing build-deps ++ - github: don't fail-fast ++ - github: run spread via github actions ++ - boot,many: add modeenv.WriteTo, make Write take no args ++ - wrappers: fix timer schedules that are days only ++ - tests/main/snap-seccomp-syscalls: install gperf ++ - github: always checkout to snapcore/snapd ++ - github: add prototype workflow running unit tests ++ - many: improve comments, naming, a possible TODO ++ - client: use Assert when checking for error ++ - tests: ensure sockets target is ready in session agent spread ++ tests ++ - osutil: do not leave processes behind after the test run ++ - tests: update proxy-no-core to match latest CDN changes ++ - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade: ++ dangerous ++ - cmd/snap-failure,tests: try to make snap-failure more robust ++ - many: fix packages having mistakenly their copyright as doc ++ - many: enumerate system seeds, return them on the /v2/systems API ++ endpoint ++ - randutil: don't consume kernel entropy at init, just mix more info ++ to try to avoid fleet collisions ++ - snap-bootstrap: add creationSupported predicate for partition ++ types ++ - tests: umount partitions which are not umounted after remount ++ gadget ++ - snap: run gofmt -s ++ - many: improve environment handling, fixing duplicate entries ++ - boot_test: add many boot robustness tests for UC20 kernel ++ MarkBootSuccessul and SetNextBoot ++ - overlord: remove unneeded overlord.MockPruneInterval() mocks ++ - interfaces/greengrass-support: fix typo ++ - overlord,timings,daemon: separate timings from overlord/state ++ - tests: enable nested on core20 and test current branch ++ - snap-bootstrap: remove created partitions on reinstall ++ - boot: apply Go 1.10 formatting ++ - apparmor: use rw for uuidd request to default and remove from ++ elsewhere ++ - packaging: add README.source for debian ++ - tests: cleanup various uc20 boot tests from previous PR ++ - devicestate: disable cloud-init by default on uc20 ++ - run-checks: tweak formatting checks ++ - packaging,tests: ensure debian-sid builds without vendor/ ++ - travis.yml: run unit tests with go/master as well* travis.yml: run ++ unit tests with go/master as well ++ - seed: make Brand() part of the Seed interface ++ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink ++ - daemon: do a forceful server shutdown if we hit a deadline ++ - tests/many: don't use StartLimitInterval anymore, unify snapd- ++ failover variants, build snapd snap for UC16 tests ++ - snap-seccomp: robustness improvements ++ - run-tests: disable -v for go test to avoid spaming the logs ++ - snap: whitelist lzo as support compression for snap pack ++ - snap: tweak comment in Install() for overlayfs detection ++ - many: introduce snapdenv.Preseeding instead of release.PreseedMode ++ - client, daemon, overlord/devicestate: structures and stubs for ++ systems API ++ - o/devicestate: delay the creation of mark-seeded task until ++ asserts are loaded ++ - data/selinux, tests/main/selinux: cleanup tmpfs operations in the ++ policy, updates ++ - interfaces/greengrass-support: add new 1.9 access ++ - snap: do not hardlink on overlayfs ++ - boot,image: ARM kernel extract prepare image ++ - interfaces: make gpio robust against not-existing gpios in /sys ++ - cmd/snap-preseed: handle --reset flag ++ - many: introduce snapdenv to present common snapd env options ++ - interfaces/kubernetes-support: allow autobind to journald socket ++ - snap-seccomp: allow mprotect() to unblock the tests ++ - tests/lib/reset: workaround unicode dot in systemctl output ++ - interfaces/udisks2: also allow Introspection on ++ /org/freedesktop/UDisks/** ++ - snap: introduce Container.RandomAccessFile ++ - o/ifacestate, api: implementation of snap disconnect --forget ++ - cmd/snap: make the portal-info command search for the network- ++ status interface ++ - interfaces: work around apparmor_parser slowness affecting uio ++ - tests: fix/improve failing spread tests ++ - many: clean separation of bootenv mocking vs mock bootloader kinds ++ - tests: mock prune ticker in overlord tests to reduce wait times ++ - travis: disable arm64 again ++ - httputil: add support for extra snapd certs ++ - travis.yml: run unit tests on arm64 as well ++ - many: fix a pair of ineffectual assignments ++ - tests: add uc20 kernel snap upgrade managers test, fix ++ bootloadertest bugs ++ - o/snapstate: set base in SnapSetup on snap revert ++ - interfaces/{docker,kubernetes}-support: updates for lastest k8s ++ - cmd/snap-exec: add test case for LP bug 1860369 ++ - interfaces: make the network-status interface implicit on ++ classic ++ - interfaces: power control interfaceIt is documented in the ++ kernel ++ - interfaces: miscellaneous policy updates ++ - cmd/snap: add a "snap routine portal-info" command ++ - usersession/userd: add "apt" to the white list of URL schemes ++ handled by xdg-open ++ - interfaces/desktop: allow access to system prompter interface ++ - devicestate: allow encryption regardless of grade ++ - tests: run ipv6 network-retry test too ++ - tests: test that after "remove-user" the system is unmanaged ++ - snap-confine: unconditionally add /dev/net/tun to the device ++ cgroup ++ - snapcraft.yaml: use sudo -E and remove workaround ++ - interfaces/audio_playback: Fix pulseaudio config access ++ - ovelord/snapstate: update only system wide fonts cache ++ - wrappers: import /etc/environment in all services ++ - interfaces/u2f: Add Titan USB-C key ++ - overlord, taskrunner: exit on task/ensure error when preseeding ++ - tests: add session-tool, a su / sudo replacement ++ - wrappers: add mount unit dependency for snapd services on core ++ devices ++ - tests: just remove user when the system is not managed on create- ++ user-2 test ++ - snap-preseed: support for preseeding of snapd and core18 ++ - boot: misc UC20 changes ++ - tests: adding arch-linux execution ++ - packaging: revert "work around review-tools and snap-confine" ++ - netlink: fix panic on arm64 with the new rawsockstop codewith a ++ nil Timeval panics ++ - spread, data/selinux: add CentOS 8, update policy ++ - tests: updating checks to new test account for snapd-test snaps ++ - spread.yaml: mv opensuse 15.1 to unstable ++ - cmd/snap-bootstrap,seed: verify only in-play snaps ++ - tests: use ipv4 in retry-network to unblock failing master ++ - data/systemd: improve the description ++ - client: add "Resume" to DownloadOptions and new test ++ - tests: enable snapd-failover on uc20 ++ - tests: add more debug output to the snapd-failure handling ++ - o/devicestate: unset recovery_system when done seeding ++ ++ -- Michael Vogt Tue, 12 May 2020 17:17:57 +0200 ++ ++snapd (2.44.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - spread.yaml: adding more workers for ubuntu 20.04 ++ - packaging: stop depending on python-docutils on opensuse ++ - spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd ++ is not recent enough to drive ubuntu-core-20 ++ - spread.yaml: Preserve size for centos images on spread.yaml ++ - spread.yaml: use non-uefi enabled image for uc20 ++ - tests: ensure $cache_dir is actually available ++ - tests: disable preseed tests, they work in master but require too ++ much cherry-picking here ++ - travis.yml: remove go/master unit tests from 2.44 ++ ++ -- Michael Vogt Thu, 30 Apr 2020 09:09:22 +0200 ++ ++snapd (2.44.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - interfaces/firewall-control: allow -legacy and -nft for core20 ++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing ++ syscalls ++ - tests: 16.04 and 18.04 now have mediating pulseaudio ++ - tests: ignore user@12345.service hierarchy ++ ++ -- Michael Vogt Wed, 29 Apr 2020 08:32:56 +0200 ++ ++snapd (2.44.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - tests: fix racy pulseaudio tests ++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS ++ - tests: update snap-preseed --reset logic ++ - tests: backport partition fixes ++ - cmd/snap: don't wait for system key when stopping ++ - interfaces/many: miscellaneous policy updates xliv ++ - tests/main/uc20-snap-recovery: use 20.04 system ++ - tests: skip "/etc/machine-id" in "writablepaths ++ - interfaces/docker-support: add overlays file access ++ ++ -- Michael Vogt Fri, 10 Apr 2020 16:57:25 +0200 ++ ++snapd (2.44.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - packaging: detect/disable broken seeds in the postinst ++ - cmd/snap,seed: validate full seeds (UC 16/18) ++ - snap: add `snap debug state --is-seeded` helper ++ - devicestate: generate warning if seeding fails ++ - store: support for search API v2 ++ - cmd/snap-seccomp/syscalls: update the list of known syscalls ++ - snap/cmd: the model command needs just a client, no waitMixin ++ - tests: cleanup security-private-tmp properly ++ - wrappers: fix timer schedules that are days only ++ - tests: update proxy-no-core to match latest CDN changes ++ - cmd/snap-failure,tests: make snap-failure more robust ++ - tests, many: don't use StartLimitInterval anymore, unify snapd- ++ failover variants, build snapd snap for UC16 tests ++ ++ -- Michael Vogt Thu, 02 Apr 2020 09:51:34 +0200 ++ ++snapd (2.44.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - randutil: switch back to setting up seed with lower entropy data ++ - interfaces/greengrass-support: fix typo ++ - packaging,tests: ensure debian-sid builds without vendor/ ++ - travis.yml: run unit tests with go/master as well ++ - cmd/snap-update-ns: ignore EROFS from rmdir/unlink ++ ++ -- Michael Vogt Sat, 21 Mar 2020 18:32:12 +0100 ++ ++snapd (2.44-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1864808 ++ - daemon: do a forceful serer shutdown if we hit a deadline ++ - snap: whitelist lzo as support compression for snap pack ++ - data/selinux: update policy to allow more ops ++ - interfaces/greengrass-support: add new 1.9 access ++ - snap: do not hardlink on overlayfs ++ - cmd/snap-preseed: handle --reset flag ++ - interfaces/kubernetes-support: allow autobind to journald socket ++ - snap-seccomp: allow mprotect() to unblock the tests ++ - tests/lib/reset: workaround unicode dot in systemctl output ++ - interfaces: work around apparmor_parser slowness affecting uio ++ - interfaces/udisks2: also allow Introspection on ++ /org/freedesktop/UDisks2/** ++ - tests: mock prune ticker in overlord tests to reduce wait times ++ - interfaces/{docker,kubernetes}-support: updates for lastest k8s ++ - interfaces: miscellaneous policy updates ++ - interfaces/audio_playback: Fix pulseaudio config access ++ - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44 ++ - ovelord/snapstate: update only system wide fonts cache ++ - wrappers: import /etc/environment in all services ++ - interfaces/u2f: Add Titan USB-C key ++ - overlord, taskrunner: exit on task/ensure error when preseeding ++ - overlord/snapstate/backend: update snapd services contents in unit ++ tests ++ - wrappers: add mount unit dependency for snapd services on core ++ devices ++ - Revert "tests: remove /tmp/snap.* left over by other tests" ++ - Revert "packaging: work around review-tools and snap-confine" ++ - netlink: fix panic on arm64 with the new rawsockstop code ++ - spread, data/selinux: add CentOS 8, update policy ++ - spread.yaml: mv opensuse tumbleweed to unstable too ++ - spread.yaml: mv opensuse 15.1 to unstable ++ - tests: use ipv4 in retry-network to unblock failing master ++ - data/systemd: improve the description ++ - tests/lib/prepare.sh: simplify, combine code paths ++ - tests/main/user-session-env: add test verifying environment ++ variables inside the user session ++ - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64 ++ - run-checks: SKIP_GMFMT really skips formatting checks ++ - tests: enable more tests for UC20/UC18 ++ - tests: remove tmp dir for snap not-test-snapd-sh on security- ++ private-tmp test ++ - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType, ++ simplify bootstrap code ++ - snapstate: do not restart in undoLinkSnap unless on first install ++ - cmd/snap-bootstrap: subcommand to detect UC chooser trigger ++ - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run- ++ mode too ++ - cmd/libsnap, tests: fix C unit tests failing as non-root ++ - cmd/snap-bootstrap: verify kernel snap is in modeenv before ++ mounting it ++ - tests: adding amazon linux to google backend ++ - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed ++ status ++ - client: add support for "ResumeToken", "HeaderPeek" to download ++ - build: enable type: snapd ++ - tests: rm -rf /tmp/snap.* in restore ++ - cmd/snap-confine: deny snap-confine to load nss libs ++ - snapcraft.yaml: add comments, rename snapd part to snapd-deb ++ - boot: write current_kernels in bootstate20, makebootable ++ - packaging: work around review-tools and snap-confine ++ - tests: skipping interfaces-openvswitch on centos due to package is ++ not available ++ - packaging,snap-confine: stop being setgid root ++ - cmd/snap-confine: bring /var/lib/dhcp from host, if present ++ - store: rely on CommandFromSystemSnap to find xdelta3 ++ - tests: bump sleep time of the new overlord tests ++ - cmd/snap-preseed: snapd version check for the target ++ - netlink: fix/support stopping goroutines reading netlink raw ++ sockets ++ - tests: reset PS1 before possibly interactive dash ++ - overlord, state: don't abort changes if spawn time before ++ StartOfOperationTime (2/2) ++ - snapcraft.yaml: add python3-apt, tzdata as build-deps for the ++ snapd snap ++ - tests: ask tar to speak English ++ - tests: using google storage when downloading ubuntu cloud images ++ from gce ++ - Coverity produces false positives for code like this: ++ - many: maybe restart & security backend options ++ - o/standby: add SNAPD_STANDBY_WAIT to control standby in ++ development ++ - snap: use the actual staging snap-id for snapd ++ - cmd/snap-bootstrap: create a new parser instance ++ - snapcraft.yaml: use build-base and adopt-info, rm builddeb ++ plugin ++ - tests: set StartLimitInterval in snapd failover test ++ - tests: disable archlinux system ++ - tests: add preseed test for classic ++ - many, tests: integrate all preseed bits and add spread tests ++ - daemon: support resuming downloads ++ - tests: use Filename() instead of filepath.Base(sn.MountFile()) ++ - tests/core: add swapfiles test ++ - interfaces/cpu-control: allow to control cpufreq tunables ++ - interfaces: use commonInteface for desktopInterface ++ - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket ++ location ++ - snap/info: add Filename ++ - bootloader: make uboot a RecoveryAwareBootloader ++ - gadget: skip update when mounted filesystem content is identical ++ - systemd: improve is-active check for 'failed' services ++ - boot: add current_kernels to modeenv ++ - o/devicestate: StartOfOperationTime helper for Prune (1/2) ++ - tests: detect LXD launching i386 containers ++ - tests: move main/ubuntu-core-* tests to core/ suite ++ - tests: remove snapd in ubuntu-core-snapd ++ - boot: enable base snap updates in bootstate20 ++ - tests: Fix core revert channel after 2.43 has been released to ++ stable ++ - data/selinux: unify tabs/spaces ++ - o/ifacestate: move ResolveDisconnect to ifacestate ++ - spread: move centos to stable systems ++ - interfaces/opengl: allow datagrams to nvidia-driver ++ - httputil: add NoNetwork(err) helper, spread test and use in serial ++ acquire ++ - store: detect if server does not support http range headers ++ - test/lib/user: add helper lib for doing things for and as a user ++ - overlord/snapstate, wrappers: undo of snapd on core ++ - tests/main/interfaces-pulseaudio: use custom pulseaudio script, ++ set kill timeout ++ - store: add support for resume in DownloadStream ++ - cmd/snap: implement 'snap remove-user' ++ - overlord/devicestate: fix preseed unit tests on systems not using ++ /snap ++ - tests/main/static: ldd in glibc 2.31 logs to stderr now ++ - run-checks, travis: allow skipping spread jobs by adding a label ++ - tests: add new backend which includes images with tpm support ++ - boot: use constants for boot status values ++ - tests: add "core" suite for UC specific tests ++ - tests/lib/prepare: use a local copy of uc20 initramfs skeleton ++ - tests: retry mounting the udisk2 device due to timing issue ++ - usersession/client: add a client library for the user session ++ agent ++ - o/devicestate: Handle preseed mode in the firstboot mode (core16 ++ only for now). ++ - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap ++ - cmd/snap-confine: detect base transitions on core16 ++ - boot: don't use "kernel" from the modeenv anymore ++ - interfaces: add uio interface ++ - tests: repack the initramfs + kernel snap for UC20 spread tests ++ - interfaces/greengrass-support: add /dev/null -> ++ /proc/latency_stats mount ++ - httputil: remove workaround for redirect handling in go1.7 ++ - httputil: remove go1.6 transport workaround ++ - snap: add `snap pack --compression=` options ++ - tests/lib/prepare: fix hardcoded loopback device names for UC ++ images ++ - timeutil: add a unit test case for trivial schedule ++ - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil ++ introduction ++ - dirs: variable with distros using alternate snap mount ++ - many,randutil: centralize and streamline our random value ++ generation ++ - tests/lib/prepare-restore: Revert "Continue on errors updating or ++ installing dependencies" ++ - daemon: Allow clients to call /v2/logout via Polkit ++ - dirs: manjaro-arm is like manjaro ++ - data, packaging: Add sudoers snippet to allow snaps to be run with ++ sudo ++ - daemon, store: better expose single action errors ++ - tests: switch mount-ns test to differential data set ++ - snapstate: refactor things to add the re-refresh task last ++ - daemon: drop support for the DELETE method ++ - client: move to /v2/users; implement RemoveUser ++ - boot: enable UC20 kernel extraction and bootState20 handling ++ - interfaces/policy: enforce plug-names/slot-names constraints ++ - asserts: parse plug-names/slot-names constraints ++ - daemon: make users result more consistent ++ - cmd/snap-confine,tests: support x.y.z nvidia version ++ - dirs: fixlet for XdgRuntimeDirGlob ++ - boot: add bootloader options to coreKernel ++ - o/auth,daemon: do not remove unknown user ++ - tests: tweak and enable tests on ubuntu 20.04 ++ - daemon: implement user removal ++ - cmd/snap-confine: allow snap-confine to link to libpcre2 ++ - interfaces/builtin: Allow NotificationReplied signal on ++ org.freedesktop.Notifications ++ - overlord/auth: add RemoveUserByName ++ - client: move user-related things to their own files ++ - boot: tweak kernel cmdline helper docstring ++ - osutil: implement deluser ++ - gadget: skip update when raw structure content is unchanged ++ - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label ++ detection to boot ++ - tests: fix revisions leaking from snapd-refresh test ++ - daemon: refactor create-user to a user action & hide behind a flag ++ - osutil/tests: check there are no leftover symlinks with ++ AtomicSymlink ++ - grub: support atomically renaming kernel symlinks ++ - osutil: add helpers for creating symlinks and renaming in an ++ atomic manner ++ - tests: add marker tag for core 20 test failure ++ - tests: fix gadget-update-pc test leaking snaps ++ - tests: remove revision leaking from ubuntu-core-refresh ++ - tests: remove revision leaking from remodel-kernel ++ - tests: disable system-usernames test on core20 ++ - travis, tests, run-checks: skip nakedret ++ - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well ++ - tests: update mount-ns test tables ++ - snap: disable auto-import in uc20 install-mode ++ - tests: add a command-chain service test ++ - tests: use test-snapd-upower instead of upower ++ - data/selinux: workaround incorrect fonts cache labeling on RHEL7 ++ - spread.yaml: fix ubuntu 19.10 and 20.04 names ++ - debian: check embedded keys for snap-{bootstrap,preseed} too ++ - interfaces/apparmor: fix doc-comments, unnecessary code ++ - o/ifacestate,o/devicestatate: merge gadget-connect logic into ++ auto-connect ++ - bootloader: add ExtractedRunKernelImageBootloader interface, ++ implement in grub ++ - tests: add spread test for hook permissions ++ - cmd/snap-bootstrap: check device size before boostrapping and ++ produce a meaningful error ++ - cmd/snap: add ability to register "snap routine" commands ++ - tests: add a test demonstrating that snaps can't access the ++ session agent socket ++ - api: don't return connections referring to non-existing ++ plugs/slots ++ - interfaces: refactor path() from raw-volume into utils with ++ comments for old ++ - gitignore: ignore snap files ++ - tests: skip interfaces-network-manager on arm devices ++ - o/devicestate: do not create perfTimings if not needed inside ++ ensureSeed/Operational ++ - tests: add ubuntu 20.04 to the tests execution and remove ++ tumbleweed from unstable ++ - usersession: add systemd user instance service control to user ++ session agent ++ - cmd/snap: print full channel in 'snap list', 'snap info' ++ - tests: remove execution of ubuntu 19.04 from google backend ++ - cmd/snap-boostrap: add mocking for fakeroot ++ - tests/core18/snapd-failover: collect more debug info ++ - many: run black formatter on all python files ++ - overlord: increase settle timeout for slow machines ++ - httputil: use shorter timeout in TestRetryRequestTimeoutHandling ++ - store, o/snapstate: send default-tracks header, use ++ RedirectChannel ++ - overlord/standby: fix possible deadlock in standby test ++ - cmd/snap-discard-ns: fix pattern for .info files ++ - boot: add HasModeenv to Device ++ - devicestate: do not allow remodel between core20 models ++ - bootloader,snap: misc tweaks ++ - store, overlord/snapstate, etc: SnapAction now returns a []â¦Result ++ - snap-bootstrap: create encrypted partition ++ - snap: remove "host" output from `snap version` ++ - tests: use snap remove --purge flag in most of the spread tests ++ - data/selinux, test/main/selinux-clean: update the test to cover ++ more scenarios ++ - many: drop NameAndRevision, use snap.PlaceInfo instead ++ - boot: split MakeBootable tests into their own file ++ - travis-ci: add go import path ++ - boot: split MakeBootable implementations into their own file ++ - tests: enable a lot of the tests of main on uc20 ++ - packaging, tests: stop services in prerm ++ - tests: enable regression suite on core20 ++ - overlord/snapstate: improve snapd snap backend link unit tests ++ - boot: implement SetNextBoot in terms of bootState.setNext ++ - wrappers: write and undo snapd services on core ++ - boot,o/devicestate: refactor MarkBootSuccessful over bootState ++ - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd ++ - snap-bootstrap: refactor partition creation ++ - tests: use new snapd.spread-tests-run-mode-tweaks.service unit ++ - tests: add core20 tests ++ - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot, ++ use the information ++ - tests/main/snap-sign: add test for non-stdin signing ++ - snap-bootstrap: trigger udev after filesystem creation ++ - boot,overlord: introduce internal abstraction bootState and use it ++ for InUse/GetCurrentBoot ++ - overlord/snapstate: tracks are now sticky ++ - cmd: sign: add filename param ++ - tests: remove "test-snapd-tools" in smoke/sandbox on restore ++ - cmd/snap, daemon: stop over-normalising channels ++ - tests: fix classic-ubuntu-core-transition-two-cores after refactor ++ of MATCH -v ++ - packaging: ship var/lib/snapd/desktop/applications in the pkg ++ - spread: drop copr repo with F30 build dependencies ++ - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3 ++ - tests: fix partition creation test ++ - tests: unify/rename services-related spread tests to start with ++ services- prefix ++ - test: extract code that modifies "writable" for test prep ++ - systemd: handle preseed mode ++ - snap-bootstrap: read only stdout when parsing the sfdisk json ++ - interfaces/browser-support: add more product/vendor paths ++ - boot: write compat UC16 bootvars in makeBootable20RunMode ++ - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite ++ - devicestate: request reboot after successful doSetupRunSystem() ++ - snapd.core-fixup.sh: do not run on UC20 at all ++ - tests: unmount automounted snap-bootstrap devices ++ - devicestate: run boot.MakeBootable in doSetupRunSystem ++ - boot: copy kernel/base to data partition in makeBootable20RunMode ++ - tests: also check nested lxd container ++ - run-checks: complain about MATCH -v ++ - boot: always return the trivial boot participant in ephemeral mode ++ - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use ++ gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible ++ - snap-bootstrap: append new partitions ++ - snap-bootstrap: mount filesystems after creation ++ - snapstate: do not try to detect rollback in ephemeral modes ++ - snap-bootstrap: trigger udev for new partitions ++ - cmd/snap-bootstrap: xxx todos about kernel cross-checks ++ - tests: avoid mask rsyslog service in case is not enabled on the ++ system ++ - tests: fix use of MATCH -v ++ - cmd/snap-preseed: update help strings ++ - cmd/snap-bootstrap: actually parse snapd_recovery_system label ++ - bootstrap: reduce runmode mounts from 5 to 2 steps. ++ - lkenv.go: adjust for new location of include file ++ - snap: improve squashfs.ReadFile() error ++ - systemd: fix uc20 shutdown ++ - boot: write modeenv when creating the run mode ++ - boot,image: add skeleton boot.makeBootable20RunMode ++ - cmd/snap-preseed: add snap-preseed executable ++ - overlord,boot: follow ups to #7889 and #7899 ++ - interfaces/wayland: Add access to Xwayland's shm files ++ - o/hookstate/ctlcmd: fix command name in snapctl -h ++ - daemon,snap: remove screenshot deprecation notice ++ - overlord,o/snapstate: make sure we never leave config behind ++ - many: pass consistently boot.Device state to boot methods ++ - run-checks: check multiline string blocks in ++ restore/prepare/execute sections of spread tests ++ - intrefaces: login-session-control - added missing dbus commands ++ - tests/main/parallel-install-remove-after: parallel installs should ++ not break removal ++ - overlord/snapstate: tweak assumes error hint ++ - overlord: replace DeviceContext.OldModel with GroundContext ++ - devicestate: use httputil.ShouldRetryError() in ++ prepareSerialRequest ++ - tests: replace "test-snapd-base-bare" with real "bare" base snap ++ - many: pass a Model to the gadget info reading functions ++ - snapstate: relax gadget constraints in ConfigDefaults Et al. ++ - devicestate: only run ensureBootOk() in "run" mode ++ - tests/many: quiet lxc launching, file pushing ++ - tests: disable apt-hooks test until it can be properly fixed ++ - tests: 16.04 and 18.04 now have mediating pulseaudio ++ ++ -- Michael Vogt Tue, 17 Mar 2020 20:55:47 +0100 ++ ++snapd (2.43.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1856159 ++ - interfaces/opengl: allow datagrams to nvidia-driver ++ - httputil: add NoNetwork(err) helper, spread test and use ++ in serial acquire ++ - interfaces: add uio interface ++ - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to ++ start due to apparmor deny on mounting of "/proc/latency_stats". ++ - data, packaging: Add sudoers snippet to allow snaps to be run with ++ sudo ++ ++ -- Michael Vogt Wed, 12 Feb 2020 14:59:15 +0100 ++ ++snapd (2.43.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1856159 ++ - cmd/snap-confine: Revert #7421 (unmount /writable from snap view) ++ - overlord/snapstate: fix for re-refresh bug ++ - tests, run-checks, many: fix nakedret issues ++ - data/selinux: workaround incorrect fonts cache labeling on RHEL7 ++ - tests: use test-snapd-upower instead of upower ++ - overlord: increase overall settle timeout for slow arm boards ++ ++ -- Michael Vogt Tue, 28 Jan 2020 15:50:25 +0100 ++ ++snapd (2.43.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1856159 ++ - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest ++ - overlord/standby: fix possible deadlock in standby test ++ - cmd/snap-discard-ns: fix pattern for .info files ++ - overlord,o/snapstate: make sure we never leave config behind ++ - data/selinux: update policy to cover more cases ++ - snap: remove "host" output from `snap version` ++ ++ -- Michael Vogt Tue, 14 Jan 2020 20:30:07 +0100 ++ ++snapd (2.43-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Michael Vogt Thu, 09 Jan 2020 17:16:12 +0100 ++ ++snapd (2.42.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1853244 ++ - snap-confine: revert, with comment, explicit unix deny for nested ++ lxd ++ - Disable mount-ns test on 16.04. It is too flaky currently. ++ ++ -- Michael Vogt Fri, 06 Dec 2019 14:10:56 +0100 ++ ++snapd (2.42.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1853244 ++ - overlord/snapstate: make sure configuration defaults are applied ++ only once ++ ++ -- Michael Vogt Thu, 28 Nov 2019 06:48:26 +0100 ++ ++snapd (2.42.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1853244 ++ - overlord/snapstate: pick up system defaults when seeding the snapd ++ snap ++ - cmd/snap-update-ns: fix overlapping, nested writable mimic ++ handling ++ - interfaces: misc updates for u2f-devices, browser-support, ++ hardware-observe, et al ++ - tests: reset failing "fwupd-refresh.service" if needed ++ - tests/main/gadget-update-pc: use a program to modify gadget yaml ++ - snap-confine: suppress noisy classic snap file_inherit denials ++ ++ -- Michael Vogt Wed, 27 Nov 2019 12:41:07 +0100 ++ ++snapd (2.42.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1853244 ++ - interfaces/lxd-support: Fix on core18 ++ - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp ++ 2.4.1 now ++ - snap-seccomp: add missing clock_getres_time64 ++ - cmd/snap-seccomp/syscalls: update the list of known ++ syscalls ++ - sandbox/seccomp: accept build ID generated by Go toolchain ++ - interfaces: allow access to ovs bridge sockets ++ ++ -- Michael Vogt Wed, 20 Nov 2019 08:09:15 +0100 ++ ++snapd (2.42.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1846181 ++ - interfaces: de-duplicate emitted update-ns profiles ++ - packaging: tweak handling of usr.lib.snapd.snap-confine ++ - interfaces: allow introspecting network-manager on core ++ - tests/main/interfaces-contacts-service: disable on openSUSE ++ Tumbleweed ++ - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD ++ - snap: fix default-provider in seed validation ++ - tests: update system-usernames test now that opensuse-15.1 works ++ - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel ++ - gadget: rename "boot{select,img}" -> system-boot-{select,image} ++ - tests: listing test, make accepted snapd/core versions consistent ++ ++ -- Michael Vogt Wed, 30 Oct 2019 13:17:43 +0100 ++ ++snapd (2.42-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Michael Vogt Tue, 01 Oct 2019 11:40:58 +0200 ++ ++snapd (2.41-1) unstable; urgency=medium ++ ++ [ Michael Vogt ] ++ * New upstream release, LP: #1840740 ++ ++ [ Jamie Strandboge ] ++ * debian/control: Depends on apparmor >= 2.10.95-5 instead of ++ 2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have ++ all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought. ++ ++ -- Michael Vogt Fri, 30 Aug 2019 08:53:57 +0200 ++ ++snapd (2.40-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Michael Vogt Tue, 23 Jul 2019 15:38:36 +0200 ++ ++snapd (2.39.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1827495 ++ - daemon: increase `shutdownTimeout` to 25s to deal with slow HW ++ - spread: run tests against openSUSE 15.1 ++ - data/selinux: fix policy for snaps with bases and classic snaps ++ ++ -- Michael Vogt Fri, 21 Jun 2019 09:06:01 +0200 ++ ++snapd (2.39.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1827495 ++ - debian: rework how we run autopkgtests ++ - interfaces/docker-support: add overlayfs accesses for ubuntu core ++ - data/selinux: permit init_t to remount snappy_snap_t ++ - strutil/shlex: fix ineffassign ++ - packaging: fix build-depends on powerpc ++ ++ -- Michael Vogt Wed, 05 Jun 2019 08:46:14 +0200 ++ ++snapd (2.39-1) unstable; urgency=medium ++ ++ * New upstream release ++ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop, ++ fixed upstream ++ ++ -- Zygmunt Krynicki Thu, 28 Feb 2019 18:21:26 +0100 ++ ++snapd (2.39.1-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Michael Vogt Wed, 29 May 2019 12:08:43 +0200 ++ ++snapd (2.38-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Michael Vogt Thu, 21 Mar 2019 11:02:04 +0100 ++ ++snapd (2.37.4-1) unstable; urgency=medium ++ ++ * New upstream release ++ * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop, ++ fixed upstream ++ ++ -- Zygmunt Krynicki Thu, 28 Feb 2019 18:21:26 +0100 ++ ++snapd (2.37.3-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Zygmunt Krynicki Tue, 19 Feb 2019 13:46:24 +0100 ++ ++snapd (2.37.2-1) unstable; urgency=medium ++ ++ * New upstream releease. ++ ++ -- Michael Hudson-Doyle Thu, 07 Feb 2019 21:26:34 +1300 ++ ++snapd (2.37.1-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch: ++ applied upstream ++ ++ -- Zygmunt Krynicki Tue, 29 Jan 2019 19:24:35 +0100 ++ ++snapd (2.37-3) unstable; urgency=medium ++ ++ * Fix --no-arch-any build. ++ ++ -- Michael Hudson-Doyle Thu, 24 Jan 2019 16:11:17 +1300 ++ ++snapd (2.37-2) unstable; urgency=medium ++ ++ * d/patches/0010-man-page-sections.patch: fix a couple of instances of the ++ lintian warning 'manpage-section-mismatch'. ++ ++ -- Michael Hudson-Doyle Thu, 24 Jan 2019 09:52:09 +1300 ++ ++snapd (2.37-1) unstable; urgency=medium ++ ++ [ Michael Hudson-Doyle ] ++ * New upstream version. ++ * d/control: make myself Maintainer, use my Debian address, update Vcs-* to ++ point to salsa. ++ * Add new build-dependencies. ++ * d/watch: update to download new upstream-provided no-vendor tarballs. ++ * d/patches: refresh/drop. ++ * d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse. ++ * d/patches/upstram-bolt.patch: use upstream version of boltdb. ++ * d/patches/systemd-activation-compat.patch: compatibility for the ++ newer go-systemd in debian ++ ++ [ OndÅej NovÃ½ ] ++ * d/copyright: Use https protocol in Format field ++ * d/changelog: Remove trailing whitespaces ++ ++ [ Zygmunt Krynicki ] ++ * Update unreleased package to 2.37 ++ * Drop and recreate all patches ++ * Add patches for failing unit tests ++ * Reconcile packaging with snapd upstream ++ ++ -- Zygmunt Krynicki Tue, 22 Jan 2019 12:39:58 +0100 ++ ++snapd (2.30-5) unstable; urgency=medium ++ ++ * Team upload. ++ * add fix-pkg-config-line.patch to fix FTBFS ++ * Set XS-Go-Import-Path ++ ++ -- Michael Stapelberg Sat, 10 Feb 2018 23:18:15 +0100 ++ ++snapd (2.30-4) unstable; urgency=medium ++ ++ * Fix Built-Using computation on Debian. ++ * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable ++ a flaky test. ++ ++ -- Michael Hudson-Doyle Tue, 16 Jan 2018 13:02:31 +1300 ++ ++snapd (2.30-3) unstable; urgency=medium ++ ++ * Fix arch builds again, sigh, ++ ++ -- Michael Hudson-Doyle Tue, 09 Jan 2018 13:56:48 +1300 ++ ++snapd (2.30-2) unstable; urgency=medium ++ ++ * Fix arch-all-only build. (Closes: 886431) ++ ++ -- Michael Hudson-Doyle Tue, 09 Jan 2018 10:48:20 +1300 ++ ++snapd (2.30-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Remove several patches: ++ - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in ++ release. ++ - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream ++ now implements a better solution to the problem. ++ - pb.v1-canonical-path.patch: applied upstream. ++ * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream ++ ++ -- Michael Hudson-Doyle Fri, 05 Jan 2018 09:39:07 +1300 ++ ++snapd (2.28.5) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - snap-confine: cleanup broken nvidia udev tags ++ - cmd/snap-confine: update valid security tag regexp ++ - overlord/ifacestate: refresh udev backend on startup ++ - dbus: ensure io.snapcraft.Launcher.service is created on re- ++ exec ++ - snap-confine: add support for handling /dev/nvidia-modeset ++ - interfaces/network-control: remove incorrect rules for tun ++ ++ -- Michael Vogt Fri, 13 Oct 2017 23:25:46 +0200 ++ ++snapd (2.28.4) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - interfaces/opengl: don't udev tag nvidia devices and use snap- ++ confine instead ++ - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!) ++ ++ -- Michael Vogt Wed, 11 Oct 2017 19:40:57 +0200 ++ ++snapd (2.28.3) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - interfaces/lxd: lxd slot implementation can also be an app ++ snap ++ ++ -- Michael Vogt Wed, 11 Oct 2017 08:20:26 +0200 ++ ++snapd (2.28.2) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - interfaces: fix udev rules for tun ++ - release,cmd,dirs: Redo the distro checks to take into account ++ distribution families ++ ++ -- Michael Vogt Tue, 10 Oct 2017 18:39:58 +0200 ++ ++snapd (2.28.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - snap-confine: update apparmor rules for fedora based basesnaps ++ - snapstate: rename refresh hook to post-refresh for consistency ++ ++ -- Michael Vogt Wed, 27 Sep 2017 17:59:49 -0400 ++ ++snapd (2.28) xenial; urgency=medium ++ ++ * New upstream release, LP: #1714984 ++ - hooks: rename refresh to after-refresh ++ - snap-confine: bind mount /usr/lib/snapd relative to snap-confine ++ - cmd,dirs: treat "liri" the same way as "arch" ++ - snap-confine: fix base snaps on core ++ - hooks: substitute env vars when executing hooks ++ - interfaces: updates for default, browser-support, desktop, opengl, ++ upower and stub-resolv.conf ++ - cmd,dirs: treat manjaro the same as arch ++ - systemd: do not run auto-import and repair services on classic ++ - packaging/fedora: Ensure vendor/ is empty for builds and fix spec ++ to build current master ++ - many: fix TestSetConfNumber missing an Unlock and other fragility ++ improvements ++ - osutil: adjust StreamCommand tests for golang 1.9 ++ - daemon: allow polkit authorisation to install/remove snaps ++ - tests: make TestCmdWatch more robust ++ - debian: improve package description ++ - interfaces: add netlink kobject uevent to hardware observe ++ - debian: update trusted account-keys check on 14.04 packaging ++ - interfaces/network-{control,observe}: allow receiving ++ kobject_uevent() messages ++ - tests: fix lxd test for external backend ++ - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on ++ go1.7,ppc64 ++ - corecfg: mock "systemctl" in all corecfg tests ++ - tests: fix unit tests on Ubuntu 14.04 ++ - debian: add missing flags when building static snap-exec ++ - many: end-to-end support for the bare base snap ++ - overlord/snapstate: SetRootDir from SetUpTest, not in just some ++ tests ++ - store: have an ad-hoc method on cfg to get its list of uris for ++ tests ++ - daemon: let client decide whether to allow interactive auth via ++ polkit ++ - client,daemon,snap,store: add license field ++ - overlord/snapstate: rename HasCurrent to IsInstalled, remove ++ superfluous/misleading check from All ++ - cmd/snap: SetRootDir from SetUpTest, not in just some individual ++ tests. ++ - systemd: rename snap-repair.{service,timer} to snapd.snap- ++ repair.{service,timer} ++ - snap-seccomp: remove use of x/net/bpf from tests ++ - httputil: more naive per go version way to recreate a default ++ transport for tls reconfig ++ - cmd/snap-seccomp/main_test.go: add one more syscall for arm64 ++ - interfaces/opengl: use == to compare, not = ++ - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64 ++ - cmd/snap-repair: track and use a lower bound for the time for ++ TLSÂ checks ++ - interfaces: expose bluez interface on classic OS ++ - snap-seccomp: add in-kernel bpf tests ++ - overlord: always try to get a serial, lazily on classic ++ - tests: add nmcli regression test ++ - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64 ++ - tests: add autopilot-introspection interface test ++ - vendor: fix artifact from manually editing vendor/vendor.json ++ - tests: rename complexion to test-snapd-complexion ++ - interfaces: add desktop and desktop-legacy ++ interfaces/desktop: add new 'desktop' interface for modern DEs ++ interfaces/builtin/desktop_test.go: use modern testing techniques ++ interfaces/wayland: allow read on /etc/drirc for Plasma desktop ++ interfaces/desktop-legacy: add new 'legacy' interface (currently ++ for a11y and input) ++ - tests: fix race in snap userd test ++ - devices/iio: add read/write for missing sysfs entries ++ - spread: don't set HTTPS?_PROXY for linode ++ - cmd/snap-repair: check signatures of repairs from Next ++ - env: set XDG_DATA_DIRS for wayland et.al. ++ - interfaces/{default,account-control}: Use username/group instead ++ of uid/gid ++ - interfaces/builtin: use udev tagging more broadly ++ - tests: add basic lxd test ++ - wrappers: ensure bash completion snaps install on core ++ - vendor: use old golang.org/x/crypto/ssh/terminal to build on ++ powerpc again ++ - docs: add PULL_REQUEST_TEMPLATE.md ++ - interfaces: fix network-manager plug ++ - hooks: do not error out when hook is optional and no hook handler ++ is registered ++ - cmd/snap: add userd command to replace snapd-xdg-open ++ - tests: new regex used to validate the core version on extra snaps ++ ass... ++ - snap: add new `snap switch` command ++ - tests: wait more and more debug info about fakestore start issues ++ - apparmor,release: add better apparmor detection/mocking code ++ - interfaces/i2c: adjust sysfs rule for alternate paths ++ - interfaces/apparmor: add missing call to dirs.SetRootDir ++ - cmd: "make hack" now also installs snap-update-ns ++ - tests: copy files with less verbosity ++ - cmd/snap-confine: allow using additional libraries required by ++ openSUSE ++ - packaging/fedora: Merge changes from Fedora Dist-Git ++ - snapstate: improve the error message when classic confinement is ++ not supported ++ - tests: add test to ensure amd64 can run i386 syscall binaries ++ - tests: adding extra info for fakestore when fails to start ++ - tests: install most important snaps ++ - cmd/snap-repair: more test coverage of filtering ++ - squashfs: remove runCommand/runCommandWithOutput as we do not need ++ it ++ - cmd/snap-repair: ignore superseded revisions, filter on arch and ++ models ++ - hooks: support for refresh hook ++ - Partial revert "overlord/devicestate, store: update device auth ++ endpoints URLs" ++ - cmd/snap-confine: allow reading /proc/filesystems ++ - cmd/snap-confine: genearlize apparmor profile for various lib ++ layout ++ - corecfg: fix proxy.* writing and add integration test ++ - corecfg: deal with system.power-key-action="" correctly ++ - vendor: update vendor.json after (presumed) manual edits ++ - cmd/snap: in `snap info`, don't print a newline between tracks ++ - daemon: add polkit support to /v2/login ++ - snapd,snapctl: decode json using Number ++ - client: fix go vet 1.7 errors ++ - tests: make 17.04 shellcheck clean ++ - tests: remove TestInterfacesHelp as it breaks when go-flags ++ changes ++ - snapstate: undo a daemon restart on classic if needed ++ - cmd/snap-repair: recover brand/model from ++ /var/lib/snapd/seed/assertions checking signatures and brand ++ account ++ - spread: opt into unsafe IO during spread tests ++ - snap-repair: update snap-repair/runner_test.go for API change in ++ makeMockServer ++ - cmd/snap-repair: skeleton code around actually running a repair ++ - tests: wait until the port is listening after start the fake store ++ - corecfg: fix typo in tests ++ - cmd/snap-repair: test that redirects works during fetching ++ - osutil: honor SNAPD_UNSAFE_IO for testing ++ - vendor: explode and make more precise our golang.go/x/crypto deps, ++ use same version as Debian unstable ++ - many: sanitize NewStoreStack signature, have shared default store ++ test private keys ++ - systemd: disable `Nice=-5` to fix error when running inside lxd ++ - spread.yaml: update delta ref to 2.27 ++ - cmd/snap-repair: use E-Tags when refetching a repair to retry ++ - interfaces/many: updates based on chromium and mrrescue denials ++ - cmd/snap-repair: implement most logic to get the next repair to ++ run/retry in a brand sequence ++ - asserts/assertstest: copy headers in SigningDB.Sign ++ - interfaces: convert uhid to common interface and test cases ++ improvement for time_control and opengl ++ - many tests: move all panicing fake store methods to a common place ++ - asserts: add store assertion type ++ - interfaces: don't crash if content slot has no attributes ++ - debian: do not build with -buildmode=pie on i386 ++ - wrappers: symlink completion snippets when symlinking binaries ++ - tests: adding more debug information for the interfaces-cups- ++ control â¦ ++ - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set ++ - many: allow and support serials signed by the 'generic' authority ++ instead of the brand ++ - corecfg: add proxy configuration via `snap set core ++ proxy.{http,https,ftp}=...` ++ - interfaces: a bunch of interfaces test improvement ++ - tests: enable regression and completion suites for opensuse ++ - tests: installing snapd for nested test suite ++ - interfaces: convert lxd_support to common iface ++ - interfaces: add missing test for camera interface. ++ - snap: add support for parsing snap layout section ++ - cmd/snap-repair: like for downloads we cannot have a timeout (at ++ least for now), less aggressive retry strategies ++ - overlord: rely on more conservative ensure interval ++ - overlord,store: no piles of return args for methods gathering ++ device session request params ++ - overlord,store: send model assertion when setting up device ++ sessions ++ - interfaces/misc: updates for unity7/x11, browser- ++ support, network-control and mount-observe ++ interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT ++ interfaces/browser-support: update sysfs reads for ++ newer browser versions, interfaces/network-control: rw for ++ ieee80211 advanced wireless interfaces/mount-observe: allow read ++ on sysfs entries for block devices ++ - tests: use dnf --refresh install to avert stale cache ++ - osutil: ensure TestLockUnlockWorks uses supported flock ++ - interfaces: convert lxd to common iface ++ - tests: restart snapd to ensure re-exec settings are applied ++ - tests: fix interfaces-cups-control test ++ - interfaces: improve and tweak bunch of interfaces test cases. ++ - tests: adding extra worker for fedora ++ - asserts,overlord/devicestate: support predefined assertions that ++ don't establish foundational trust ++ - interfaces: convert two hardware_random interfaces to common iface ++ - interfaces: convert io_ports_control to common iface ++ - tests: fix for upgrade test on fedora ++ - daemon, client, cmd/snap: implement snap start/stop/restart ++ - cmd/snap-confine: set _FILE_OFFSET_BITS to 64 ++ - interfaces: covert framebuffer to commonInterface ++ - interfaces: convert joystick to common iface ++ - interfaces/builtin: add the spi interface ++ - wrappers, overlord/snapstate/backend: make link-snap clean up on ++ failure. ++ - interfaces/wayland: add wayland interface ++ - interfaces: convert kvm to common iface ++ - tests: extend upower-observe test to cover snaps providing slots ++ - tests: enable main suite for opensuse ++ - interfaces: convert physical_memory_observe to common iface ++ - interfaces: add missing test for optical_drive interface. ++ - interfaces: convert physical_memory_control to common iface ++ - interfaces: convert ppp to common iface ++ - interfaces: convert time-control to common iface ++ - tests: fix failover test ++ - interfaces/builtin: rework for avahi interface ++ - interfaces: convert broadcom-asic-control to common iface ++ - snap/snapenv: document the use of CoreSnapMountDir for SNAP ++ - packaging/arch: drop patches merged into master ++ - cmd: fix mustUnsetenv docstring (thanks to Chipaca) ++ - release: remove default from VERSION_ID ++ - tests: enable regression, upgrade and completion test suites for ++ fedora ++ - tests: restore interfaces-account-control properly ++ - overlord/devicestate, store: update device auth endpoints URLs ++ - tests: fix install-hook test failure ++ - tests: download core and ubuntu-core at most once ++ - interfaces: add common support for udev ++ - overlord/devicestate: fix, don't assume that the serial is backed ++ by a 1-key chain ++ - cmd/snap-confine: don't share /etc/nsswitch from host ++ - store: do not resume a download when we already have the whole ++ thing ++ - many: implement "snap logs" ++ - store: don't call useDeltas() twice in quick succession ++ - interfaces/builtin: add kvm interface ++ - snap/snapenv: always expect /snap for $SNAP ++ - cmd: mark arch as non-reexecing distro ++ - cmd: fix tests that assume /snap mount ++ - gitignore: ignore more build artefacts ++ - packaging: add current arch packaging ++ - interfaces/unity7: allow receiving media key events in (at least) ++ gnome-shell ++ - interfaces/many, cmd/snap-confine: miscellaneous policy updates ++ - interfaces/builtin: implement broadcom-asic-control interface ++ - interfaces/builtin: reduce duplication and remove cruft in ++ Sanitize{Plug,Slot} ++ - tests: apply underscore convention for SNAPMOUNTDIR variable ++ - interfaces/greengrass-support: adjust accesses now that have ++ working snap ++ - daemon, client, cmd/snap: implement "snap services" ++ - tests: fix refresh tests not stopping fake store for fedora ++ - many: add the interface command ++ - overlord/snapstate/backend: some copydata improvements ++ - many: support querying and completing assertion type names ++ - interfaces/builtin: discard empty Validate{Plug,Slot} ++ - cmd/snap-repair: start of Runner, implement first pass of Peek ++ and Fetch ++ - tests: enable main suite on fedora ++ - snap: do not always quote the snap info summary ++ - vendor: update go-flags to address crash in "snap debug" ++ - interfaces: opengl support pci device and vendor ++ - many: start implenting "base" snap type on the snapd side ++ - arch,release: map armv6 correctly ++ - many: expose service status in 'snap info' ++ - tests: add browser-support interface test ++ - tests: disable snapd-notify for the external backend ++ - interfaces: Add /run/uuid/request to openvswitch ++ - interfaces: add password-manager-service implicit classic ++ interface ++ - cmd: rework reexec detection ++ - cmd: fix re-exec bug when starting from snapd 2.21 ++ - tests: dependency packages installed during prepare-project ++ - tests: remove unneeded check for re-exec in InternalToolPath() ++ - cmd,tests: fix classic confinement confusing re-execution code ++ - store: configurable base api ++ - tests: fix how package lists are updated for opensuse and fedora ++ ++ -- Michael Vogt Mon, 25 Sep 2017 12:07:34 -0400 ++ ++snapd (2.27.6-2) unstable; urgency=medium ++ ++ * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch ++ to fix FTBFS with Go 1.9. (Closes: #876867) ++ ++ -- Michael Hudson-Doyle Tue, 26 Sep 2017 13:41:53 -0400 ++ ++snapd (2.27.6-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1703798: ++ - interfaces: add udev netlink support to hardware-observe ++ - interfaces/network-{control,observe}: allow receiving ++ kobject_uevent() messages ++ ++ -- Zygmunt Krynicki Fri, 08 Sep 2017 00:03:18 +0200 ++ ++snapd (2.27.5-1) unstable; urgency=medium ++ ++ * New upstream release. ++ - interfaces: fix network-manager plug regression ++ - hooks: do not error when hook handler is not registered ++ - interfaces/alsa,pulseaudio: allow read on udev data for sound ++ - interfaces/optical-drive: read access to udev data for /dev/scd* ++ - interfaces/browser-support: read on /proc/vmstat and misc udev data ++ ++ -- Zygmunt Krynicki Thu, 31 Aug 2017 10:11:20 +0200 ++ ++snapd (2.27.4-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Enable seccomp. ++ ++ -- Michael Hudson-Doyle Thu, 24 Aug 2017 22:12:52 +1200 ++ ++snapd (2.27.2-2) unstable; urgency=medium ++ ++ * Fix re-exec test failure. ++ ++ -- Michael Hudson-Doyle Fri, 18 Aug 2017 11:37:47 +1200 ++ ++snapd (2.27.2-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Stop using single-debian-patch, split delta into separate patches. ++ * Allow confining snap-confine even when --disable-apparmor is used. ++ * Pass --enable-static-libcap to cmd/configure, as was always the intention. ++ * Disable re-exec on Debian until core snap can cope with a partial apparmor ++ implementation. (Closes: #851473) ++ ++ -- Michael Hudson-Doyle Fri, 18 Aug 2017 11:00:31 +1200 ++ ++snapd (2.27.1-1) unstable; urgency=medium ++ ++ * New upstream release. (Closes: #868959, #869268, #872071) ++ * New changes to upstream sources: ++ - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of ++ golang/x/net. ++ - Use upstream version of libseccomp-golang. ++ * Do not install ancient ubuntu-core-launcher symlink. ++ ++ -- Michael Hudson-Doyle Mon, 14 Aug 2017 21:53:09 +1200 ++ ++snapd (2.27.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1703798: ++ - tests: use dnf --refresh install to avert stale cache ++ - tests: fix test failure on 14.04 due to old version of ++ flock ++ - updates for unity7/x11, browser-support, network-control, ++ mount-observe ++ - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT ++ - interfaces/browser-support: update sysfs reads for ++ newer browser versions ++ - interfaces/network-control: rw for ieee80211 advanced wireless ++ - interfaces/mount-observe: allow read on sysfs entries for block ++ devices ++ ++ -- Michael Vogt Mon, 14 Aug 2017 08:02:17 +0200 ++ ++snapd (2.27) xenial; urgency=medium ++ ++ * New upstream release, LP: #1703798 ++ - fix build failure on 32bit fedora ++ - interfaces: add password-manager-service implicit classic interface ++ - interfaces/greengrass-support: adjust accesses now that have working ++ snap ++ - interfaces/many, cmd/snap-confine: miscellaneous policy updates ++ - interfaces/unity7: allow receiving media key events in (at least) ++ gnome-shell ++ - cmd: fix re-exec bug when starting from snapd 2.21 ++ - tests: restore interfaces-account-control properly ++ - cmd: fix tests that assume /snap mount ++ - cmd: mark arch as non-reexecing distro ++ - snap-confine: don't share /etc/nsswitch from host ++ - store: talk to api.snapcraft.io for purchases ++ - hooks: support for install and remove hooks ++ - packaging: fix Fedora support ++ - tests: add bluetooth-control interface test ++ - store: talk to api.snapcraft.io for assertions ++ - tests: remove snapd before building from branch ++ - tests: add avahi-observe interface test ++ - store: orders API now checks if customer is ready ++ - cmd/snap: snap find only searches stable ++ - interfaces: updates default, mir, optical-observe, system-observe, ++ screen-inhibit-control and unity7 ++ - tests: speedup prepare statement part 1 ++ - store: do not send empty refresh requests ++ - asserts: fix error handling in snap-developer consistency check ++ - systemd: add explicit sync to snapd.core-fixup.sh ++ - snapd: generate snap cookies on startup ++ - cmd,client,daemon: expose "force devmode" in sysinfo ++ - many: introduce and use strutil.ListContains and also ++ strutil.SortedListContains ++ - assserts,overlord/assertstate: test we don't accept chains of ++ assertions founded on a self-signed key coming externally ++ - interfaces: enable access to bridge settings ++ - interfaces: fix copy-pasted iio vs io in io-ports-control ++ - cmd/snap-confine: various small fixes and tweaks to seccomp ++ support code ++ - interfaces: bring back seccomp argument filtering ++ - systemd, osutil: rework systemd logs in preparation for services ++ commands ++ - tests: store /etc/systemd/system/snap-*core*.mount in snapd- ++ state.tar.gz ++ - tests: shellcheck improvements for tests/main tasks - first set of ++ tests ++ - cmd/snap: `--last` for abort and watch, and aliases ++ (searchâfind, changeâtasks) ++ - tests: shellcheck improvements for tests/lib scripts ++ - tests: create ramdisk if it's not present ++ - tests: shellcheck improvements for nightly upgrade and regressions ++ tests ++ - snapd: fix for snapctl get panic on null config values. ++ - tests: fix for rng-tools service not restarting ++ - systemd: add snapd.core-fixup.service unit ++ - cmd: avoid using current symlink in InternalToolPath ++ - tests: fix timeout issue for test refresh core with hanging â¦ ++ - intefaces: control bridged vlan/ppoe-tagged traffic ++ - cmd/snap: include snap type in notes ++ - overlord/state: Abort() only visits each task once ++ - tests: extend find-private test to cover more cases ++ - snap-seccomp: skip socket() tests on systems that use socketcall() ++ instead of socket() ++ - many: support snap title as localized/title-cased name ++ - snap-seccomp: deal with mknod on aarch64 in the seccomp tests ++ - interfaces: put base policy fragments inside each interface ++ - asserts: introduce NewDecoderWithTypeMaxBodySize ++ - tests: fix snapd-notify when it takes more time to restart ++ - snap-seccomp: fix snap-seccomp tests in artful ++ - tests: fix for create-key task to avoid rng-tools service ramains ++ alive ++ - snap-seccomp: make sure snap-seccomp writes the bpf file ++ atomically ++ - tests: do not disable ipv6 on core systems ++ - arch: the kernel architecture name is armv7l instead of armv7 ++ - snap-confine: ensure snap-confine waits some seconds for seccomp ++ security profiles ++ - tests: shellcheck improvements for tests/nested tasks ++ - wrappers: add SyslogIdentifier to the service unit files. ++ - tests: shellcheck improvements for unit tasks ++ - asserts: implement FindManyTrusted as well ++ - asserts: open up and optimize Encoder to help avoiding unnecessary ++ copying ++ - interfaces: simplify snap-confine by just loading pre-generated ++ bpf code ++ - tests: restart rng-tools services after few seconds ++ - interfaces, tests: add mising dbus abstraction to system-observe ++ and extend spread test ++ - store: change main store host to api.snapcraft.io ++ - overlord/cmdstate: new package for running commands as tasks. ++ - spread: help libapt resolve installing libudev-dev ++ - tests: show the IP from .travis.yaml ++ - tests/main: use pkgdb function in more test cases ++ - cmd,daemon: add debug command for displaying the base policy ++ - tests: prevent quoting error on opensuse ++ - tests: fix nightly suite ++ - tests: add linode-sru backend ++ - snap-confine: validate SNAP_NAME against security tag ++ - tests: fix ipv6 disable for ubuntu-core ++ - tests: extend core-revert test to cover bluez issues ++ - interfaces/greengrass-support: add support for Amazon Greengrass ++ as a snap ++ - asserts: support timestamp and optional disabled header on repair ++ - tests: reboot after upgrading to snapd on the -proposed pocket ++ - many: fix test cases to work with different DistroLibExecDir ++ - tests: reenable help test on ubuntu and debian systems ++ - packaging/{opensuse,fedora}: allow package build with testkeys ++ included ++ - tests/lib: generalize RPM build support ++ - interfaces/builtin: sync connected slot and permanent slot snippet ++ - tests: fix snap create-key by restarting automatically rng-tools ++ - many: switch to use http numeric statuses as agreed ++ - debian: add missing Type=notify in 14.04 packaging ++ - tests: mark interfaces-openvswitch as manual due to prepare errors ++ - debian: unify built_using between the 14.04 and 16.04 packaging ++ branch ++ - tests: pull from urandom when real entropy is not enough ++ - tests/main/manpages: install missing man package ++ - tests: add refresh --time output check ++ - debian: add missing "make -C data/systemd clean" ++ - tests: fix for upgrade test when it is repeated ++ - tests/main: use dir abstraction in a few more test cases ++ - tests/main: check for confinement in a few more interface tests ++ - spread: add fedora snap bin dir to global PATH ++ - tests: check that locale-control is not present on core ++ - many: snapctl outside hooks ++ - tests: add whoami check ++ - interfaces: compose the base declaration from interfaces ++ - tests: fix spread flaky tests linode ++ - tests,packaging: add package build support for openSUSE ++ - many: slight improvement of some snap error messaging ++ - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in ++ err reports ++ - tests: fix for the test postrm-purge ++ - tests: restoring the /etc/environment and service units config for ++ each test ++ - daemon: make snapd a "Type=notify" daemon and notify when startup ++ is done ++ - cmd/snap-confine: add support for --base snap ++ - many: derive implicit slots from interface meta-data ++ - tests: add core revert test ++ - tests,packaging: add package build support for Fedora for our ++ spread setup ++ - interfaces: move base declaration to the policy sub-package ++ - tests: fix for snapd-reexec test cheking for restart info on debug ++ log ++ - tests: show available entropy on error ++ - tests: clean journalctl logs on trusty ++ - tests: fix econnreset on staging ++ - tests: modify core before calling set ++ - tests: add snap-confine privilege test ++ - tests: add staging snap-id ++ - interfaces/builtin: silence ptrace denial for network-manager ++ - tests: add alsa interface spread test ++ - tests: prefer ipv4 over ipv6 ++ - tests: fix for econnreset test checking that the download already ++ started ++ - httputil,store: extract retry code to httputil, reorg usages ++ - errtracker: report if snapd did re-execute itself ++ - errtracker: include bits of snap-confine apparmor profile ++ - tests: take into account staging snap-ids for snap-info ++ - cmd: add stub new snap-repair command and add timer ++ - many: stop "snap refresh $x --channel invalid" from working ++ - interfaces: revert "interfaces: re-add reverted ioctl and quotactl ++ - snapstate: consider connect/disconnect tasks in ++ CheckChangeConflict. ++ - interfaces: disable "mknod |N" in the default seccomp template ++ again ++ - interfaces,overlord/ifacestate: make sure installing slots after ++ plugs works similarly to plugs after slots ++ - interfaces/seccomp: add bind() syscall for forced-devmode systems ++ - packaging/fedora: Sync packaging from Fedora Dist-Git ++ - tests: move static and unit tests to spread task ++ - many: error types should be called FooError, not ErrFoo. ++ - partition: add directory sync to the save uboot.env file code ++ - cmd: test everything (100% coverage \o/) ++ - many: make shell scripts shellcheck-clean ++ - tests: remove additional setup for docker on core ++ - interfaces: add summary to each interface ++ - many: remove interface meta-data from list of connections ++ - logger (& many more, to accommodate): drop explicit syslog. ++ - packaging: import packaging bits for opensuse ++ - snapstate,many: implement snap install --unaliased ++ - tests/lib: abstract build dependency installation a bit more ++ - interfaces, osutil: move flock code from interfaces/mount to ++ osutil ++ - cmd: auto import assertions only from ext4,vfat file systems ++ - many: refactor in preparation for 'snap start' ++ - overlord/snapstate: have an explicit code path last-refresh ++ unset/zero => immediately refresh try ++ - tests: fixes for executions using the staging store ++ - tests: use pollinate to seed the rng ++ - cmd/snap,tests: show the sha3-384 of the snap for snap info ++ --verbose SNAP-FILE ++ - asserts: simplify and adjust repair assertion definition ++ - cmd/snap,tests: show the snap id if available in snap info ++ - daemon,overlord/auth: store from model assertion wins ++ - cmd/snap,tests/main: add confinement switch instead of spread ++ system blacklisting ++ - many: cleanup MockCommands and don't leave a process around after ++ hookstate tests ++ - tests: update listing test to the core version number schema ++ - interfaces: allow snaps to use the timedatectl utility ++ - packaging: Add Fedora packaging files ++ - tests/libs: add distro_auto_remove_packages function ++ - cmd/snap: correct devmode note for anomalous state ++ - tests/main/snap-info: use proper pkgdb functions to install distro ++ packages ++ - tests/lib: use mktemp instead of tempfile to work cross-distro ++ - tests: abstract common dirs which differ on distributions ++ - many: model and expose interface meta-data. ++ - overlord: make config defaults from gadget work also at first boot ++ - interfaces/log-observe: allow using journalctl from hostfs for ++ classic distro ++ - partition,snap: add support for android boot ++ - errtracker: small simplification around readMachineID ++ - snap-confine: move rm_rf_tmp to test-utils. ++ - tests/lib: introduce pkgdb helper library ++ - errtracker: try multiple paths to read machine-id ++ - overlord/hooks: make sure only one hook for given snap is executed ++ at a time. ++ - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the ++ confinement env ++ - tests: bump kill-timeout and remove quiet call on build ++ - tests/lib/snaps: add a test store snap with a passthrough ++ configure hook ++ - daemon: teach the daemon to wait on active connections when ++ shutting down ++ - tests: remove unit tests task ++ - tests/main/completion: source from /usr/share/bash-completion ++ - assertions: add "repair" assertion ++ - interfaces/seccomp: document Backend.NewSpecification ++ - wrappers: make StartSnapServices cleanup any services that were ++ added if a later one fails ++ - overlord/snapstate: avoid creating command aliases for daemons ++ - vendor: remove unused packages ++ - vendor,partition: fix panics from uenv ++ - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from ++ core if possible ++ - daemon: do not allow to install ubuntu-core anymore ++ - wrappers: service start/stop were inconsistent ++ - tests: fix failing tests (snap core version, syslog changes) ++ - cmd/snap-update-ns: add actual implementation ++ - tests: improve entropy also for ubuntu ++ - cmd/snap-confine: use /etc/ssl from the core snap ++ - wrappers: don't convert between []byte and string needlessly. ++ - hooks: default timeout ++ - overlord/snapstate: Enable() was ignoring the flags from the ++ snap's state, resulting in losing "devmode" on disable/enable. ++ - difs,interfaces/mount: add support for locking namespaces ++ - interfaces/mount: keep track of kept mount entries ++ - tests/main: move a bunch of greps over to MATCH ++ - interfaces/builtin: make all interfaces private ++ - interfaces/mount: spell unmount correctly ++ - tests: allow 16-X.Y.Z version of core snap ++ - the timezone_control interface only allows changing /etc/timezone ++ and /etc/writable/timezone. systemd-timedated also updated the ++ link of /etc/localtime and /etc/writable/localtime ... allow ++ access to this file too ++ - cmd/snap-confine: aggregate operations holding global lock ++ - api, ifacestate: resolve disconnect early ++ - interfaces/builtin: ensure we don't register interfaces twice ++ ++ -- Michael Vogt Thu, 10 Aug 2017 12:43:16 +0200 ++ ++snapd (2.26.14) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - cmd: fix incorrect re-exec when starting from snapd 2.21 ++ ++ -- Michael Vogt Thu, 20 Jul 2017 13:52:05 +0200 ++ ++snapd (2.26.13) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - cmd,tests: fix classic confinement confusing re-execution code ++ - cmd: fix incorrect check check for re-exec in InternalToolPath() ++ - snap-seccomp: add secondary arch for unrestricted snaps as well ++ ++ -- Michael Vogt Tue, 18 Jul 2017 20:34:33 +0200 ++ ++snapd (2.26.10) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64 ++ ++ -- Michael Vogt Mon, 17 Jul 2017 11:58:22 +0200 ++ ++snapd (2.26.9) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - statically link libseccomp in snap-seccomp to fix refresh issue ++ on trusty ++ ++ -- Michael Vogt Wed, 12 Jul 2017 08:27:14 +0200 ++ ++snapd (2.26.8) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64 ++ - add snapd.core-fixup.service unit ++ - ensure re-exec uses the right internal tools ++ ++ -- Michael Vogt Wed, 05 Jul 2017 07:48:22 +0200 ++ ++snapd (2.26.6) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - interfaces: allow snaps to use the timedatectl utility in ++ time-control ++ ++ -- Michael Vogt Tue, 27 Jun 2017 08:36:23 +0100 ++ ++snapd (2.26.5) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - backport of seccomp-bpf branch to the 2.26 release to ensure snap ++ revert with new seccomp syntax works correctly ++ ++ -- Michael Vogt Mon, 26 Jun 2017 15:30:15 +0100 ++ ++snapd (2.26.4) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - partly revert aace15ab53 to unbreak core reverts ++ - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)" ++ - Disable "mknod |N" in the default seccomp template ++ reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition ++ - errtracker: include bits of snap-confine apparmor profile ++ - errtracker: report if snapd did re-execute itself ++ ++ -- Michael Vogt Thu, 01 Jun 2017 18:50:52 +0200 ++ ++snapd (2.26.3) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make ++ sure the image tests are updated for the changes in the ++ `snap info core` output and the removal of the rsyslog ++ package from core. ++ ++ -- Michael Vogt Wed, 17 May 2017 11:31:56 +0200 ++ ++snapd (2.26.2) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - cherry pick d444728 to make the uboot.env file parsing more ++ robust ++ ++ -- Michael Vogt Tue, 16 May 2017 18:37:07 +0200 ++ ++snapd (2.26.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - store: fix panic error in auth ++ - tests: the new ubuntu-image snap needs classic confinement, adjust ++ tests ++ - cmd/snap-confine: don't fail on pre 3.8 kernel ++ ++ -- Michael Vogt Thu, 11 May 2017 21:44:27 +0200 ++ ++snapd (2.26) xenial; urgency=medium ++ ++ * New upstream release, LP: #1690083 ++ - timeutil: avoid panicking when the window is very small ++ - image: fix go vet issue ++ - overlord/ifacestate: don't spam logs with harmless auto-connect ++ messages ++ - interfaces/builtin: add network-status interface ++ - interfaces/builtin: add online-accounts-service interface ++ - interfaces/builtin: distribute code of touching allInterfaces ++ - interfaces: API additions for interface hooks ++ - interfaces/builtin: add storage-framework-service interface ++ - tests: disable create-key test on ppc64el for artful (expect not ++ working) ++ - snap: make `snap prepare-image --extra-snaps` derive side info ++ - tests: unify tests/{main/completion,completion}/lib.exp0 ++ - cmd/snap: tweak info channels output ++ - interfaces: ensure that legacy interface methods are unused ++ - packaging: cleanup how built-using is generated ++ - tests: extend kernel-module-control interface test ++ - interfaces/network: workaround Go's need for NETLINK_ROUTE with ++ 'net'. ++ - cmd/snap-confine: use defensive argument parser ++ - tests: add test for empty snap name on revert ++ - overlord/hookstate: remove unused Context.timeout ++ - tests: additional setup in docker test for core systems ++ - configstate: return error if patch is invalid ++ - interfaces: add random interface ++ - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR ++ - cmd/snap, client: add "whoami" command ++ - cmd/snap: iterate interface tab completion ++ - snap: move locale-control to only be present on classic ++ - interfaces/browser-support: deny read on squashfs backing files ++ and LVM vg names ++ - tests: wait for the docker socket to be listening ++ - snap: add `snap refresh --time` option ++ - tests: re-enable and moderninze /media sharing test ++ - cmd: make rst2man optional ++ - tests: remove quoting from [[ ]] when globs ++ - interfaces: allow plugging DBus clients to introspect the slot ++ service ++ - packaging/ubuntu*/changelog: drop extra dash ++ - snap-confine: init the ENTRY variable, coverity is unhappy ++ otherwise ++ - cmd/snap-confine/spread-tests: discard useless --version test ++ - spread: add spread target qemu:debian-9-64 ++ - interfaces: mediate netlink sockets via seccomp ++ - tests,cmd/snap-confine: port older snapd-discard-ns tests ++ - cmd/snap-confine/tests: fix shellcheck on recently added files ++ - tests/upgrade: force install core snap from beta for debian ++ - overlord/snapstate/backend,interfaces/mount: move ns management ++ code. ++ - tests: extend network-control spread test to cope with network ++ namespaces ++ - tests: fail early in the spread suite if trying to run it inside a ++ container ++ - tests: set ownership of $PROJECT_PATH for the external backend ++ - tests: specify the auto-refreshable snap being tested ++ - many: fix tests with go1.8 / artful ++ - fix for tests: debian does not have /snap/bin in secure_path so ++ sudo ++ - snap: support for snap tasks --last=... ++ - cmd/snap-confine: remove obsolete debug message ++ - address review feedback, add a lot of comments :-), call ++ shellcheck on the completion scripts, fix a bug in compopt ++ ++ -- Michael Vogt Thu, 11 May 2017 10:05:44 +0200 ++ ++snapd (2.25) xenial; urgency=medium ++ ++ * New upstream release, LP: #1686713 ++ - interfaces/default: allow mknod for regular files, pipes and ++ sockets ++ - many: use "SNAP.APP as ALIAS" instead of => when listing ++ added/removed aliases ++ - cmd/snap-confine: write current mount profile ++ - cmd/snap-discard-ns: remove current profile when cleaning up ++ - many: support debian in our CI ++ - tests: tweak time for econnreset test a bit more ++ - cmd/snap-confine: re-enable re-assciate fix for CE ++ - many: aliases v2 cleanups ++ - cmd/snap-confine: don't use apparmor if it is disabled on boot ++ - many: implement `snap prefer ` (aliases v2) ++ - many: adjust /aliases and "snap aliases" to aliases v2, also some ++ cleanup ++ - snapstate: normalize gadget defaults ++ - many: allow core refresh.schedule setting ++ - many: show alias changes on snap alias/unalias (aliases v2) ++ - client,cmd/snap: improve messaging on --devmode and --classic ++ - many: implement `snap unalias ` (aliases v2) ++ - store: retry on connection reset ++ - interfaces/mount: add Change.Perform ++ - tests: add openvswitch interface spread test ++ - interfaces/i2c: allow modifying device-specific sysfs entries ++ - interfaces: allow writing to /run/systemd/journal/stdout by ++ default ++ - tests: ensure travis fails early if static checks fail ++ - store,daemon: make store interpret channel="" as stable in most ++ cases ++ - overlord/snapstate: make UpdateAliases idempotent, simplify the ++ backend interface bits for aliases not used anymore (aliases v2) ++ - many: implement snap alias (aliases v2) ++ - snap-confine: add code to ensure that / or /snap is mounted ++ "shared" ++ - many: show available "tracks" in `snap info` ++ - cmd/snap: make users Xauthority file available in snap environment ++ - interfaces/mount: write current fstab files with mode 0644 ++ - overlord: switch to aliases v2 tasks for install/refresh etc ops ++ plus transition ++ - tests: parameterize gadget snap channel (#3117) ++ - tests: copy .real profile as .real ++ - tests: add empty initrd failover test ++ - many: mount squashfs as read-only ++ - cmd: make locking around namespaces explicit ++ - tests: address review comments from #3186 ++ - tests: add dbus interface spread test ++ - interfaces/mount: add ReadMountInfo and LoadMountInfo ++ - snap: require snap name for 'revert' ++ - overlord: maintain per-revision snapshots of snap configuration ++ - tests: relax network-bind interface regexps ++ - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f) ++ - store: retry once on hashsum mismatches in a Download() ++ - interfaces/builtin: don't panic if content plug has nil attrs ++ - interfaces/mount: pass mount.Profile to mount.NeededChanges ++ - packaging: add `built-using` header for 16.04 packaging ++ - interfaces: add media-hub interface ++ - interfaces/builtin: allow full access to properties iface of the ++ udisks service ++ - tests: handle case when both .real and plain are present ++ - interfaces/mount: add Change.String for readable output ++ - tests: ensure we mock force dev mode as well to fix FTBFS in ++ sbuild ++ - store: add more logs around retry in download ++ - interfaces/mount: add stub Change.{Needed,Perform} ++ - tests: allow installing snapd from -proposed for SRU validation ++ - interfaces/mount: parse mount options to map[string]string ++ - snap: added tasks subcommand ++ - tests: copy snap-confine apparmor profile into testbed ++ - interfaces/mount: improve go identifier names of mountinfo, parse ++ optional fields ++ - Arch Linux wants to respect FHS ++ (https://bugs.archlinux.org/task/53656), ++ - daemon: do not set RemoveSnapPath flag when doing a try ++ - debian: add maintscript helper to remove usr.lib.snapd.snap- ++ confine in snap-confine ++ - cmd/snap-confine: don't use plain "classic" term ++ - cmd/snap-confine: set TMPDIR and TEMPDIR each time ++ - many: fixes for `go vet` in go 1.7 ++ - tests: add kernel-module-control interface test ++ - overlord/snapstate: introduce tasks for aliases v2 semantics with ++ temporary names for now (aliases v2) ++ - overlord/devicestate: switch to ssh-keygen for device key ++ generation ++ - snap: skip /dev/ram from auto-import assertions to make it less ++ noisy (#3010) ++ - interfaces: add kubernetes-support interface and adjust related ++ interfaces (LP: #1664638) ++ - tests: download previous snapd package from published versions ++ instead of specific PPA ++ - snap: run snap-confine from core if snap is also running from core ++ - overlord/ifacestate: automatically rename connections on core snap ++ - many: break the /aliases mutation API with a clean 400 (aliases ++ v2) ++ - interfaces/builting: allow read-only access to /sys/module ++ - tests: add extra test after the core transition for snap get/set ++ core ++ - store: misc cleanups in tests ++ - interfaces/mount: add parser for mountinfo entries ++ - store: tests for unexpected EOF ++ - tests: fix unity test ++ - interfaces,overlord: log interface auto-connection failures ++ - cmd/snap-update-ns: add C preamble for setns ++ - interfaces: validate plug/slot uniqueness ++ ++ -- Michael Vogt Fri, 28 Apr 2017 07:57:49 +0200 ++ ++snapd (2.24.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1681799: ++ - fix autopkgtest failures with stable core snap ++ - ensure the snap-confine transitional package cleans up ++ the no-longer-used apparmor profile to fix the kernels ++ autopkgtest failures ++ ++ -- Michael Vogt Wed, 19 Apr 2017 11:54:33 +0200 ++ ++snapd (2.24) xenial; urgency=medium ++ ++ * New upstream release, LP: #1681799: ++ - interfaces/mount: add InfoEntry type ++ - many: fix plug auto-connect during core transition ++ - interfaces: fold network bind into core support with tests ++ - .travis.yml: add option to make raw log less noisy ++ - interfaces: adjust shm accesses to use 'm' for updated mmap kernel ++ mediation ++ - many: rename two core plugs that clash with slot names ++ - snap-confine,browser-support: /dev/tty for snap-confine, misc ++ browser-support for gnome-shell ++ - store: add download test with EOF in the middle ++ - tests: adjust to look for network-bind-plug ++ - store: make hash error message more accurate ++ - overlord/snapstate: simplify AliasesStatus down to just an ++ AutoAliasesDisabled bool flag (aliases v2) ++ - errtracker: never send errtracker reports when running under ++ SNAPPY_TESTING ++ - interfaces/repo: validate slot/plug names ++ - daemon: Give the snap directories via GET /v2/system-info ++ - interfaces/unity7: support unity messaging menu ++ - interfaces/mount: add high-level Profile functions ++ - git: ignore only the cmd/Makefile{,.in} ++ - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs ++ support ++ - daemon: add desktop file location for app to the API ++ - overlord,release: disable classic snap support when not possible ++ - overlord: fix TestEnsureLoopPrune not to be so racy ++ - many: abstract path to /bin/{true,false} ++ - data/systemd: tweak data/systemd/Makefile to be slightly simpler ++ - store: handle EOF via url.Error check ++ - packaging: use templates for relevant systemd units ++ - tests: run gccgo only on ubuntu-16.04-64 ++ - .travis.yml: remove travis matrix and do a single sequential run ++ - overlord/state: make sure that setting to nil a state key is ++ equivalent to deleting it ++ - tests: fix incorrect shell expression ++ - interfaces/mount: add OptsToFlags for converting arguments to ++ syscallâ¦ ++ - interfaces: add a joystick interface ++ - tests: enable docker test for more ubuntu-core systems ++ - tests: download and install additional dependencies when using ++ prepackaged snapd ++ - many: add support for partially static builds ++ - interfaces: allow slot to introspect dbus-daemon in dbus ++ interface, allow /usr/bin/arch by default ++ - interfaces/mount: fix golint issues ++ - interfaces/mount: add function for saving fstab-like file ++ - osutil: introducing GetenvInt64, like GetenvBool but Int64er. ++ - interfaces: drop udev tagging from framebuffer interface ++ - snapstate: more helpers to work with aliases state (aliases ++ v2) ++ - interfaces/mount: add function for parsing fstab-like file ++ - cmd: disable the re-associate fix as requested by jdstrand ++ - overlord/snapstate: unlock/relock the state less, especially not ++ across mutating the SnapState of a snap ++ - interfaces: allow executing ld.so (needed with new AppArmor base ++ abstraction) ++ - interfaces/mount: add function for parsing mount entries ++ - cmd: rework header check for xfs/xqm.h ++ - cmd: add poky to the list of distros which don't support reexec ++ - overlord: finish reorg, revert "be more conservative until we have ++ cut 2.23.x" ++ - cmd: select what socket to use in cmd/snap{,ctl} ++ - overlord: remove snap config values when snap is removed ++ - snapstate: introduce helper to apply to disk a alias states change ++ for a snap (aliases v2) ++ - configstate,hookstate: timeout the configure hook after 5 mins, ++ report failures to the errtracker ++ - interfaces/seccomp: add bind as part of the default seccomp policy ++ for hooks ++ - cmd: discard the C implementation of snap-update-ns ++ - tests: remove stale apt proxy leftover from cloud-init ++ - tests: move unity test to nightly suite ++ - interfaces: add support for location-observe for ++ dbus::ObjectManager session paths ++ - boot: log error in KernelOrOsRebootRequired ++ - interfaces: remove old API ++ - interfaces: use udev spec ++ - interfaces: convert systemd backend to new APIs ++ - osutil: add BootID ++ - tests: move docker test to new nightly suite ++ - interfaces/mount: compute mount changes required to transition ++ mount profiles ++ - data/selinux: add context definition for snapctl ++ - overlord: clean up organization under state packages ++ - overlord: make sure all managers packages have *state.go with the ++ main state manipulation/query APIs ++ - interfaces: use spec in the dbus backend ++ - store: download from authenticated URL if there is a device ++ session set ++ - tests: remove core_name variable ++ - interfaces: rename thumbnailer to thumbnailer-service ++ - interfaces: add chroot to base templates ++ - asserts: remove some unused things ++ - systemd: mount the squashfs with nodev ++ - overlord: when shutting down assume errors might be due to ++ cancellation so retry ++ - cmd: rename all unit tests to $command/unit-test ++ - cmd/snap: fix help string for version command ++ - asserts: don't allow revocations with other items for the same ++ developer ++ - tests: skip lp-1644439 test on older kernels ++ - interfaces: allow "sync" to be used by core support ++ - assertstate,snapstate: have assertstate.AutoAliases use the ++ "aliases" header ++ - interfaces: allow writing config.txt.tmp in the core-support ++ interface ++ - tests: adjust network-bind test ++ - interfaces: dbus backend spec ++ - asserts: introduce a snap-declaration "aliases" header to list ++ auto aliases with explicit targets ++ - cmd: enable large file support ++ - cmd/snap: handle missing snap-confine ++ - cmd/snap-confine: re-associate with pid-1 mount namespace if ++ required ++ - cmd/libsnap: make mountinfo structures public ++ - tests: fix interfaces-cups-control for zesty ++ - misc: revert "Log if the system goes into ForceDevMode" ++ - interfaces: seccomp tests cleanup ++ - cmd: validate SNAP_NAME ++ - interfaces: log if the system goes into ForceDevMode ++ - tests: fix classic-ubuntu-core-transition race ++ - interfaces: use apparmor spec in the apparmor backend ++ - interfaces: alphabetize framebuffer in base decl and add it to ++ all_test.go ++ - tests: add ubuntu-core-16-32 system to the external backend and ++ fix docker test ++ - cmd/libsnap: simplify sc_string_quote default case ++ - osutil: fix double expand in environment map code and add test ++ - interfaces: extend location-control out-of-process provider ++ support ++ - cmd/snap-update-ns: use bidirectional lists for mount entries ++ - tests: prevent automatic transition before setting the initial ++ state of the test ++ - release: detect if we are in ForcedDevMode by inspecting the ++ kernel ++ - tests: add core-snap-refresh test ++ - interfaces: add maliit input method interface ++ - interfaces: seccomp spec API tweaks for better tests ++ - interfaces: updates for mir-kiosk in browser-support, mir, opengl, ++ unity7 ++ - testutils: address review feedback from PR#2997 ++ - tests: specify the core version to be unsquashfs'ed in the ++ failover tests ++ - interfaces: use MockInfo in tests ++ - cmd/libsnap: add sc_quote_string ++ - cmd/snap-confine: use sc_do_umount everywhere ++ - interfaces: add unity8 plug permissions ++ - timeutil: a few helpers for the recurring events ++ - asserts: implement snap-developer type ++ - partition: deal with grub{,2}-editenv in tests ++ - many: add new (hidden) `snap debug ensure-state-soon` command and ++ use in tests ++ - interfaces/builtin: small refactor of dbus tests ++ - packaging, tests: use "systemctl list-unit-files --full" ++ everywhere ++ - many: some opensuse patches that are ready to go into master ++ - packaging: add opensuse permissions files ++ - client, daemon: move "snap list" name filtering into snapd. ++ - interfaces: use seccomp specs ++ - overlord/snapstate: small cleanup of ++ ensureForceDevmodeDropsDevmodeFromState ++ - interfaces/builtin/alsa: add read access to alsa state dir ++ - interfaces: use spec in kmod backend, updated firewall_control, ++ openvswitch_support, ppp ++ - cmd/snap-confine: use sc_do_mount everywhere ++ - tests: remove workaround for docker again, snap-declaration is ++ fixed now ++ - interfaces: interface to allow autopilot introspection ++ ++ -- Michael Vogt Tue, 11 Apr 2017 13:31:46 +0200 ++ ++snapd (2.23.6) xenial; urgency=medium ++ ++ * New upstream release, LP: #1673568 ++ - cmd: use the most appropriate snap/snapctl sockets ++ - tests: fix interfaces-cups-control for zesty ++ - configstate,hookstate: timeout the configure hook after 5 mins, ++ report failures ++ - packaging: rename the file shipping snap-confine AA profile to ++ workaround dpkg bug #858004 ++ - many: ignore configure hook failures on core refresh to ensure ++ upgrades are always possible ++ - snapstate: restart as needed if we undid unlinking aka relinked ++ core or kernel snap ++ ++ -- Michael Vogt Wed, 29 Mar 2017 15:30:35 +0200 ++ ++snapd (2.23.5) xenial; urgency=medium ++ ++ * New upstream release, LP: #1673568 ++ - allow "sync" in core-support ++ ++ -- Michael Vogt Fri, 17 Mar 2017 18:13:43 +0100 ++ ++snapd (2.23.4) xenial; urgency=medium ++ ++ * New upstream release, LP: #1673568 ++ - fix core-support interface for the new pi-config options ++ ++ -- Michael Vogt Fri, 17 Mar 2017 16:05:57 +0100 ++ ++snapd (2.23.3) xenial; urgency=medium ++ ++ * FTBFS due to missing files in vendor/ ++ ++ -- Zygmunt Krynicki Thu, 16 Mar 2017 19:56:55 +0100 ++ ++snapd (2.23.2) xenial; urgency=medium ++ ++ * New upstream release, LP: #1673568 ++ - cmd/snap: handle missing snap-confine (#3041) ++ ++ -- Zygmunt Krynicki Thu, 16 Mar 2017 19:38:24 +0100 ++ ++snapd (2.23.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1665608 ++ - packaging, tests: use "systemctl list-unit-files --full" ++ everywhere ++ - interfaces: fix default content attribute value ++ - tests: do not nuke the entire snapd.conf.d dir when changing ++ store settings ++ - hookstate: run the right "snap" command in the hookmanager ++ - snapstate: revert PR#2958, run configure hook again everywhere ++ ++ -- Michael Vogt Wed, 08 Mar 2017 14:29:56 +0100 ++ ++snapd (2.23) xenial; urgency=medium ++ ++ * New upstream release, LP: #1665608 ++ - overlord: phase 2 with 2nd setup-profiles and hook done after ++ restart for core installation ++ - data: re-add snapd.refresh.{timer,service} with weekly schedule ++ - interfaces: allow 'getent' by default with some missing dbs to ++ various interfaces ++ - overlord/snapstate: drop forced devmode ++ - snapstate: disable running the configure hook on classic for the ++ core snap ++ - ifacestate: re-generate apparmor in InterfaceManager.initialize() ++ - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true} ++ - interfaces/bluez,network-manager: implement ConnectedSlot policy ++ - cmd: add helpers for mounting / unmounting ++ - snapstate: error in LinkSnap() if revision is unset ++ - release: add linuxmint 18 to the non-devmode distros ++ - cmd: fixes to run correctly on opensuse ++ - interfaces: consistently use 'const' instead of 'var' for security ++ policy ++ - interfaces: miscellaneous policy updates for unity7, udisks2 and ++ browser-support ++ - interfaces/apparmor: compensate for kernel behavior change ++ - many: only tweak core config if hook exists ++ - overlord/hookstate: don't report a run hook output error without ++ any context ++ - cmd/snap-update-ns: move test data and helpers to new module ++ - vet: fix vet error on mount test. ++ - tests: empty init (systemd) failover test ++ - cmd: add .indent.pro file to the tree ++ - interfaces: specs for apparmor, seccomp, udev ++ - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop ++ cmds ++ - tests: several improvements to the nested suite ++ - tests: do not use core for "All snaps up to date" check ++ - cmd/snap-update-ns: add function for sorting mount entries ++ - httputil: copy some headers over redirects ++ - data/selinux: merge SELinux policy module ++ - kmod: added Specification for kmod security backend ++ - tests: failover test for rc.local crash ++ - debian/tests: map snapd deb pockets to core snap channels for ++ autopkgtest ++ - many: switch channels on refresh if needed ++ - interfaces/builtin: add /boot/uboot/config.txt access to core- ++ support ++ - release: assume higher version of supported distros will still ++ work ++ - cmd/snap-update-ns: add compare function for mount entries ++ - tests: enable docker test ++ - tests: bail out if core snap is not installed ++ - interfaces: use mount.Entry instead of string snippets. ++ - osutil: trivial tweaks to build ID support ++ - many: display kernel version in 'snap version' ++ - osutil: add package for reading Build-ID ++ - snap: error when `snap list foo` is run and no snap is installed ++ - cmd/snap-confine: don't crash if nvidia module is loaded but ++ drivers are not available ++ - tests: update listing test for latest core snap version update ++ - overlord/hookstate/ctlcmd: helper function for creating a deep ++ copy of interface attributes ++ - interfaces: add a linux framebuffer interface ++ - cmd/snap, store: change error messages to reflect latest UX doc ++ - interfaces: initial unity8 interface ++ - asserts: improved information about assertions format in the ++ Decode doc comment ++ - snapstate: ensure snapstate.CanAutoRefresh is nil in tests ++ - mkversion.sh: Add support for taking the version as a parameter ++ - interfaces: add an interface for use by thumbnailer ++ - cmd/snap-confine: ensure that hostfs is root owned. ++ - screen-inhibit-control: add methods for delaying screensavers ++ - overlord: optional device registration and gadget support on ++ classic ++ - overlord: make seeding work also on classic, optionally ++ - image,cmd/snap: refactoring and initial envvar support to use ++ stores needing auth ++ - tests: add libvirt interface spread test ++ - cmd/libsnap: add helper for dropping permissions ++ - interfaces: misc updates for network-control, firewall-control, ++ unity7 and default policy ++ - interfaces: allow recv* and send* by default, accept4 with accept ++ and other cleanups ++ - interfaces/builtin: add classic-support interface ++ - store: use xdelta3 from core if available and not on the regular ++ system ++ - snap: add contact: line in `snap info` ++ - interfaces/builtin: add network-setup-control which allows rw ++ access to netplan ++ - unity7: support missing signals and methods for status icons ++ - cmd: autoconf for RHEL ++ - cmd/snap-confine: look for PROCFS_SUPER_MAGIC ++ - dirs: use the right snap mount dir for the distribution ++ - many: differentiate between "distro" and "core" libexecdir ++ - cmd: don't reexec on RHEL family ++ - config: make helpers reusable ++ - snap-exec: support nested environment variables in environment ++ - release: add galliumos support ++ - interfaces/builtin: more path options for serial ++ - i18n: look into core snaps when checking for translations ++ - tests: nested image testing ++ - tests: add basic test for docker ++ - hookstate,ifacestate: support snapctl set/get slot and plug attrs ++ (step 3) ++ - cmd/snap: add shell completion to connect ++ - cmd: add functions to load/save fstab-like files ++ - snap run: create "current" symlink in user data dir ++ - cmd: autoconf for centos ++ - tests: add more debug if ubuntu-core-upgrade fails ++ - tests: increase service retries ++ - packaging/ubuntu-14.04: inform user how to extend PATH with ++ /snap/bin. ++ - cmd: add helpers for working with mount/umount commands ++ - overlord/snapstate: prepare for using snap-update-ns ++ - cmd: use per-snap mount profile to populate the mount namespace ++ - overlord/ifacestate: setup seccomp security on startup ++ - interface/seccomp: sort combined snippets ++ - release: don't force devmode on LinuxMint "serena" ++ - tests: filter ubuntu-core systems for authenticated find-private ++ test ++ - interfaces/builtin/core-support: Allow modifying logind ++ configuration from the core snap ++ - tests: fix "snap managed" output check and suppress output from ++ expect in the authenticated login tests ++ - interfaces: shutdown: also allow shutdown/reboot/suspend via ++ logind ++ - cmd/snap-confine-tests: reformat test to pass shellcheck ++ - cmd: add sc_is_debug_enabled ++ - interfaces/mount: add dedicated mount entry type ++ - interfaces/core-support: allow modifying systemd-timesyncd and ++ sysctl configuration ++ - snap: improve message after `snap refresh pkg1 pkg2` ++ - tests: improve snap-env test ++ - interfaces/io-ports-control: use /dev/port, not /dev/ports ++ - interfaces/mount-observe: add quotactl with arg filtering (LP: ++ #1626359) ++ - interfaces/mount: generate per-snap mount profile ++ - tests: add spread test for delta downloads ++ - daemon: show "$snapname (delta)" in progress when downloading ++ deltas ++ - cmd: use safer functions in sc_mount_opt2str ++ - asserts: introduce a variant of model assertions for classic ++ systems ++ - interfaces/core-support: allow modifying snap rsyslog ++ configuration ++ - interfaces: remove some syscalls already in the default policy ++ plus comment cleanups ++ - interfaces: miscellaneous updates for hardware-observe, kernel- ++ module-control, unity7 and default ++ - snap-confine: add the key for which hsearch_r fails ++ - snap: improve the error message for `snap try` ++ - tests: fix pattern and use MATCH in find-private ++ - tests: stop tying setting up staging store access to the setup of ++ the state tarball ++ - tests: add regression spread test for #1660941 ++ - interfaces/default: don't allow TIOCSTI ioctl ++ - interfaces: allow nice/setpriority to 0-19 values for calling ++ process by default ++ - tests: improve debug when the core transition test hangs ++ - tests: disable ubuntu-core->core transition on ppc64el (its just ++ too slow) ++ - snapstate: move refresh from a systemd timer to the internal ++ snapstate Ensure() ++ - tests/lib/fakestore/refresh: some more info when we fail to copy ++ asserts ++ - overlord/devicestate: backoff between retries if the server seems ++ to have refused the serial-request ++ - image: check kernel/gadget publisher vs model brand, warn on store ++ disconnected snaps ++ - vendor: move gettext.go back to github.com/ojii/gettext.go ++ - store: retry on 502 http response as well ++ - tests: increase snap-service kill-timeout ++ - store,osutil: use new osutil.ExecutableExists(exe) check to only ++ use deltas if xdelta3 is present ++ - cmd: fix autogen.sh on fedora ++ - overlord/devicemgr: fix test: setup account-key before using the ++ key for signing ++ - cmd: add /usr/local/* to PATH ++ - cmd: add sc_string_append ++ - asserts: support for correctly suggesting format 2 for snap- ++ declaration ++ - interfaces: port mount backend to new APIs, unify content of per ++ app/hook profiles ++ - overlord/devicestate: implement policy about gadget and kernel ++ matching the model ++ - interfaces: allow sched_setscheduler again by default ++ - debian: update breaks/replaces for snap-confine->snapd ++ - debian: move the snap-confine packaging into snapd ++ - 14.04/integrationtests: rely on upstart to restart ssh. ++ - store: enable download deltas on classic by default ++ - spread: add unit suite ++ - snapctl: add config in client to disable auth and use it in ++ snapctl ++ - overlord/ifacestate: register all security backends with the ++ repository ++ - overlord,tests: have enable/disable affect security profiles ++ - tests: install ubuntu-core from the same channel as core ++ - overlord: move configstate.Transaction into config package ++ - seccomp-support.c: add PF_* domains which can be used instead of ++ AF_* ++ - store: always log retry summary when SNAPD_DEBUG is set ++ - tests: parameterize kernel snap channel ++ - snapenv: do not append ":" to the SNAP_LIBRARY_PATH ++ - interfaces/builtin: refine the content interface rules using $SLOT ++ - asserts,interfaces/policy: add support for ++ $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds ++ support for $SLOT(arg), $PLUG(arg) and $MISSING attribute ++ constraints in plugs and slots rules in snap-declarations: ++ - cmd/snap-confine: add snap-confine command line parser module ++ - tests: remove (some) garbage files found by restore cleanup ++ analysis ++ - cmd: fix issues uncovered by valgrind ++ - tests: fix typo in systems name ++ - cmd: collect string utilities in one module, add missing tests ++ - cmd: rename mountinfo to sc_mountinfo ++ - tests: allow to install snapd debs from a ppa instead of building ++ them ++ - spread: remove state tar on project restore ++ ++ -- Michael Vogt Fri, 17 Feb 2017 12:21:42 +0100 ++ ++snapd (2.22.7) xenial; urgency=medium ++ ++ * New upstream release: ++ - errtracker,overlord/snapstate: more info in errtracker reports ++ - interfaces/apparmor: compensate for kernel behavior change ++ ++ -- Michael Vogt Fri, 24 Feb 2017 19:24:11 +0100 ++ ++snapd (2.22.6) xenial; urgency=medium ++ ++ * New upstream release, LP: #1667105 ++ - overlord/ifacestate: don't fail if affected snap is gone ++ - revert #2910: osutil: add package for reading Build-ID (#2918) ++ - errtracker: include the build-id of host and core snapd (#2912) ++ - errtracker: include the number of ubuntu-core -> core retries ++ (#2915) ++ - snapstate: retry ubuntu-core -> core transition every 6h (#2914) ++ - osutil: add package for reading Build-ID (#2910) ++ - errtracker: include kernel version in error reports (#2905) ++ - release: return "unknown" if uname fails ++ - many: rebased uname branch for 2.22 ++ - errtracker: include snapd version in err reports ++ - overlord/ifacestate: don't unconditionally retry stuff (#2906) ++ - snapstate: fix incorrect cut of the timestamps for the error ++ reports (#2908) ++ - tests: update listing test for latest core snap version update ++ ++ -- Zygmunt Krynicki Wed, 22 Feb 2017 23:34:23 +0100 ++ ++snapd (2.22.5) xenial; urgency=medium ++ ++ * Fix FTBFS due to machine-id file ++ ++ -- Zygmunt Krynicki Tue, 21 Feb 2017 09:43:42 +0100 ++ ++snapd (2.22.4) xenial; urgency=medium ++ ++ * New bugfix release: ++ - errtracker: add support for error reporting via daisy.ubuntu.com ++ - snapstate: allow for 6 retries for the core transition ++ - httputils: ensure User-Agent works across redirects ++ ++ -- Michael Vogt Tue, 21 Feb 2017 09:07:10 +0100 ++ ++snapd (2.22.3) xenial; urgency=medium ++ ++ * New bugfix release, LP: #1665729: ++ - Limit the number of retries for the ubuntu-core -> core ++ transition to fix possible store overload. ++ ++ -- Michael Vogt Fri, 17 Feb 2017 18:58:34 +0100 ++ ++snapd (2.22.2) xenial; urgency=medium ++ ++ * New upstream release, LP: #1659522 ++ - cherry pick fix for sched_setscheduler regression ++ (LP: #1661265) ++ ++ -- Michael Vogt Thu, 02 Feb 2017 17:13:51 +0100 ++ ++snapd (2.22.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1659522 ++ - cherry pick fix for snapctl auth.json handling ++ ++ -- Michael Vogt Wed, 01 Feb 2017 17:09:31 +0100 ++ ++snapd (2.22) xenial; urgency=medium ++ ++ * New upstream release, LP: #1659522 ++ - many: make ubuntu-core-launcher mostly go ++ - interfaces/builtin: add account-control interface ++ - interfaces/builtin: add missing syscalls to core-support needed ++ for systemctl ++ - interfaces/builtin: rework core-support to only allow full access ++ to systemctl ++ - debian/tests: drop stale autopkgtest dependencies. ++ - tests: make the debugging of c-unit-tests more useful ++ - store: retry auth-related requests ++ - tests: integration test for system reload ++ - snap: be more helpful in the `snap install ` ++ error message ++ - tests: set SNAPPY_USE_STAGING_STORE in su call ++ - tests: use test snap ++ - spread: set SNAPD_DEBUG=1 in the core snap as well ++ - tests: add extra debugging to security-setuid-root test ++ - cmd,snap,wrappers: systemd reload command support ++ - interfaces: builtin: mir: Allow recv and send ++ - overlord/ifacestate: use ParseConnRef ++ - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core ++ -> core transition ++ - debian: remove aliases as well in snapd.postrm ++ - many: change interfaces.ParseID to return value ++ - interfaces/opengl: allow access to the nvidia abstract socket ++ - overlord, daemon: flag failures feature fancy forms. ++ - many: add --classic support to try and revert, and make missing ++ these things a little harder ++ - interfaces: allow reading non-PCI-attached usb devices via raw-usb ++ - many: rename snap-alter-ns to snap-update-ns ++ - interfaces/builtin: add core-support ++ - store: increase the retry.LimitTime() ++ - debian: move the packaging out into package/$id-$version_id ++ - overlord/stapstate: don't use unkeyed fields ++ - many: add stub implementation of snap-alter-ns ++ - asserts: improve error message when key is not valid at the given ++ time ++ - snapstate, ifacestate: add snapstate.CheckChangeConflict() to ++ ifacestate.{Connect,Disconnect} ++ - debian: remove trusty specific bits ++ - docs: Add a note about building snapd. ++ - interfaces: miscellaneous updates for default and network-control ++ - daemon: bubble out store.ErrSnapNotFound in the findOne codepath ++ - store: add retry logging into download as well ++ - snap: show price in `snap info` ++ - cmd: add fault injection support code ++ - interfaces: network-manager: allow rw access to /etc/netplan ++ - debian: move systemd files out of ./debian and into ./data/systemd ++ - asserts: implement SuggestFormat to help avoid specifying the ++ wrong format iteration for an assertion ++ - many: detect potentially insecure use of snap-confine ++ - interfaces: allow querying added security backends ++ - cmd: ensure that all .c files have a -test.c file ++ - asserts: don't use 'context' for the path of attributes, want to ++ reuse the concept for something else ++ - interfaces: abbreviate ConnRef construction ++ - tests: ensure systemd override directory is available before using ++ it ++ - cmd: more build system cleanups and a small fix ++ - tests: increase retries for service up ++ - cmd: move seccomp cleanup function to seccomp-support ++ - many: auto-connect plugs and slots symmetrically ++ - overlord: use a ticker for the pruning ++ - interfaces/builtin: add uhid interface ++ - cmd/snap-confine: add shutdown helper ++ - tests: fix path used when debugging ++ - cmd: switch to non-recursive make ++ - overlord/ifacestate: setup security of snaps affected by auto- ++ connection ++ - spread: refresh apt cache before first install ++ - overlord: allow max 500 changes in "ready" state to avoid growing ++ changes for 24h ++ - snap: add {Plug,Slot}Info.SecurityTags ++ - cmd: move snap-discard-ns to dedicated directory ++ - tests: skip i18n test when no "snappy.mo" file is available ++ - interfaces,overlord/ifacestate: small refactor around reference ++ methods ++ - tests: remove the snapd dirs last (should fix random test errors) ++ - interfaces: mm: permissions for protocol proxies ++ - interfaces/builtin: add evolution interfaces ++ - many: extract the logging http client and user-agent handling for ++ use in devicestate ++ - interfaces: unity8-download-manager is the chosen name for this ++ interface. ++ - tests: add "quiet" wrapper function that only prints output on ++ failure ++ - tests: fix failing snapd-reexec test ++ - docs: simplify HACKING.md that snapd itself supports setting up ++ the sockets ++ - overlord: flag required-snaps from model as required and prevent ++ removing them ++ - spread: exclude .o and .a files ++ - tests: parameterize remote store ++ - cmd: fix hardcoded paths to rst2man and support rst2man.py ++ - tests: improve debug output when reexec is used ++ - tests: disable ipv6 before unpacking delta ++ - interfaces: add new interface API ++ - tests: change TRUST_TEST_KEYS to be controlled from the host ++ - spread: add boilerplate for Linode delta uploads ++ - wrappers: add support for the X-Ayatana-Desktop-Shortcuts= ++ extension ++ - partition: add support for native grubenv read/write and use it ++ - tests: add test ensuring manual pages are shipped ++ ++ -- Michael Vogt Fri, 27 Jan 2017 23:18:57 +0100 ++ ++snapd (2.21-2) unstable; urgency=medium ++ ++ * Modify snap-confine's apparmor rules to work on Debian when apparmor is ++ enabled on the kernel command line. ++ ++ -- Michael Hudson-Doyle Wed, 25 Jan 2017 10:26:51 +1300 ++ ++snapd (2.21-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Disable i18n so the package can build in stretch without new packages. ++ ++ -- Michael Hudson-Doyle Mon, 16 Jan 2017 11:15:32 +1300 ++ ++snapd (2.21) xenial; urgency=medium ++ ++ * New upstream release, LP: #1656382 ++ - daemon: re-enable reexec ++ - interfaces: allow reading installed files from previous revisions ++ by default ++ - daemon: make activation optional ++ - tests: run all snap-confine tests in c-unit-tests task ++ - many: fix abbreviated forms of disconnect ++ - tests: switch more tests to MATCH ++ - store: export userAgent. daemon: print store.UserAgent() on ++ startup. ++ - tests: test classic confinement `snap list` and `snap info` ++ output ++ - debian: skip snap-confine unit tests on nocheck ++ - overlord/snapstate: share code between Update and UpdateMany, so ++ that it deals with auto-aliases correctly ++ - interfaces: upower-observe: refactor to allow snaps to provide a ++ slot ++ - tests: add end-to-end store test for classic confinement ++ - overlord,overlord/snapstate: have UpdateMany retire/enable auto- ++ aliases even without new revision ++ - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc ++ /run/udev ++ - interfaces/builtin: add physical-memory-* and io-ports-control ++ - interfaces: allow getsockopt by default since it is so commonly ++ used ++ - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap ++ refresh" of a classic snap ++ - interfaces: allow read/write access of real-time clock with time- ++ control interface ++ - store: request no CDN via a header using SNAPPY_STORE_NO_CDN ++ envvar ++ - snap: add information about tracking channel (not just actual ++ channel) ++ - interfaces: use fewer dot imports ++ - overlord/snapstate: remove restrictions on ResetAliases ++ - overlord, store: move confinement filtering to the overlord (from ++ The Store) ++ - many: move interface test helpers to ifacetest package ++ - many: implement 'snap aliases' ++ - vet: fix for unkeyed fields error on aliases_test.go ++ - interfaces: miscellaneous policy updates for network-control, ++ unity7, pulseaudio, default and home ++ - tests: test for auto-aliases ++ - interface hooks: connect plug slot hooks (step 2) ++ - cmd/snap: fix internal naming in snap connect ++ - snap: use "size" as the json tag in snap.ChannelSnapInfo ++ - tests: restore the missing initialization of iface manager causing ++ race ++ - snap: fix missing sizes in `snap info ` ++ - tests: improve cleanup for c-unit-tests ++ - cmd/snap-confine: build non-installed libsnap-confine-private.a ++ - cmd/snap-confine: small tweaks to seccomp support code ++ - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04 ++ - many: obtain installed snaps developer/publisher username through ++ assertions ++ - store: setting of fields for details endpoint ++ - cmd/snap-confine: check for rst2man on configure ++ - snap: show `snap --help` output when just running `snap` ++ - interface/builtin: drop the obsolete checks in udisks2 ++ SanitizeSlot ++ - cmd/snap: remove currency switch following UX review ++ - spread: find top-level directory before running generate- ++ packaging-dir ++ - interface hooks: prepare plug slot hooks (step 1) ++ - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid ++ cgo ++ - many: put a marker in the User-Agent sent by snapd/snap when under ++ testingThe User-Agent will look like: ++ - tests: fix -reuse and -resend when govendor is missing ++ - snap: provide friendlier `snap find` message when no snaps are ++ found ++ - tests: fix mkversions.sh failure on zesty ++ - spread: install build-essential unconditionally ++ - spread: improve qemu ubuntu-14.04-{32,64} support ++ - overlord/snapstate,daemon: implement GET /v2/aliases handling ++ - store: retry user info request ++ - tests: port more snap-confine regression tests ++ - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc ++ and restore state ++ - tests: debug zesty autopkgtest failures ++ - overlord/snapstate: use keyed fields on literals ++ - tests: use MATCH in install-remove-multi ++ - tests: increase wait time for service to be up ++ - tests: make debug-each succeed if DENIED doesn't match ++ - tests: skip packaging dir generation for non-git based autopkgtest ++ runs ++ - tests: port refresh-all-undo to MATCH ++ - tests: improve snap connect test ++ - tests: port additional snap-confine regression tests ++ - tests: show --version when it matches unknown ++ - tests: optionally use apt proxy for qemu ++ - tests: add hello-classic test ++ - many: behave more consistently when pointed to staging and ++ possibly the fake store ++ - overlord/ifacestate: remove stale comments ++ - interfaces/apparmor: ignore snippets in classic confinement ++ - tests: port first regression test from snap-confine ++ - cmd/snap-confine: disable old tests ++ ++ -- Michael Vogt Fri, 13 Jan 2017 19:39:51 +0100 ++ ++snapd (2.20.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1648520 ++ - tests: enable the ppc64el tests again ++ - tests: add classic confinement test ++ - tests: run snap confine tests in debian/rules already ++ ++ -- Michael Vogt Mon, 19 Dec 2016 11:53:29 +0100 ++ ++snapd (2.20-2) unstable; urgency=medium ++ ++ * Replace unversioned Conflicts on snap package with versioned ++ Breaks/Replaces, now that snap has dropped /usr/bin/snap. ++ Closes: #849162. ++ ++ -- Steve Langasek Sun, 25 Dec 2016 17:50:25 -0600 ++ ++snapd (2.20-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer ++ golang-go-flags-dev in unstable. ++ * Explicitly include 'udev' in Build-Depends. ++ * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754) ++ ++ -- Michael Hudson-Doyle Mon, 19 Dec 2016 11:43:55 +1300 ++ ++snapd (2.20) xenial; urgency=medium ++ ++ * New upstream release, LP: #1648520 ++ - many: implement "snap alias --reset" using snapstate.ResetAliases ++ - debian: use a packaging branch for 14.04 ++ - store: retry downloads on io.Copy errors and sha3 checksum errors ++ - snap: show apps in `snap info` ++ - store: send an explicit X-Ubuntu-Classic header to the store ++ - overlord/snapstate: implement snapstate.ResetAliases ++ - interfaces/builtin: add dbus interface ++ - tests: fix tests on 17.04 ++ - store: use mocked retry strategy to make store tests faster ++ - overlord: apply auto-aliases information from the snap-declaration ++ on install or refresh ++ - many: prepare landing on trusty ++ - many: implement snap unalias using snapstate.Unalias ++ - overlord/snapstate: fixing the placement/grouping of some ++ functions ++ - interfaces: support network namespaces via 'ip netns' in network- ++ control ++ - interfaces/builtin: fix pulseaudio apparmor rules ++ - interfaces/builtin: add iio interface ++ - tests: update custom core snap with the freshly build snap-confine ++ - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow() ++ - overlord,overlord/snapstate: implement snapstate.Unalias by ++ generalizing the "alias" task ++ - interfaces: misc openstack snap enablement ++ - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx ++ - notifications, daemon: kill the unsupported events endpoint ++ - client: only allow Dangerous option in InstallPath ++ - overlord/ifacestate: no interface checks if no snap id ++ - many: implement alias command ++ - snap: tweak snap install output as designed by Mark ++ - debian: fix Pre-Depends on dpkg ++ - tests: check if snap-confine --version is unknown ++ - cmd/snap-confine: allow content interface mounts ++ - tests: remove ppa:snappy-dev/image again ++ - interfaces/apparmor: allow access to core snap ++ - tests: remove snap-confine/ubuntu-core-launcher after the tests ++ - overlord,overlord/snapstate: implement snapstate.Alias ++ - cmd/snap: reject "snap disconnect foo" ++ - debian: add split ubuntu-core-launcher and snap-confine packages ++ - cmd: fix mkversion.sh and add regression test ++ - overlord/snapstate: setup/remove aliases as we link/unlink snaps ++ - cmd/snap,tests: alias support in snap run ++ - snap/snapenv: don't obscure HOME if snap uses classic confinement ++ - store: decode response.Body json inside retry loops ++ - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0 ++ - vendor: update tomb package fixing context support ++ ++ -- Michael Vogt Thu, 15 Dec 2016 22:07:08 +0100 ++ ++snapd (2.19) xenial; urgency=medium ++ ++ * New upstream release, LP: #1648520 ++ - cmd/snap-confine: disable support for XDG_RUNTIME_DIR ++ - cmd/snap-confine/tests: fix stale path after move to snapd ++ - cmd/snap-confine: don't use __attribute__((nonull)) ++ - snap: add description to `snap info` ++ - snap: show last refresh time ++ - store: switch default delta format from xdelta to xdelta3 ++ - interfaces: fix system-observe interface to work with ps_mem ++ - debian: add missing ca-certificates dependency ++ - cmd/snap-confine: add support for classic confinement ++ - snapstate/backend: add backend methods to manage aliases ++ - tests: re-enable snap-confine unit tests via spread ++ - many: merge snap-confine into snapd ++ - many: add support for classic confinement ++ - snap: abort install with ctrl+c ++ - cmd/snap: change terms accept URL following UX review ++ - interfaces/apparmor: use distinct apparmor template for classic ++ - snap: add snap size to `snap info` ++ - interfaces: add unconfined access to modem-manager ++ - snap: support for parsing and exposing on snap.Info aliases ++ - debian: disable autopkgtests on ppc64el ++ - snap: disable support for socket activation ++ - tests: fix incorrect restore of the current symlink ++ - asserts: introduce auto-aliases header in snap-declaration ++ - interfaces/seccomp: add support for classic confinement ++ - tests: do not use external snaps ++ - daemon: close the dup()ed file descriptor to not leak it ++ - overlord, daemon, progress: enable building snapd without CGO ++ - daemon, store: let snap info find things in any channel ++ - store: retry tweaks and logging ++ - snap: Improve `snap --help` output as designed by Mark ++ - interfaces/builtin: fix incorrect udev rule in i2c ++ - overlord: increase test timeout and improve failure message ++ - snap: remove unused experimental command ++ - debian: remove unneeded conflict against the "snappy" package ++ - daemon, strutil: move daemon.quotedNames to strutil.Quoted ++ - docs: document SNAP_DEBUG_HTTP in HACKING.md ++ - cmd/snap: have some completers ++ - snap: support "daemon: notify" in snap.yaml ++ - snap: fix try command when daemon linie is added ++ - interfaces: apparmor support for classic confinement ++ - debian/rules: build with -buildoptions=pie ++ - tests: include /boot in saved state (including bootenv and any ++ kernels) ++ - daemon: ensure `snap try` installs core if it's missing ++ - tests: save/restore /snap/core/current symlink ++ - tests: decrease the number of expected featured apps ++ - tests: add set -e to the prepare ssh script ++ - cmd/snap: add tests for section completion; fix bugs. ++ - cmd/snap: document 'snap list --all' ++ ++ -- Michael Vogt Thu, 08 Dec 2016 16:16:04 +0100 ++ ++snapd (2.18.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1644625 ++ - daemon: fix crash when `snap refresh` contains a single update ++ - fix unhandled error from io.Copy() in download() ++ - interfaces/builtin: fix incorrect udev rule in i2c ++ ++ -- Michael Vogt Mon, 05 Dec 2016 15:04:13 +0100 ++ ++snapd (2.18) xenial; urgency=medium ++ ++ * New upstream release, LP: #1644625 ++ - store: retry on io.EOF ++ - tests: skip pty tests on ppc64el and powerpc ++ - client, cmd/snap: introducing "snap info" ++ - snap: do exit 0 on install/remove if that snap is already ++ installed or already removed ++ - snap: add `snap watch ` to attach to a running change ++ - store: retry downloads using retry loop ++ - snap: try doesn't require snap-dir when run in snap's directory ++ - daemon: show what will change in the "refresh-all" changes ++ - tests: disable autorefresh for the external backend ++ - snap: add `snap list -a` to show all snaps (even inactive ones) ++ - many: unify boolean env var handling ++ - overlord/ifacestate: don't setup jailmode snaps with devmode ++ confinement ++ - snapstate: do not garbage collect the snaps used by the bootenv ++ - debian: drop hard xdelta dependency for now ++ - snap: make `snap login` ask for email if not given as argument ++ - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in ++ go-arch) ++ - many: rename DevmodeConfinement to DevModeConfinement ++ - store: resp.Body.Close() missing in ReadyToBuy ++ - many: use ConfinementOptions instead of ConfinementType ++ - snap, daemon, store: fake the channel map in the REST API ++ - misc: run github.com/gordonklaus/ineffassign as part of the static ++ checks ++ - docs: add goreportcard badge and remove coveralls badge ++ - tests: force gofmt -s in static checks ++ - many: run gofmt -s -w on all the code ++ - store: DRY actual retry code ++ - many: fix various errors uncovered by goreportcard.com ++ - interfaces/builtin: allow additional shared memory for webkit ++ - many: some more missing snapState->snapst ++ - asserts: introduce an optional freeform display-name for model ++ - interfaces/builtin: rename usb-raw to raw-usb ++ - progress: init pbar with correct total value ++ - daemon/api.go: add quotedNames() helper ++ - interfaces: add ConfinementOptions type ++ - tests: add a test about the extra bits that prepare-device can ++ specify for device registration ++ - tests: check that gpio device nodes are exported after reboot ++ - tests: parameterize core channel with env var for classic too ++ - many: rename variable "ss" to "snapsup" or "snapst" or "st" ++ (depending on context) ++ - tests: do not use external snaps in spread ++ - store: retry buy request ++ - store: retry store.Find ++ - store: retry assertion store call ++ - store: retry call for snap details ++ - many: use snap.ConfinementType rather than bool devmode ++ - daemon: if a bad snap is posted it is not an internal error but a ++ bad request ++ - client: add "Snap.Screenshots" to the client API ++ - interfaces: update base declaration documentation and policy for ++ on-classic and snap-type ++ - store: check payment method before TOS for a better UX ++ - interfaces: allow sched_setaffinity in process-control ++ - tests: parameterize core channel with env var ++ - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR ++ - interfaces: fcitx also listens on the session bus for Qt apps ++ - store: retry ListRefresh ++ - snap: use "Password of :" in the `snap login` ++ - many: reshuffle how we load/inject tests keys so image doesn't ++ need assertstate anymore ++ - store: use range requests if we have a local file already ++ - dirs,interfaces,overlord,snap,snapenv,test: export per-snap ++ XDG_RUNTIME_DIR per user ++ - osutil: make RealUser only look at SUDO_USER when uid==0 ++ - tests: do not use the ppa:snappy-dev/image in the tests ++ - store: retry readyToBuy request ++ - tests: increase `expect` timeouts ++ - static tests: add spell check ++ - tests: add debug to all flaky expect tests ++ - systemd: correct the mount arguments when mounting with squashfuse ++ - interfaces: add avahi-observe ++ - store: bring delta downloads back ++ - interfaces: add alsa ++ - interfaces/builtin: fix a broken test that snuck into master ++ - osutil: add chattr funcs ++ - image: init "snap_mode" on image creation time to avoid ugly ++ messages ++ - tests: test-snapd-fuse-consumer needs python-fuse as a build- ++ package ++ - interfaces/builtin: add i2c interface ++ - interfaces: add ofono interface ++ - tests: do not use hello-world in our tests ++ - snap: add support for classic confinement ++ - interfaces: remove LegacyAutoConnect() from the interfaces ++ - interfaces: miscellaneous policy updates ++ - tests: run autopkgtests in the autopkgtest.ubuntu.com ++ infrastructure ++ - Implement lxd-client interface exposing the lxd snap ++ - asserts: validate optional account username ++ - many: remove unnecessary snap name parameter from buying endpoint ++ - tests: do not hardcode the size of /dev/ram0 ++ - tests: add test that ensures the right content for /etc/os-release ++ - spread tests: fix snap mode check ++ - docs: fix path for source files location in HACKING.md ++ - interfaces/builtin/mir: allow slot to make recvfrom syscalls ++ - store: sections/featured snaps store support ++ ++ -- Michael Vogt Thu, 24 Nov 2016 19:43:08 +0100 ++ ++snapd (2.17.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1637215: ++ - release: os-release on core has changed ++ - tests: /dev/ptmx does not work on powerpc, skip here ++ - docs: moved to github.com/snapcore/snapd/wiki (#2258) ++ - debian: golang is not installable on powerpc, use golang-any ++ ++ -- Michael Vogt Fri, 04 Nov 2016 18:13:10 +0200 ++ ++snapd (2.17) xenial; urgency=medium ++ ++ * New upstream release, LP: #1637215: ++ - overlord/ifacestate: add unit tests for undo of setup-snap- ++ security (#2243) ++ - daemon,overlord,snap,tests: download to .partial in final dir ++ (#2237) ++ - overlord/state: marshaling tests for lanes (#2245) ++ - overlord/state: introduce state lanes (#2241) ++ - overlord/snapstate: fix revert+refresh (#2224) ++ - interfaces/sytemd: enable/disable generated service units (#2229) ++ - many: fix incorrect security files generation on undo ++ - overlord/snapstate: add dynamic snapdX.Y assumes (#2227) ++ - interfaces: network-manager: give slot full read-write access to ++ /run/NetworkManager ++ - docs: update the name of the command for the cross-build ++ - overlord/snapstate: fix missing argument to Noticef ++ - snapstate: ensure gadget/core/kernel can not be disabled (#2218) ++ - asserts: limit to 1y only if len(models) == 0 (#2219) ++ - debian: only install share/locale if available (missing on ++ powerpc) ++ - overlrod/snapstate: fix revert followed by refresh to old-current ++ (#2214) ++ - interfaces/builtin: network-manager and bluez can change hostname ++ (#2204) ++ - snap: switch the auto-import dir to /run/snapd/auto-import ++ - docs: less details about cloud.cfg as requested in trello (#2206) ++ - spread.yaml: Ensure ubuntu user has passwordless sudo for ++ autopkgtests (#2201) ++ - interfaces/builtin: add dcdbas-control interface ++ - boot: do not set boot to try mode if the revision is unchanged ++ - interfaces: add shutdown interface (#2162) ++ - interfaces: add system-power-control interface ++ - many: use the new systemd backend for configuring GPIOs ++ - overlord/ifacestate: setup security for slots before plugs ++ - snap: spool assertion candidates if snapd is not up yet ++ - store,daemon,overlord: download things to a partials dir ++ - asserts,daemon: implement system-user-authority header/concept ++ - interfaces/builtin: home base declaration rule using on-classic ++ for its policy ++ - interfaces/builtin: finish decl based checks ++ - asserts: bump snap-declaration to allow signing with new-style ++ plugs and slots ++ - overlord: checks for kernel installation/refresh based on model ++ assertion and previous kernel ++ - tests/lib/fakestore: fix logic to distinguish assertion not found ++ errors ++ - client: add a few explicit error types (around the request cycle) ++ - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo ++ - overlord/snapstate: two bugs for one ++ - snappy: disable auto-import of assertions on classic (#2122) ++ - overlord/snapstate: move trash cleanup to a cleanup handler ++ (#2173) ++ - daemon: make create-user --known fail on classic without --force- ++ managed (#2123) ++ - asserts,interfaces/policy: implement on-classic plug/slot ++ constraints ++ - overlord: check that the first installed gadget matches the model ++ assertion ++ - tests: use the snapd-control-consumer snap from the store ++ - cmd/snap: make snap run not talk to snapd for finding the revision ++ - snap/squashfs: try to hard link instead of copying. Also, switch ++ to osutil.CopyFile for cp invocation. ++ - store: send supported max-format when retrieving assertions ++ - snapstate, devicestate: do not remove seed ++ - boot,image,overlord,partition: read/write boot variables in single ++ operation ++ - tests: reenable ubuntu-core tests on qemu ++ - asserts,interfaces/policy: allow OR-ing of subrule constraints in ++ plug/slot rules ++ - many: move from flags as ints to flags as structs-of-bools (#2156) ++ - many: add supports for keeping and finding assertions with ++ different format iterations ++ - snap: stop using ubuntu-core-launcher, use snap-confine ++ - many: introduce an assertion format iteration concept, refuse to ++ add unsupported assertion ++ - interfaces: tweak wording and comment ++ - spread.yaml: dump apparmor denials on spread failure ++ - tests: unflake ubuntu-core-reboot (#2150) ++ - cmd/snap: tweak unknown command error message (#2139) ++ - client,daemon,cmd: add payment-declined error kind (#2107) ++ - cmd/snap: update remove command help (#2145) ++ - many: removed frameworks target and fixed service files (#2138) ++ - asserts,snap: validate attributes to a JSON-compatible type subset ++ (#2140) ++ - asserts: remove unused serial-proof type ++ - tests: skip auto-import tests on systems without test keys (#2142) ++ - overlord/devicestate: don't spam the debug log on classic (#2141) ++ - cmd/snap: simplify auto-import mountinfo parsing (#2135) ++ - tests: run ubuntu-core upgrades on isolated machine (#2137) ++ - overlord/devicestate: recover seeding from old external approach ++ (#2134) ++ - overlord: merge overlord/boot pkg into overlord/devicestate ++ (#2118) ++ - daemon: add postCreateUserSuite test suite (#2124) ++ - tests: abort tests if an update process is scheduled (#2119) ++ - snapstate: avoid reboots if nothing in the boot setup has changed ++ (#2117) ++ - cmd/snap: do not auto-import from loop or non-dev devices (#2121) ++ - tests: add spread test for `snap auto-import` (#2126) ++ - tests: add test for auto-mount assertion import (#2127) ++ - osutil: add missing unit tests for IsMounted (#2133) ++ - tests: check for failure creating user on managed ubuntu-core ++ systems (#2096) ++ - snap: ignore /dev/loop addings from udev (#2111) ++ - tests: remove snapd.boot-ok reference (#2109) ++ - tests: enable tests related to the home interface in all-snaps ++ (#2106) ++ - snapstate: only import defaults from gadget on install (#2105) ++ - many: move firstboot code into the snapd daemon (#2033) ++ - store: send correct JSON type of string for expected payment ++ amount (#2103) ++ - cmd/snap: rename is-managed to managed and tune (#2102) ++ - interfaces,overlord/ifacestate: initial cleaning up of no arg ++ AutoConnect related bits (#2090) ++ - client, cmd: prompt for password when buying (#2086) ++ - snapstate: fix hanging `snap remove` if snap is no longer mounted ++ - image: support gadget specific cloud.conf file (#2101) ++ - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093) ++ - store: local users download from the anonymous url (#2100) ++ - docs/hooks.md: fix typos (#2099) ++ - many: check installation of slots and plugs against declarations ++ - docs: fix missing "=" in the systemd-active docs ++ - store: do not set store auth for local users (#2092) ++ - interfaces,overlord/ifacestate: use declaration-based checking for ++ auto-connect (#2071) ++ - overlord, daemon, snap: support gadget config defaults (#2082)The ++ main semantic changes are: ++ - tests: fix snap-disconnect tests after core rename (#2088) ++ - client,daemon,overlord,cmd: add /v2/users and create-user on auto- ++ import (#2074) ++ - many: abbreviated forms of disconnect (#2066) ++ - asserts: require lowercase model until insensitive matching is ++ ready (#2076) ++ - cmd/snap: add version command, same as --version (#2075) ++ - all: use "core" by default but allow "ubuntu-core" still (#2070) ++ - overlord/devicestate, docs/hooks.md: nest prepare-device ++ configuration options ++ - daemon: fix login API to return local macaroons (#2078) ++ - daemon: do not hardcode UID in userLookup (#2080) ++ - client, cmd: connect fixes (#2026) ++ - many: preparations for switching most of autoconnect to use the ++ declarationsfor now: ++ - overlord/auth: update CheckMacaroon to verify local snapd ++ macaroons (#2069) ++ - cmd/snap: trivial auto-import and download tweaks (#2067) ++ - interfaces: add repo.ResolveConnect that handles name resolution ++ - interfaces/policy: introduce InstallCandidate and its checks ++ - interfaces/policy,overlord: check connection requests against the ++ declarations in ifacestate ++ - many: setup snapd macaroon for local users (#2051)Next step: do ++ snapd macaroons verification. ++ - interfaces/policy: implement snap-id/publisher-id checks ++ - many: change Connect to take ConnRef instead of strings (#2060) ++ - snap: auto mount block devices and import assertions (#2047) ++ - daemon: add `snap create-user --force-managed` support (#2041) ++ - docs: remove references to removed buying features (#2057) ++ - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content ++ iface (#2063) ++ - interfaces: add Plug/Slot/Connection reference helpers (#2056) ++ - client,daemon,cmd/snap: improve create-user APIs (#2054) ++ - many: introduce snap refresh --ignore-validation to ++ override refresh validation (#2052) ++ - daemon: add support for `snap create-user --known` (#2040) ++ - interfaces/policy: start of interface policy checking code based ++ on declarations (#2050) ++ - overlord/configstate: support nested configuration (#2039) ++ - asserts,interfaces/builtin,overlord/assertstate: introduce base- ++ declaration (#2037) ++ - interfaces: builtin: Allow writing DHCP lease files to ++ /run/NetworkManager/dhcp (#2049) ++ - many: remove all traces of the /v2/buy/methods endpoint (#2045) ++ - tests: add external spread backend (#1918) ++ - asserts: parse the slot rules in snap-declarations (#2035) ++ - interfaces: allow read of /etc/ld.so.preload by default for armhf ++ on series 16 (#2048) ++ - store: change purchase to order and store clean up first pass ++ (#2043) ++ - daemon, store: switch to new store APIs in snapd (#2036) ++ - many: add email to UserState (#2038) ++ - asserts: support parsing the plugs stanza i.e. plug rules in snap- ++ declarations (#2027) ++ - store: apply deltas if explicitly enabled (#2031) ++ - tests: fix create-key/snap-sign test isolation (#2032) ++ - snap/implicit: don't restrict the camera iface to classic (#2025) ++ - client, cmd: change buy command to match UX document (#2011) ++ - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030) ++ - store: download deltas if explicitly enabled (#2017) ++ - many: allow use of the system user assertion with create-user ++ (#1990) ++ - asserts,overlord,snap: add prepare-device hook for device ++ registration (#2005) ++ - debian: adjust packaging for trusty/deputy systemd (#2003) ++ - asserts: introduce AttributeConstraints (#2015) ++ - interface/builtin: access system bus on screen-inhibit-control ++ - tests: add firewall-control interface test (#2009) ++ - snapstate: pass errors from ListRefresh in updateInfo (#2018) ++ - README: add links to IRC, mailing list and social media (#2022) ++ - docs: add `configure` hook to hooks list (#2024)LP: #1596629 ++ - cmd/snap,configstate: rename apply-config variables to configure. ++ (#2023) ++ - store: retry download on 500 (#2019) ++ - interfaces/builtin: support time and date settings via ++ 'org.freedesktop.timedate1 (#1832) ++ ++ -- Michael Vogt Wed, 02 Nov 2016 01:17:36 +0200 ++ ++snapd (2.16-1) unstable; urgency=medium ++ ++ [ Michael Hudson-Doyle ] ++ * New upstream release. ++ * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb. ++ * Switch to unconditional conflict against `snap` (Closes: #826884) ++ * Update Vcs-Git and Vcs-Browser to point to alioth. ++ ++ [ Steve Langasek ] ++ * Remove govendor from gbp.conf, and import Ubuntu tarball as our ++ orig.tar.gz (switching our packaging to non-native). ++ * Add Uploaders. ++ * Drop lintian overrides not used in Debian because we dynamically link ++ against golang-yaml.v2. ++ * Bump standards-version, no changes required. ++ * Add/fix various lintian overrides. ++ ++ -- Steve Langasek Wed, 02 Nov 2016 12:14:52 +0000 ++ ++snapd (2.16) xenial; urgency=medium ++ ++ * New upstream release, LP: #1628425 ++ - overlord/state: prune old empty changes ++ - interfaces: ppp: load needed kernel module (#2007) ++ - interfaces/builtin: add missing rule to allow run-parts to ++ execute all resolvconf scripts ++ - many: rename apply-config hook to configure ++ - tests: use new spread `debug` feature ++ - many: finish `snap set` API. ++ - overlord: fix and simplify configstate.Transaction ++ - assertions: add system-user assertion ++ - snap: add `snap known --remote` ++ - tests: replace systemd-run with on-the-fly generation of units. ++ - overlord/boot: switch to using assertstate.Batch ++ - snap, daemon, store: pass through screenshots from store ++ - image: add meta/gadget.yaml infrastructure ++ - tests: add test benchmark script ++ - daemon: add the actual ssh keys that got added to the create-user ++ response ++ - daemon: add REST API behind `snap get` ++ - debian: re-add golang-github-gosexy-gettext-dev ++ - tests: added install_local function ++ - interfaces/builtin: fix resolvconf permissions for network-manager ++ interface ++ - tests: use apt as compatible with trusty ++ - many: discard preserved namespace after removing snap ++ - daemon, overlord, store: add ReadyToBuy API to snapd ++ - many: add support for installing/removing multiple snaps ++ - progress: use New64 and fix output newline ++ - interfaces/builtin: allow network-manager to access netplan conf ++ files ++ - tests: build once and install test snap from cache ++ - overlord/state: introduce cleanup support ++ - snap: move/clarify Info.Broken ++ - ctlcmd: add snapctl get. ++ - overlord,store: clean up serial-proof plumbing code ++ - interfaces/builtin: add network-setup-observe interface ++ - daemon,overlord/assertstate: support streams of assertions with ++ snap ack ++ - snapd: kmod backend ++ - tests: ensure HOME is also set correctly ++ - configstate,hookstate: add snapctl set ++ - tests: disable broken create-key test ++ - interfaces: adjust bluetooth-control to allow getsockopt (LP: ++ #1613572) ++ - tests: add a test for core about device initialization and device ++ registration and auth ++ - many: show snap name before the download progress bar ++ - interfaces/builtin: add rcvfrom for client connected plugs to mir ++ interface ++ - asserts: support for maps in assertions ++ - tests: increase timeout for key generation in create-key test ++ - many: validate refreshes against validation assertions by gating ++ snaps ++ - interfaces/apparmor: allow 'm' in default policy for snap-exec ++ - many: avoid snap.InfoFromSnapYaml in tests ++ - interfaces/builtin: allow /dev/net/tun with network-control ++ - tests: add spread test for snap create-key/snap sign ++ - tests: add missing quotes in security-device-cgroups/task.yaml ++ - interfaces: drop ErrUnknownSecurity ++ - store: add "ready to buy" method ++ - snap/snapenv, tests: use root's data dirs when running via sudo ++ - interfaces/builtin: add initial docker interface ++ - snap: remove extra newline after progress is done ++ - docs: fix formating of HACKING.md "Testing snapd" ++ - store : add requestOptions.ExtraHeaders so that individual ++ requests can customise headers. ++ - many: use unique plug/slot names in tests ++ - tests: add tests for the classic dimension ++ - many: add vendoring of dependencies by default ++ - tests: use in-tree snap{ctl,-exec} for all tests ++ - many: support snapctl -h ++ - tests: adjust regex after changes in stat output ++ - store,snap: initial support for delta downloads ++ - interfaces/builtin: add run/udev/data paths to mir interface ++ - snap: lessen annoyance of implicit interface tests ++ - tests: ensure http{,s}_proxy is defined inside the fake-store ++ - interfaces: allow xdg-open in unity7, unity7 cleanups ++ - daemon,store: move store login user logic to store ++ - tests: replace realpath with readlink -f for trusty support. ++ - tests: add https_proxy into environment as well ++ - interfaces/builtin: allow mmaping pulseaudio buffers ++ ++ -- Michael Vogt Wed, 28 Sep 2016 11:09:27 +0200 ++ ++snapd (2.15.2ubuntu1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1623579 ++ - snap/snapenv, tests: use root's data dirs when running via sudo ++ (cherry pick PR: #1857) ++ - tests: add https_proxy into environment ++ (cherry pick PR: #1926) ++ - interfaces: allow xdg-open in unity7, unity7 cleanups ++ (cherry pick PR: #1946) ++ - tests: ensure http{,s}_proxy is defined inside the fake-store ++ (cherry pick PR: #1949) ++ ++ -- Michael Vogt Wed, 21 Sep 2016 17:21:12 +0200 ++ ++snapd (2.15.2) xenial; urgency=medium ++ ++ * New upstream release, LP: #1623579 ++ - asserts: define a bit less terse Ref.String ++ - interfaces: disable auto-connect in libvirt interface ++ - asserts: check that validation assertions are signed by the ++ publisher of the gating snap ++ ++ -- Michael Vogt Mon, 19 Sep 2016 10:42:29 +0200 ++ ++snapd (2.15.1) xenial; urgency=medium ++ ++ * New upstream release, LP: #1623579 ++ - image: ensure local snaps are put last in seed.yaml ++ - asserts: revert change that made the account-key's name mandatory. ++ - many: refresh all snap decls ++ - interfaces/apparmor: allow reading /etc/environment ++ ++ -- Michael Vogt Mon, 19 Sep 2016 09:19:44 +0200 ++ ++snapd (2.15) xenial; urgency=medium ++ ++ * New upstream release, LP: #1623579 ++ - tests: disable prepare-image-grub test in autopkgtest ++ - interfaces: allow special casing for auto-connect until we have ++ assertions ++ - docs: add a little documentation on hooks. ++ - hookstate,daemon: don't mock HookRunner, mock command. ++ - tests: add http_proxy to /etc/environment in the autopkgtest ++ environment ++ - backends: first bits of kernel-module security backend ++ - tests: ensure openssh-server is installed in autopkgtest ++ - tests: make ubuntu-core tests more robust ++ - many: mostly work to support ABA upgrades ++ - cmd/snap: do runtime linting of descriptions ++ - spread.yaml: don't assume LANG is set ++ - snap: fix SNAP* environment merging in `snap run` ++ - CONTRIBUTING.md: remove integration-tests, include spread ++ - store: don't discard error body from request device session call ++ - docs: add create-user documentation ++ - cmd/snap: match UX document for message when buying without login ++ - firstboot: do not overwrite any existing netplan config ++ - tests: add debug output to ubuntu-core-update-rollback- ++ stresstest: ++ - tests/lib/prepare.sh: test that classic does not setting bootvars ++ - snap: run all tests with gpg2 ++ - asserts: basic support for validation assertion and refresh- ++ control ++ - interfaces: miscellaneous policy updates for default, browser- ++ support and camera ++ - snap: (re)add --force-dangerous compat option ++ - tests: ensure SUDO_{USER,GID} is unset in the spread tests ++ - many: clean out left over references to integration tests ++ - overlord/auth,store: fix raciness in updating device/user in state ++ through authcontext and other issuesbonus fixes: ++ - tests: fix spread tests on yakkety ++ - store: refactor auth/refresh tests ++ - asserts: use gpg --fixed-list-mode to be compatible with both gpg1 ++ and gpg2 ++ - cmd/snap: i18n option descriptions ++ - asserts: required account key name header ++ - tests: add yakkety test host ++ - packaging: make sure debhelper-generated snippet is invoked on ++ postrm ++ - snap,store: capture newest digest from the store, make it ++ DownloadInfo only ++ - tests: add upower-observe spread test ++ - Merge github.com:snapcore/snapd ++ - tests: fixes to actually run the spread tests inside autopkgtest ++ - cmd/snap: make "snap find" error nicer. ++ - tests: get the gadget name from snap list ++ - cmd/snap: tweak help of 'snap download' ++ - cmd/snap,image: teach snap download to download also assertions ++ - interfaces/builtin: tweak opengl interface ++ - interfaces: serial-port use udevUsbDeviceSnippet ++ - store: ensure the payment methods method handles auth failure ++ - overlord/snapstate: support revert flags ++ - many: add snap configuration to REST API ++ - tests: use ubuntu-image for the ubuntu-core-16 image creation ++ - cmd/snap: serialise empty keys list as [] rather than null ++ - cmd/snap,client: add snap set and snap get commands ++ - asserts: update trusted account-key asserts with names ++ - overlord/snapstate: misc fixes/tweaks/cleanups ++ - image: have prepare-image set devmode correctly ++ - overlord/boot: have firstboot support assertion files with ++ multiple assertions ++ - daemon: bail from enable and disable if revision given, and from ++ multi-op if unsupported optons given ++ - osutil: call sync after cp if ++ requested.overlord/snapstate/backend: switch to use osutil instead ++ of another buggy call to cp ++ - cmd/snap: generate account-key-request "since" header in UTC ++ - many: use symlinks instead of wrappers ++ - tests: remove silly [Service] entry from snapd.socket.d/local.conf ++ - store: switch device session to use device-session-request ++ assertion ++ - snap: ensure that plug and slot names are unique ++ - cmd/snap: fix test suite (no Exit(0) on tests!) ++ - interfaces: add interface for hidraw devices ++ - tests: use the real model assertion when creating the core test ++ image ++ - interfaces/builtin: add udisks2 and removable-media interfaces ++ - interface: network_manager: enable resolvconf ++ - interfaces/builtin: usb serial-port support via udev ++ - interfaces/udev: support noneSecurityTag keyed snippets ++ - snap: switch to the new agreed regexp for snap names ++ - tests: adjust test setup after ubuntu user removal ++ - many: start services only after the snap is fully ready (link-snap ++ was run) ++ - asserts: don't have Add/Check panic in the face of unsupported no- ++ authority assertions ++ - asserts: initial support to generate/sign snap-build assertions ++ - asserts: support checking account-key-request assertions ++ - overlord: introduce AuthContext.DeviceSessionRequest with support ++ in devicestate ++ - overlord/state: fix for reloaded task/change crashing on Set if ++ checkpointed w. no custom data yet ++ - snapd.refresh.service: require snap.socket and /snap/*/current. ++ - many: spell --force-dangerous as just --dangerous, devmode should ++ imply it ++ - overlord/devicestate: try to fetch/refresh the signing key of ++ serial (also in case is not there yet) ++ - image,overlord/boot,snap: metadata from asserts for image snaps ++ - many: automatically restart all-snap devices after os/kernel ++ updates ++ - interfaces: modem-manager: ignore camera ++ - firstboot: only configure en* and eth* interfaces by default ++ - interfaces: fix interface handling on no-app snaps ++ - snap: set user variables even if HOME is unset (like with systemd ++ services) ++ ++ -- Michael Vogt Fri, 16 Sep 2016 07:46:22 +0200 ++ ++snapd (2.14.2~16.04) xenial; urgency=medium ++ ++ * New upstream release: LP: #1618095 ++ - tests: use the spread tests with the adhoc interface inside ++ autopkgtest ++ - interfaces: add fwupd interface ++ - asserts,cmd/snap: add "name" header to account-key(-request) ++ - client,cmd/snap: display os-release data only on classic ++ - asserts/tool,cmd/snap: introduce hidden "snap sign" ++ - many: when installing snap file derive metadata from assertions ++ unless --force-dangerous ++ - osutil: tweak the createUserTests a bit and extract common code ++ - debian: umount --lazy before rm on snapd.postrm ++ - interfaces: updates to default policy, browser-support, and x11 ++ - store: set initial device session ++ - interfaces: add upower-observe interface (LP: #1595813) ++ - tests: use beta u-d-f in test by default ++ - interfaces/builtin: allow writing on /dev/vhci in bluetooth- ++ control ++ - interfaces/builtin: allow /dev/vhci on bluetooth-control ++ - tests: port integration tests to spread ++ - snapstate: use umount --lazy when removing the mount units ++ - spread: enable halt-timeout, tweak image selection ++ - tests: fix firstboot-assertions to actually be runnable on classic ++ again ++ - asserts: introduce device-session-request ++ - interfaces: add screen-inhibit-control interface (LP: #1604880) ++ - firstboot: change location of netplan config ++ - overlord/devicestate: some cleanups and solving a couple todos ++ - daemon,overlord: add subcommand handling to snapctl ++ ++ -- Michael Vogt Thu, 01 Sep 2016 18:52:05 +0200 ++ ++snapd (2.14.1) xenial; urgency=medium ++ ++ * New upstream release: LP: #1618095 ++ - snap-exec: add support for commands with internal args in snap- ++ exec ++ - store: refresh expired device sessions ++ - debian: re-add ubuntu-core-snapd-units as a transitional package ++ - image: snap assertions into image ++ - overlord/assertstate,asserts/snapasserts: give snap assertions ++ helpers a package, introduce ReconstructSideInfo ++ - docs/interfaces: Add empty line after lxd-support title ++ - README: cover the new /run/snapd-snap.socket ++ - daemon: make socket split backward-compatible. ++ ++ -- Michael Vogt Tue, 30 Aug 2016 16:43:29 +0200 ++ ++snapd (2.14) xenial; urgency=medium ++ ++ * New upstream release: LP: #1618095 ++ - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1 ++ - osutil: fix create-user on classic ++ - firstboot: disable firstboot on classic for now ++ - cmd/snap: add export-key --account= option ++ - many: split public snapd REST API into separate socket. ++ - many: drop ubuntu-core-snapd-units package, use release.OnClassic ++ instead ++ - tests: add content-shareing binary test that excersises snap- ++ confine ++ - snap: use "up to date" instead of "up-to-date" ++ - asserts: add an account-key-request assertion ++ - asserts: fix GPG key generation parameters ++ - tests, integration-tests: implement the cups-control manual test ++ as a spread test ++ - many: clarify/tie down model assertion ++ - cmd/snap: add "snap download" command ++ - integration-tests: remove them in favour of the spread tests ++ - tests: test all snap ubuntu core upgrade ++ - many: support install and remove by revision ++ - overlord/state: prevent change ready => unready ++ - tests: fixes to make the ubuntu-core-16 image usable with ++ -keep/-reuse ++ - asserts: authority-id and brand-id of serial must match ++ - firstboot: generate netplan config rather than ifupdown ++ - store: request device session macaroon from store ++ - tests: add workaround for u-d-f to unblock all-snap image tests ++ - tests: the stable ubuntu-core snap has snap run support now ++ - many: use make StripGlobalRootDir public ++ - asserts: add some stricter checks around format ++ - many: have AuthContext expose device store-id, serial and serial- ++ proof signing to the store ++ - tests: fix "tests/main/ack" to not break if asserts are alreay ++ there ++ - tests/main/ack: fix test/style ++ - snap: add key management commands ++ - firstboot: add firstboot assertions importing ++ ++ -- Michael Vogt Mon, 29 Aug 2016 17:07:20 +0200 ++ ++snapd (2.13) xenial; urgency=medium ++ ++ * New upstream release: LP: #1616157 ++ - many: respect dirs.SnapSnapsDir in tests ++ - tests: update listing test for latest stable image ++ - many: hook in start of code to fetch/check assertions when ++ installing snap from store ++ - boot: add missing udevadm mock to fix FTBFS ++ - interfaces: add lxd-support interface ++ - dirs,snap: handle empty root directory in SetRootDir ++ - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON ++ - tests: spread all-snap test cleanup ++ - tests: add all-snap spread image tests ++ - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to ++ control talking to staging ++ - overlord/hookstate: use snap run posix parameters. ++ - interfaces/builtin: allow bind in the network interface ++ - asserts,overlord/devicestate: simplify private key/key pairs APIs, ++ they take just key ids ++ - dependencies: update godeps ++ - boot: add support for "devmode: {true,false}" in seed.yaml ++ - many: teach prepare-image to copy the model assertion (and ++ prereqs) into the seed area of the image ++ - tests: start teaching the fakestore about assertions ++ - asserts/sysdb: embed the new format official root/trusted ++ assertions ++ - overlord/devicestate: first pass at device registration logic ++ - tests: add process-control interface spread test ++ - tests: disable unity test ++ - tests: adapt to new spread version ++ - asserts: add serial-proof device assertion ++ - client, cmd/snap: use the new multi-refresh endpoint ++ - many: preparations for image code to fetch model prereqs ++ - debian: add extra checks when debian/snapd.postrm purge is run ++ - overlord/snapstate, daemon: support for multi-snap refresh ++ - tests: do not leave "squashfs-root" around ++ - snap-exec: Fix broken `snap run --shell` and add test ++ - overlord/snapstate: check changes to SnapState for conflicts also. ++ - docs/interfaces: change snappy command to snap ++ - tests: test `snap run --hook` using in-tree snap-exec. ++ - partition: ensure that snap_{kernel,core} is not overridden with an ++ empty value ++ - asserts,overlord/assertstate: introduce an assertstate task ++ handler to fetch snap assertions ++ - spread: disable re-exec to always test development tree. ++ - interfaces: implement a fuse interface ++ - interfaces/hardware-observe.go: re-add /run/udev/data ++ - overlord/assertstate,daemon: reorg how the assert manager exposes ++ the assertion db and adding to it ++ - release: Remove "UBUNTU_CODENAME" from the test data ++ - many: implement snapctl command. ++ - interfaces: mpris updates (fix unconfined introspection, add name ++ attribute) ++ - asserts: export DecodePublicKey ++ - asserts: introduce support for assertions with no authority, ++ implement serial-request ++ - interfaces: bluez: add a few more tests to verify interface ++ connection works ++ - interfaces: bluez: add missing mount security snippet case ++ - interfaces: add kernel-module interface for module insertion. ++ - integration-tests: look for ubuntu-device-flash on PATH before ++ calling sudo ++ - client, cmd, daemon, osutil: support --yaml and --sudoer flags for ++ create-user ++ - spread: use snap-confine from ppa:snappy-dev/image for the tests ++ - many: move to purely hash based key lookup and to new ++ key/signature format (v1) ++ - spread: Use /home/gopath in spread.yaml ++ - tests: base security spread tests ++ ++ -- Michael Vogt Wed, 24 Aug 2016 14:48:28 +0200 ++ ++snapd (2.12) xenial; urgency=medium ++ ++ * New upstream release: LP: #1612362 ++ - many: do not require root for `snap prepare-image` ++ - tests: prevent restore error on test failure ++ - osutil: change escaping for create-user's sudoers ++ - docs: private flag doesn't exist on /v2/find (it's select) ++ - snap: do not sort the result of `snap find` ++ - interfaces/builtin: add gpio interface ++ - partition: fix cleaning of the boot variables on the second good ++ boot ++ - tests: add udev rules spread test ++ - docs: fix references to refresh action ++ - interfaces/udev,osutil: avoid doubled rules and put all in a per ++ snap file ++ - store: minor store improvements from previous reviews ++ - many: support interactive payments in snapd, filter from command ++ line ++ - docs/interfaces.md: improve interfaces documentation ++ - overlord,store: set store device authorization header ++ - store: add device nonce API support ++ - many: various fixes around the `create-user` command ++ - client, osutil: chown the auth file ++ - interfaces/builtin: add transitional browser-support interface ++ - snap: don't load unsupported implicit hooks. ++ - cmd/snap,cmd/snap-exec: support hooks again. ++ - interfaces/builtin: improve pulseaudio interface ++ - asserts: make account-key's `until` optional to represent a never- ++ expiring key ++ - store: refactor newRequest/doRequest to take requestOptions ++ - tests: allow-downgrades on upgrade test to prevent version errors ++ - daemon: stop using group membership as succedaneous of running ++ things with sudo ++ - interfaces: add bluetooth-control interfaces ++ - many: remove integration-test coverage metrics ++ - daemon,docs: drop license docs and error kind ++ - tests: add network-control interface spread test ++ - tests: add hardware-observe spread test ++ - interfaces: add system-trace interface LP: #1600085 ++ - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat) ++ - store: soft-refresh discharge macaroon from store when required ++ - partition: clear snap_try_{kernel,core} on success ++ - tests: add snapd-control interface spread test ++ - tests: add locale-control write spread test ++ - store: fix buy method after some refactoring broke it ++ - interfaces/builtin: read perms for network devices in network- ++ observe ++ - interfaces: also allow rfkill in network_control ++ - snapstate: remove artifacts from a snap try dir that vanished ++ - client, cmd/snap: better errors for empty snap list result ++ - wrappers: set BAMF_DESKTOP_FILE_HINT for unity ++ - many: cleanup/update rest.md; improve auth errors ++ - interfaces: miscelleneous policy updates for default, log-observe, ++ mount-observe, opengl, pulseaudio, system-observe and unity7 ++ - interfaces: add process-control interface (LP: #1598225) ++ - osutil: support both "nobody" and "nogroup" for grpnam tests ++ - cmd: support defaulting to the user's preferred payment method ++ - overlord: actually run hooks. ++ - overlord/state,overlord/ifacestate: define basic infrastructure ++ for and then setting up serialising of interface mgr tasks ++ - asserts: add Assertion.Prerequisites and SigningKey, Ref and ++ FindTrusted ++ - overlord/snapstate: ensure calls to store are done without the ++ state lock held ++ - asserts,client: switch snap-build and snap-revision to be indexed ++ by snap-sha3-384 ++ - many: make seed.yaml on firstboot mandatory and include sideInfo ++ - asserts,many: start supporting structured headers using the new ++ parseHeaders ++ - many: update code for the new snap_mode ++ - tests: added spread find private test ++ - store: deal with 404 froms the SSO store properly ++ - snap: remove meta/kernel.yaml again ++ - daemon: always mock release info in tests ++ - snapstate: drop revisions after "current" on refresh ++ - asserts: introduce new parseHeadersThis introduces the new ++ parseHeaders returning map[string]interface{} and capable of ++ accepting: ++ - asserts: remove/disable comma separated lists and their uses ++ ++ -- Michael Vogt Thu, 11 Aug 2016 19:30:36 +0200 ++ ++snapd (2.11) xenial; urgency=medium ++ ++ * New upstream release: LP: #1605303 ++ - increase version number to reflect the nature of the update ++ better ++ - store, daemon, client, cmd/snap, docs/rest.md: adieu search ++ grammar ++ - debian: move snapd.refresh.timer into timers.target ++ - snapstate: add daemon-reload to fix autopkgtest on yakkety ++ - Interfaces: hardware-observe ++ - snap: rework the output after a snap operation ++ - daemon, cmd/snap: refresh --devmode ++ - store, daemon, client, cmd/snap: implement `snap find --private` ++ - tests: add network-observe interface spread test ++ - interfaces/builtin: allow getsockopt for connected x11 plugs ++ - osutil: check for nogrup instead of adm ++ - store: small cleanups (more needed) ++ - snap/squashfs: fix test not to hardcode snap size ++ - client,cmd/snap: cleanup cmd/snap test suite, add extra args ++ testThis cleans up the cmd/snap test suite: ++ - wrappers: map "never" restart condition to "no." ++ - wrappers: run update-desktop-database after add/remove of desktop ++ files ++ - release: work around elementary mistake ++ - many: remove all traces of channel from the buying codepath ++ - store: kill setUbuntuStoreHeaders ++ - docs: add payment methods documentation ++ - many: present user with a choice of payment backends ++ - asserts: add cross checks for snap asserts ++ - cmd/snap,cmd/snap-exec: support running hooks via snap-exec. ++ - tests: improve snap run symlink tests ++ - tests: add content sharing interface spread test ++ - store & many: a mechanical branch shortening store names ++ - snappy: remove old snappy pkg ++ - overlord/snapstate: kill flagscompat ++ - overlord/snapstate, daemon, client, cmd/snap: devmode override ++ (aka confined) ++ - tests: extend refresh test to talk to the staging and production ++ stores ++ - asserts,daemon: cross checks for account and account-key ++ assertions ++ - client: existing JSON fixtures uses tabs for indentation ++ - snap-exec: add proper integration test for snap-exec ++ - spread.yaml, tests: replace hello-world with test-snapd-tools ++ - tests: add locale-control interface spread test ++ - tests: add mount-observe interface spread test ++ - tests: add system-observe interface spread test ++ - many: add AuthContext to mediate user updates to the state ++ - store/auth: add helper for the macaroon refresh endpoint ++ - cmd: add buy command ++ - overlord: switch snapstate.Update to use ListRefresh (aka ++ /snaps/metadata) ++ - snap-exec: fix silly off-by-one error ++ - tests: stop using hello-world.echo in the tests ++ - tests: add env command to test-snapd-tools ++ - classic: remove (most of) "classic" mode, this is implemented as a ++ snap now ++ - many: remove snapstate.Candidate and other cleanups ++ - many: removed authenticator, store gets a user instead ++ - asserts: fix minor doc comment typo ++ - snap: ensure unknown arguments to `snap run` are ignored ++ - overlord/auth: add Device/SetDevice to persist device identity in ++ state ++ - overlord: make SyncBoot work again ++ - tests: add -y flag to apt autoremove command in unity task restore ++ - many: migrate SnapSetup and SideInfo to use RealName ++ - daemon: drop auther() ++ - client: improve error from client.do() on json decode failures ++ - tests: readd the fake store tests ++ - many: allow removal of broken snaps, add spread test ++ - overlord: implement &Retry{After: duration} support for handlers ++ - interface: add new interfaces.all.SecurityBackends ++ - integration-tests: remove login tests ++ - cmd,interfaces,snap: implement hook whitelist. ++ - daemon,overlord/auth,store: update macaroon authentication to use ++ the new endpoints ++ - daemon, overlord: add buy endpoint to REST API ++ - tests: use systemd-run for starting and stopping the unity app ++ - tests, integration-tests: port systemd service check test to ++ spread ++ - store: switch search to new snap-specific endpoint ++ - store, many: start using the new details endpoint ++ - tests, integration-tests: port unity test to spread ++ - tests: add spread test for tried snaps removal ++ - tests, integration-tests: port auth errors test to spread ++ - snapstate: rename OfficialName to RealName in the new tests ++ - many: rename SideInfo.OfficialName to SideInfo.RealName ++ - snapstate: use snapstate.Type in backend.RemoveSnapFiles ++ - many: add `snap enable/disable` commands ++ - tests, integration-tests: port refresh all test to spread ++ - snap: add `snap run --shell` ++ - tests: set yaml indentation to 4 spaces ++ - snapstate: cleanup downloaded temp snap files ++ - overlord: make patch1_test more robust ++ - debian: add snapd.postrm that purges ++ - integration-tests: drop already covered refresh app test ++ - many: add concept of "broken" snaps ++ - tests, integration-tests: port remove errors tests to spread ++ - tests, integration-tests: port revert test to spread ++ - debian: fix snapbuild path ++ - overlord: fix access to the state without lock in firstboot.go and ++ add test ++ - snapstate: add very simple garbage collection on upgrade ++ - asserts: introduce assertstest with helpers to test code involving ++ assertions ++ - tests, integration tests: port undone failed install test to ++ spread ++ - snap,store: switch to the new snaps/metadata endpoint, introduce ++ and start capturing DeveloperID ++ - tests, integration-tests: port the op remove retry test to spread ++ - po: remove snappy.pot from git, it will be generated at build time ++ - many: add some missing tests, clarify some things and nitpicks as ++ follow up to `snap revert` ++ - snapstate: when doing snapsate.Update|Install, talk to the store ++ early ++ - tests, integration-tests: port the op remove test to spread ++ - interfaces: allow /usr/bin/locale in default policy ++ - many: add `snap revert` ++ - overlord/auth,store: add macaroon serialization/deserialization ++ helpers ++ - many: embed main store trusted assertions in snapd, way to have ++ test ones, spread tests for ack and known ++ - overlord/snapstate,daemon: clarify active vs current, add ++ SnapState.HasCurrent,CurrentInfo ++ - tests: do not search for a specific snap (we hit 100 items) and ++ pagination kicks in ++ - tests: use printf instead of echo where we need portability ++ - tests: rename and generalize basic-binaries to test-snapd-tools ++ ++ -- Michael Vogt Tue, 26 Jul 2016 15:49:04 +0200 ++ ++snapd (2.0.10) xenial; urgency=medium ++ ++ * New upstream release: LP: #1597329 ++ - interfaces: also allow @{PROC}/@{pid}/mountinfo and ++ @{PROC}/@{pid}/mountstats ++ - interfaces: allow read access to /etc/machine-id and ++ @{PROC}/@{pid}/smaps ++ - interfaces: miscelleneous policy updates for default, log-observe ++ and system-observe ++ - snapstate: add logging after a successful doLinkSnap ++ - tests, integration-tests: port try tests to spread ++ - store, cmd/snapd: send a basic user-agent to the store ++ - store: add buy method ++ - client: retry on failed GETs ++ - tests: actual refresh test ++ - docs: REST API update ++ - interfaces: add mount support for hooks. ++ - interfaces: add udev support for hooks. ++ - interfaces: add dbus support for hooks. ++ - tests, integration-tests: port refresh test to spread ++ - tests, integration-tests: port change errors test to spread ++ - overlord/ifacestate: don't retry snap security setup ++ - integration-tests: remove unused file ++ - tests: manage the socket unit when reseting state ++ - overlord: improve organization of state patches ++ - tests: wait for snapd listening after reset ++ - interfaces/builtin: allow other sr*/scd* optical devices ++ - systemd: add support for squashfuse ++ - snap: make snaps vanishing less fatal for the system ++ - snap-exec: os.Exec() needs argv0 in the args[] slice too ++ - many: add new `create-user` command ++ - interfaces: auto-connect content interfaces with the same content ++ and developer ++ - snapstate: add Current revision to SnapState ++ - readme: tweak readme blurb ++ - integration-tests: wait for listening port instead of active ++ service reported by systemd ++ - many: rename Current -> {CurrentSideInfo,CurrentInfo} ++ - spread: fix home interface test after suite move ++ - many: name unversioned data. ++ - interfaces: add "content" interface ++ - overlord/snapstate: defaultBackend can go away now ++ - debian: comment to remember why the timer is setup like it is ++ - tests,spread.yaml: introduce an upgrade test, support/split into ++ two suites for this ++ - overlord,overlord/snapstate: ensure we keep snap type in snapstate ++ of each snap ++ - many: rework the firstboot support ++ - integration-tests: fix test failure ++ - spread: keep core on suite restore ++ - tests: temporary fix for state reset ++ - overlord: add infrastructure for simple state format/content ++ migrations ++ - interfaces: add seccomp support for hooks. ++ - interfaces: allow gvfs shares in home and temporarily allow ++ socketcall by default (LP: #1592901, LP: #1594675) ++ - tests, integration-tests: port network-bind interface tests to ++ spread ++ - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly ++ and remove MockSnapWithHooks ++ - interfaces: add mpris interface ++ - tests: enable `snap run` on i386 ++ - tests, integration-tests: port network interface test to spread ++ - tests, integration-tests: port interfaces cli to spread ++ - tests, integration-tests: port leftover install tests to spread ++ - interfaces: add apparmor support for hooks. ++ - tests, integration-tests: port log-observe interface tests to ++ spread ++ - asserts: improve Decode doc comment about assertion format ++ - tests: moved snaps to lib ++ - many: add the camera interface ++ - many: add optical-drive interface ++ - interfaces: auto-connect home if running on classic ++ - spread: bump gccgo test timeout ++ - interfaces: use security tags to index security snippets. ++ - daemon, overlord/snapstate, store: send confinement header to the ++ store for install ++ - spread: run tests on 16.04 i386 concurrently ++ - tests,integration-tests: port install error tests to spread ++ - interfaces: add a serial-port interface ++ - tests, integration-tests, debian: port sideload install tests to ++ spread ++ - interfaces: add new bind security backend and refactor ++ backendtests ++ - snap: load and validate implicit hooks. ++ - tests: add a build/run test for gccgo in spread ++ - cmd/snap/cmd_login: Adjust message after adding support for wheel ++ group ++ - tests, integration-tests: ported install from store tests to ++ spread ++ - snap: make `snap change ` show task progress ++ - tests, integration-tests: port search tests to spread ++ - overlord/state,daemon: make abort proceed immediately, fix doc ++ comment, improve tests ++ - daemon: extend privileged access to users in "wheel" group ++ - snap: tweak `snap refresh` and `snap refresh --list` outputTiny ++ branch that does three things: ++ - interfaces: refactor auto-connection candidate check ++ - snap: add support for snap {install,refresh} ++ --{edge,beta,candidate,stable} ++ - release: don't force KDE Neon into devmode. ++ ++ -- Michael Vogt Wed, 29 Jun 2016 21:02:39 +0200 ++ ++snapd (2.0.9) xenial; urgency=medium ++ ++ * New upstream release: LP: #1593201 ++ - snap: add the magic redirect part of `snap run` ++ - tests, integration-tests: port server related tests to spread ++ - overlord/snapstate: log restarting in the task ++ - daemon: test restart wiring, fix setup/teardown ++ - cmd: don't show the price if a snap has already been purchased ++ - tests, integration-tests: port listing tests to spread ++ - integration-tests: do not try to kill ubuntu-clock-app.clock (no ++ longer a process) ++ - several: tie up overlord's restart handler into daemon; adjust ++ snap to cope ++ - tests, integration-tests: port abort tests to spread ++ - integration-tests: fix flaky TestRemoveBusyRetries ++ - testutils: refactor/mock exec ++ - snap,cmd: add hook support to snap run. ++ - overlord/snapstate: remove Download from backend ++ - store: use a custom logging transport ++ - overlord/hookstate: implement basic HookManager. ++ - spread: move the suite restore to restore-each ++ - asserts: turn model os into model core field, making it also more ++ like the kernel and gadget fields ++ - asserts: / is not allowed in primary key headers, follow the store ++ in this ++ - release: enable full confinement on Elementary 0.4 ++ - integration-tests: fix another i386 autopkgtest failure. ++ - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run` ++ - many: have the installation of the core snap request a restart (on ++ classic) ++ - asserts: allow to load also account assertions into the trusted ++ set ++ - many: install snaps in devmode on distributions without complete ++ apparmor and seccomp support ++ - spread: run on travis ++ - snapenv: do not hardcode amd64 in tests ++ - spread: initial harness and first test ++ - interfaces: miscelleneous policy updates for chromium, x86, ++ opengl, etc ++ - integration-tests: remove daemon to use the log-observe interface ++ - client: remove client.Revision and import snap.Revision instead ++ - integration-tests: wait for network-bind service in try test ++ - many: move over from snappy to snapstate/backend SetupSnap and ++ related code ++ - integration-tests: add interfaces cli tests ++ - snapenv: cleanup snapenv.{Basic,User} ++ - cmd/snap: also print slots that connect to the wanted snap (LP: ++ #1590704) ++ - asserts: error style, use "cannot" instead of "failed to" ++ following the main decided style ++ - integration-tests: wait until the network-bind service is up ++ before testing ++ - many: add new `snap run` command ++ - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install ++ - many: add some shared testing helpers to snap/snaptest and to ++ boot/boottest ++ - rest-api: support to send apps per snap (LP: #1564076) ++ ++ -- Michael Vogt Thu, 16 Jun 2016 13:56:12 +0200 ++ ++snapd (2.0.8.1) UNRELEASED; urgency=medium ++ ++ * New upstream release ++ - Cherry pick four commits that show snaps as installed in devmode on ++ distributions without full confinement dependencies available: ++ ++ 25634d3364a46b5e9147e4466932c59b1b572d35 ++ 53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0 ++ 38771f4cc324ad9dd4aa48b03108d13a2c361aad ++ c46e069351c61e45c338c98ab12689a319790bd5 ++ ++ -- Zygmunt Krynicki Tue, 14 Jun 2016 15:55:30 +0200 ++ ++snapd (2.0.8+1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Update lintian-overrides for new paths. ++ * debian/copyright: fix a typo (thanks, lintian!) ++ ++ -- Steve Langasek Fri, 10 Jun 2016 23:17:22 +0000 ++ ++snapd (2.0.8) xenial; urgency=medium ++ ++ * New upstream release: LP: #1589534 ++ - debian: make `snap refresh` times more random (LP: #1537793) ++ - cmd: ExecInCoreSnap looks in "core" snap first, and only in ++ "ubuntu-core" snap if rev>125. ++ - cmd/snap: have 'snap list' display helper message on stderr ++ (LP: #1587445) ++ - snap: make app names more restrictive. ++ ++ -- Michael Vogt Wed, 08 Jun 2016 07:56:58 +0200 ++ ++snapd (2.0.7) xenial; urgency=medium ++ ++ * New upstream release: LP: #1589534 ++ - debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006) ++ - debian: fix snapd.refresh.service install and usage (LP: #1588977) ++ - ovlerlord/state: actually support task setting themself as ++ done/undone ++ - snap: do not use "." import in revision_test.go, as this breaks ++ gccgo-6 (fix build failure on powerpc) ++ - interfaces: add fcitx and mozc input methods to unity7 ++ - interfaces: add global gsettings interfaces ++ - interfaces: autoconnect home and doc updates (LP: #1588886) ++ - integration-tests: remove ++ abortSuite.TestAbortWithValidIdInDoingStatus ++ - many: adding backward compatible code to upgrade SnapSetup.Flags ++ - overlord/snapstate: handle sideloading over an old sideloaded snap ++ without panicing ++ - interfaces: add socketcall() to the network/network-bind ++ interfaces (LP: #1588100) ++ - overlord/snapstate,snappy: move over CanRemoveThis moves over the ++ CanRemove check to snapstate itself.overlord/snapstate ++ - snappy: move over CanRemove ++ - overlord/snapstate,snappy: move over CopyData and Remove*Data code ++ ++ -- Michael Vogt Mon, 06 Jun 2016 16:35:50 +0200 ++ ++snapd (2.0.6) xenial; urgency=medium ++ ++ * New upstream release: LP: #1588052: ++ - many: repository moved to snapcore/snapd ++ - debian: add transitional pkg for the github location change ++ - snap: ensure `snap try` work with relative paths ++ - debian: drop run/build dependency on lsb-release ++ - asserts/tool: gpg key pair manager ++ - many: add new snap-exec ++ - many: implement `snap refresh --list` and `snap refresh` ++ - snap: add parsing support for hooks. ++ - many: add the cups interface ++ - interfaces: misc policy fixes (LP: #1583794) ++ - many: add `snap try` ++ - interfaces: allow using sysctl and scmp_sys_resolver for parsing ++ kernel logs ++ - debian: make snapd get its environ from /etc/environment ++ - daemon,client,snap: revisions are now strings ++ - interfaces: allow access to new ibus abstract socket path ++ LP: #1580463 ++ - integration-tests: add remove tests ++ - asserts: stronger crypto choices and follow better latest designs ++ - snappy,daemon: hollow out more of snappy (either removing or not ++ exporting stuff on its way out), snappy/gadget.go is gone ++ - asserts: rename device-serial to serial ++ - asserts: rename identity to account (and username access) ++ - integration-tests: add changes tests ++ - backend: add tests for environment wrapper generation ++ - interfaces/builtin: add location-control interface ++ - overlord/snapstate: move over check snap logic from snappy ++ - release: use os-release instead of lsb-release for cross-distro ++ use ++ - asserts: allow empty snap-name for snap-declaration ++ - interfaces/builtin,docs,snap: add the pulseaudio interface ++ - many: add support for an environment map inside snap.yaml ++ - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap ++ with sanity unit tests ++ - snap: parse epoch property ++ - snappy: do nothing in SetNextBoot when running on classic ++ - snap: validate snap type ++ - integration-tests: extend find command tests ++ - asserts: extend tests to cover mandatory and empty headers ++ - tests: stop the update-pot check in run-checks ++ - snap: parse confinement property. ++ - store: change applyUbuntuStoreHeaders to not take accept, and to ++ take a channel ++ - many: struct-based revisions, new representation ++ - interfaces: remove 'audit deny' rules from network_control.go ++ - interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7 ++ interface ++ - interfaces: firewall-control can access xtables lock file ++ - interfaces: allow unity7 AppMenu ++ - interfaces: allow unity7 launcher API ++ - interfaces/builtin: add location-observe interface ++ - snap: fixed snap empty list text LP: #1587445 ++ ++ -- Michael Vogt Thu, 02 Jun 2016 08:23:50 +0200 ++ ++snapd (2.0.5+1) unstable; urgency=medium ++ ++ * Initial Debian upload. Closes: #824943. ++ * release/release{,_test}.go: use /etc/os-release, which is guaranteed to ++ be part of base-files on both Ubuntu and Debian, instead of ++ /etc/lsb-release which doesn't exist at all on Debian. ++ * drop transitional packages, not needed in Debian. ++ * Add lintian overrides for false-positive detection of embedded libyaml. ++ * Update Vcs-* fields to point at maintainer's branch. ++ * Add a further lintian override for the /snap directory so that the ++ package is not automatically rejected by the NEW queue; this directory ++ location is certainly subject to discussion for Debian, but let's have ++ the discussion rather than blocking the package at the archive level. ++ ++ -- Steve Langasek Mon, 23 May 2016 00:36:06 +0000 ++ ++snapd (2.0.5) xenial; urgency=medium ++ ++ * New upstream release: LP: #1583085 ++ - interfaces: add dbusmenu, freedesktop and kde notifications to ++ unity7 (LP: #1573188) ++ - daemon: make localSnapInfo return SnapState ++ - cmd: make snap list with no snaps not special ++ - debian: workaround for XDG_DATA_DIRS issues ++ - cmd,po: fix conflicts, apply review from #1154 ++ - snap,store: load and store the private flag sent by the store in ++ SideInfo ++ - interfaces/apparmor/template.go: adjust /dev/shm to be more usable ++ - store: use purchase decorator in Snap and FindSnaps ++ - interfaces: first version of the networkmanager interface ++ - snap, snappy: implement the new (minmimal) kernel spec ++ - cmd/snap, debian: move manpage generation to depend on an environ ++ key; also, fix completion ++ ++ -- Michael Vogt Thu, 19 May 2016 15:29:16 +0200 ++ ++snapd (2.0.4) xenial; urgency=medium ++ ++ * New upstream release: ++ - interfaces: cleanup explicit denies ++ - integration-tests: remove the ancient integration daemon tests ++ - integration-tests: add network-bind interface test ++ - integration-tests: add actual checks for undoing install ++ - integration-tests: add store login test ++ - snap: add certain implicit slots only on classic ++ - integration-tests: add coverage flags to snapd.service ExecStart ++ setting when building from branch ++ - integration-tests: remove the tests for features removed in 16.04. ++ - daemon, overlord/snapstate: "(de)activate" is no longer a thing ++ - docs: update meta.md and security.md for current snappy ++ - debian: always start snapd ++ - integration-tests: add test for undoing failed install ++ - overlord: handle ensureNext being in the past ++ - overlord/snapstate,overlord/snapstate/backend,snappy: start ++ backend porting LinkSnap and UnlinkSnap ++ - debian/tests: add reboot capability to autopkgtest and execute ++ snapPersistsSuite ++ - daemon,snappy,progress: drop license agreement broken logic ++ - daemon,client,cmd/snap: nice access denied message ++ (LP: #1574829) ++ - daemon: add user parameter to all commands ++ - snap, store: rework purchase methods into decorators ++ - many: simplify release package and add OnClassic ++ - interfaces: miscellaneous policy updates ++ - snappy,wrappers: move desktop files handling to wrappers ++ - snappy: remove some obviously dead code ++ - interfaces/builtin: quote apparmor label ++ - many: remove the gadget yaml support from snappy ++ - snappy,systemd,wrappers: move service units generation to wrappers ++ - store: add method to determine if a snap must be bought ++ - store: add methods to read purchases from the store ++ - wrappers,snappy: move binary wrapper generation to new package ++ wrappers ++ - snap: add `snap help` command ++ - integration-tests: remove framework-test data and avoid using ++ config-snap for now ++ - add integration test to verify fix for LP: #1571721 ++ ++ -- Michael Vogt Fri, 13 May 2016 17:19:37 -0700 ++ ++snapd (2.0.3) xenial; urgency=medium ++ ++ * New upstream micro release: ++ - integration-tests, debian/tests: add unity snap autopkg test ++ - snappy: introduce first feature flag for assumes: common-data-dir ++ - timeout,snap: add YAML unmarshal function for timeout.Timeout ++ - many: go into state.Retry state when unmounting a snap fails. ++ (LP: #1571721, #1575399) ++ - daemon,client,cmd/snap: improve output after snap ++ install/refresh/remove (LP: #1574830) ++ - integration-tests, debian/tests: add test for home interface ++ - interfaces,overlord: support unversioned data ++ - interfaces/builtin: improve the bluez interface ++ - cmd: don't include the unit tests when building with go test -c ++ for integration tests ++ - integration-tests: teach some new trick to the fake store, ++ reenable the app refresh test ++ - many: move with some simplifications test snap building to ++ snap/snaptest ++ - asserts: define type for revision related errors ++ - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify ++ mocking snaps behind MockSnap ++ - snappy: fix openSnapFile's handling of sideInfo ++ - daemon: improve snap sideload form handling ++ - snap: add short and long description to the man-page ++ (LP: #1570280) ++ - snappy: remove unused SetProperty ++ - snappy: use more accurate test data ++ - integration-tests: add a integration test about remove removing ++ all revisions ++ - overlord/snapstate: make "snap remove" remove all revisions of a ++ snap (LP: #1571710) ++ - integration-tests: re-enable a bunch of integration tests ++ - snappy: remove unused dbus code ++ - overlord/ifacestate: fix setup-profiles to use new snap revision ++ for setup (LP: #1572463) ++ - integration-tests: add regression test for auth bug LP:#1571491 ++ - client, snap: remove obsolete TypeCore which was used in the old ++ SystemImage days ++ - integration-tests: add apparmor test ++ - cmd: don't perform type assertion when we know error to be nil ++ - client: list correct snap types ++ - intefaces/builtin: allow getsockname on connected x11 plugs ++ (LP: #1574526) ++ - daemon,overlord/snapstate: read name out of sideloaded snap early, ++ improved change summary ++ - overlord: keep tasks unlinked from a change hidden, prune them ++ - integration-tests: snap list on fresh boot is good again ++ - integration-tests: add partial term to the find test ++ - integration-tests: changed default release to 16 ++ - integration-tests: add regression test for snaps not present after ++ reboot ++ - integration-tests: network interface ++ - integration-tests: add proxy related environment variables to ++ snapd env file ++ - README.md: snappy => snap ++ - etc: trivial typo fix (LP:#1569892) ++ - debian: remove unneeded /var/lib/snapd/apparmor/additional ++ directory (LP: #1569577) ++ - builtin/unity7.go: allow using gmenu. LP: #1576287 ++ ++ -- Michael Vogt Tue, 03 May 2016 07:51:57 +0200 ++ ++snapd (2.0.2) xenial; urgency=medium ++ ++ * New upstream release: ++ - systemd: add multi-user.target (LP: #1572125) ++ - release: our series is 16 ++ - integration-tests: fix snapd binary path for mounting the daemon ++ built from branch ++ - overlord,snap: add firstboot state sync ++ ++ -- Michael Vogt Tue, 19 Apr 2016 16:02:44 +0200 ++ ++snapd (2.0.1) xenial; urgency=medium ++ ++ * client,daemon,overlord: fix authentication: ++ - fix incorrect authenication check (LP: #1571491) ++ ++ -- Michael Vogt Mon, 18 Apr 2016 07:24:33 +0200 ++ ++snapd (2.0) xenial; urgency=medium ++ ++ * New upstream release: ++ - debian: put snapd in /usr/lib/snapd/ ++ - cmd/snap: minor polishing ++ - cmd,client,daemon: add snap abort command ++ - overlord: don't hold locks when callling backends ++ - release,store,daemon: no more default-channel, release=>series ++ - many: drop support for deprecated environment variables ++ (SNAP_APP_*) ++ - many: support individual ids in changes cmd ++ - overlord/state: use numeric change and task ids ++ - overlord/auth,daemon,client,cmd/snap: logout ++ - daemon: don't install ubuntu-core twice ++ - daemon,client,overlord/state,cmd: add changes command ++ - interfaces/dbus: drop superfluous backslash from template ++ - daemon, overlord/snapstate: updates are users too! ++ - cmd/snap,daemon,overlord/ifacestate: add support for developer ++ mode ++ - daemon,overlord/snapstate: on refresh use the remembered channel, ++ default to stable channel otherwise ++ - cmd/snap: improve UX of snap interfaces when there are no results ++ - overlord/state: include time in task log messages ++ - overlord: prune and abort old changes and tasks ++ - overlord/ifacestate: add implicit slots in setup-profiles ++ - daemon,overlord: setup authentication for store downloads ++ - daemon: macaroon-authed users are like root, and sudoers can login ++ - daemon,client,docs: send install options to daemon ++ ++ -- Michael Vogt Sat, 16 Apr 2016 22:15:40 +0200 ++ ++snapd (1.9.4) xenial; urgency=medium ++ ++ * New upstream release: ++ - etc: fix desktop file location ++ - overlord/snapstate: stop an update once download sees the revision ++ is already installed ++ - overlord: make SnapState.DevMode a method, store flags ++ - snappy: no more snapYaml in snappy.Snap ++ - daemon,cmd,dirs,lockfile: drop all lockfiles ++ - debian: use sudo in setup of the proxy environment ++ - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app ++ environment ++ - snap: validate similarly to what we did with old snapYaml info ++ from squashfs snaps ++ - daemon,store: plug in authentication for store search/details ++ - overlord/snapstate: fix JSON name of SnapState.Candidate ++ - overlord/snapstate: start using revisions higher than 100000 for ++ local installs (sideloads) ++ - interfaces,overlorf/ifacestate: honor user choice and don't auto- ++ connect disconnected plugs ++ - overlord/auth,daemon,client: hide user ids again ++ - daemon,overlord/snapstate: back /snaps (and so snap list) using ++ state ++ - daemon,client,overlord/auth: rework state auth data ++ - overlord/snapstate: disable Activate and Deactivate ++ - debian: fix silly typo in autopkgtest setup ++ - overlord/ifacestate: remove connection state with discard-conns ++ task, on the removal of last snap ++ - daemon,client: rename API update action to refresh ++ - cmd/snap: rework login to be more resilient ++ - overlord/snapstate: deny two changes on one snap ++ - snappy: fix crash on certain snap.yaml ++ - systemd: use native systemctl enable instead of our own ++ implementation ++ - store: add workaround for misbehaving store ++ - debian: make autopkgtest use the right env vars ++ - state: log do/undo status too when a task is run ++ - docs: update rest.md with price information ++ - daemon: only include price property if the snap is non-free ++ - daemon, client, cmd/snap: connect/disconnect now async ++ - snap,snappy: allow snaps to require system features ++ - integration-tests: fix report of skips in SetUpTest method ++ - snappy: clean out major bits (still using Installed) now ++ unreferenced as cmd/snappy is gone ++ - daemon/api,overlord/auth: add helper to get UserState from a ++ client request ++ ++ -- Michael Vogt Fri, 15 Apr 2016 23:30:00 +0200 ++ ++snapd (1.9.3) xenial; urgency=medium ++ ++ * New upstream release: ++ - many: prepare for opengl support on classic ++ - interfaces/apparmor: load all apparmor profiles on snap setup ++ - daemon,client: move async resource to change in meta ++ - debian: disable autopilot ++ - snap: add basic progress reporting ++ - client,cmd,daemon,snap,store: show the price of snaps in the cli ++ - state: add minimal taskrunner logging ++ - daemon,snap,overlord/snapstate: in the API get the snap icon using ++ state ++ - client,daemon,overlord: don't guess snap file vs. name ++ - overlord/ifacestate: reload snap connections when setting up ++ security for a given snap ++ - snappy: remove cmd/snappy (superseded in favour of cmd/snap) ++ - interfaecs/apparmor: remove all traces of old-security from ++ apparmor backend ++ - interfaces/builtin: add bluez interface ++ - overlord/ifacestate: don't crash if connection cannot be reloaded ++ - debian: add searchSuite to autopkgtest ++ - client, daemon, cmd/snap: no more tasks; everything is changes ++ - client: send authorization header in client requests ++ - client, daemon: marshal suggested currency over REST ++ - docs, snap: enumerate snap types correctly in docs and comments ++ - many: add store authenticator parameter ++ - overlord/ifacestate,daemon: setup security on conect and ++ disconnect ++ - interfaces/apparmor: remove unused apparmor variables ++ - snapstate: add missing "TaskProgressAdapter.Write()" for working ++ progress reporting ++ - many: clean out snap config related code not for OS ++ - daemon,client,cmd: return snap list from /v2/snaps ++ - docs: update `/v2/snaps` endpoint documentation ++ - interfaces: rename developerMode to devMode ++ - daemon,client,overlord: progress current => done ++ - daemon,client,cmd/snap: move query metadata to top-level doc ++ - interfaces: add TestSecurityBackend ++ - many: replace typographic quotes with ASCII ++ - client, daemon: rework rest changes to export "ready" and "err" ++ - overlord/snapstate,snap,store: track snap-id in side-info and ++ therefore in state ++ - daemon: improve mocking of interfaces API tests ++ - integration-tests: remove origins in default snap names for udf ++ call ++ - integration-test: use "snap list" in GetCurrentVersion ++ - many: almost no more NewInstalledSnap reading manifest from ++ snapstate and backend ++ - daemon: auto install ubuntu-core if missing ++ - oauth,store: remove OAuth authentication logic ++ - overlord/ifacestate: simplify some tests with implicit manager ++ initialization ++ - store, snappy: move away from hitting details directly ++ - overlord/ifacestate: reload connections when restarting the ++ manager ++ - overlord/ifacestate: increase flexibility of unit tests ++ - overlord: use state to discover all installed snaps ++ - overlord/ifacestate: track connections in the state ++ - many: separate copy-data from unlinking of current snap ++ - overlord/auth,store/auth: add macaroon authenticator to UserState ++ - client: support for /v2/changes and /v2/changes/{id} ++ - daemon/api,overlord/auth: rework authenticated users information ++ in state ++ ++ -- Michael Vogt Thu, 14 Apr 2016 23:29:43 +0200 ++ ++snapd (1.9.2) xenial; urgency=medium ++ ++ * New upstream release: ++ - cmd/snap,daemon,store: rework login command to use daemon login ++ API ++ - store: cache suggested currency from the store ++ - overlord/ifacestate: modularize and extend tests ++ - integration-tests: reenable failure tests ++ - daemon: include progress in rest changes ++ - daemon, overlord/state: expose individual changes ++ - overlord/ifacestate: drop duplicate package comment ++ - overlord/ifacestate: allow tests to override security backends ++ - cmd/snap: install *.snap and *.snap.* as files too ++ - interfaces/apparmor: replace /var/lib/snap with /var/snap ++ - daemon,overlord/ifacestate: connect REST API to interfaces in the ++ overlord ++ - debian: remove unneeded dependencies from snapd ++ - overlord/state: checkpoint on final progress only ++ - osutil: introduce IsUIDInAny ++ - overlord/snapstate: rename GetSnapState to Get, SetSnapState to ++ Set ++ - daemon: add id to changes json ++ - overlord/snapstate: SetSnapState() needs locks ++ - overlord: fix broken tests ++ - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as ++ Info) actually using the state ++ ++ -- Michael Vogt Wed, 13 Apr 2016 17:27:00 +0200 ++ ++snapd (1.9.1.1) xenial; urgency=medium ++ ++ * debian/tests/control: ++ - add git to make autopkgtest work ++ ++ -- Michael Vogt Tue, 12 Apr 2016 17:19:19 +0200 ++ ++snapd (1.9.1) xenial; urgency=medium ++ ++ * Add warning about installing ubuntu-core-snapd-units on Desktop systems. ++ * Add ${misc:Depends} to ubuntu-core-snapd-units. ++ * interfaces,overlord: add support for auto-connecting plugs on ++ install ++ * fix sideloading snaps and (re)add tests for this ++ * add `ca-certificates` to the test-dependencies to fix autopkgtest ++ failure on armhf ++ ++ -- Michael Vogt Tue, 12 Apr 2016 14:39:57 +0200 ++ ++snapd (1.9) xenial; urgency=medium ++ ++ * rename source and binary package to "snapd" ++ * update directory layout to final 16.04 layout ++ * use `snap` command instead of the previous `snappy` ++ * use `interface` based security ++ * use new state engine for install/update/remove ++ ++ -- Michael Vogt Tue, 12 Apr 2016 01:05:09 +0200 ++ ++ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium ++ ++ - debian: update versionized ubuntu-core-launcher dependency ++ - debian: tweak desktop file dir, ship Xsession.d snip for seamless ++ integration ++ - snappy: fix hw-assign to work with per-app udev tags ++ - snappy: use $snap.$app as per-app udev tag ++ - snap,snappy,systemd: %s/\/SNAP_DEVELOPER/g ++ - snappy: add mksquashfs --no-xattrs parameter ++ - snap,snappy,systemd: kill SNAP_FULLNAME ++ ++ -- Michael Vogt Thu, 10 Mar 2016 09:26:20 +0100 ++ ++ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium ++ ++ - snappy,snap: move icon under meta/gui/ ++ - debian: add snap.8 manpage ++ - debian: move snapd to /usr/lib/snappy/snapd ++ - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR ++ - snappy,dirs: add support to use desktop files from inside snaps ++ - daemon: snapd API events endpoint redux ++ - interfaces/builtin: add "network" interface ++ - overlord/state: do small fixes (typo, id clashes paranoia) ++ - overlord: add first pass of the logic in StateEngine itself ++ - overlord/state: introduce Status/SetStatus on Change ++ - interfaces: support permanent security snippets ++ - overlord/state: introduce Status/SetStatus and ++ Progress/SetProgress on Task ++ - overlord/state: introduce Task and Change.NewTask ++ - many: selectively swap semantics of plugs and slots ++ - client,cmd/snap: remove useless indirection in Interfaces ++ - interfaces: maintain Plug and Slot connection details ++ - client,daemon,cmd/snap: change POST /2.0/interfaces to work with ++ lists ++ - overlord/state: introduce Change and NewChange on state to create ++ them ++ - snappy: bugfix for snap.yaml parsing to be more consistent with ++ the spec ++ - snappy,systemd: remove "ports" from snap.yaml ++ ++ -- Michael Vogt Tue, 08 Mar 2016 11:24:09 +0100 ++ ++ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium ++ ++ * rename: ++ debian/golang-snappy-dev.install -> ++ debian/golang-github-ubuntu-core-snappy-dev.install: ++ ++ -- Michael Vogt Thu, 03 Mar 2016 12:29:16 +0100 ++ ++ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium ++ ++ * really fix typo in dependency name ++ ++ -- Michael Vogt Thu, 03 Mar 2016 12:21:39 +0100 ++ ++ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium ++ ++ * fix typo in dependency name ++ ++ -- Michael Vogt Thu, 03 Mar 2016 12:05:36 +0100 ++ ++ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium ++ ++ - debian: update build-depends for MIR ++ - many: implement new REST API: GET /2.0/interfaces ++ - integration-tests: properly stop snapd from branch ++ - cmd/snap: update tests for go-flags changes ++ - overlord/state: implement Lock/Unlock with implicit checkpointing ++ - overlord: split out the managers and State to their own ++ subpackages of overlord ++ - snappy: rename "migration-skill" to "old-security" and use new ++ interface names instead of skills ++ - client,cmd/snap: clarify name ambiguity in Plug or Slot ++ - overlord: start working on state engine along spec v2, have the ++ main skeleton follow that ++ - classic, oauth: update tests for change in MakeRandomString() ++ - client,cmd/snap: s/add/install/:-( ++ - interfaces,daemon: specialize Name to either Plug or Slot ++ - interfaces,interfaces/types: unify security snippet functions ++ - snapd: close the listener on Stop, to force the http.Serve loop to ++ exit ++ - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose ++ explicit channel selection to rest api ++ - interfaces,daemon: rename package holding built-in interfaces ++ - integration-tests: add the first classic dimension tests ++ - client,deaemon,docs: rename skills to interfaces on the wire ++ - asserts: add identity assertion type ++ - integration-tests: add the no_proxy env var ++ - debian: update build-depends for new package names ++ - oauth: fix oauth & quoting in the oauth_signature ++ - integration-tests: remove unused field ++ - integration-tests: add the http proxy argument ++ - interfaces,interfaces/types,deamon: mass internal rename to ++ interfaces ++ - client,cmd/snap: rename skills to interfaces (part 2) ++ - arch: fix missing mapping for powerpc ++ ++ -- Michael Vogt Thu, 03 Mar 2016 11:00:19 +0100 ++ ++ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium ++ ++ - integration-tests: always use the built snapd when compiling ++ binaries from branch ++ - cmd/snap: rename skills to interfaces ++ - testutil,skills/types,skills,daemon: tweak discovery of know skill ++ types ++ - docs: add docs for arm64 cross building ++ - overlord: implement basic ReadState/WriteState ++ - overlord: implement Get/Set/Copy on State ++ - integration-tests: fix dd output check ++ - integration-tests: add fromBranch config field ++ - integration-tests: use cli pkg methods in hwAssignSuite ++ - debian: do not create the snappypkg user, we don't need it anymore ++ - arch: fix build failure on s390x ++ - classic: cleanup downloaded lxd tarball ++ - cmd/snap,client,integration-tests: rename snap subcmds ++ 'assert'=>'ack', 'asserts'=>'known' ++ - skills: fix broken tests builds ++ - skills,skills/types: pass slot to SlotSecuritySnippet() ++ - skills/types: teach bool-file about udev security ++ ++ -- Michael Vogt Thu, 25 Feb 2016 16:17:19 +0100 ++ ++ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium ++ ++ * New git snapshot: ++ - asserts: introduce snap-declaration ++ - cmd/snap: fix integration tests for the "cmd_asserts" ++ - integration-tests: fix fanctl output check ++ - cmd/snap: fix test failure after merging 23a64e6 ++ - cmd/snap: replace skip-help with empty description ++ - docs: update security.md to match current migration-skill ++ semantics ++ - snappy: treat commands with 'daemon' field as services ++ - asserts: use more consistent names for receivers in ++ snap_asserts*.go ++ - debian: add missing golang-websocket-dev build-dependency ++ - classic: if classic fails to get created, undo the bind mounts ++ - snappy: never return nil in NewLocalSnapRepository() ++ - notifications: A simple notification system ++ - snappy: when using staging, authenticate there instead ++ - integration-tests/snapd: fix the start of the test snapd socket ++ - skills/types: use CamelCase for security names ++ - skills: add support for implicit revoke ++ - skills: add security layer ++ - integration-tests: use exec.Command wrapper for updates ++ - cmd/snap: add 'snap skills' ++ - cms/snap: add 'snap revoke' ++ - docs: add docs for skills API ++ - cmd/snap: add 'snap grant' ++ - cmd/snappy, coreconfig, daemon, snappy: move config to always be ++ bytes (in and out) ++ - overlord: start with a skeleton and stubs for Overlord, ++ StateEngine, StateJournal and managers ++ - integration-tests: skip tests affected by LP: #1544507 ++ - skills/types: add bool-file ++ - po: refresh translation templates ++ - cmd/snap: add 'snap experimental remove-skill-slot' ++ - asserts: introduce device assertion ++ - cmd/snap: implemented add, remove, purge, refresh, rollback, ++ activate, deactivate ++ - cmd/snap: add 'snap experimental add-skill-slot' ++ - cmd/snap: add 'snap experimental remove-skill' ++ - cmd/snap: add tests for common skills code ++ - cmd/snap: add 'snap experimental add-skill' ++ - asserts: make assertion checkers used by db.Check modular and ++ pluggable ++ - cmd,client,daemon,caps,docs,po: remove capabilities ++ - scripts: move the script to get dependencies to a separate file ++ - asserts: make the disk layout compatible for storing more than one ++ revision ++ - cmd/snap: make the assert command options exported ++ - integration-tests: Remove the target release and channel ++ - asserts: introduce model assertion ++ - integration-tests: add exec.Cmd wrapper ++ - cmd/snap: add client test support methods ++ - cmd/snap: move key=value attribute parsing to commmon ++ - cmd/snap: apply new style consistency to "snap" commands. ++ - cmd/snap: support redirecting the client for testing ++ - cmd/snap: support testing command output ++ - snappy,daemon: remove the meta repositories abstractions ++ - cmd: add support for experimental commands ++ - cmd/snappy,daemon,snap,snappy: remove SetActive from parts ++ - cmd/snappy,daemon,snappy,snap: remove config from parts interface ++ - client: improve test data ++ - cmd: allow to construct a fresh parser ++ - cmd: don't treat help as an error ++ - cmd/snappy,snappy: remove "Details" from the repository interface ++ - asserts: check that primary keys are set when ++ Decode()ing/assembling assertions ++ - snap,snappy: refactor to remove "Install" from the Part interface ++ - client,cmd: make client.New() configurable ++ - client: enable retrieving asynchronous operation information with ++ `Client.Operation`. ++ ++ -- Michael Vogt Tue, 23 Feb 2016 11:28:18 +0100 ++ ++ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium ++ ++ * New git snapshot: ++ - integration-tests: fix the rollback error messages ++ - integration-test: use the common cli method when trying to install ++ an unexisting snap ++ - integration-tests: rename snap find test ++ - daemon: refactor makeErrorResponder() ++ - integration: add regression test for LP: #1541317 ++ - integration-tests: reenable TestRollbackMustRebootToOtherVersion ++ - asserts: introduce "snap asserts" subcmd to show assertions in the ++ system db ++ - docs: fix parameter style ++ - daemon: use underscore in JSON interface ++ - client: add skills API ++ - asserts,docs/rest.md: change Encoder not to add extra newlines at ++ the end of the stream ++ - integration-tests: "snappy search" is no more, its "snap search" ++ now ++ - README, integration-tests/tests: chmod snapd.socket after manual ++ start. ++ - snappy: add default security profile if none is specified ++ - skills,daemon: add REST APIs for skills ++ - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`. ++ - The first step towards REST world domination: search is now done ++ via ++ - debian: remove obsolete /etc/grub.d/09_snappy on upgrade ++ - skills: provide different security snippets for skill and slot ++ side ++ - osutil: make go vet happy again ++ - snappy,systemd: use Type field in systemd.ServiceDescription ++ - skills: add basic grant-revoke methods ++ - client,daemon,asserts: expose the ability to query assertions in ++ the system db ++ - skills: add basic methods for slot handling ++ - snappy,daemon,snap: move "Uninstall" into overlord ++ - snappy: move SnapFile.Install() into Overlord.Install() ++ - integration-tests: re-enable some failover tests ++ - client: remove snaps ++ - asserts: uniform searching across trusted (account keys) and main ++ backstore ++ - asserts: introduce Decoder to parse streams of assertions and ++ Encoder to build them ++ - client: filter snaps with a search query ++ - client: pass query as well as path in client internals ++ - skills: provide different security snippets for skill and slot ++ side ++ - snappy: refactor snapYaml to remove methods on snapYaml type ++ - snappy: remove unused variable from test ++ - skills: add basic methods for skill handing ++ - snappy: remove support for meta/package.yaml and implement new ++ meta/snap.yaml ++ - snappy: add new overlord type responsible for ++ Installed/Install/Uninstall/SetActive and stub it out ++ - skills: add basic methods for type handling ++ - daemon, snappy: add find (aka search) ++ - client: filter snaps by type ++ - skills: tweak valid names and error messages ++ - skills: add special skill type for testing ++ - cmd/snapd,daemon: filter snaps by type ++ - partition: remove obsolete uEnv.txt ++ - skills: add Type interface ++ - integration-tests: fix the bootloader path ++ - asserts: introduce a memory backed assertion backstore ++ - integration-tests: get name of OS snap from bootloader ++ - cmd/snapd,daemon: filter snaps by source ++ - asserts,daemon: bump some copyright years for things that have ++ been touched in the new year ++ - skills: add the initial Repository type ++ - skills: add a name validation function ++ - client: filter snaps by source ++ - snappy: unmount the squashfs snap again if it fails to install ++ - snap: make a copy of the search uri before mutating it ++ Closes: LP#1537005 ++ - cmd/snap,client,daemon,asserts: introduce "assert " snap ++ subcommand ++ - cmd/snappy, snappy: fix failover handling of the "active" ++ kernel/os snap ++ - daemon, client, docs/rest.md, snapd integration tests: move to the ++ new error response ++ - asserts: change Backstore interface, backstores can now access ++ primary key names from types ++ - asserts: make AssertionType into a real struct exposing the ++ metadata Name and PrimaryKey ++ - caps: improve bool-file sanitization ++ - asserts: fixup toolbelt to use exposed key ID. ++ - client: return by reference rather than by value ++ - asserts: exported filesystem backstores + explicit backstores ++ ++ -- Michael Vogt Thu, 04 Feb 2016 16:35:31 +0100 ++ ++ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium ++ ++ * New git snapshot ++ ++ -- Michael Vogt Wed, 13 Jan 2016 11:25:40 +0100 ++ ++ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium ++ ++ * New upstream release: ++ - bin-path integration ++ - assertions/capability work ++ - fix squashfs based snap building ++ ++ -- Michael Vogt Fri, 04 Dec 2015 08:46:35 +0100 ++ ++ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium ++ ++ * New upstream release: ++ - fix dependencies ++ - fix armhf builds ++ ++ -- Michael Vogt Wed, 02 Dec 2015 07:46:07 +0100 ++ ++ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium ++ ++ * New upstream release: ++ - kernel/os snap support ++ - squashfs snap support ++ - initial capabilities work ++ - initial assertitions work ++ - rest API support ++ ++ -- Michael Vogt Wed, 18 Nov 2015 19:59:51 +0100 ++ ++ubuntu-snappy (1.6ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Fix hwaccess for gpio (LP: #1493389, LP: #1488618) ++ - Fix handleAssets name normalization ++ - Run boot-ok job late (LP: #1476129) ++ - Add support for systemd socket files ++ - Add "snappy service" command ++ - Documentation improvements ++ - Many test improvements (unit and integration) ++ - Override sideload versions ++ - Go1.5 fixes ++ - Add i18n ++ - Add man-page ++ - Add .snapignore ++ - Run services that uses external ports only after the network is up ++ - Bufix in Synbootloader (LP: 1474125) ++ - Use uboot.env for boot state tracking ++ ++ -- Michael Vogt Wed, 09 Sep 2015 14:20:22 +0200 ++ ++ubuntu-snappy (1.5ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Use O_TRUNC when copying files ++ - Added path redefinition to include test's binaries location ++ - Don't run update-grub, instead use grub.cfg from the oem ++ package ++ - Do network configuration from first boot ++ - zero size systemd of new partition made executable to ++ prevent unrecoverable boot failure ++ - Close downloaded files ++ ++ -- Ricardo Salveti de Araujo Mon, 06 Jul 2015 15:14:37 -0300 ++ ++ubuntu-snappy (1.4ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Allow to run the integration tests using snappy from branch ++ - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile ++ - add a bunch of missing i18n.G() now that we have gettext ++ - Generate only the translators comments that start with ++ TRANSLATORS ++ - Try both clickpkg and snappypkg when dropping privs ++ ++ -- Ricardo Salveti de Araujo Thu, 02 Jul 2015 16:21:53 -0300 ++ ++ubuntu-snappy (1.3ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - gettext support ++ - use snappypkg user for the installed snaps ++ - switch to system-image-3.x as the system-image backend ++ - more reliable developer mode detection ++ ++ -- Michael Vogt Wed, 01 Jul 2015 10:37:05 +0200 ++ ++ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Consider the root directory when installing and removing policies ++ - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir ++ before creating the partition type ++ - In the PartitionTestSuite, remove the unnecessary patches for ++ defaultCacheDir ++ - Fix the help output of "snappy install -h" ++ ++ -- Ricardo Salveti de Araujo Wed, 17 Jun 2015 11:42:47 -0300 ++ ++ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Remove compatibility for click-bin-path in generated exec-wrappers ++ - Release the readme.md after parsing it ++ ++ -- Ricardo Salveti de Araujo Thu, 11 Jun 2015 23:42:49 -0300 ++ ++ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium ++ ++ * New upstream release, including the following changes: ++ - Set all app services to restart on failure ++ - Fixes the missing oauth quoting and makes the code a bit nicer ++ - Added integrate() to set Integration to default values needed for ++ integration ++ - Moved setActivateClick to be a method of SnapPart ++ - Make unsetActiveClick a method of SnapPart ++ - Check the package.yaml for the required fields ++ - Integrate lp:snappy/selftest branch into snappy itself ++ - API to record information about the image and to check if the kernel was ++ sideloaded. ++ - Factor out update from cmd ++ - Continue updating when a sideload error is returned ++ ++ -- Ricardo Salveti de Araujo Wed, 10 Jun 2015 15:54:12 -0300 ++ ++ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low ++ ++ * New wily upload with fix for go 1.4 syscall.Setgid() breakage ++ ++ -- Michael Vogt Tue, 09 Jun 2015 10:02:04 +0200 ++ ++ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low ++ ++ * fix symlink unpacking ++ * fix typo in apparmor rules generation ++ ++ -- Michael Vogt Thu, 23 Apr 2015 16:09:56 +0200 ++ ++ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low ++ ++ * 15.04 archive upload ++ ++ -- Michael Vogt Thu, 23 Apr 2015 11:08:22 +0200 ++ ++ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium ++ ++ * initial ubuntu archive upload ++ ++ -- Michael Vogt Mon, 13 Apr 2015 22:48:13 -0500 ++ ++ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low ++ ++ * new snapshot ++ ++ -- Michael Vogt Thu, 12 Feb 2015 13:51:22 +0100 ++ ++ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium ++ ++ * Initial packaging ++ ++ -- Sergio Schvezov Fri, 06 Feb 2015 02:25:43 -0200 diff --cc debian/compat index 00000000,00000000..ec635144 new file mode 100644 --- /dev/null +++ b/debian/compat @@@ -1,0 -1,0 +1,1 @@@ ++9 diff --cc debian/control index 00000000,00000000..99fe26eb new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,127 @@@ ++Source: snapd ++Section: devel ++Priority: optional ++Maintainer: Michael Hudson-Doyle ++Uploaders: Steve Langasek , ++ Zygmunt Krynicki , ++ Luke Faraone ++Build-Depends: autoconf, ++ automake, ++ autotools-dev, ++ bash-completion, ++ ca-certificates, ++ dbus, ++ debhelper (>= 9.20160709), ++ dh-apparmor, ++ dh-autoreconf, ++ dh-golang (>=1.7), ++ fakeroot, ++ gcc-multilib [amd64], ++ gettext, ++ grub-common, ++ gnupg2, ++ golang-check.v1-dev, ++ golang-context-dev, ++ golang-dbus-dev, ++ golang-github-boltdb-bolt-dev, ++ golang-github-coreos-go-systemd-dev, ++ golang-github-juju-ratelimit-dev, ++ golang-github-gorilla-mux-dev, ++ golang-github-gosexy-gettext-dev, ++ golang-github-kr-pretty-dev, ++ golang-github-kr-text-dev, ++ golang-github-mvo5-goconfigparser-dev, ++ golang-github-seccomp-libseccomp-golang-dev, ++ golang-go, ++ golang-go-flags-dev, ++ golang-golang-x-crypto-dev, ++ golang-golang-x-net-dev, ++ golang-golang-x-xerrors-dev, ++ golang-gopkg-tomb.v2-dev (>= 0.0~git20161208.0.d5d1b58), ++ golang-yaml.v2-dev, ++ golang-gopkg-macaroon.v1-dev, ++ golang-gopkg-mgo.v2-dev, ++ golang-gopkg-retry.v1-dev, ++ golang-gopkg-tylerb-graceful.v1-dev, ++ golang-github-gosexy-gettext-dev, ++ golang-go (>=2:1.10), ++ indent, ++ libcap-dev, ++ libapparmor-dev, ++ libglib2.0-dev, ++ liblzo2-dev, ++ libseccomp-dev, ++ libudev-dev, ++ openssh-client, ++ pkg-config, ++ python3, ++ python3-docutils, ++ python3-markdown, ++ squashfs-tools, ++ tzdata, ++ udev, ++ xfslibs-dev ++Standards-Version: 3.9.8 ++Homepage: https://github.com/snapcore/snapd ++Vcs-Browser: https://salsa.debian.org/debian/snapd ++Vcs-Git: https://salsa.debian.org/debian/snapd.git ++XS-Go-Import-Path: github.com/snapcore/snapd ++ ++Package: golang-github-ubuntu-core-snappy-dev ++Architecture: all ++Depends: golang-github-snapcore-snapd-dev, ${misc:Depends} ++Section: oldlibs ++Description: transitional dummy package ++ This is a transitional dummy package. It can safely be removed. ++ ++Package: golang-github-snapcore-snapd-dev ++Architecture: all ++Breaks: golang-github-ubuntu-core-snappy-dev (<< 2.0.6), ++ golang-snappy-dev (<< 1.7.3+20160303ubuntu4) ++Replaces: golang-github-ubuntu-core-snappy-dev (<< 2.0.6), ++ golang-snappy-dev (<< 1.7.3+20160303ubuntu4) ++Depends: ${misc:Depends} ++Description: snappy development go packages. ++ Use these to use the snappy API. ++ ++Package: snapd ++Architecture: any ++Depends: adduser, ++ apparmor (>= 2.10.95-5), ++ ca-certificates, ++ gnupg1 | gnupg, ++ openssh-client, ++ squashfs-tools, ++ systemd, ++ udev, ++ ${misc:Depends}, ++ ${shlibs:Depends} ++Replaces: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<= 0.0.0) ++Breaks: ubuntu-snappy (<< 1.9), ubuntu-snappy-cli (<< 1.9), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22), snapd-xdg-open (<= 0.0.0), ${snapd:Breaks} ++Recommends: gnupg ++Suggests: zenity | kdialog ++Conflicts: snap (<< 2013-11-29-1ubuntu1) ++Built-Using: ${Built-Using} ${misc:Built-Using} ++Description: Daemon and tooling that enable snap packages ++ Install, configure, refresh and remove snap packages. Snaps are ++ 'universal' packages that work across many different Linux systems, ++ enabling secure distribution of the latest apps and utilities for ++ cloud, servers, desktops and the internet of things. ++ . ++ Start with 'snap list' to see installed snaps. ++ ++Package: snap-confine ++Architecture: any ++Section: oldlibs ++Depends: snapd (= ${binary:Version}), ${misc:Depends} ++Description: Transitional package for snapd ++ This is a transitional dummy package. It can safely be removed. ++ ++Package: ubuntu-core-launcher ++Architecture: any ++Depends: snapd (= ${binary:Version}), ${misc:Depends} ++Section: oldlibs ++Pre-Depends: dpkg (>= 1.15.7.2) ++Description: Transitional package for snapd ++ This is a transitional dummy package. It can safely be removed. ++ diff --cc debian/copyright index 00000000,00000000..1b8c6a7d new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,22 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: snappy ++Source: https://github.com/snapcore/snapd ++ ++Files: * ++Copyright: Copyright (C) 2014,2015 Canonical, Ltd. ++License: GPL-3 ++ This program is free software: you can redistribute it and/or modify it ++ under the terms of the GNU General Public License version 3, as ++ published by the Free Software Foundation. ++ . ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranties of ++ MERCHANTABILITY, SATISFACTORY QUALITY or FITNESS FOR A PARTICULAR ++ PURPOSE. See the applicable version of the GNU Lesser General Public ++ License for more details. ++ . ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++ . ++ On Debian systems, the complete text of the GNU General Public License ++ can be found in `/usr/share/common-licenses/GPL-3' diff --cc debian/gbp.conf index 00000000,00000000..2e861e7b new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,4 @@@ ++[DEFAULT] ++debian-branch = debian ++export-dir = ../build-area ++upstream-tag = %(version)s diff --cc debian/golang-github-snapcore-snapd-dev.install index 00000000,00000000..1dfbabc8 new file mode 100644 --- /dev/null +++ b/debian/golang-github-snapcore-snapd-dev.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/gocode/src/* diff --cc debian/not-installed index 00000000,00000000..0ee03974 new file mode 100644 --- /dev/null +++ b/debian/not-installed @@@ -1,0 -1,0 +1,6 @@@ ++usr/bin/snap-repair ++usr/bin/snap-failure ++usr/lib/snapd/system-shutdown ++usr/bin/snap-bootstrap ++usr/bin/snap-recovery-chooser ++usr/bin/snap-preseed diff --cc debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch index 00000000,00000000..f804931c new file mode 100644 --- /dev/null +++ b/debian/patches/0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch @@@ -1,0 -1,0 +1,78 @@@ ++From cb851cfe883af568e56e50b492579b49869928ab Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 15:48:46 +0200 ++Subject: [PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package ++ ++Upstream snapd uses a fork that carries additional compatibility patch ++required to build snapd for Ubuntu 14.04. This patch is not required with ++the latest snapshot of the upstream seccomp golang bindings but they are ++neither released upstream nor backported (in their entirety) to Ubuntu ++14.04. ++ ++The forked seccomp library is not packaged in Debian. As such, to build ++snapd, we need to switch to the regular, non-forked package name. ++ ++Signed-off-by: Zygmunt Krynicki ++Signed-off-by: Maciej Borzecki ++--- ++ cmd/snap-seccomp/main.go | 5 +---- ++ cmd/snap-seccomp/main_test.go | 2 +- ++ cmd/snap-seccomp/versioninfo.go | 2 +- ++ cmd/snap-seccomp/versioninfo_test.go | 2 +- ++ 4 files changed, 4 insertions(+), 7 deletions(-) ++ ++Index: snapd/cmd/snap-seccomp/main.go ++=================================================================== ++--- snapd.orig/cmd/snap-seccomp/main.go +++++ snapd/cmd/snap-seccomp/main.go ++@@ -180,10 +180,7 @@ import ( ++ "strings" ++ "syscall" ++ ++- // FIXME: we want github.com/seccomp/libseccomp-golang but that ++- // will not work with trusty because libseccomp-golang checks ++- // for the seccomp version and errors if it find one < 2.2.0 ++- "github.com/mvo5/libseccomp-golang" +++ "github.com/seccomp/libseccomp-golang" ++ ++ "github.com/snapcore/snapd/arch" ++ "github.com/snapcore/snapd/osutil" ++Index: snapd/cmd/snap-seccomp/main_test.go ++=================================================================== ++--- snapd.orig/cmd/snap-seccomp/main_test.go +++++ snapd/cmd/snap-seccomp/main_test.go ++@@ -32,7 +32,7 @@ import ( ++ ++ . "gopkg.in/check.v1" ++ ++- "github.com/mvo5/libseccomp-golang" +++ "github.com/seccomp/libseccomp-golang" ++ ++ "github.com/snapcore/snapd/arch" ++ main "github.com/snapcore/snapd/cmd/snap-seccomp" ++Index: snapd/cmd/snap-seccomp/versioninfo.go ++=================================================================== ++--- snapd.orig/cmd/snap-seccomp/versioninfo.go +++++ snapd/cmd/snap-seccomp/versioninfo.go ++@@ -25,7 +25,7 @@ import ( ++ "os" ++ "strings" ++ ++- "github.com/mvo5/libseccomp-golang" +++ "github.com/seccomp/libseccomp-golang" ++ ++ "github.com/snapcore/snapd/cmd/snap-seccomp/syscalls" ++ "github.com/snapcore/snapd/osutil" ++Index: snapd/cmd/snap-seccomp/versioninfo_test.go ++=================================================================== ++--- snapd.orig/cmd/snap-seccomp/versioninfo_test.go +++++ snapd/cmd/snap-seccomp/versioninfo_test.go ++@@ -25,7 +25,7 @@ import ( ++ ++ . "gopkg.in/check.v1" ++ ++- "github.com/mvo5/libseccomp-golang" +++ "github.com/seccomp/libseccomp-golang" ++ ++ main "github.com/snapcore/snapd/cmd/snap-seccomp" ++ "github.com/snapcore/snapd/osutil" diff --cc debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch index 00000000,00000000..975f779d new file mode 100644 --- /dev/null +++ b/debian/patches/0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch @@@ -1,0 -1,0 +1,46 @@@ ++From 24691d974797f1537897f43c8aab7d4eec69d36d Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 17:11:12 +0200 ++Subject: [PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19 ++ ++It seems that the Debian 4.19.0-1 kernel contains a regression in ++seccomp execution. While this issue is investigated in parallel along ++with the security team, the release of updated snapd package should not ++be held by this issue. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ cmd/snap-seccomp/main_test.go | 3 +++ ++ 1 file changed, 3 insertions(+) ++ ++diff --git a/cmd/snap-seccomp/main_test.go b/cmd/snap-seccomp/main_test.go ++index 5c64abf52..d4ca193b2 100644 ++--- a/cmd/snap-seccomp/main_test.go +++++ b/cmd/snap-seccomp/main_test.go ++@@ -217,6 +217,7 @@ func (s *snapSeccompSuite) SetUpSuite(c *C) { ++ // sync_file_range, and truncate64. ++ // Once we start using those. See `man syscall` ++ func (s *snapSeccompSuite) runBpf(c *C, seccompWhitelist, bpfInput string, expected int) { +++ c.Skip(`setpriority PRIO_PROCESS 0 >=0" "setpriority;native;99`) ++ // Common syscalls we need to allow for a minimal statically linked ++ // c program. ++ // ++@@ -583,6 +584,7 @@ func (s *snapSeccompSuite) TestCompileBadInput(c *C) { ++ ++ // ported from test_restrictions_working_args_socket ++ func (s *snapSeccompSuite) TestRestrictionsWorkingArgsSocket(c *C) { +++ c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "socket AF_UNIX SOCK_STREAM" "socket;native;AF_UNIX,9999" (ran but should have failed)`) ++ if release.ReleaseInfo.ID == "ubuntu" && release.ReleaseInfo.VersionID == "14.04" { ++ c.Skip("14.04/i386 uses socketcall which cannot be tested here") ++ } ++@@ -643,6 +645,7 @@ func (s *snapSeccompSuite) TestRestrictionsWorkingArgsPrctl(c *C) { ++ } ++ ++ if arg == "PR_CAP_AMBIENT" { +++ c.Skip(`This test fails on Debian kernel 4.19: unexpected success for "prctl PR_CAP_AMBIENT PR_CAP_AMBIENT_RAISE" "prctl;native;PR_CAP_AMBIENT,99999" (ran but should have failed)`) ++ for _, j := range []string{"PR_CAP_AMBIENT_RAISE", "PR_CAP_AMBIENT_LOWER", "PR_CAP_AMBIENT_IS_SET", "PR_CAP_AMBIENT_CLEAR_ALL"} { ++ seccompWhitelist := fmt.Sprintf("prctl %s %s", arg, j) ++ bpfInputGood := fmt.Sprintf("prctl;native;%s,%s", arg, j) ++-- ++2.17.1 ++ diff --cc debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch index 00000000,00000000..f6e032a0 new file mode 100644 --- /dev/null +++ b/debian/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch @@@ -1,0 -1,0 +1,45 @@@ ++From 3b9980d774be5ae8458ed006f712e584ae0ce97d Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 17:21:22 +0200 ++Subject: [PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32 ++ ++Apparently Debian's amd64 compiler somehow cannot compile -m32 mode ++binaries. The compilation error is: ++ ++ multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test ++ cannot build multi-lib syscall runner: exit status 1 ++ In file included from /usr/include/errno.h:25, ++ from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3: ++ /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory ++ # include ++ ^~~~~~~~~~~~~ ++ compilation terminated. ++ OK: 2 passed, 11 skipped ++ ++I was unable to resolve this issue, let's disable this test until we can get to ++the bottom of it. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ cmd/snap-seccomp/main_test.go | 8 ++++++++ ++ 1 file changed, 8 insertions(+) ++ ++Index: snapd/cmd/snap-seccomp/main_test.go ++=================================================================== ++--- snapd.orig/cmd/snap-seccomp/main_test.go +++++ snapd/cmd/snap-seccomp/main_test.go ++@@ -192,6 +192,14 @@ func (s *snapSeccompSuite) SetUpSuite(c ++ // Ideally we would build for ppc64el->powerpc and arm64->armhf but ++ // it seems tricky to find the right gcc-multilib for this. ++ if arch.DpkgArchitecture() == "amd64" && s.canCheckCompatArch { +++ // This test fails on Debian amd64 +++ // cannot build multi-lib syscall runner: exit status 1 +++ // In file included from /usr/include/errno.h:25, +++ // from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3: +++ // /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory +++ // # include +++ // ^~~~~~~~~~~~~ +++ c.Skip(`This test fails to build on Debian amd64`) ++ cmd = exec.Command(cmd.Args[0], cmd.Args[1:]...) ++ cmd.Args = append(cmd.Args, "-m32") ++ for i, k := range cmd.Args { diff --cc debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch index 00000000,00000000..659f9fe7 new file mode 100644 --- /dev/null +++ b/debian/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch @@@ -1,0 -1,0 +1,132 @@@ ++From cc4da7a206ef99064056f29d4882c73684b4af25 Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 17:38:41 +0200 ++Subject: [PATCH 4/9] cmd/snap: skip tests depending on text wrapping ++ ++Upstream snapd contains tests that check the output of various commands ++along with the --help command-line argument. The output is wrapped to ++match terminal width and for readability. The algorithm for wrapping ++has apparently changed across versions of github.com/jessevdk/go-flags. ++ ++Since this test is not critical for anything it can be disabled to let ++the package build. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ cmd/snap/cmd_alias_test.go | 1 + ++ cmd/snap/cmd_connect_test.go | 1 + ++ cmd/snap/cmd_disconnect_test.go | 1 + ++ cmd/snap/cmd_info_test.go | 2 ++ ++ cmd/snap/cmd_interface_test.go | 1 + ++ cmd/snap/cmd_list_test.go | 1 + ++ cmd/snap/cmd_prefer_test.go | 1 + ++ cmd/snap/cmd_unalias_test.go | 1 + ++ 8 files changed, 9 insertions(+) ++ ++diff --git a/cmd/snap/cmd_alias_test.go b/cmd/snap/cmd_alias_test.go ++index bede9d62b..71a7861ad 100644 ++--- a/cmd/snap/cmd_alias_test.go +++++ b/cmd/snap/cmd_alias_test.go ++@@ -29,6 +29,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestAliasHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test alias [alias-OPTIONS] [] [] ++ ++diff --git a/cmd/snap/cmd_connect_test.go b/cmd/snap/cmd_connect_test.go ++index c7a85dcef..9571d735b 100644 ++--- a/cmd/snap/cmd_connect_test.go +++++ b/cmd/snap/cmd_connect_test.go ++@@ -32,6 +32,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestConnectHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test connect [connect-OPTIONS] [:] [:] ++ ++diff --git a/cmd/snap/cmd_disconnect_test.go b/cmd/snap/cmd_disconnect_test.go ++index 6e88ed22a..1e4c9fd00 100644 ++--- a/cmd/snap/cmd_disconnect_test.go +++++ b/cmd/snap/cmd_disconnect_test.go ++@@ -31,6 +31,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestDisconnectHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test disconnect [disconnect-OPTIONS] [:] [:] ++ ++diff --git a/cmd/snap/cmd_info_test.go b/cmd/snap/cmd_info_test.go ++index 185fd7df9..c0066300c 100644 ++--- a/cmd/snap/cmd_info_test.go +++++ b/cmd/snap/cmd_info_test.go ++@@ -352,6 +352,7 @@ installed: 2.10 (1) 1kB disabled ++ } ++ ++ func (s *infoSuite) TestInfoWithLocalNoLicense(c *check.C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ n := 0 ++ s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) { ++ switch n { ++@@ -388,6 +389,7 @@ installed: 2.10 (100) 1kB disabled ++ } ++ ++ func (s *infoSuite) TestInfoWithChannelsAndLocal(c *check.C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ n := 0 ++ s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) { ++ switch n { ++diff --git a/cmd/snap/cmd_interface_test.go b/cmd/snap/cmd_interface_test.go ++index b5e98d555..cd0a95f65 100644 ++--- a/cmd/snap/cmd_interface_test.go +++++ b/cmd/snap/cmd_interface_test.go ++@@ -32,6 +32,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestInterfaceHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test interface [interface-OPTIONS] [] ++ ++diff --git a/cmd/snap/cmd_list_test.go b/cmd/snap/cmd_list_test.go ++index 98312c8ae..e198ebdc9 100644 ++--- a/cmd/snap/cmd_list_test.go +++++ b/cmd/snap/cmd_list_test.go ++@@ -29,6 +29,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestListHelp(c *check.C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test list [list-OPTIONS] [...] ++ ++diff --git a/cmd/snap/cmd_prefer_test.go b/cmd/snap/cmd_prefer_test.go ++index b47cb5c43..fb9e009e7 100644 ++--- a/cmd/snap/cmd_prefer_test.go +++++ b/cmd/snap/cmd_prefer_test.go ++@@ -29,6 +29,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestPreferHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test prefer [prefer-OPTIONS] [] ++ ++diff --git a/cmd/snap/cmd_unalias_test.go b/cmd/snap/cmd_unalias_test.go ++index e6ec99761..e1903740f 100644 ++--- a/cmd/snap/cmd_unalias_test.go +++++ b/cmd/snap/cmd_unalias_test.go ++@@ -29,6 +29,7 @@ import ( ++ ) ++ ++ func (s *SnapSuite) TestUnaliasHelp(c *C) { +++ c.Skip("the rendering of this text depends on the version of go-flags") ++ msg := `Usage: ++ snap.test unalias [unalias-OPTIONS] [] ++ ++-- ++2.17.1 ++ diff --cc debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch index 00000000,00000000..21deddcd new file mode 100644 --- /dev/null +++ b/debian/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch @@@ -1,0 -1,0 +1,49 @@@ ++From ccb008b459fb1fce6614e33c44ee7faed9a366a2 Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 15:46:00 +0200 ++Subject: [PATCH 5/9] advisor,errtracker: use upstream bolt package ++ ++Upstream snapd uses a fork of the bolt package that carries additional ++patches for bugs that were discovered by snapd developers. Bolt itself ++appears to be an abandoned project and is not accepting any new patches. ++ ++In various distributions the upstream bolt package may or may not have ++been patched but the forked version was definitely not packaged. As ++such, to build snapd in Debian the upstream bolt package name must be ++used. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ advisor/backend.go | 2 +- ++ errtracker/errtracker.go | 2 +- ++ 2 files changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/advisor/backend.go b/advisor/backend.go ++index d74aa14fe..42a4ba051 100644 ++--- a/advisor/backend.go +++++ b/advisor/backend.go ++@@ -25,7 +25,7 @@ import ( ++ "path/filepath" ++ "time" ++ ++- "github.com/snapcore/bolt" +++ "github.com/boltdb/bolt" ++ ++ "github.com/snapcore/snapd/dirs" ++ "github.com/snapcore/snapd/osutil" ++diff --git a/errtracker/errtracker.go b/errtracker/errtracker.go ++index d7507a9a3..1910b7d7c 100644 ++--- a/errtracker/errtracker.go +++++ b/errtracker/errtracker.go ++@@ -33,7 +33,7 @@ import ( ++ "strings" ++ "time" ++ ++- "github.com/snapcore/bolt" +++ "github.com/boltdb/bolt" ++ "gopkg.in/mgo.v2/bson" ++ ++ "github.com/snapcore/snapd/arch" ++-- ++2.17.1 ++ diff --cc debian/patches/0006-systemd-disable-snapfuse-system.patch index 00000000,00000000..2f64ff27 new file mode 100644 --- /dev/null +++ b/debian/patches/0006-systemd-disable-snapfuse-system.patch @@@ -1,0 -1,0 +1,30 @@@ ++From d6e78fe580f612754503e0b4ffd075443cafa6fc Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 15:51:14 +0200 ++Subject: [PATCH 6/9] systemd: disable snapfuse system ++ ++Upstream snapd uses an elaborate hack to bundle squashfuse under the ++name snapfuse, and built as a fake go package. This component is not ++available in Debian where bundling elements is not allowed. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ systemd/systemd.go | 2 -- ++ 1 file changed, 2 deletions(-) ++ ++diff --git a/systemd/systemd.go b/systemd/systemd.go ++index f1863732a..d4e09a9a0 100644 ++--- a/systemd/systemd.go +++++ b/systemd/systemd.go ++@@ -33,8 +33,6 @@ import ( ++ "sync/atomic" ++ "time" ++ ++- _ "github.com/snapcore/squashfuse" ++- ++ "github.com/snapcore/snapd/dirs" ++ "github.com/snapcore/snapd/osutil" ++ "github.com/snapcore/snapd/osutil/squashfs" ++-- ++2.17.1 ++ diff --cc debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch index 00000000,00000000..3fa88c6c new file mode 100644 --- /dev/null +++ b/debian/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch @@@ -1,0 -1,0 +1,285 @@@ ++From b8cbff70f32d88d14b1ff4fed35d83bd99f37a3a Mon Sep 17 00:00:00 2001 ++From: Zygmunt Krynicki ++Date: Thu, 17 Jan 2019 16:42:35 +0200 ++Subject: [PATCH 7/9] i18n: use dummy localizations to avoid dependencies ++ ++Upstream snapd uses the github.com/ojii/gettext.go package for access to ++translation catalogs. This package is currently not available in Debian ++and prevents building the package. As such, replace the real ++implementation with a simple dummy one that always uses the English ++input strings. ++ ++Signed-off-by: Zygmunt Krynicki ++--- ++ i18n/i18n.go | 97 +++-------------------------------- ++ i18n/i18n_test.go | 125 ++-------------------------------------------- ++ 2 files changed, 11 insertions(+), 211 deletions(-) ++ ++diff --git a/i18n/i18n.go b/i18n/i18n.go ++index fb50901a8..79f28545b 100644 ++--- a/i18n/i18n.go +++++ b/i18n/i18n.go ++@@ -19,101 +19,16 @@ ++ ++ package i18n ++ ++-//go:generate update-pot ++- ++-import ( ++- "fmt" ++- "os" ++- "path/filepath" ++- "strings" ++- ++- "github.com/snapcore/go-gettext" ++- ++- "github.com/snapcore/snapd/dirs" ++- "github.com/snapcore/snapd/osutil" ++-) ++- ++-// TEXTDOMAIN is the message domain used by snappy; see dgettext(3) ++-// for more information. ++-var ( ++- TEXTDOMAIN = "snappy" ++- locale gettext.Catalog ++- translations gettext.Translations ++-) ++- ++-func init() { ++- bindTextDomain(TEXTDOMAIN, "/usr/share/locale") ++- setLocale("") ++-} ++- ++-func langpackResolver(baseRoot string, locale string, domain string) string { ++- // first check for the real locale (e.g. de_DE) ++- // then try to simplify the locale (e.g. de_DE -> de) ++- locales := []string{locale, strings.SplitN(locale, "_", 2)[0]} ++- for _, locale := range locales { ++- r := filepath.Join(locale, "LC_MESSAGES", fmt.Sprintf("%s.mo", domain)) ++- ++- // look into the core snaps first for translations, ++- // then the main system ++- candidateDirs := []string{ ++- filepath.Join(dirs.SnapMountDir, "/core/current/", baseRoot), ++- baseRoot, ++- } ++- for _, root := range candidateDirs { ++- // ubuntu uses /usr/lib/locale-langpack and patches the glibc gettext ++- // implementation ++- langpack := filepath.Join(root, "..", "locale-langpack", r) ++- if osutil.FileExists(langpack) { ++- return langpack ++- } ++- ++- regular := filepath.Join(root, r) ++- if osutil.FileExists(regular) { ++- return regular ++- } ++- } ++- } ++- ++- return "" ++-} ++- ++-func bindTextDomain(domain, dir string) { ++- translations = gettext.NewTranslations(dir, domain, langpackResolver) ++-} ++- ++-func setLocale(loc string) { ++- if loc == "" { ++- loc = os.Getenv("LC_MESSAGES") ++- if loc == "" { ++- loc = os.Getenv("LANG") ++- } ++- } ++- // de_DE.UTF-8, de_DE@euro all need to get simplified ++- loc = strings.Split(loc, "@")[0] ++- loc = strings.Split(loc, ".")[0] ++- ++- locale = translations.Locale(loc) ++-} ++- ++ // G is the shorthand for Gettext ++ func G(msgid string) string { ++- return locale.Gettext(msgid) ++-} ++- ++-// https://www.gnu.org/software/gettext/manual/html_node/Plural-forms.html ++-// (search for 1000) ++-func ngn(d int) uint32 { ++- const max = 1000000 ++- if d < 0 { ++- d = -d ++- } ++- if d > max { ++- return uint32((d % max) + max) ++- } ++- return uint32(d) +++ return msgid ++ } ++ ++ // NG is the shorthand for NGettext ++ func NG(msgid string, msgidPlural string, n int) string { ++- return locale.NGettext(msgid, msgidPlural, ngn(n)) +++ if n == 1 { +++ return msgid +++ } else { +++ return msgidPlural +++ } ++ } ++diff --git a/i18n/i18n_test.go b/i18n/i18n_test.go ++index 81cb050a7..86b59f3b4 100644 ++--- a/i18n/i18n_test.go +++++ b/i18n/i18n_test.go ++@@ -20,143 +20,28 @@ ++ package i18n ++ ++ import ( ++- "io/ioutil" ++- "os" ++- "os/exec" ++- "path/filepath" ++ "testing" ++ ++ . "gopkg.in/check.v1" ++- ++- "github.com/snapcore/snapd/dirs" ++ ) ++ ++ // Hook up check.v1 into the "go test" runner ++ func Test(t *testing.T) { TestingT(t) } ++ ++-var mockLocalePo = []byte(` ++-msgid "" ++-msgstr "" ++-"Project-Id-Version: snappy-test\n" ++-"Report-Msgid-Bugs-To: snappy-devel@lists.ubuntu.com\n" ++-"POT-Creation-Date: 2015-06-16 09:08+0200\n" ++-"Language: en_DK\n" ++-"MIME-Version: 1.0\n" ++-"Content-Type: text/plain; charset=UTF-8\n" ++-"Content-Transfer-Encoding: 8bit\n" ++-"Plural-Forms: nplurals=2; plural=n != 1;>\n" ++- ++-msgid "plural_1" ++-msgid_plural "plural_2" ++-msgstr[0] "translated plural_1" ++-msgstr[1] "translated plural_2" ++- ++-msgid "singular" ++-msgstr "translated singular" ++-`) ++- ++-func makeMockTranslations(c *C, localeDir string) { ++- fullLocaleDir := filepath.Join(localeDir, "en_DK", "LC_MESSAGES") ++- err := os.MkdirAll(fullLocaleDir, 0755) ++- c.Assert(err, IsNil) ++- ++- po := filepath.Join(fullLocaleDir, "snappy-test.po") ++- mo := filepath.Join(fullLocaleDir, "snappy-test.mo") ++- err = ioutil.WriteFile(po, mockLocalePo, 0644) ++- c.Assert(err, IsNil) ++- ++- cmd := exec.Command("msgfmt", po, "--output-file", mo) ++- cmd.Stdout = os.Stdout ++- cmd.Stderr = os.Stderr ++- err = cmd.Run() ++- c.Assert(err, IsNil) ++-} ++- ++-type i18nTestSuite struct { ++- origLang string ++- origLcMessages string ++-} +++type i18nTestSuite struct{} ++ ++ var _ = Suite(&i18nTestSuite{}) ++ ++-func (s *i18nTestSuite) SetUpTest(c *C) { ++- // this dir contains a special hand-crafted en_DK/snappy-test.mo ++- // file ++- localeDir := c.MkDir() ++- makeMockTranslations(c, localeDir) ++- ++- // we use a custom test mo file ++- TEXTDOMAIN = "snappy-test" ++- ++- s.origLang = os.Getenv("LANG") ++- s.origLcMessages = os.Getenv("LC_MESSAGES") ++- ++- bindTextDomain("snappy-test", localeDir) ++- os.Setenv("LANG", "en_DK.UTF-8") ++- setLocale("") ++-} ++- ++-func (s *i18nTestSuite) TearDownTest(c *C) { ++- os.Setenv("LANG", s.origLang) ++- os.Setenv("LC_MESSAGES", s.origLcMessages) ++-} ++- ++ func (s *i18nTestSuite) TestTranslatedSingular(c *C) { ++ // no G() to avoid adding the test string to snappy-pot ++ var Gtest = G ++- c.Assert(Gtest("singular"), Equals, "translated singular") +++ c.Assert(Gtest("singular"), Equals, "singular") ++ } ++ ++ func (s *i18nTestSuite) TestTranslatesPlural(c *C) { ++ // no NG() to avoid adding the test string to snappy-pot ++ var NGtest = NG ++- c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "translated plural_1") ++-} ++- ++-func (s *i18nTestSuite) TestTranslatedMissingLangNoCrash(c *C) { ++- setLocale("invalid") ++- ++- // no G() to avoid adding the test string to snappy-pot ++- var Gtest = G ++- c.Assert(Gtest("singular"), Equals, "singular") ++-} ++- ++-func (s *i18nTestSuite) TestInvalidTextDomainDir(c *C) { ++- bindTextDomain("snappy-test", "/random/not/existing/dir") ++- setLocale("invalid") ++- ++- // no G() to avoid adding the test string to snappy-pot ++- var Gtest = G ++- c.Assert(Gtest("singular"), Equals, "singular") ++-} ++- ++-func (s *i18nTestSuite) TestLangpackResolverFromLangpack(c *C) { ++- root := c.MkDir() ++- localeDir := filepath.Join(root, "/usr/share/locale") ++- err := os.MkdirAll(localeDir, 0755) ++- c.Assert(err, IsNil) ++- ++- d := filepath.Join(root, "/usr/share/locale-langpack") ++- makeMockTranslations(c, d) ++- bindTextDomain("snappy-test", localeDir) ++- setLocale("") ++- ++- // no G() to avoid adding the test string to snappy-pot ++- var Gtest = G ++- c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d)) ++-} ++- ++-func (s *i18nTestSuite) TestLangpackResolverFromCore(c *C) { ++- origSnapMountDir := dirs.SnapMountDir ++- defer func() { dirs.SnapMountDir = origSnapMountDir }() ++- dirs.SnapMountDir = c.MkDir() ++- ++- d := filepath.Join(dirs.SnapMountDir, "/core/current/usr/share/locale") ++- makeMockTranslations(c, d) ++- bindTextDomain("snappy-test", "/usr/share/locale") ++- setLocale("") ++- ++- // no G() to avoid adding the test string to snappy-pot ++- var Gtest = G ++- c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d)) +++ c.Assert(NGtest("plural_1", "plural_2", 0), Equals, "plural_2") +++ c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "plural_1") +++ c.Assert(NGtest("plural_1", "plural_2", 2), Equals, "plural_2") ++ } ++-- ++2.17.1 ++ diff --cc debian/patches/0010-man-page-sections.patch index 00000000,00000000..dc865598 new file mode 100644 --- /dev/null +++ b/debian/patches/0010-man-page-sections.patch @@@ -1,0 -1,0 +1,22 @@@ ++--- a/cmd/snap-discard-ns/snap-discard-ns.rst +++++ b/cmd/snap-discard-ns/snap-discard-ns.rst ++@@ -10,7 +10,7 @@ ++ :Date: 2018-10-17 ++ :Copyright: Canonical Ltd. ++ :Version: 2.36 ++-:Manual section: 5 +++:Manual section: 8 ++ :Manual group: snappy ++ ++ SYNOPSIS ++--- a/cmd/snapd-env-generator/snapd-env-generator.rst +++++ b/cmd/snapd-env-generator/snapd-env-generator.rst ++@@ -10,7 +10,7 @@ ++ :Date: 2018-08-31 ++ :Copyright: Canonical Ltd. ++ :Version: 2.35 ++-:Manual section: 7 +++:Manual section: 8 ++ :Manual group: snappy ++ ++ SYNOPSIS diff --cc debian/patches/0013-cherry-pick-pr9936.patch index 00000000,00000000..93db716e new file mode 100644 --- /dev/null +++ b/debian/patches/0013-cherry-pick-pr9936.patch @@@ -1,0 -1,0 +1,207 @@@ ++commit 5c7c00e13285487a472e615d0e483e64b2cfad78 ++Author: Zygmunt Krynicki ++Date: Mon Feb 15 17:14:41 2021 +0000 ++ ++ Remove apparmor downgrade feature ++ ++ Apparmor downgrade was automatically enabled when the running kernel ++ supported some, but not all of the features. Since the complete set was ++ never upstreamed, this effectively meant that users had less features ++ than they otherwise would have. ++ ++ Since apparmor is still reported as "partial", nothing changes from the ++ point of view of not sending any misleading messages. For certain ++ classes of snap packages, this improves the effective confinement on ++ systems such as Debian or openSUSE Leap. ++ ++ Perfect confinement is still way off, this doesn't change that. ++ ++ Signed-off-by: Zygmunt Krynicki ++ ++diff --git a/interfaces/apparmor/backend.go b/interfaces/apparmor/backend.go ++index 1819525c2b..73b9c3ade8 100644 ++--- a/interfaces/apparmor/backend.go +++++ b/interfaces/apparmor/backend.go ++@@ -55,7 +55,6 @@ import ( ++ "github.com/snapcore/snapd/release" ++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor" ++ "github.com/snapcore/snapd/snap" ++- "github.com/snapcore/snapd/strutil" ++ "github.com/snapcore/snapd/timings" ++ ) ++ ++@@ -611,23 +610,6 @@ func addUpdateNSProfile(snapInfo *snap.Info, opts interfaces.ConfinementOptions, ++ } ++ } ++ ++-func downgradeConfinement() bool { ++- kver := osutil.KernelVersion() ++- switch { ++- case release.DistroLike("opensuse-tumbleweed"): ++- if cmp, _ := strutil.VersionCompare(kver, "4.16"); cmp >= 0 { ++- // As a special exception, for openSUSE Tumbleweed which ships Linux ++- // 4.16, do not downgrade the confinement template. ++- return false ++- } ++- case release.DistroLike("arch", "archlinux"): ++- // The default kernel has AppArmor enabled since 4.18.8, the ++- // hardened one since 4.17.4 ++- return false ++- } ++- return true ++-} ++- ++ func addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts interfaces.ConfinementOptions, snippetForTag string, content map[string]osutil.FileState, spec *Specification) { ++ // If base is specified and it doesn't match the core snaps (not ++ // specifying a base should use the default core policy since in this ++@@ -647,22 +629,6 @@ func addContent(securityTag string, snapInfo *snap.Info, cmdName string, opts in ++ policy = classicTemplate ++ ignoreSnippets = true ++ } ++- // When partial AppArmor is detected, use the classic template for now. We could ++- // use devmode, but that could generate confusing log entries for users running ++- // snaps on systems with partial AppArmor support. ++- if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.Partial { ++- // By default, downgrade confinement to the classic template when ++- // partial AppArmor support is detected. We don't want to use strict ++- // in general yet because older versions of the kernel did not ++- // provide backwards compatible interpretation of confinement ++- // so the meaning of the template would change across kernel ++- // versions and we have not validated that the current template ++- // is operational on older kernels. ++- if downgradeConfinement() { ++- policy = classicTemplate ++- ignoreSnippets = true ++- } ++- } ++ // If a snap is in devmode (or is using classic confinement) then make the ++ // profile non-enforcing where violations are logged but not denied. ++ // This is also done for classic so that no confinement applies. Just in ++@@ -774,10 +740,6 @@ func (b *Backend) SandboxFeatures() []string { ++ policy := "default" ++ if apparmor_sandbox.ProbedLevel() == apparmor_sandbox.Partial { ++ level = "partial" ++- ++- if downgradeConfinement() { ++- policy = "downgraded" ++- } ++ } ++ tags = append(tags, fmt.Sprintf("support-level:%s", level)) ++ tags = append(tags, fmt.Sprintf("policy:%s", policy)) ++diff --git a/interfaces/apparmor/backend_test.go b/interfaces/apparmor/backend_test.go ++index 1188dff105..8414a4f228 100644 ++--- a/interfaces/apparmor/backend_test.go +++++ b/interfaces/apparmor/backend_test.go ++@@ -1106,59 +1106,6 @@ func mockPartalAppArmorOnDistro(c *C, kernelVersion string, releaseID string, re ++ } ++ } ++ ++-// On openSUSE Tumbleweed partial apparmor support doesn't change apparmor template to classic. ++-// Strict confinement template, along with snippets, are used. ++-func (s *backendSuite) TestCombineSnippetsOpenSUSETumbleweed(c *C) { ++- restore := mockPartalAppArmorOnDistro(c, "4.16-10-1-default", "opensuse-tumbleweed") ++- defer restore() ++- s.Iface.AppArmorPermanentSlotCallback = func(spec *apparmor.Specification, slot *snap.SlotInfo) error { ++- spec.AddSnippet("snippet") ++- return nil ++- } ++- s.InstallSnap(c, interfaces.ConfinementOptions{}, "", ifacetest.SambaYamlV1, 1) ++- profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd") ++- c.Check(profile, testutil.FileEquals, commonPrefix+"\nprofile \"snap.samba.smbd\" (attach_disconnected) {\nsnippet\n}\n") ++-} ++- ++-// On openSUSE Tumbleweed running older kernel partial apparmor support changes ++-// apparmor template to classic. ++-func (s *backendSuite) TestCombineSnippetsOpenSUSETumbleweedOldKernel(c *C) { ++- restore := mockPartalAppArmorOnDistro(c, "4.14", "opensuse-tumbleweed") ++- defer restore() ++- s.Iface.AppArmorPermanentSlotCallback = func(spec *apparmor.Specification, slot *snap.SlotInfo) error { ++- spec.AddSnippet("snippet") ++- return nil ++- } ++- s.InstallSnap(c, interfaces.ConfinementOptions{}, "", ifacetest.SambaYamlV1, 1) ++- profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd") ++- c.Check(profile, testutil.FileEquals, "\n#classic"+commonPrefix+"\nprofile \"snap.samba.smbd\" (attach_disconnected) {\n\n}\n") ++-} ++- ++-func (s *backendSuite) TestCombineSnippetsArchOldIDSufficientHardened(c *C) { ++- restore := mockPartalAppArmorOnDistro(c, "4.18.2.a-1-hardened", "arch", "archlinux") ++- defer restore() ++- s.Iface.AppArmorPermanentSlotCallback = func(spec *apparmor.Specification, slot *snap.SlotInfo) error { ++- spec.AddSnippet("snippet") ++- return nil ++- } ++- s.InstallSnap(c, interfaces.ConfinementOptions{}, "", ifacetest.SambaYamlV1, 1) ++- profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd") ++- c.Check(profile, testutil.FileEquals, commonPrefix+"\nprofile \"snap.samba.smbd\" (attach_disconnected) {\nsnippet\n}\n") ++-} ++- ++-func (s *backendSuite) TestCombineSnippetsArchSufficientHardened(c *C) { ++- restore := mockPartalAppArmorOnDistro(c, "4.18.2.a-1-hardened", "archlinux") ++- defer restore() ++- s.Iface.AppArmorPermanentSlotCallback = func(spec *apparmor.Specification, slot *snap.SlotInfo) error { ++- spec.AddSnippet("snippet") ++- return nil ++- } ++- ++- s.InstallSnap(c, interfaces.ConfinementOptions{}, "", ifacetest.SambaYamlV1, 1) ++- profile := filepath.Join(dirs.SnapAppArmorDir, "snap.samba.smbd") ++- c.Check(profile, testutil.FileEquals, commonPrefix+"\nprofile \"snap.samba.smbd\" (attach_disconnected) {\nsnippet\n}\n") ++-} ++- ++ const coreYaml = `name: core ++ version: 1 ++ type: os ++@@ -1994,7 +1941,7 @@ func (s *backendSuite) TestSandboxFeaturesPartial(c *C) { ++ restore = osutil.MockKernelVersion("4.14.1-default") ++ defer restore() ++ ++- c.Assert(s.Backend.SandboxFeatures(), DeepEquals, []string{"kernel:foo", "kernel:bar", "parser:baz", "parser:norf", "support-level:partial", "policy:downgraded"}) +++ c.Assert(s.Backend.SandboxFeatures(), DeepEquals, []string{"kernel:foo", "kernel:bar", "parser:baz", "parser:norf", "support-level:partial", "policy:default"}) ++ } ++ ++ func (s *backendSuite) TestParallelInstanceSetupSnapUpdateNS(c *C) { ++@@ -2019,31 +1966,6 @@ apps: ++ `) ++ } ++ ++-func (s *backendSuite) TestDowngradeConfinement(c *C) { ++- ++- restore := apparmor_sandbox.MockLevel(apparmor_sandbox.Partial) ++- defer restore() ++- ++- for _, tc := range []struct { ++- distro string ++- kernel string ++- expected bool ++- }{ ++- {"opensuse-tumbleweed", "4.16.10-1-default", false}, ++- {"opensuse-tumbleweed", "4.14.1-default", true}, ++- {"arch", "4.18.2.a-1-hardened", false}, ++- {"arch", "4.18.8-arch1-1-ARCH", false}, ++- {"archlinux", "4.18.2.a-1-hardened", false}, ++- } { ++- c.Logf("trying: %+v", tc) ++- restore := release.MockReleaseInfo(&release.OS{ID: tc.distro}) ++- defer restore() ++- restore = osutil.MockKernelVersion(tc.kernel) ++- defer restore() ++- c.Check(apparmor.DowngradeConfinement(), Equals, tc.expected, Commentf("unexpected result for %+v", tc)) ++- } ++-} ++- ++ func (s *backendSuite) TestPtraceTraceRule(c *C) { ++ restoreTemplate := apparmor.MockTemplate("template\n###SNIPPETS###\n") ++ defer restoreTemplate() ++diff --git a/interfaces/apparmor/export_test.go b/interfaces/apparmor/export_test.go ++index b6bf4a102e..cb77ae17de 100644 ++--- a/interfaces/apparmor/export_test.go +++++ b/interfaces/apparmor/export_test.go ++@@ -30,7 +30,6 @@ var ( ++ NsProfile = nsProfile ++ ProfileGlobs = profileGlobs ++ SnapConfineFromSnapProfile = snapConfineFromSnapProfile ++- DowngradeConfinement = downgradeConfinement ++ LoadProfiles = loadProfiles ++ UnloadProfiles = unloadProfiles ++ MaybeSetNumberOfJobs = maybeSetNumberOfJobs diff --cc debian/patches/0015-cve-2021-44730-44731-4120.patch index 00000000,00000000..012f80eb new file mode 100644 --- /dev/null +++ b/debian/patches/0015-cve-2021-44730-44731-4120.patch @@@ -1,0 -1,0 +1,3187 @@@ ++Index: snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c ++=================================================================== ++--- snapd-2.49.orig/cmd/libsnap-confine-private/apparmor-support.c +++++ snapd-2.49/cmd/libsnap-confine-private/apparmor-support.c ++@@ -20,6 +20,8 @@ ++ #endif ++ ++ #include "apparmor-support.h" +++#include "string-utils.h" +++#include "utils.h" ++ ++ #include ++ #include ++@@ -53,18 +55,24 @@ void sc_init_apparmor_support(struct sc_ ++ debug ++ ("apparmor is available on the system but has been disabled at boot"); ++ break; ++- case ENOENT: ++- debug ++- ("apparmor is available but the interface but the interface is not available"); ++- break; ++ case EPERM: ++ // NOTE: fall-through ++ case EACCES: ++ debug ++ ("insufficient permissions to determine if apparmor is enabled"); ++- break; +++ // since snap-confine is setuid root this should +++ // never happen so likely someone is trying to +++ // manipulate our execution environment - fail hard +++ +++ // fall-through +++ case ENOENT: +++ case ENOMEM: ++ default: ++- debug("apparmor is not enabled: %s", strerror(errno)); +++ // this shouldn't happen under normal usage so it +++ // is possible someone is trying to manipulate our +++ // execution environment - fail hard +++ die("aa_is_enabled() failed unexpectedly (%s)", +++ strerror(errno)); ++ break; ++ } ++ apparmor->is_confined = false; ++@@ -81,13 +89,13 @@ void sc_init_apparmor_support(struct sc_ ++ } ++ debug("apparmor label on snap-confine is: %s", label); ++ debug("apparmor mode is: %s", mode); ++- // The label has a special value "unconfined" that is applied to all ++- // processes without a dedicated profile. If that label is used then the ++- // current process is not confined. All other labels imply confinement. ++- if (label != NULL && strcmp(label, SC_AA_UNCONFINED_STR) == 0) { ++- apparmor->is_confined = false; ++- } else { +++ // expect to be confined by a profile with the name of a valid +++ // snap-confine binary since if not we may be executed under a +++ // profile with more permissions than expected +++ if (label != NULL && sc_streq(mode, SC_AA_ENFORCE_STR) && sc_is_expected_path(label)) { ++ apparmor->is_confined = true; +++ } else { +++ apparmor->is_confined = false; ++ } ++ // There are several possible results for the confinement type (mode) that ++ // are checked for below. ++Index: snapd-2.49/cmd/libsnap-confine-private/tool.c ++=================================================================== ++--- snapd-2.49.orig/cmd/libsnap-confine-private/tool.c +++++ snapd-2.49/cmd/libsnap-confine-private/tool.c ++@@ -110,7 +110,7 @@ void sc_call_snap_update_ns_as_user(int ++ snap_name); ++ ++ const char *xdg_runtime_dir = getenv("XDG_RUNTIME_DIR"); ++- char xdg_runtime_dir_env[PATH_MAX + strlen("XDG_RUNTIME_DIR=")]; +++ char xdg_runtime_dir_env[PATH_MAX + sizeof("XDG_RUNTIME_DIR=")] = { 0 }; ++ if (xdg_runtime_dir != NULL) { ++ sc_must_snprintf(xdg_runtime_dir_env, ++ sizeof(xdg_runtime_dir_env), ++@@ -163,14 +163,21 @@ static int sc_open_snapd_tool(const char ++ // want to store the terminating '\0'. The readlink system call doesn't add ++ // terminating null, but our initialization of buf handles this for us. ++ char buf[PATH_MAX + 1] = { 0 }; ++- if (readlink("/proc/self/exe", buf, sizeof buf) < 0) { +++ if (readlink("/proc/self/exe", buf, sizeof(buf) - 1) < 0) { ++ die("cannot readlink /proc/self/exe"); ++ } ++ if (buf[0] != '/') { // this shouldn't happen, but make sure have absolute path ++ die("readlink /proc/self/exe returned relative path"); ++ } +++ // as we are looking up other tools relative to our own path, check +++ // we are located where we think we should be - otherwise we +++ // may have been hardlink'd elsewhere and then may execute the +++ // wrong tool as a result +++ if (!sc_is_expected_path(buf)) { +++ die("running from unexpected location: %s", buf); +++ } ++ char *dir_name = dirname(buf); ++- int dir_fd SC_CLEANUP(sc_cleanup_close) = 1; +++ int dir_fd SC_CLEANUP(sc_cleanup_close) = -1; ++ dir_fd = open(dir_name, O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); ++ if (dir_fd < 0) { ++ die("cannot open path %s", dir_name); ++Index: snapd-2.49/cmd/libsnap-confine-private/utils-test.c ++=================================================================== ++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils-test.c +++++ snapd-2.49/cmd/libsnap-confine-private/utils-test.c ++@@ -71,6 +71,37 @@ static void test_parse_bool(void) ++ g_assert_cmpint(errno, ==, EFAULT); ++ } ++ +++static void test_sc_is_expected_path(void) +++{ +++ struct { +++ const char *path; +++ bool expected; +++ } test_cases[] = { +++ {"/tmp/snap-confine", false}, +++ {"/tmp/foo", false}, +++ {"/home/ ", false}, +++ {"/usr/lib/snapd/snap-confine1", false}, +++ {"/usr/lib/snapd/snapâconfine", false}, +++ {"/snap/core/usr/lib/snapd/snap-confine", false}, +++ {"/snap/core/x1x/usr/lib/snapd/snap-confine", false}, +++ {"/snap/core/z1/usr/lib/snapd/snap-confine", false}, +++ {"/snap/cê³re/1/usr/lib/snapd/snap-confine", false}, +++ {"/snap/snapd1/1/usr/lib/snapd/snap-confine", false}, +++ {"/snap/core/current/usr/lib/snapd/snap-confine", false}, +++ {"/usr/lib/snapd/snap-confine", true}, +++ {"/usr/libexec/snapd/snap-confine", true}, +++ {"/snap/core/1/usr/lib/snapd/snap-confine", true}, +++ {"/snap/core/x1/usr/lib/snapd/snap-confine", true}, +++ {"/snap/snapd/1/usr/lib/snapd/snap-confine", true}, +++ {"/snap/snapd/1/usr/libexec/snapd/snap-confine", false}, +++ }; +++ size_t i; +++ for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { +++ bool result = sc_is_expected_path(test_cases[i].path); +++ g_assert_cmpint(result, ==, test_cases[i].expected); +++ } +++} +++ ++ static void test_die(void) ++ { ++ if (g_test_subprocess()) { ++@@ -194,6 +225,7 @@ static void test_sc_nonfatal_mkpath__abs ++ static void __attribute__((constructor)) init(void) ++ { ++ g_test_add_func("/utils/parse_bool", test_parse_bool); +++ g_test_add_func("/utils/sc_is_expected_path", test_sc_is_expected_path); ++ g_test_add_func("/utils/die", test_die); ++ g_test_add_func("/utils/die_with_errno", test_die_with_errno); ++ g_test_add_func("/utils/sc_nonfatal_mkpath/relative", ++Index: snapd-2.49/cmd/libsnap-confine-private/utils.c ++=================================================================== ++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.c +++++ snapd-2.49/cmd/libsnap-confine-private/utils.c ++@@ -16,6 +16,7 @@ ++ */ ++ #include ++ #include +++#include ++ #include ++ #include ++ #include ++@@ -237,3 +238,15 @@ int sc_nonfatal_mkpath(const char *const ++ } ++ return 0; ++ } +++ +++bool sc_is_expected_path(const char *path) +++{ +++ const char *expected_path_re = +++ "^(/snap/(snapd|core)/x?[0-9]+/usr/lib|/usr/lib(exec)?)/snapd/snap-confine$"; +++ regex_t re; +++ if (regcomp(&re, expected_path_re, REG_EXTENDED | REG_NOSUB) != 0) +++ die("can not compile regex %s", expected_path_re); +++ int status = regexec(&re, path, 0, NULL, 0); +++ regfree(&re); +++ return status == 0; +++} ++Index: snapd-2.49/cmd/libsnap-confine-private/utils.h ++=================================================================== ++--- snapd-2.49.orig/cmd/libsnap-confine-private/utils.h +++++ snapd-2.49/cmd/libsnap-confine-private/utils.h ++@@ -101,4 +101,10 @@ void write_string_to_file(const char *fi ++ **/ ++ __attribute__((warn_unused_result)) ++ int sc_nonfatal_mkpath(const char *const path, mode_t mode); +++ +++/** +++ * Return true if path is a valid path for the snap-confine binary +++ **/ +++__attribute__((warn_unused_result)) +++bool sc_is_expected_path(const char *path); ++ #endif ++Index: snapd-2.49/cmd/snap-confine/mount-support-test.c ++=================================================================== ++--- snapd-2.49.orig/cmd/snap-confine/mount-support-test.c +++++ snapd-2.49/cmd/snap-confine/mount-support-test.c ++@@ -21,6 +21,7 @@ ++ #include "mount-support-nvidia.c" ++ ++ #include +++#include ++ ++ static void replace_slashes_with_NUL(char *path, size_t len) ++ { ++@@ -91,10 +92,50 @@ static void test_is_subdir(void) ++ g_assert_false(is_subdir("/", "")); ++ } ++ +++static void test_must_mkdir_and_open_with_perms(void) +++{ +++ // make a directory with some contents and check we can +++ // must_mkdir_and_open_with_perms() to get control of it +++ GError *error = NULL; +++ GStatBuf st; +++ gchar *test_dir = g_dir_make_tmp("test-mkdir-XXXXXX", &error); +++ g_assert_no_error(error); +++ g_assert_nonnull(test_dir); +++ g_assert_cmpint(chmod(test_dir, 0755), ==, 0); +++ g_assert_true(g_file_test +++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); +++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0); +++ g_assert_true(st.st_uid == getuid()); +++ g_assert_true(st.st_gid == getgid()); +++ g_assert_true(st.st_mode == (S_IFDIR | 0755)); +++ +++ gchar *test_subdir = g_build_filename(test_dir, "foo", NULL); +++ g_assert_cmpint(g_mkdir_with_parents(test_dir, 0755), ==, 0); +++ g_file_test(test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR); +++ +++ // take over dir +++ int fd = +++ must_mkdir_and_open_with_perms(test_dir, getuid(), getgid(), 0700); +++ // check can unlink dir itself with no contents successfully and it +++ // still exists +++ g_assert_cmpint(fd, >=, 0); +++ g_assert_false(g_file_test +++ (test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); +++ g_assert_true(g_file_test +++ (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); +++ g_assert_cmpint(g_stat(test_dir, &st), ==, 0); +++ g_assert_true(st.st_uid == getuid()); +++ g_assert_true(st.st_gid == getgid()); +++ g_assert_true(st.st_mode == (S_IFDIR | 0700)); +++ close(fd); +++} +++ ++ static void __attribute__((constructor)) init(void) ++ { ++ g_test_add_func("/mount/get_nextpath/typical", ++ test_get_nextpath__typical); ++ g_test_add_func("/mount/get_nextpath/weird", test_get_nextpath__weird); ++ g_test_add_func("/mount/is_subdir", test_is_subdir); +++ g_test_add_func("/mount/must_mkdir_and_open_with_perms", +++ test_must_mkdir_and_open_with_perms); ++ } ++Index: snapd-2.49/cmd/snap-confine/mount-support.c ++=================================================================== ++--- snapd-2.49.orig/cmd/snap-confine/mount-support.c +++++ snapd-2.49/cmd/snap-confine/mount-support.c ++@@ -14,6 +14,7 @@ ++ * along with this program. If not, see . ++ * ++ */ +++ ++ #ifdef HAVE_CONFIG_H ++ #include "config.h" ++ #endif ++@@ -51,6 +52,91 @@ ++ ++ static void sc_detach_views_of_writable(sc_distro distro, bool normal_mode); ++ +++static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid, +++ mode_t mode) +++{ +++ int retries = 10; +++ int fd; +++ +++ mkdir: +++ if (--retries == 0) { +++ die("lost race to create dir %s too many times", dir); +++ } +++ // Ignore EEXIST since we want to reuse and we will open with +++ // O_NOFOLLOW, below. +++ if (mkdir(dir, 0700) < 0 && errno != EEXIST) { +++ die("cannot create directory %s", dir); +++ } +++ fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); +++ if (fd < 0) { +++ // if is not a directory then remove it and try again +++ if (errno == ENOTDIR && unlink(dir) == 0) { +++ goto mkdir; +++ } +++ die("cannot open directory %s", dir); +++ } +++ // ensure base_dir has the expected permissions since it may have +++ // already existed +++ struct stat st; +++ if (fstat(fd, &st) < 0) { +++ die("cannot stat base directory %s", dir); +++ } +++ if (st.st_uid != uid || st.st_gid != gid +++ || st.st_mode != (S_IFDIR | mode)) { +++ unsigned char random[10] = { 0 }; +++ char random_dir[MAX_BUF] = { 0 }; +++ int offset; +++ size_t i; +++ +++ // base_dir isn't what we expect - create a random +++ // directory name and rename the existing erroneous +++ // base_dir to this then try recreating it again - NOTE we +++ // don't use mkdtemp() here since we don't want to actually +++ // create the directory yet as we want rename() to do that +++ // for us +++#ifdef SYS_getrandom +++ // use syscall(SYS_getrandom) since getrandom() is +++ // not available on older glibc +++ if (syscall(SYS_getrandom, random, sizeof(random), 0) != +++ sizeof(random)) { +++ die("cannot get random bytes"); +++ } +++#else +++ // use /dev/urandom on older systems which don't support +++ // SYS_getrandom +++ int rfd = open("/dev/urandom", O_RDONLY); +++ if (rfd < 0) { +++ die("cannot open /dev/urandom"); +++ } +++ if (read(rfd, random, sizeof(random)) != sizeof(random)) { +++ die("cannot get random bytes"); +++ } +++ close(rfd); +++#endif +++ offset = +++ sc_must_snprintf(random_dir, sizeof(random_dir), "%s.", +++ dir); +++ for (i = 0; i < sizeof(random); i++) { +++ offset += +++ sc_must_snprintf(random_dir + offset, +++ sizeof(random_dir) - offset, +++ "%02x", (unsigned int)random[i]); +++ } +++ // try and get dir which we own by renaming it to something +++ // else then creating it again +++ +++ // TODO - change this to use renameat2(RENAME_EXCHANGE) +++ // once we can use a newer version of glibc for snapd +++ if (rename(dir, random_dir) < 0) { +++ die("cannot rename base_dir to random_dir '%s'", +++ random_dir); +++ } +++ close(fd); +++ goto mkdir; +++ } +++ return fd; +++} +++ ++ // TODO: simplify this, after all it is just a tmpfs ++ // TODO: fold this into bootstrap ++ static void setup_private_mount(const char *snap_name) ++@@ -86,29 +172,8 @@ static void setup_private_mount(const ch ++ /* Switch to root group so that mkdir and open calls below create filesystem ++ * elements that are not owned by the user calling into snap-confine. */ ++ sc_identity old = sc_set_effective_identity(sc_root_group_identity()); ++- // Create /tmp/snap.$SNAP_NAME/ 0700 root.root. Ignore EEXIST since we want ++- // to reuse and we will open with O_NOFOLLOW, below. ++- if (mkdir(base_dir, 0700) < 0 && errno != EEXIST) { ++- die("cannot create base directory %s", base_dir); ++- } ++- base_dir_fd = open(base_dir, ++- O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); ++- if (base_dir_fd < 0) { ++- die("cannot open base directory %s", base_dir); ++- } ++- /* This seems redundant on first read but it has the non-obvious ++- * property of changing existing directories that have already existed ++- * but had incorrect ownership or permission. This is possible due to ++- * earlier bugs in snap-confine and due to the fact that some systems ++- * use persistent /tmp directory and may not clean up leftover files ++- * for arbitrarily long. This comment applies the following two pairs ++- * of fchmod and fchown. */ ++- if (fchmod(base_dir_fd, 0700) < 0) { ++- die("cannot chmod base directory %s to 0700", base_dir); ++- } ++- if (fchown(base_dir_fd, 0, 0) < 0) { ++- die("cannot chown base directory %s to root.root", base_dir); ++- } +++ // Create /tmp/snap.$SNAP_NAME/ 0700 root.root. +++ base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700); ++ // Create /tmp/snap.$SNAP_NAME/tmp 01777 root.root Ignore EEXIST since we ++ // want to reuse and we will open with O_NOFOLLOW, below. ++ if (mkdirat(base_dir_fd, "tmp", 01777) < 0 && errno != EEXIST) { ++@@ -120,14 +185,14 @@ static void setup_private_mount(const ch ++ if (tmp_dir_fd < 0) { ++ die("cannot open private tmp directory %s/tmp", base_dir); ++ } ++- if (fchmod(tmp_dir_fd, 01777) < 0) { ++- die("cannot chmod private tmp directory %s/tmp to 01777", ++- base_dir); ++- } ++ if (fchown(tmp_dir_fd, 0, 0) < 0) { ++ die("cannot chown private tmp directory %s/tmp to root.root", ++ base_dir); ++ } +++ if (fchmod(tmp_dir_fd, 01777) < 0) { +++ die("cannot chmod private tmp directory %s/tmp to 01777", +++ base_dir); +++ } ++ sc_do_mount(tmp_dir, "/tmp", NULL, MS_BIND, NULL); ++ sc_do_mount("none", "/tmp", NULL, MS_PRIVATE, NULL); ++ } ++@@ -448,7 +513,8 @@ static void sc_bootstrap_mount_namespace ++ sc_identity old = sc_set_effective_identity(sc_root_group_identity()); ++ if (mkdir(SC_HOSTFS_DIR, 0755) < 0) { ++ if (errno != EEXIST) { ++- die("cannot perform operation: mkdir %s", SC_HOSTFS_DIR); +++ die("cannot perform operation: mkdir %s", +++ SC_HOSTFS_DIR); ++ } ++ } ++ (void)sc_set_effective_identity(old); ++Index: snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in ++=================================================================== ++--- snapd-2.49.orig/cmd/snap-confine/snap-confine.apparmor.in +++++ snapd-2.49/cmd/snap-confine/snap-confine.apparmor.in ++@@ -41,6 +41,17 @@ ++ ++ @LIBEXECDIR@/snap-confine mr, ++ +++ # This rule is needed when executing from a "base: core" devmode snap on +++ # UC18 and newer where the /usr/lib/snapd/snap-confine inside the +++ # "base: core" mount namespace always comes from the snapd snap, and thus +++ # we will execute snap-confine via this path, and thus need to be able to +++ # read this path when executing. It's also necessary on classic where both +++ # the snapd and the core snap are installed at the same time. +++ # TODO: remove this rule when we stop supporting executing other snaps from +++ # inside devmode snaps, ideally even in the short term we would only include +++ # this rule on core only, and specifically uc18 and newer where we need it +++ #@VERBATIM_LIBEXECDIR_SNAP_CONFINE@ mr, +++ ++ /dev/null rw, ++ /dev/full rw, ++ /dev/zero rw, ++@@ -376,10 +387,10 @@ ++ # stacked filesystems generally. ++ # encrypted ~/.Private and old-style encrypted $HOME ++ @{HOME}/.Private/ r, ++- @{HOME}/.Private/** mrixwlk, +++ @{HOME}/.Private/** mrwlk, ++ # new-style encrypted $HOME ++ @{HOMEDIRS}/.ecryptfs/*/.Private/ r, ++- @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, +++ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk, ++ ++ # Allow snap-confine to move to the void, creating it if necessary. ++ /var/lib/snapd/void/ rw, ++Index: snapd-2.49/interfaces/apparmor/apparmor.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/apparmor.go +++++ snapd-2.49/interfaces/apparmor/apparmor.go ++@@ -38,17 +38,6 @@ import ( ++ "github.com/snapcore/snapd/osutil" ++ ) ++ ++-// ValidateNoAppArmorRegexp will check that the given string does not ++-// contain AppArmor regular expressions (AARE), double quotes or \0. ++-func ValidateNoAppArmorRegexp(s string) error { ++- const AARE = `?*[]{}^"` + "\x00" ++- ++- if strings.ContainsAny(s, AARE) { ++- return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE) ++- } ++- return nil ++-} ++- ++ type aaParserFlags int ++ ++ const ( ++Index: snapd-2.49/interfaces/apparmor/apparmor_test.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/apparmor_test.go +++++ snapd-2.49/interfaces/apparmor/apparmor_test.go ++@@ -217,22 +217,6 @@ func (s *appArmorSuite) TestLoadedApparm ++ c.Check(profiles, IsNil) ++ } ++ ++-func (s *appArmorSuite) TestValidateFreeFromAAREUnhappy(c *C) { ++- var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"} ++- ++- for _, s := range testCases { ++- c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s)) ++- } ++-} ++- ++-func (s *appArmorSuite) TestValidateFreeFromAAREhappy(c *C) { ++- var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a/usr/lib/snapd/snap-confine ... ) +++ // * exec( /snap/core//usr/lib/snapd/snap-confine ... ) +++ +++ // The latter two can always transition to their respective +++ // revisioned profiles unambiguously if each snap is installed. +++ +++ // The former rule for /usr/lib/snapd/snap-confine however is +++ // more tricky. First, we can say that if only the snapd snap is +++ // installed, to just transition to that profile and be done. If +++ // just the core snap is installed, then we can deduce this +++ // system is either UC16 or a classic one, in both cases though +++ // we have /usr/lib/snapd/snap-confine defined as the profile to +++ // transition to. +++ // If both snaps are installed however, then we need to branch +++ // and pick a profile that exists, we can't just arbitrarily +++ // pick one profile because not all profiles will exist on all +++ // systems actually, for example the snap-confine profile from +++ // the core snap will not be generated/installed on UC18+. We +++ // can simplify the logic however by realizing that no matter +++ // the relative version numbers of snapd and core, when +++ // executing a snap with base other than core (i.e. base core18 +++ // or core20), the snapd snap's version of snap-confine will +++ // always be used for various reasons. This is also true for +++ // base: core snaps, but only on non-classic systems. So we +++ // essentially say that /usr/lib/snapd/snap-confine always +++ // transitions to the snapd snap profile if the base is not +++ // core or if the system is not classic. If the base is core and +++ // the system is classic, then the core snap profile will be +++ // used. +++ +++ usrLibSnapdConfineTransitionTarget := "" +++ switch { +++ case b.coreSnap != nil && b.snapdSnap == nil: +++ // only core snap - use /usr/lib/snapd/snap-confine always +++ usrLibSnapdConfineTransitionTarget = "/usr/lib/snapd/snap-confine" +++ case b.snapdSnap != nil && b.coreSnap == nil: +++ // only snapd snap - use snapd snap version +++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget() +++ case b.snapdSnap != nil && b.coreSnap != nil: +++ // both are installed - need to check which one to use +++ // TODO: is snapInfo.Base sometimes unset for snaps w/o bases +++ // these days? maybe this needs to be this instead ? +++ // if release.OnClassic && (snapInfo.Base == "core" || snapInfo.Base == "") +++ if release.OnClassic && snapInfo.Base == "core" { +++ // use the core snap as the target only if we are on +++ // classic and the base is core +++ usrLibSnapdConfineTransitionTarget = coreProfileTarget() +++ } else { +++ // otherwise always use snapd +++ usrLibSnapdConfineTransitionTarget = snapdProfileTarget() +++ } +++ +++ default: +++ // neither of the snaps are installed +++ +++ // TODO: this panic is unfortunate, but we don't have time +++ // to do any better for this security release +++ // It is actually important that we panic here, the only +++ // known circumstance where this happens is when we are +++ // seeding during first boot of UC16 with a very new core +++ // snap (i.e. with the security fix of 2.54.3) and also have +++ // a devmode confined snap in the seed to prepare. In this +++ // situation, when we panic(), we force snapd to exit, and +++ // systemd will restart us and we actually recover the +++ // initial seed change and continue on. This code will be +++ // removed/adapted before it is merged to the main branch, +++ // it is only meant to exist on the security release branch. +++ msg := fmt.Sprintf("neither snapd nor core snap available while preparing apparmor profile for devmode snap %s, panicing to restart snapd to continue seeding", snapInfo.InstanceName()) +++ panic(msg) +++ } +++ +++ // We use Pxr for all these rules since the snap-confine profile +++ // is not a child profile of the devmode complain profile we are +++ // generating right now. +++ usrLibSnapdConfineTransitionRule := fmt.Sprintf("/usr/lib/snapd/snap-confine Pxr -> %s,\n", usrLibSnapdConfineTransitionTarget) +++ +++ coreSnapConfineSnippet := "" +++ if b.coreSnap != nil { +++ coreSnapConfineSnippet = fmt.Sprintf("/snap/core/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", coreProfileTarget()) +++ } +++ +++ snapdSnapConfineSnippet := "" +++ if b.snapdSnap != nil { +++ snapdSnapConfineSnippet = fmt.Sprintf("/snap/snapd/*/usr/lib/snapd/snap-confine Pxr -> %s,\n", snapdProfileTarget()) +++ } +++ +++ nonBaseCoreTransitionSnippet := coreSnapConfineSnippet + "\n" + snapdSnapConfineSnippet +++ +++ // include both rules for the core snap and the snapd snap since +++ // we can't know which one will be used at runtime (for example +++ // SNAP_REEXEC could be set which affects which one is used) +++ return fmt.Sprintf(` +++ # allow executing the snap command from either the rootfs (for base: core) or +++ # from the system snaps (all other bases) - this is very specifically only to +++ # enable proper apparmor profile transition to snap-confine below, if we don't +++ # include these exec rules, then when executing the snap command, apparmor +++ # will create a new, unique sub-profile which then cannot be transitioned from +++ # to the actual snap-confine profile +++ /usr/bin/snap ixr, +++ /snap/{snapd,core}/*/usr/bin/snap ixr, +++ +++ # allow transitioning to snap-confine to support executing strict snaps from +++ # inside devmode confined snaps +++ +++ # this first rule is to handle the case of exec()ing +++ # /usr/lib/snapd/snap-confine directly, the profile we transition to depends +++ # on whether we are classic or not, what snaps (snapd or core) are installed +++ # and also whether this snap is a base: core snap or a differently based snap. +++ # see the comment in interfaces/backend/apparmor.go where this snippet is +++ # generated for the full context +++ %[1]s +++ +++ # the second (and possibly third if both core and snapd are installed) rule is +++ # to handle direct exec() of snap-confine from the respective snaps directly, +++ # this happens mostly on non-core based snaps, wherein the base snap has a +++ # symlink from /usr/bin/snap -> /snap/snapd/current/usr/bin/snap, which makes +++ # the snap command execute snap-confine directly from the associated system +++ # snap in /snap/{snapd,core}//usr/lib/snapd/snap-confine +++ %[2]s +++`, usrLibSnapdConfineTransitionRule, nonBaseCoreTransitionSnippet) +++ ++ case "###VAR###": ++ return templateVariables(snapInfo, securityTag, cmdName) ++ case "###PROFILEATTACH###": ++Index: snapd-2.49/interfaces/apparmor/backend_test.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/backend_test.go +++++ snapd-2.49/interfaces/apparmor/backend_test.go ++@@ -169,6 +169,9 @@ func (s *backendSuite) SetUpTest(c *C) { ++ s.parserCmd = testutil.MockCommand(c, "apparmor_parser", fakeAppArmorParser) ++ ++ apparmor.MockRuntimeNumCPU(func() int { return 99 }) +++ +++ err = s.Backend.Initialize(ifacetest.DefaultInitializeOpts) +++ c.Assert(err, IsNil) ++ } ++ ++ func (s *backendSuite) TearDownTest(c *C) { ++@@ -1352,7 +1355,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer cmd.Restore() ++ ++ // Setup generated policy for snap-confine. ++- err := (&apparmor.Backend{}).Initialize(nil) +++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ c.Assert(cmd.Calls(), HasLen, 0) ++ ++@@ -1408,7 +1411,7 @@ func (s *backendSuite) testSetupSnapConf ++ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil) ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ ++ // Because NFS is being used, we have the extra policy file. ++@@ -1461,7 +1464,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer restore() ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ ++ // Because NFS is being used, we have the extra policy file. ++@@ -1506,7 +1509,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer restore() ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ // NOTE: Errors in determining NFS are non-fatal to prevent snapd from ++ // failing to operate. A warning message is logged but system operates as ++ // if NFS was not active. ++@@ -1543,7 +1546,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer restore() ++ ++ // Setup generated policy for snap-confine. ++- err := (&apparmor.Backend{}).Initialize(nil) +++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, ErrorMatches, "cannot read .*corrupt-proc-self-exe: .*") ++ ++ // We didn't create the policy file. ++@@ -1582,7 +1585,7 @@ func (s *backendSuite) TestSetupSnapConf ++ c.Assert(ioutil.WriteFile(filepath.Join(apparmor_sandbox.ConfDir, "usr.lib.snapd.snap-confine"), []byte(""), 0644), IsNil) ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, ErrorMatches, "cannot reload snap-confine apparmor profile: .*\n.*\ntesting\n") ++ ++ // While created the policy file initially we also removed it so that ++@@ -1598,13 +1601,15 @@ func (s *backendSuite) TestSetupSnapConf ++ // Test behavior when MkdirAll fails ++ func (s *backendSuite) TestSetupSnapConfineGeneratedPolicyError4(c *C) { ++ // Create a file where we would expect to find the local policy. ++- err := os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755) +++ err := os.RemoveAll(filepath.Dir(dirs.SnapConfineAppArmorDir)) +++ c.Assert(err, IsNil) +++ err = os.MkdirAll(filepath.Dir(dirs.SnapConfineAppArmorDir), 0755) ++ c.Assert(err, IsNil) ++ err = ioutil.WriteFile(dirs.SnapConfineAppArmorDir, []byte(""), 0644) ++ c.Assert(err, IsNil) ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, ErrorMatches, "*.: not a directory") ++ } ++ ++@@ -1651,7 +1656,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer os.Chmod(dirs.SnapConfineAppArmorDir, 0755) ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, ErrorMatches, `cannot synchronize snap-confine policy: remove .*/generated-test: permission denied`) ++ ++ // The policy directory was unchanged. ++@@ -1677,7 +1682,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer cmd.Restore() ++ ++ // Setup generated policy for snap-confine. ++- err := (&apparmor.Backend{}).Initialize(nil) +++ err := (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ c.Assert(cmd.Calls(), HasLen, 0) ++ ++@@ -1730,7 +1735,7 @@ func (s *backendSuite) testSetupSnapConf ++ c.Assert(ioutil.WriteFile(profilePath, []byte(""), 0644), IsNil) ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ ++ // Because overlay is being used, we have the extra policy file. ++@@ -1782,7 +1787,7 @@ func (s *backendSuite) TestSetupSnapConf ++ defer restore() ++ ++ // Setup generated policy for snap-confine. ++- err = (&apparmor.Backend{}).Initialize(nil) +++ err = (&apparmor.Backend{}).Initialize(ifacetest.DefaultInitializeOpts) ++ c.Assert(err, IsNil) ++ ++ // Because overlay is being used, we have the extra policy file. ++@@ -2240,7 +2245,10 @@ func (s *backendSuite) TestSetupManyInPr ++ aa, ok := s.Backend.(*apparmor.Backend) ++ c.Assert(ok, Equals, true) ++ ++- opts := interfaces.SecurityBackendOptions{Preseed: true} +++ opts := interfaces.SecurityBackendOptions{ +++ Preseed: true, +++ CoreSnapInfo: ifacetest.DefaultInitializeOpts.CoreSnapInfo, +++ } ++ c.Assert(aa.Initialize(&opts), IsNil) ++ ++ for _, opts := range testedConfinementOpts { ++Index: snapd-2.49/interfaces/apparmor/spec.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/spec.go +++++ snapd-2.49/interfaces/apparmor/spec.go ++@@ -293,30 +293,30 @@ func (spec *Specification) AddLayout(si ++ case l.Bind != "": ++ bind := si.ExpandSnapVariables(l.Bind) ++ // Allow bind mounting the layout element. ++- emit(" mount options=(rbind, rw) %s/ -> %s/,\n", bind, path) ++- emit(" mount options=(rprivate) -> %s/,\n", path) ++- emit(" umount %s/,\n", path) +++ emit(" mount options=(rbind, rw) \"%s/\" -> \"%s/\",\n", bind, path) +++ emit(" mount options=(rprivate) -> \"%s/\",\n", path) +++ emit(" umount \"%s/\",\n", path) ++ // Allow constructing writable mimic in both bind-mount source and mount point. ++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory ++ GenWritableProfile(emit, bind, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION ++ case l.BindFile != "": ++ bindFile := si.ExpandSnapVariables(l.BindFile) ++ // Allow bind mounting the layout element. ++- emit(" mount options=(bind, rw) %s -> %s,\n", bindFile, path) ++- emit(" mount options=(rprivate) -> %s,\n", path) ++- emit(" umount %s,\n", path) +++ emit(" mount options=(bind, rw) \"%s\" -> \"%s\",\n", bindFile, path) +++ emit(" mount options=(rprivate) -> \"%s\",\n", path) +++ emit(" umount \"%s\",\n", path) ++ // Allow constructing writable mimic in both bind-mount source and mount point. ++ GenWritableFileProfile(emit, path, 2) // At least / and /some-top-level-directory ++ GenWritableFileProfile(emit, bindFile, 4) // At least /, /snap/, /snap/$SNAP_NAME and /snap/$SNAP_NAME/$SNAP_REVISION ++ case l.Type == "tmpfs": ++- emit(" mount fstype=tmpfs tmpfs -> %s/,\n", path) ++- emit(" mount options=(rprivate) -> %s/,\n", path) ++- emit(" umount %s/,\n", path) +++ emit(" mount fstype=tmpfs tmpfs -> \"%s/\",\n", path) +++ emit(" mount options=(rprivate) -> \"%s/\",\n", path) +++ emit(" umount \"%s/\",\n", path) ++ // Allow constructing writable mimic to mount point. ++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory ++ case l.Symlink != "": ++ // Allow constructing writable mimic to symlink parent directory. ++- emit(" %s rw,\n", path) +++ emit(" \"%s\" rw,\n", path) ++ GenWritableProfile(emit, path, 2) // At least / and /some-top-level-directory ++ } ++ } ++@@ -370,7 +370,7 @@ func GenWritableMimicProfile(emit func(f ++ emit(" # .. permissions for traversing the prefix that is assumed to exist\n") ++ for iter.Next() { ++ if iter.Depth() < assumedPrefixDepth { ++- emit(" %s r,\n", iter.CurrentPath()) +++ emit(" \"%s\" r,\n", iter.CurrentPath()) ++ } ++ } ++ ++@@ -388,33 +388,33 @@ func GenWritableMimicProfile(emit func(f ++ mimicAuxPath := filepath.Join("/tmp/.snap", iter.CurrentPath()) + "/" ++ emit(" # .. variant with mimic at %s\n", mimicPath) ++ emit(" # Allow reading the mimic directory, it must exist in the first place.\n") ++- emit(" %s r,\n", mimicPath) +++ emit(" \"%s\" r,\n", mimicPath) ++ emit(" # Allow setting the read-only directory aside via a bind mount.\n") ++- emit(" %s rw,\n", mimicAuxPath) ++- emit(" mount options=(rbind, rw) %s -> %s,\n", mimicPath, mimicAuxPath) +++ emit(" \"%s\" rw,\n", mimicAuxPath) +++ emit(" mount options=(rbind, rw) \"%s\" -> \"%s\",\n", mimicPath, mimicAuxPath) ++ emit(" # Allow mounting tmpfs over the read-only directory.\n") ++- emit(" mount fstype=tmpfs options=(rw) tmpfs -> %s,\n", mimicPath) +++ emit(" mount fstype=tmpfs options=(rw) tmpfs -> \"%s\",\n", mimicPath) ++ emit(" # Allow creating empty files and directories for bind mounting things\n" + ++ " # to reconstruct the now-writable parent directory.\n") ++- emit(" %s*/ rw,\n", mimicAuxPath) ++- emit(" %s*/ rw,\n", mimicPath) ++- emit(" mount options=(rbind, rw) %s*/ -> %s*/,\n", mimicAuxPath, mimicPath) ++- emit(" %s* rw,\n", mimicAuxPath) ++- emit(" %s* rw,\n", mimicPath) ++- emit(" mount options=(bind, rw) %s* -> %s*,\n", mimicAuxPath, mimicPath) +++ emit(" \"%s*/\" rw,\n", mimicAuxPath) +++ emit(" \"%s*/\" rw,\n", mimicPath) +++ emit(" mount options=(rbind, rw) \"%s*/\" -> \"%s*/\",\n", mimicAuxPath, mimicPath) +++ emit(" \"%s*\" rw,\n", mimicAuxPath) +++ emit(" \"%s*\" rw,\n", mimicPath) +++ emit(" mount options=(bind, rw) \"%s*\" -> \"%s*\",\n", mimicAuxPath, mimicPath) ++ emit(" # Allow unmounting the auxiliary directory.\n" + ++ " # TODO: use fstype=tmpfs here for more strictness (LP: #1613403)\n") ++- emit(" mount options=(rprivate) -> %s,\n", mimicAuxPath) ++- emit(" umount %s,\n", mimicAuxPath) +++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicAuxPath) +++ emit(" umount \"%s\",\n", mimicAuxPath) ++ emit(" # Allow unmounting the destination directory as well as anything\n" + ++ " # inside. This lets us perform the undo plan in case the writable\n" + ++ " # mimic fails.\n") ++- emit(" mount options=(rprivate) -> %s,\n", mimicPath) ++- emit(" mount options=(rprivate) -> %s*,\n", mimicPath) ++- emit(" mount options=(rprivate) -> %s*/,\n", mimicPath) ++- emit(" umount %s,\n", mimicPath) ++- emit(" umount %s*,\n", mimicPath) ++- emit(" umount %s*/,\n", mimicPath) +++ emit(" mount options=(rprivate) -> \"%s\",\n", mimicPath) +++ emit(" mount options=(rprivate) -> \"%s*\",\n", mimicPath) +++ emit(" mount options=(rprivate) -> \"%s*/\",\n", mimicPath) +++ emit(" umount \"%s\",\n", mimicPath) +++ emit(" umount \"%s*\",\n", mimicPath) +++ emit(" umount \"%s*/\",\n", mimicPath) ++ } ++ } ++ ++@@ -425,9 +425,9 @@ func GenWritableFileProfile(emit func(f ++ } ++ if isProbablyWritable(path) { ++ emit(" # Writable file %s\n", path) ++- emit(" %s rw,\n", path) +++ emit(" \"%s\" rw,\n", path) ++ for p := parent(path); !isProbablyPresent(p); p = parent(p) { ++- emit(" %s/ rw,\n", p) +++ emit(" \"%s/\" rw,\n", p) ++ } ++ } else { ++ parentPath := parent(path) ++@@ -443,7 +443,7 @@ func GenWritableProfile(emit func(f stri ++ if isProbablyWritable(path) { ++ emit(" # Writable directory %s\n", path) ++ for p := path; !isProbablyPresent(p); p = parent(p) { ++- emit(" %s/ rw,\n", p) +++ emit(" \"%s/\" rw,\n", p) ++ } ++ } else { ++ parentPath := parent(path) ++@@ -537,9 +537,9 @@ func (spec *Specification) UpdateNS() [] ++ func snippetFromLayout(layout *snap.Layout) string { ++ mountPoint := layout.Snap.ExpandSnapVariables(layout.Path) ++ if layout.Bind != "" || layout.Type == "tmpfs" { ++- return fmt.Sprintf("# Layout path: %s\n%s{,/**} mrwklix,", mountPoint, mountPoint) +++ return fmt.Sprintf("# Layout path: %s\n\"%s{,/**}\" mrwklix,", mountPoint, mountPoint) ++ } else if layout.BindFile != "" { ++- return fmt.Sprintf("# Layout path: %s\n%s mrwklix,", mountPoint, mountPoint) +++ return fmt.Sprintf("# Layout path: %s\n\"%s\" mrwklix,", mountPoint, mountPoint) ++ } ++ return fmt.Sprintf("# Layout path: %s\n# (no extra permissions required for symlink)", mountPoint) ++ } ++Index: snapd-2.49/interfaces/apparmor/spec_test.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/spec_test.go +++++ snapd-2.49/interfaces/apparmor/spec_test.go ++@@ -284,72 +284,72 @@ func (s *specSuite) TestApparmorSnippets ++ s.spec.AddLayout(snapInfo) ++ c.Assert(s.spec.Snippets(), DeepEquals, map[string][]string{ ++ "snap.vanguard.vanguard": { ++- "# Layout path: /etc/foo.conf\n/etc/foo.conf mrwklix,", ++- "# Layout path: /usr/foo\n/usr/foo{,/**} mrwklix,", +++ "# Layout path: /etc/foo.conf\n\"/etc/foo.conf\" mrwklix,", +++ "# Layout path: /usr/foo\n\"/usr/foo{,/**}\" mrwklix,", ++ "# Layout path: /var/cache/mylink\n# (no extra permissions required for symlink)", ++- "# Layout path: /var/tmp\n/var/tmp{,/**} mrwklix,", +++ "# Layout path: /var/tmp\n\"/var/tmp{,/**}\" mrwklix,", ++ }, ++ }) ++ updateNS := s.spec.UpdateNS() ++ ++ profile0 := ` # Layout /etc/foo.conf: bind-file $SNAP/foo.conf ++- mount options=(bind, rw) /snap/vanguard/42/foo.conf -> /etc/foo.conf, ++- mount options=(rprivate) -> /etc/foo.conf, ++- umount /etc/foo.conf, +++ mount options=(bind, rw) "/snap/vanguard/42/foo.conf" -> "/etc/foo.conf", +++ mount options=(rprivate) -> "/etc/foo.conf", +++ umount "/etc/foo.conf", ++ # Writable mimic /etc ++ # .. permissions for traversing the prefix that is assumed to exist ++- / r, +++ "/" r, ++ # .. variant with mimic at /etc/ ++ # Allow reading the mimic directory, it must exist in the first place. ++- /etc/ r, +++ "/etc/" r, ++ # Allow setting the read-only directory aside via a bind mount. ++- /tmp/.snap/etc/ rw, ++- mount options=(rbind, rw) /etc/ -> /tmp/.snap/etc/, +++ "/tmp/.snap/etc/" rw, +++ mount options=(rbind, rw) "/etc/" -> "/tmp/.snap/etc/", ++ # Allow mounting tmpfs over the read-only directory. ++- mount fstype=tmpfs options=(rw) tmpfs -> /etc/, +++ mount fstype=tmpfs options=(rw) tmpfs -> "/etc/", ++ # Allow creating empty files and directories for bind mounting things ++ # to reconstruct the now-writable parent directory. ++- /tmp/.snap/etc/*/ rw, ++- /etc/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/etc/*/ -> /etc/*/, ++- /tmp/.snap/etc/* rw, ++- /etc/* rw, ++- mount options=(bind, rw) /tmp/.snap/etc/* -> /etc/*, +++ "/tmp/.snap/etc/*/" rw, +++ "/etc/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/etc/*/" -> "/etc/*/", +++ "/tmp/.snap/etc/*" rw, +++ "/etc/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/etc/*" -> "/etc/*", ++ # Allow unmounting the auxiliary directory. ++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403) ++- mount options=(rprivate) -> /tmp/.snap/etc/, ++- umount /tmp/.snap/etc/, +++ mount options=(rprivate) -> "/tmp/.snap/etc/", +++ umount "/tmp/.snap/etc/", ++ # Allow unmounting the destination directory as well as anything ++ # inside. This lets us perform the undo plan in case the writable ++ # mimic fails. ++- mount options=(rprivate) -> /etc/, ++- mount options=(rprivate) -> /etc/*, ++- mount options=(rprivate) -> /etc/*/, ++- umount /etc/, ++- umount /etc/*, ++- umount /etc/*/, +++ mount options=(rprivate) -> "/etc/", +++ mount options=(rprivate) -> "/etc/*", +++ mount options=(rprivate) -> "/etc/*/", +++ umount "/etc/", +++ umount "/etc/*", +++ umount "/etc/*/", ++ # Writable mimic /snap/vanguard/42 ++- /snap/ r, ++- /snap/vanguard/ r, +++ "/snap/" r, +++ "/snap/vanguard/" r, ++ # .. variant with mimic at /snap/vanguard/42/ ++- /snap/vanguard/42/ r, ++- /tmp/.snap/snap/vanguard/42/ rw, ++- mount options=(rbind, rw) /snap/vanguard/42/ -> /tmp/.snap/snap/vanguard/42/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/, ++- /tmp/.snap/snap/vanguard/42/*/ rw, ++- /snap/vanguard/42/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/*/ -> /snap/vanguard/42/*/, ++- /tmp/.snap/snap/vanguard/42/* rw, ++- /snap/vanguard/42/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/* -> /snap/vanguard/42/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/, ++- umount /tmp/.snap/snap/vanguard/42/, ++- mount options=(rprivate) -> /snap/vanguard/42/, ++- mount options=(rprivate) -> /snap/vanguard/42/*, ++- mount options=(rprivate) -> /snap/vanguard/42/*/, ++- umount /snap/vanguard/42/, ++- umount /snap/vanguard/42/*, ++- umount /snap/vanguard/42/*/, +++ "/snap/vanguard/42/" r, +++ "/tmp/.snap/snap/vanguard/42/" rw, +++ mount options=(rbind, rw) "/snap/vanguard/42/" -> "/tmp/.snap/snap/vanguard/42/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/", +++ "/tmp/.snap/snap/vanguard/42/*/" rw, +++ "/snap/vanguard/42/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/*/" -> "/snap/vanguard/42/*/", +++ "/tmp/.snap/snap/vanguard/42/*" rw, +++ "/snap/vanguard/42/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/*" -> "/snap/vanguard/42/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/", +++ umount "/tmp/.snap/snap/vanguard/42/", +++ mount options=(rprivate) -> "/snap/vanguard/42/", +++ mount options=(rprivate) -> "/snap/vanguard/42/*", +++ mount options=(rprivate) -> "/snap/vanguard/42/*/", +++ umount "/snap/vanguard/42/", +++ umount "/snap/vanguard/42/*", +++ umount "/snap/vanguard/42/*/", ++ ` ++ // Find the slice that describes profile0 by looking for the first unique ++ // line of the next profile. ++@@ -358,49 +358,49 @@ func (s *specSuite) TestApparmorSnippets ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0) ++ ++ profile1 := ` # Layout /usr/foo: bind $SNAP/usr/foo ++- mount options=(rbind, rw) /snap/vanguard/42/usr/foo/ -> /usr/foo/, ++- mount options=(rprivate) -> /usr/foo/, ++- umount /usr/foo/, +++ mount options=(rbind, rw) "/snap/vanguard/42/usr/foo/" -> "/usr/foo/", +++ mount options=(rprivate) -> "/usr/foo/", +++ umount "/usr/foo/", ++ # Writable mimic /usr ++ # .. variant with mimic at /usr/ ++- /usr/ r, ++- /tmp/.snap/usr/ rw, ++- mount options=(rbind, rw) /usr/ -> /tmp/.snap/usr/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /usr/, ++- /tmp/.snap/usr/*/ rw, ++- /usr/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/usr/*/ -> /usr/*/, ++- /tmp/.snap/usr/* rw, ++- /usr/* rw, ++- mount options=(bind, rw) /tmp/.snap/usr/* -> /usr/*, ++- mount options=(rprivate) -> /tmp/.snap/usr/, ++- umount /tmp/.snap/usr/, ++- mount options=(rprivate) -> /usr/, ++- mount options=(rprivate) -> /usr/*, ++- mount options=(rprivate) -> /usr/*/, ++- umount /usr/, ++- umount /usr/*, ++- umount /usr/*/, +++ "/usr/" r, +++ "/tmp/.snap/usr/" rw, +++ mount options=(rbind, rw) "/usr/" -> "/tmp/.snap/usr/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/usr/", +++ "/tmp/.snap/usr/*/" rw, +++ "/usr/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/usr/*/" -> "/usr/*/", +++ "/tmp/.snap/usr/*" rw, +++ "/usr/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/usr/*" -> "/usr/*", +++ mount options=(rprivate) -> "/tmp/.snap/usr/", +++ umount "/tmp/.snap/usr/", +++ mount options=(rprivate) -> "/usr/", +++ mount options=(rprivate) -> "/usr/*", +++ mount options=(rprivate) -> "/usr/*/", +++ umount "/usr/", +++ umount "/usr/*", +++ umount "/usr/*/", ++ # Writable mimic /snap/vanguard/42/usr ++ # .. variant with mimic at /snap/vanguard/42/usr/ ++- /snap/vanguard/42/usr/ r, ++- /tmp/.snap/snap/vanguard/42/usr/ rw, ++- mount options=(rbind, rw) /snap/vanguard/42/usr/ -> /tmp/.snap/snap/vanguard/42/usr/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/vanguard/42/usr/, ++- /tmp/.snap/snap/vanguard/42/usr/*/ rw, ++- /snap/vanguard/42/usr/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/vanguard/42/usr/*/ -> /snap/vanguard/42/usr/*/, ++- /tmp/.snap/snap/vanguard/42/usr/* rw, ++- /snap/vanguard/42/usr/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/vanguard/42/usr/* -> /snap/vanguard/42/usr/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/vanguard/42/usr/, ++- umount /tmp/.snap/snap/vanguard/42/usr/, ++- mount options=(rprivate) -> /snap/vanguard/42/usr/, ++- mount options=(rprivate) -> /snap/vanguard/42/usr/*, ++- mount options=(rprivate) -> /snap/vanguard/42/usr/*/, ++- umount /snap/vanguard/42/usr/, ++- umount /snap/vanguard/42/usr/*, ++- umount /snap/vanguard/42/usr/*/, +++ "/snap/vanguard/42/usr/" r, +++ "/tmp/.snap/snap/vanguard/42/usr/" rw, +++ mount options=(rbind, rw) "/snap/vanguard/42/usr/" -> "/tmp/.snap/snap/vanguard/42/usr/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/vanguard/42/usr/", +++ "/tmp/.snap/snap/vanguard/42/usr/*/" rw, +++ "/snap/vanguard/42/usr/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/vanguard/42/usr/*/" -> "/snap/vanguard/42/usr/*/", +++ "/tmp/.snap/snap/vanguard/42/usr/*" rw, +++ "/snap/vanguard/42/usr/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/vanguard/42/usr/*" -> "/snap/vanguard/42/usr/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/vanguard/42/usr/", +++ umount "/tmp/.snap/snap/vanguard/42/usr/", +++ mount options=(rprivate) -> "/snap/vanguard/42/usr/", +++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*", +++ mount options=(rprivate) -> "/snap/vanguard/42/usr/*/", +++ umount "/snap/vanguard/42/usr/", +++ umount "/snap/vanguard/42/usr/*", +++ umount "/snap/vanguard/42/usr/*/", ++ ` ++ // Find the slice that describes profile1 by looking for the first unique ++ // line of the next profile. ++@@ -409,46 +409,46 @@ func (s *specSuite) TestApparmorSnippets ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1) ++ ++ profile2 := ` # Layout /var/cache/mylink: symlink $SNAP_DATA/link/target ++- /var/cache/mylink rw, +++ "/var/cache/mylink" rw, ++ # Writable mimic /var/cache ++ # .. variant with mimic at /var/ ++- /var/ r, ++- /tmp/.snap/var/ rw, ++- mount options=(rbind, rw) /var/ -> /tmp/.snap/var/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /var/, ++- /tmp/.snap/var/*/ rw, ++- /var/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/var/*/ -> /var/*/, ++- /tmp/.snap/var/* rw, ++- /var/* rw, ++- mount options=(bind, rw) /tmp/.snap/var/* -> /var/*, ++- mount options=(rprivate) -> /tmp/.snap/var/, ++- umount /tmp/.snap/var/, ++- mount options=(rprivate) -> /var/, ++- mount options=(rprivate) -> /var/*, ++- mount options=(rprivate) -> /var/*/, ++- umount /var/, ++- umount /var/*, ++- umount /var/*/, +++ "/var/" r, +++ "/tmp/.snap/var/" rw, +++ mount options=(rbind, rw) "/var/" -> "/tmp/.snap/var/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/", +++ "/tmp/.snap/var/*/" rw, +++ "/var/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/var/*/" -> "/var/*/", +++ "/tmp/.snap/var/*" rw, +++ "/var/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/var/*" -> "/var/*", +++ mount options=(rprivate) -> "/tmp/.snap/var/", +++ umount "/tmp/.snap/var/", +++ mount options=(rprivate) -> "/var/", +++ mount options=(rprivate) -> "/var/*", +++ mount options=(rprivate) -> "/var/*/", +++ umount "/var/", +++ umount "/var/*", +++ umount "/var/*/", ++ # .. variant with mimic at /var/cache/ ++- /var/cache/ r, ++- /tmp/.snap/var/cache/ rw, ++- mount options=(rbind, rw) /var/cache/ -> /tmp/.snap/var/cache/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /var/cache/, ++- /tmp/.snap/var/cache/*/ rw, ++- /var/cache/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/var/cache/*/ -> /var/cache/*/, ++- /tmp/.snap/var/cache/* rw, ++- /var/cache/* rw, ++- mount options=(bind, rw) /tmp/.snap/var/cache/* -> /var/cache/*, ++- mount options=(rprivate) -> /tmp/.snap/var/cache/, ++- umount /tmp/.snap/var/cache/, ++- mount options=(rprivate) -> /var/cache/, ++- mount options=(rprivate) -> /var/cache/*, ++- mount options=(rprivate) -> /var/cache/*/, ++- umount /var/cache/, ++- umount /var/cache/*, ++- umount /var/cache/*/, +++ "/var/cache/" r, +++ "/tmp/.snap/var/cache/" rw, +++ mount options=(rbind, rw) "/var/cache/" -> "/tmp/.snap/var/cache/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/var/cache/", +++ "/tmp/.snap/var/cache/*/" rw, +++ "/var/cache/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/var/cache/*/" -> "/var/cache/*/", +++ "/tmp/.snap/var/cache/*" rw, +++ "/var/cache/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/var/cache/*" -> "/var/cache/*", +++ mount options=(rprivate) -> "/tmp/.snap/var/cache/", +++ umount "/tmp/.snap/var/cache/", +++ mount options=(rprivate) -> "/var/cache/", +++ mount options=(rprivate) -> "/var/cache/*", +++ mount options=(rprivate) -> "/var/cache/*/", +++ umount "/var/cache/", +++ umount "/var/cache/*", +++ umount "/var/cache/*/", ++ ` ++ // Find the slice that describes profile2 by looking for the first unique ++ // line of the next profile. ++@@ -457,9 +457,9 @@ func (s *specSuite) TestApparmorSnippets ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2) ++ ++ profile3 := ` # Layout /var/tmp: type tmpfs, mode: 01777 ++- mount fstype=tmpfs tmpfs -> /var/tmp/, ++- mount options=(rprivate) -> /var/tmp/, ++- umount /var/tmp/, +++ mount fstype=tmpfs tmpfs -> "/var/tmp/", +++ mount options=(rprivate) -> "/var/tmp/", +++ umount "/var/tmp/", ++ # Writable mimic /var ++ ` ++ // Find the slice that describes profile2 by looking till the end of the list. ++Index: snapd-2.49/interfaces/apparmor/template.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/apparmor/template.go +++++ snapd-2.49/interfaces/apparmor/template.go ++@@ -453,6 +453,9 @@ var templateCommon = ` ++ /run/lock/ r, ++ /run/lock/snap.@{SNAP_INSTANCE_NAME}/ rw, ++ /run/lock/snap.@{SNAP_INSTANCE_NAME}/** mrwklix, +++ +++ +++ ###DEVMODE_SNAP_CONFINE### ++ ` ++ ++ var templateFooter = ` ++Index: snapd-2.49/interfaces/backend.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/backend.go +++++ snapd-2.49/interfaces/backend.go ++@@ -70,6 +70,12 @@ type ConfinementOptions struct { ++ type SecurityBackendOptions struct { ++ // Preseed flag is set when snapd runs in preseed mode. ++ Preseed bool +++ // CoreSnapInfo is the current revision of the core snap (if it is +++ // installed) +++ CoreSnapInfo *snap.Info +++ // SnapdSnapInfo is the current revision of the snapd snap (if it is +++ // installed) +++ SnapdSnapInfo *snap.Info ++ } ++ ++ // SecurityBackend abstracts interactions between the interface system and the ++Index: snapd-2.49/interfaces/builtin/common_files.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/builtin/common_files.go +++++ snapd-2.49/interfaces/builtin/common_files.go ++@@ -27,6 +27,7 @@ import ( ++ ++ "github.com/snapcore/snapd/interfaces" ++ "github.com/snapcore/snapd/interfaces/apparmor" +++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor" ++ "github.com/snapcore/snapd/snap" ++ ) ++ ++@@ -110,7 +111,7 @@ func (iface *commonFilesInterface) valid ++ if strings.Contains(p, "~") { ++ return fmt.Errorf(`%q cannot contain "~"`, p) ++ } ++- if err := apparmor.ValidateNoAppArmorRegexp(p); err != nil { +++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(p); err != nil { ++ return err ++ } ++ ++Index: snapd-2.49/interfaces/builtin/content.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/builtin/content.go +++++ snapd-2.49/interfaces/builtin/content.go ++@@ -29,6 +29,7 @@ import ( ++ "github.com/snapcore/snapd/interfaces/apparmor" ++ "github.com/snapcore/snapd/interfaces/mount" ++ "github.com/snapcore/snapd/osutil" +++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor" ++ "github.com/snapcore/snapd/snap" ++ ) ++ ++@@ -68,6 +69,16 @@ func cleanSubPath(path string) bool { ++ return filepath.Clean(path) == path && path != ".." && !strings.HasPrefix(path, "../") ++ } ++ +++func validatePath(path string) error { +++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(path); err != nil { +++ return fmt.Errorf("content interface path is invalid: %v", err) +++ } +++ if ok := cleanSubPath(path); !ok { +++ return fmt.Errorf("content interface path is not clean: %q", path) +++ } +++ return nil +++} +++ ++ func (iface *contentInterface) BeforePrepareSlot(slot *snap.SlotInfo) error { ++ content, ok := slot.Attrs["content"].(string) ++ if !ok || len(content) == 0 { ++@@ -102,8 +113,8 @@ func (iface *contentInterface) BeforePre ++ paths := rpath ++ paths = append(paths, wpath...) ++ for _, p := range paths { ++- if !cleanSubPath(p) { ++- return fmt.Errorf("content interface path is not clean: %q", p) +++ if err := validatePath(p); err != nil { +++ return err ++ } ++ } ++ return nil ++@@ -122,8 +133,8 @@ func (iface *contentInterface) BeforePre ++ if !ok || len(target) == 0 { ++ return fmt.Errorf("content plug must contain target path") ++ } ++- if !cleanSubPath(target) { ++- return fmt.Errorf("content interface target path is not clean: %q", target) +++ if err := validatePath(target); err != nil { +++ return err ++ } ++ ++ return nil ++@@ -224,13 +235,13 @@ func (iface *contentInterface) AppArmorC ++ # directory. ++ `) ++ for i, w := range writePaths { ++- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n", +++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n", ++ resolveSpecialVariable(w, slot.Snap())) ++ source, target := sourceTarget(plug, slot, w) ++ emit(" # Read-write content sharing %s -> %s (w#%d)\n", plug.Ref(), slot.Ref(), i) ++- emit(" mount options=(bind, rw) %s/ -> %s{,-[0-9]*}/,\n", source, target) ++- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target) ++- emit(" umount %s{,-[0-9]*}/,\n", target) +++ emit(" mount options=(bind, rw) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target) +++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target) +++ emit(" umount \"%s{,-[0-9]*}/\",\n", target) ++ // TODO: The assumed prefix depth could be optimized to be more ++ // precise since content sharing can only take place in a fixed ++ // list of places with well-known paths (well, constrained set of ++@@ -249,15 +260,15 @@ func (iface *contentInterface) AppArmorC ++ # read-only. ++ `) ++ for i, r := range readPaths { ++- fmt.Fprintf(contentSnippet, "%s/** mrkix,\n", +++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrkix,\n", ++ resolveSpecialVariable(r, slot.Snap())) ++ ++ source, target := sourceTarget(plug, slot, r) ++ emit(" # Read-only content sharing %s -> %s (r#%d)\n", plug.Ref(), slot.Ref(), i) ++- emit(" mount options=(bind) %s/ -> %s{,-[0-9]*}/,\n", source, target) ++- emit(" remount options=(bind, ro) %s{,-[0-9]*}/,\n", target) ++- emit(" mount options=(rprivate) -> %s{,-[0-9]*}/,\n", target) ++- emit(" umount %s{,-[0-9]*}/,\n", target) +++ emit(" mount options=(bind) \"%s/\" -> \"%s{,-[0-9]*}/\",\n", source, target) +++ emit(" remount options=(bind, ro) \"%s{,-[0-9]*}/\",\n", target) +++ emit(" mount options=(rprivate) -> \"%s{,-[0-9]*}/\",\n", target) +++ emit(" umount \"%s{,-[0-9]*}/\",\n", target) ++ // Look at the TODO comment above. ++ apparmor.GenWritableProfile(emit, source, 1) ++ apparmor.GenWritableProfile(emit, target, 1) ++@@ -281,7 +292,7 @@ func (iface *contentInterface) AppArmorC ++ `) ++ for _, w := range writePaths { ++ _, target := sourceTarget(plug, slot, w) ++- fmt.Fprintf(contentSnippet, "%s/** mrwklix,\n", +++ fmt.Fprintf(contentSnippet, "\"%s/**\" mrwklix,\n", ++ target) ++ } ++ } ++Index: snapd-2.49/interfaces/builtin/content_test.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/builtin/content_test.go +++++ snapd-2.49/interfaces/builtin/content_test.go ++@@ -194,7 +194,22 @@ plugs: ++ ` ++ info := snaptest.MockInfo(c, mockSnapYaml, nil) ++ plug := info.Plugs["content-plug"] ++- c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface target path is not clean:.*") +++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, "content interface path is not clean:.*") +++} +++ +++func (s *ContentSuite) TestSanitizePlugApparmorInterpretedChar(c *C) { +++ const mockSnapYaml = `name: content-slot-snap +++version: 1.0 +++plugs: +++ content-plug: +++ interface: content +++ content: mycont +++ target: foo"bar +++` +++ info := snaptest.MockInfo(c, mockSnapYaml, nil) +++ plug := info.Plugs["content-plug"] +++ c.Assert(interfaces.BeforePreparePlug(s.iface, plug), ErrorMatches, +++ `content interface path is invalid: "foo\\"bar" contains a reserved apparmor char.*`) ++ } ++ ++ func (s *ContentSuite) TestSanitizePlugNilAttrMap(c *C) { ++@@ -223,6 +238,22 @@ apps: ++ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches, "read or write path must be set") ++ } ++ +++func (s *ContentSuite) TestSanitizeSlotApparmorInterpretedChar(c *C) { +++ const mockSnapYaml = `name: content-slot-snap +++version: 1.0 +++slots: +++ content-plug: +++ interface: content +++ source: +++ read: [$SNAP/shared] +++ write: ["$SNAP_DATA/foo}bar"] +++` +++ info := snaptest.MockInfo(c, mockSnapYaml, nil) +++ slot := info.Slots["content-plug"] +++ c.Assert(interfaces.BeforePrepareSlot(s.iface, slot), ErrorMatches, +++ `content interface path is invalid: "\$SNAP_DATA/foo}bar" contains a reserved apparmor char.*`) +++} +++ ++ func (s *ContentSuite) TestResolveSpecialVariable(c *C) { ++ info := snaptest.MockInfo(c, "{name: name, version: 0}", &snap.SideInfo{Revision: snap.R(42)}) ++ c.Check(builtin.ResolveSpecialVariable("$SNAP/foo", info), Equals, filepath.Join(dirs.CoreSnapMountDir, "name/42/foo")) ++@@ -310,143 +341,143 @@ slots: ++ # In addition to the bind mount, add any AppArmor rules so that ++ # snaps may directly access the slot implementation's files ++ # read-only. ++-/snap/producer/5/export/** mrkix, +++"/snap/producer/5/export/**" mrkix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected) ++ ++ updateNS := apparmorSpec.UpdateNS() ++ profile0 := ` # Read-only content sharing consumer:content -> producer:content (r#0) ++- mount options=(bind) /snap/producer/5/export/ -> /snap/consumer/7/import{,-[0-9]*}/, ++- remount options=(bind, ro) /snap/consumer/7/import{,-[0-9]*}/, ++- mount options=(rprivate) -> /snap/consumer/7/import{,-[0-9]*}/, ++- umount /snap/consumer/7/import{,-[0-9]*}/, +++ mount options=(bind) "/snap/producer/5/export/" -> "/snap/consumer/7/import{,-[0-9]*}/", +++ remount options=(bind, ro) "/snap/consumer/7/import{,-[0-9]*}/", +++ mount options=(rprivate) -> "/snap/consumer/7/import{,-[0-9]*}/", +++ umount "/snap/consumer/7/import{,-[0-9]*}/", ++ # Writable mimic /snap/producer/5 ++ # .. permissions for traversing the prefix that is assumed to exist ++ # .. variant with mimic at / ++ # Allow reading the mimic directory, it must exist in the first place. ++- / r, +++ "/" r, ++ # Allow setting the read-only directory aside via a bind mount. ++- /tmp/.snap/ rw, ++- mount options=(rbind, rw) / -> /tmp/.snap/, +++ "/tmp/.snap/" rw, +++ mount options=(rbind, rw) "/" -> "/tmp/.snap/", ++ # Allow mounting tmpfs over the read-only directory. ++- mount fstype=tmpfs options=(rw) tmpfs -> /, +++ mount fstype=tmpfs options=(rw) tmpfs -> "/", ++ # Allow creating empty files and directories for bind mounting things ++ # to reconstruct the now-writable parent directory. ++- /tmp/.snap/*/ rw, ++- /*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/, ++- /tmp/.snap/* rw, ++- /* rw, ++- mount options=(bind, rw) /tmp/.snap/* -> /*, +++ "/tmp/.snap/*/" rw, +++ "/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/", +++ "/tmp/.snap/*" rw, +++ "/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*", ++ # Allow unmounting the auxiliary directory. ++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403) ++- mount options=(rprivate) -> /tmp/.snap/, ++- umount /tmp/.snap/, +++ mount options=(rprivate) -> "/tmp/.snap/", +++ umount "/tmp/.snap/", ++ # Allow unmounting the destination directory as well as anything ++ # inside. This lets us perform the undo plan in case the writable ++ # mimic fails. ++- mount options=(rprivate) -> /, ++- mount options=(rprivate) -> /*, ++- mount options=(rprivate) -> /*/, ++- umount /, ++- umount /*, ++- umount /*/, +++ mount options=(rprivate) -> "/", +++ mount options=(rprivate) -> "/*", +++ mount options=(rprivate) -> "/*/", +++ umount "/", +++ umount "/*", +++ umount "/*/", ++ # .. variant with mimic at /snap/ ++- /snap/ r, ++- /tmp/.snap/snap/ rw, ++- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/, ++- /tmp/.snap/snap/*/ rw, ++- /snap/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/, ++- /tmp/.snap/snap/* rw, ++- /snap/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/, ++- umount /tmp/.snap/snap/, ++- mount options=(rprivate) -> /snap/, ++- mount options=(rprivate) -> /snap/*, ++- mount options=(rprivate) -> /snap/*/, ++- umount /snap/, ++- umount /snap/*, ++- umount /snap/*/, +++ "/snap/" r, +++ "/tmp/.snap/snap/" rw, +++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/", +++ "/tmp/.snap/snap/*/" rw, +++ "/snap/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/", +++ "/tmp/.snap/snap/*" rw, +++ "/snap/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/", +++ umount "/tmp/.snap/snap/", +++ mount options=(rprivate) -> "/snap/", +++ mount options=(rprivate) -> "/snap/*", +++ mount options=(rprivate) -> "/snap/*/", +++ umount "/snap/", +++ umount "/snap/*", +++ umount "/snap/*/", ++ # .. variant with mimic at /snap/producer/ ++- /snap/producer/ r, ++- /tmp/.snap/snap/producer/ rw, ++- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/, ++- /tmp/.snap/snap/producer/*/ rw, ++- /snap/producer/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/, ++- /tmp/.snap/snap/producer/* rw, ++- /snap/producer/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/producer/, ++- umount /tmp/.snap/snap/producer/, ++- mount options=(rprivate) -> /snap/producer/, ++- mount options=(rprivate) -> /snap/producer/*, ++- mount options=(rprivate) -> /snap/producer/*/, ++- umount /snap/producer/, ++- umount /snap/producer/*, ++- umount /snap/producer/*/, +++ "/snap/producer/" r, +++ "/tmp/.snap/snap/producer/" rw, +++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/", +++ "/tmp/.snap/snap/producer/*/" rw, +++ "/snap/producer/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/", +++ "/tmp/.snap/snap/producer/*" rw, +++ "/snap/producer/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/", +++ umount "/tmp/.snap/snap/producer/", +++ mount options=(rprivate) -> "/snap/producer/", +++ mount options=(rprivate) -> "/snap/producer/*", +++ mount options=(rprivate) -> "/snap/producer/*/", +++ umount "/snap/producer/", +++ umount "/snap/producer/*", +++ umount "/snap/producer/*/", ++ # .. variant with mimic at /snap/producer/5/ ++- /snap/producer/5/ r, ++- /tmp/.snap/snap/producer/5/ rw, ++- mount options=(rbind, rw) /snap/producer/5/ -> /tmp/.snap/snap/producer/5/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/5/, ++- /tmp/.snap/snap/producer/5/*/ rw, ++- /snap/producer/5/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/producer/5/*/ -> /snap/producer/5/*/, ++- /tmp/.snap/snap/producer/5/* rw, ++- /snap/producer/5/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/producer/5/* -> /snap/producer/5/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/producer/5/, ++- umount /tmp/.snap/snap/producer/5/, ++- mount options=(rprivate) -> /snap/producer/5/, ++- mount options=(rprivate) -> /snap/producer/5/*, ++- mount options=(rprivate) -> /snap/producer/5/*/, ++- umount /snap/producer/5/, ++- umount /snap/producer/5/*, ++- umount /snap/producer/5/*/, +++ "/snap/producer/5/" r, +++ "/tmp/.snap/snap/producer/5/" rw, +++ mount options=(rbind, rw) "/snap/producer/5/" -> "/tmp/.snap/snap/producer/5/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/5/", +++ "/tmp/.snap/snap/producer/5/*/" rw, +++ "/snap/producer/5/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/5/*/" -> "/snap/producer/5/*/", +++ "/tmp/.snap/snap/producer/5/*" rw, +++ "/snap/producer/5/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/producer/5/*" -> "/snap/producer/5/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/5/", +++ umount "/tmp/.snap/snap/producer/5/", +++ mount options=(rprivate) -> "/snap/producer/5/", +++ mount options=(rprivate) -> "/snap/producer/5/*", +++ mount options=(rprivate) -> "/snap/producer/5/*/", +++ umount "/snap/producer/5/", +++ umount "/snap/producer/5/*", +++ umount "/snap/producer/5/*/", ++ # Writable mimic /snap/consumer/7 ++ # .. variant with mimic at /snap/consumer/ ++- /snap/consumer/ r, ++- /tmp/.snap/snap/consumer/ rw, ++- mount options=(rbind, rw) /snap/consumer/ -> /tmp/.snap/snap/consumer/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/, ++- /tmp/.snap/snap/consumer/*/ rw, ++- /snap/consumer/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/consumer/*/ -> /snap/consumer/*/, ++- /tmp/.snap/snap/consumer/* rw, ++- /snap/consumer/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/consumer/* -> /snap/consumer/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/consumer/, ++- umount /tmp/.snap/snap/consumer/, ++- mount options=(rprivate) -> /snap/consumer/, ++- mount options=(rprivate) -> /snap/consumer/*, ++- mount options=(rprivate) -> /snap/consumer/*/, ++- umount /snap/consumer/, ++- umount /snap/consumer/*, ++- umount /snap/consumer/*/, +++ "/snap/consumer/" r, +++ "/tmp/.snap/snap/consumer/" rw, +++ mount options=(rbind, rw) "/snap/consumer/" -> "/tmp/.snap/snap/consumer/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/", +++ "/tmp/.snap/snap/consumer/*/" rw, +++ "/snap/consumer/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/*/" -> "/snap/consumer/*/", +++ "/tmp/.snap/snap/consumer/*" rw, +++ "/snap/consumer/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/*" -> "/snap/consumer/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/", +++ umount "/tmp/.snap/snap/consumer/", +++ mount options=(rprivate) -> "/snap/consumer/", +++ mount options=(rprivate) -> "/snap/consumer/*", +++ mount options=(rprivate) -> "/snap/consumer/*/", +++ umount "/snap/consumer/", +++ umount "/snap/consumer/*", +++ umount "/snap/consumer/*/", ++ # .. variant with mimic at /snap/consumer/7/ ++- /snap/consumer/7/ r, ++- /tmp/.snap/snap/consumer/7/ rw, ++- mount options=(rbind, rw) /snap/consumer/7/ -> /tmp/.snap/snap/consumer/7/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/consumer/7/, ++- /tmp/.snap/snap/consumer/7/*/ rw, ++- /snap/consumer/7/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/consumer/7/*/ -> /snap/consumer/7/*/, ++- /tmp/.snap/snap/consumer/7/* rw, ++- /snap/consumer/7/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/consumer/7/* -> /snap/consumer/7/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/consumer/7/, ++- umount /tmp/.snap/snap/consumer/7/, ++- mount options=(rprivate) -> /snap/consumer/7/, ++- mount options=(rprivate) -> /snap/consumer/7/*, ++- mount options=(rprivate) -> /snap/consumer/7/*/, ++- umount /snap/consumer/7/, ++- umount /snap/consumer/7/*, ++- umount /snap/consumer/7/*/, +++ "/snap/consumer/7/" r, +++ "/tmp/.snap/snap/consumer/7/" rw, +++ mount options=(rbind, rw) "/snap/consumer/7/" -> "/tmp/.snap/snap/consumer/7/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/consumer/7/", +++ "/tmp/.snap/snap/consumer/7/*/" rw, +++ "/snap/consumer/7/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/consumer/7/*/" -> "/snap/consumer/7/*/", +++ "/tmp/.snap/snap/consumer/7/*" rw, +++ "/snap/consumer/7/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/consumer/7/*" -> "/snap/consumer/7/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/consumer/7/", +++ umount "/tmp/.snap/snap/consumer/7/", +++ mount options=(rprivate) -> "/snap/consumer/7/", +++ mount options=(rprivate) -> "/snap/consumer/7/*", +++ mount options=(rprivate) -> "/snap/consumer/7/*/", +++ umount "/snap/consumer/7/", +++ umount "/snap/consumer/7/*", +++ umount "/snap/consumer/7/*/", ++ ` ++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0) ++ } ++@@ -493,25 +524,25 @@ slots: ++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these ++ # are needed for using named sockets within the exported ++ # directory. ++-/var/snap/producer/5/export/** mrwklix, +++"/var/snap/producer/5/export/**" mrwklix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected) ++ ++ updateNS := apparmorSpec.UpdateNS() ++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0) ++- mount options=(bind, rw) /var/snap/producer/5/export/ -> /var/snap/consumer/7/import{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/7/import{,-[0-9]*}/, ++- umount /var/snap/consumer/7/import{,-[0-9]*}/, +++ mount options=(bind, rw) "/var/snap/producer/5/export/" -> "/var/snap/consumer/7/import{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/7/import{,-[0-9]*}/", +++ umount "/var/snap/consumer/7/import{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/5/export ++- /var/snap/producer/5/export/ rw, ++- /var/snap/producer/5/ rw, ++- /var/snap/producer/ rw, +++ "/var/snap/producer/5/export/" rw, +++ "/var/snap/producer/5/" rw, +++ "/var/snap/producer/" rw, ++ # Writable directory /var/snap/consumer/7/import ++- /var/snap/consumer/7/import/ rw, ++- /var/snap/consumer/7/ rw, ++- /var/snap/consumer/ rw, +++ "/var/snap/consumer/7/import/" rw, +++ "/var/snap/consumer/7/" rw, +++ "/var/snap/consumer/" rw, ++ # Writable directory /var/snap/consumer/7/import-[0-9]* ++- /var/snap/consumer/7/import-[0-9]*/ rw, +++ "/var/snap/consumer/7/import-[0-9]*/" rw, ++ ` ++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0) ++ } ++@@ -558,25 +589,25 @@ slots: ++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these ++ # are needed for using named sockets within the exported ++ # directory. ++-/var/snap/producer/common/export/** mrwklix, +++"/var/snap/producer/common/export/**" mrwklix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected) ++ ++ updateNS := apparmorSpec.UpdateNS() ++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0) ++- mount options=(bind, rw) /var/snap/producer/common/export/ -> /var/snap/consumer/common/import{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import{,-[0-9]*}/, +++ mount options=(bind, rw) "/var/snap/producer/common/export/" -> "/var/snap/consumer/common/import{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/common/export ++- /var/snap/producer/common/export/ rw, ++- /var/snap/producer/common/ rw, ++- /var/snap/producer/ rw, +++ "/var/snap/producer/common/export/" rw, +++ "/var/snap/producer/common/" rw, +++ "/var/snap/producer/" rw, ++ # Writable directory /var/snap/consumer/common/import ++- /var/snap/consumer/common/import/ rw, ++- /var/snap/consumer/common/ rw, ++- /var/snap/consumer/ rw, +++ "/var/snap/consumer/common/import/" rw, +++ "/var/snap/consumer/common/" rw, +++ "/var/snap/consumer/" rw, ++ # Writable directory /var/snap/consumer/common/import-[0-9]* ++- /var/snap/consumer/common/import-[0-9]*/ rw, +++ "/var/snap/consumer/common/import-[0-9]*/" rw, ++ ` ++ c.Assert(strings.Join(updateNS[:], ""), Equals, profile0) ++ } ++@@ -650,34 +681,34 @@ slots: ++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these ++ # are needed for using named sockets within the exported ++ # directory. ++-/var/snap/producer/common/write-common/** mrwklix, ++-/var/snap/producer/2/write-data/** mrwklix, +++"/var/snap/producer/common/write-common/**" mrwklix, +++"/var/snap/producer/2/write-data/**" mrwklix, ++ ++ # In addition to the bind mount, add any AppArmor rules so that ++ # snaps may directly access the slot implementation's files ++ # read-only. ++-/var/snap/producer/common/read-common/** mrkix, ++-/var/snap/producer/2/read-data/** mrkix, ++-/snap/producer/2/read-snap/** mrkix, +++"/var/snap/producer/common/read-common/**" mrkix, +++"/var/snap/producer/2/read-data/**" mrkix, +++"/snap/producer/2/read-snap/**" mrkix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected) ++ ++ updateNS := apparmorSpec.UpdateNS() ++ profile0 := ` # Read-write content sharing consumer:content -> producer:content (w#0) ++- mount options=(bind, rw) /var/snap/producer/common/write-common/ -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import/write-common{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import/write-common{,-[0-9]*}/, +++ mount options=(bind, rw) "/var/snap/producer/common/write-common/" -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-common{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import/write-common{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/common/write-common ++- /var/snap/producer/common/write-common/ rw, ++- /var/snap/producer/common/ rw, ++- /var/snap/producer/ rw, +++ "/var/snap/producer/common/write-common/" rw, +++ "/var/snap/producer/common/" rw, +++ "/var/snap/producer/" rw, ++ # Writable directory /var/snap/consumer/common/import/write-common ++- /var/snap/consumer/common/import/write-common/ rw, ++- /var/snap/consumer/common/import/ rw, ++- /var/snap/consumer/common/ rw, ++- /var/snap/consumer/ rw, +++ "/var/snap/consumer/common/import/write-common/" rw, +++ "/var/snap/consumer/common/import/" rw, +++ "/var/snap/consumer/common/" rw, +++ "/var/snap/consumer/" rw, ++ # Writable directory /var/snap/consumer/common/import/write-common-[0-9]* ++- /var/snap/consumer/common/import/write-common-[0-9]*/ rw, +++ "/var/snap/consumer/common/import/write-common-[0-9]*/" rw, ++ ` ++ // Find the slice that describes profile0 by looking for the first unique ++ // line of the next profile. ++@@ -686,16 +717,16 @@ slots: ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile0) ++ ++ profile1 := ` # Read-write content sharing consumer:content -> producer:content (w#1) ++- mount options=(bind, rw) /var/snap/producer/2/write-data/ -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import/write-data{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import/write-data{,-[0-9]*}/, +++ mount options=(bind, rw) "/var/snap/producer/2/write-data/" -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import/write-data{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import/write-data{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/2/write-data ++- /var/snap/producer/2/write-data/ rw, ++- /var/snap/producer/2/ rw, +++ "/var/snap/producer/2/write-data/" rw, +++ "/var/snap/producer/2/" rw, ++ # Writable directory /var/snap/consumer/common/import/write-data ++- /var/snap/consumer/common/import/write-data/ rw, +++ "/var/snap/consumer/common/import/write-data/" rw, ++ # Writable directory /var/snap/consumer/common/import/write-data-[0-9]* ++- /var/snap/consumer/common/import/write-data-[0-9]*/ rw, +++ "/var/snap/consumer/common/import/write-data-[0-9]*/" rw, ++ ` ++ // Find the slice that describes profile1 by looking for the first unique ++ // line of the next profile. ++@@ -704,16 +735,16 @@ slots: ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile1) ++ ++ profile2 := ` # Read-only content sharing consumer:content -> producer:content (r#0) ++- mount options=(bind) /var/snap/producer/common/read-common/ -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/, ++- remount options=(bind, ro) /var/snap/consumer/common/import/read-common{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-common{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import/read-common{,-[0-9]*}/, +++ mount options=(bind) "/var/snap/producer/common/read-common/" -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/", +++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-common{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-common{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import/read-common{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/common/read-common ++- /var/snap/producer/common/read-common/ rw, +++ "/var/snap/producer/common/read-common/" rw, ++ # Writable directory /var/snap/consumer/common/import/read-common ++- /var/snap/consumer/common/import/read-common/ rw, +++ "/var/snap/consumer/common/import/read-common/" rw, ++ # Writable directory /var/snap/consumer/common/import/read-common-[0-9]* ++- /var/snap/consumer/common/import/read-common-[0-9]*/ rw, +++ "/var/snap/consumer/common/import/read-common-[0-9]*/" rw, ++ ` ++ // Find the slice that describes profile2 by looking for the first unique ++ // line of the next profile. ++@@ -722,16 +753,16 @@ slots: ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile2) ++ ++ profile3 := ` # Read-only content sharing consumer:content -> producer:content (r#1) ++- mount options=(bind) /var/snap/producer/2/read-data/ -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/, ++- remount options=(bind, ro) /var/snap/consumer/common/import/read-data{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-data{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import/read-data{,-[0-9]*}/, +++ mount options=(bind) "/var/snap/producer/2/read-data/" -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/", +++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-data{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-data{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import/read-data{,-[0-9]*}/", ++ # Writable directory /var/snap/producer/2/read-data ++- /var/snap/producer/2/read-data/ rw, +++ "/var/snap/producer/2/read-data/" rw, ++ # Writable directory /var/snap/consumer/common/import/read-data ++- /var/snap/consumer/common/import/read-data/ rw, +++ "/var/snap/consumer/common/import/read-data/" rw, ++ # Writable directory /var/snap/consumer/common/import/read-data-[0-9]* ++- /var/snap/consumer/common/import/read-data-[0-9]*/ rw, +++ "/var/snap/consumer/common/import/read-data-[0-9]*/" rw, ++ ` ++ // Find the slice that describes profile3 by looking for the first unique ++ // line of the next profile. ++@@ -740,102 +771,102 @@ slots: ++ c.Assert(strings.Join(updateNS[start:end], ""), Equals, profile3) ++ ++ profile4 := ` # Read-only content sharing consumer:content -> producer:content (r#2) ++- mount options=(bind) /snap/producer/2/read-snap/ -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/, ++- remount options=(bind, ro) /var/snap/consumer/common/import/read-snap{,-[0-9]*}/, ++- mount options=(rprivate) -> /var/snap/consumer/common/import/read-snap{,-[0-9]*}/, ++- umount /var/snap/consumer/common/import/read-snap{,-[0-9]*}/, +++ mount options=(bind) "/snap/producer/2/read-snap/" -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/", +++ remount options=(bind, ro) "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/", +++ mount options=(rprivate) -> "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/", +++ umount "/var/snap/consumer/common/import/read-snap{,-[0-9]*}/", ++ # Writable mimic /snap/producer/2 ++ # .. permissions for traversing the prefix that is assumed to exist ++ # .. variant with mimic at / ++ # Allow reading the mimic directory, it must exist in the first place. ++- / r, +++ "/" r, ++ # Allow setting the read-only directory aside via a bind mount. ++- /tmp/.snap/ rw, ++- mount options=(rbind, rw) / -> /tmp/.snap/, +++ "/tmp/.snap/" rw, +++ mount options=(rbind, rw) "/" -> "/tmp/.snap/", ++ # Allow mounting tmpfs over the read-only directory. ++- mount fstype=tmpfs options=(rw) tmpfs -> /, +++ mount fstype=tmpfs options=(rw) tmpfs -> "/", ++ # Allow creating empty files and directories for bind mounting things ++ # to reconstruct the now-writable parent directory. ++- /tmp/.snap/*/ rw, ++- /*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/*/ -> /*/, ++- /tmp/.snap/* rw, ++- /* rw, ++- mount options=(bind, rw) /tmp/.snap/* -> /*, +++ "/tmp/.snap/*/" rw, +++ "/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/*/" -> "/*/", +++ "/tmp/.snap/*" rw, +++ "/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/*" -> "/*", ++ # Allow unmounting the auxiliary directory. ++ # TODO: use fstype=tmpfs here for more strictness (LP: #1613403) ++- mount options=(rprivate) -> /tmp/.snap/, ++- umount /tmp/.snap/, +++ mount options=(rprivate) -> "/tmp/.snap/", +++ umount "/tmp/.snap/", ++ # Allow unmounting the destination directory as well as anything ++ # inside. This lets us perform the undo plan in case the writable ++ # mimic fails. ++- mount options=(rprivate) -> /, ++- mount options=(rprivate) -> /*, ++- mount options=(rprivate) -> /*/, ++- umount /, ++- umount /*, ++- umount /*/, +++ mount options=(rprivate) -> "/", +++ mount options=(rprivate) -> "/*", +++ mount options=(rprivate) -> "/*/", +++ umount "/", +++ umount "/*", +++ umount "/*/", ++ # .. variant with mimic at /snap/ ++- /snap/ r, ++- /tmp/.snap/snap/ rw, ++- mount options=(rbind, rw) /snap/ -> /tmp/.snap/snap/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/, ++- /tmp/.snap/snap/*/ rw, ++- /snap/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/*/ -> /snap/*/, ++- /tmp/.snap/snap/* rw, ++- /snap/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/* -> /snap/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/, ++- umount /tmp/.snap/snap/, ++- mount options=(rprivate) -> /snap/, ++- mount options=(rprivate) -> /snap/*, ++- mount options=(rprivate) -> /snap/*/, ++- umount /snap/, ++- umount /snap/*, ++- umount /snap/*/, +++ "/snap/" r, +++ "/tmp/.snap/snap/" rw, +++ mount options=(rbind, rw) "/snap/" -> "/tmp/.snap/snap/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/", +++ "/tmp/.snap/snap/*/" rw, +++ "/snap/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/*/" -> "/snap/*/", +++ "/tmp/.snap/snap/*" rw, +++ "/snap/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/*" -> "/snap/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/", +++ umount "/tmp/.snap/snap/", +++ mount options=(rprivate) -> "/snap/", +++ mount options=(rprivate) -> "/snap/*", +++ mount options=(rprivate) -> "/snap/*/", +++ umount "/snap/", +++ umount "/snap/*", +++ umount "/snap/*/", ++ # .. variant with mimic at /snap/producer/ ++- /snap/producer/ r, ++- /tmp/.snap/snap/producer/ rw, ++- mount options=(rbind, rw) /snap/producer/ -> /tmp/.snap/snap/producer/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/, ++- /tmp/.snap/snap/producer/*/ rw, ++- /snap/producer/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/producer/*/ -> /snap/producer/*/, ++- /tmp/.snap/snap/producer/* rw, ++- /snap/producer/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/producer/* -> /snap/producer/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/producer/, ++- umount /tmp/.snap/snap/producer/, ++- mount options=(rprivate) -> /snap/producer/, ++- mount options=(rprivate) -> /snap/producer/*, ++- mount options=(rprivate) -> /snap/producer/*/, ++- umount /snap/producer/, ++- umount /snap/producer/*, ++- umount /snap/producer/*/, +++ "/snap/producer/" r, +++ "/tmp/.snap/snap/producer/" rw, +++ mount options=(rbind, rw) "/snap/producer/" -> "/tmp/.snap/snap/producer/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/", +++ "/tmp/.snap/snap/producer/*/" rw, +++ "/snap/producer/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/*/" -> "/snap/producer/*/", +++ "/tmp/.snap/snap/producer/*" rw, +++ "/snap/producer/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/producer/*" -> "/snap/producer/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/", +++ umount "/tmp/.snap/snap/producer/", +++ mount options=(rprivate) -> "/snap/producer/", +++ mount options=(rprivate) -> "/snap/producer/*", +++ mount options=(rprivate) -> "/snap/producer/*/", +++ umount "/snap/producer/", +++ umount "/snap/producer/*", +++ umount "/snap/producer/*/", ++ # .. variant with mimic at /snap/producer/2/ ++- /snap/producer/2/ r, ++- /tmp/.snap/snap/producer/2/ rw, ++- mount options=(rbind, rw) /snap/producer/2/ -> /tmp/.snap/snap/producer/2/, ++- mount fstype=tmpfs options=(rw) tmpfs -> /snap/producer/2/, ++- /tmp/.snap/snap/producer/2/*/ rw, ++- /snap/producer/2/*/ rw, ++- mount options=(rbind, rw) /tmp/.snap/snap/producer/2/*/ -> /snap/producer/2/*/, ++- /tmp/.snap/snap/producer/2/* rw, ++- /snap/producer/2/* rw, ++- mount options=(bind, rw) /tmp/.snap/snap/producer/2/* -> /snap/producer/2/*, ++- mount options=(rprivate) -> /tmp/.snap/snap/producer/2/, ++- umount /tmp/.snap/snap/producer/2/, ++- mount options=(rprivate) -> /snap/producer/2/, ++- mount options=(rprivate) -> /snap/producer/2/*, ++- mount options=(rprivate) -> /snap/producer/2/*/, ++- umount /snap/producer/2/, ++- umount /snap/producer/2/*, ++- umount /snap/producer/2/*/, +++ "/snap/producer/2/" r, +++ "/tmp/.snap/snap/producer/2/" rw, +++ mount options=(rbind, rw) "/snap/producer/2/" -> "/tmp/.snap/snap/producer/2/", +++ mount fstype=tmpfs options=(rw) tmpfs -> "/snap/producer/2/", +++ "/tmp/.snap/snap/producer/2/*/" rw, +++ "/snap/producer/2/*/" rw, +++ mount options=(rbind, rw) "/tmp/.snap/snap/producer/2/*/" -> "/snap/producer/2/*/", +++ "/tmp/.snap/snap/producer/2/*" rw, +++ "/snap/producer/2/*" rw, +++ mount options=(bind, rw) "/tmp/.snap/snap/producer/2/*" -> "/snap/producer/2/*", +++ mount options=(rprivate) -> "/tmp/.snap/snap/producer/2/", +++ umount "/tmp/.snap/snap/producer/2/", +++ mount options=(rprivate) -> "/snap/producer/2/", +++ mount options=(rprivate) -> "/snap/producer/2/*", +++ mount options=(rprivate) -> "/snap/producer/2/*/", +++ umount "/snap/producer/2/", +++ umount "/snap/producer/2/*", +++ umount "/snap/producer/2/*/", ++ # Writable directory /var/snap/consumer/common/import/read-snap ++- /var/snap/consumer/common/import/read-snap/ rw, +++ "/var/snap/consumer/common/import/read-snap/" rw, ++ # Writable directory /var/snap/consumer/common/import/read-snap-[0-9]* ++- /var/snap/consumer/common/import/read-snap-[0-9]*/ rw, +++ "/var/snap/consumer/common/import/read-snap-[0-9]*/" rw, ++ ` ++ // Find the slice that describes profile4 by looking till the end of the list. ++ start = end ++@@ -911,13 +942,13 @@ slots: ++ # In addition to the bind mount, add any AppArmor rules so that ++ # snaps may directly access the slot implementation's files ++ # read-only. ++-/snap/plugin-one/1/plugin/** mrkix, +++"/snap/plugin-one/1/plugin/**" mrkix, ++ ++ ++ # In addition to the bind mount, add any AppArmor rules so that ++ # snaps may directly access the slot implementation's files ++ # read-only. ++-/snap/plugin-two/1/plugin/** mrkix, +++"/snap/plugin-two/1/plugin/**" mrkix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.app.app"), Equals, expected) ++ } ++@@ -975,12 +1006,12 @@ slots: ++ # to a limitation in the kernel's LSM hooks for AF_UNIX, these ++ # are needed for using named sockets within the exported ++ # directory. ++-/var/snap/producer/2/directory/** mrwklix, +++"/var/snap/producer/2/directory/**" mrwklix, ++ ++ # In addition to the bind mount, add any AppArmor rules so that ++ # snaps may directly access the slot implementation's files ++ # read-only. ++-/var/snap/producer/2/directory/** mrkix, +++"/var/snap/producer/2/directory/**" mrkix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.consumer.app"), Equals, expected) ++ } ++@@ -1017,7 +1048,7 @@ apps: ++ # implementation to access the slot's exported files at the plugging ++ # snap's mountpoint to accommodate software where the plugging app ++ # tells the slotting app about files to share. ++-/var/snap/consumer/common/import/** mrwklix, +++"/var/snap/consumer/common/import/**" mrwklix, ++ ` ++ c.Assert(apparmorSpec.SnippetForTag("snap.producer.app"), Equals, expected) ++ } ++Index: snapd-2.49/interfaces/builtin/daemon_notify.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/builtin/daemon_notify.go +++++ snapd-2.49/interfaces/builtin/daemon_notify.go ++@@ -26,6 +26,7 @@ import ( ++ ++ "github.com/snapcore/snapd/interfaces" ++ "github.com/snapcore/snapd/interfaces/apparmor" +++ apparmor_sandbox "github.com/snapcore/snapd/sandbox/apparmor" ++ ) ++ ++ const daemonNotifySummary = `allows sending daemon status changes to service manager` ++@@ -64,7 +65,7 @@ func (iface *daemoNotifyInterface) AppAr ++ // must be an absolute path or an abstract socket path ++ return fmt.Errorf("cannot use %q as notify socket path: not absolute", notifySocket) ++ } ++- if err := apparmor.ValidateNoAppArmorRegexp(notifySocket); err != nil { +++ if err := apparmor_sandbox.ValidateNoAppArmorRegexp(notifySocket); err != nil { ++ return fmt.Errorf("cannot use %q as notify socket path: %s", notifySocket, err) ++ } ++ ++Index: snapd-2.49/interfaces/ifacetest/backendtest.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/ifacetest/backendtest.go +++++ snapd-2.49/interfaces/ifacetest/backendtest.go ++@@ -42,7 +42,15 @@ type BackendSuite struct { ++ testutil.BaseTest ++ } ++ +++// CoreSnapInfo is set in SetupSuite +++var DefaultInitializeOpts = &interfaces.SecurityBackendOptions{} +++ ++ func (s *BackendSuite) SetUpTest(c *C) { +++ coreSnapPlaceInfo := snap.MinimalPlaceInfo("core", snap.Revision{N: 123}) +++ snInfo, ok := coreSnapPlaceInfo.(*snap.Info) +++ c.Assert(ok, Equals, true) +++ DefaultInitializeOpts.CoreSnapInfo = snInfo +++ ++ // Isolate this test to a temporary directory ++ s.RootDir = c.MkDir() ++ dirs.SetRootDir(s.RootDir) ++Index: snapd-2.49/interfaces/seccomp/backend_test.go ++=================================================================== ++--- snapd-2.49.orig/interfaces/seccomp/backend_test.go +++++ snapd-2.49/interfaces/seccomp/backend_test.go ++@@ -175,7 +175,7 @@ fi`) ++ c.Check(s.snapSeccomp.Calls(), HasLen, 0) ++ // ensure the snap-seccomp from the core snap was used instead ++ c.Check(snapSeccompOnCore.Calls(), DeepEquals, [][]string{ ++- {"snap-seccomp", "version-info"}, +++ {"snap-seccomp", "version-info"}, // from Initialize() ++ {"snap-seccomp", "compile", profile + ".src", profile + ".bin"}, ++ }) ++ raw, err := ioutil.ReadFile(profile + ".src") ++Index: snapd-2.49/overlord/devicestate/firstboot_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/devicestate/firstboot_test.go +++++ snapd-2.49/overlord/devicestate/firstboot_test.go ++@@ -24,6 +24,7 @@ import ( ++ "io/ioutil" ++ "os" ++ "path/filepath" +++ "runtime" ++ "strconv" ++ "strings" ++ "time" ++@@ -76,6 +77,11 @@ type firstBootBaseTest struct { ++ func (t *firstBootBaseTest) setupBaseTest(c *C, s *seedtest.SeedSnaps) { ++ t.BaseTest.SetUpTest(c) ++ +++ // TODO: temporary: skip due to timeouts on riscv64 +++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" { +++ c.Skip("skipping slow test") +++ } +++ ++ tempdir := c.MkDir() ++ dirs.SetRootDir(tempdir) ++ t.AddCleanup(func() { dirs.SetRootDir("/") }) ++Index: snapd-2.49/overlord/ifacestate/helpers.go ++=================================================================== ++--- snapd-2.49.orig/overlord/ifacestate/helpers.go +++++ snapd-2.49/overlord/ifacestate/helpers.go ++@@ -67,7 +67,39 @@ func (m *InterfaceManager) addInterfaces ++ } ++ ++ func (m *InterfaceManager) addBackends(extra []interfaces.SecurityBackend) error { ++- opts := interfaces.SecurityBackendOptions{Preseed: m.preseed} +++ // get the snapd snap info if it is installed +++ var snapdSnap snapstate.SnapState +++ var snapdSnapInfo *snap.Info +++ err := snapstate.Get(m.state, "snapd", &snapdSnap) +++ if err != nil && err != state.ErrNoState { +++ return fmt.Errorf("cannot access snapd snap state: %v", err) +++ } +++ if err == nil { +++ snapdSnapInfo, err = snapdSnap.CurrentInfo() +++ if err != nil && err != snapstate.ErrNoCurrent { +++ return fmt.Errorf("cannot access snapd snap info: %v", err) +++ } +++ } +++ +++ // get the core snap info if it is installed +++ var coreSnap snapstate.SnapState +++ var coreSnapInfo *snap.Info +++ err = snapstate.Get(m.state, "core", &coreSnap) +++ if err != nil && err != state.ErrNoState { +++ return fmt.Errorf("cannot access core snap state: %v", err) +++ } +++ if err == nil { +++ coreSnapInfo, err = coreSnap.CurrentInfo() +++ if err != nil && err != snapstate.ErrNoCurrent { +++ return fmt.Errorf("cannot access core snap info: %v", err) +++ } +++ } +++ +++ opts := interfaces.SecurityBackendOptions{ +++ Preseed: m.preseed, +++ CoreSnapInfo: coreSnapInfo, +++ SnapdSnapInfo: snapdSnapInfo, +++ } ++ for _, backend := range backends.All { ++ if err := backend.Initialize(&opts); err != nil { ++ return err ++Index: snapd-2.49/overlord/managers_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/managers_test.go +++++ snapd-2.49/overlord/managers_test.go ++@@ -34,6 +34,7 @@ import ( ++ "net/url" ++ "os" ++ "path/filepath" +++ "runtime" ++ "sort" ++ "strings" ++ "time" ++@@ -140,6 +141,11 @@ func verifyLastTasksetIsRerefresh(c *C, ++ func (s *baseMgrsSuite) SetUpTest(c *C) { ++ s.BaseTest.SetUpTest(c) ++ +++ // TODO: temporary: skip due to timeouts on riscv64 +++ if runtime.GOARCH == "riscv64" || os.Getenv("SNAPD_SKIP_SLOW_TESTS") != "" { +++ c.Skip("skipping slow tests") +++ } +++ ++ s.tempdir = c.MkDir() ++ dirs.SetRootDir(s.tempdir) ++ s.AddCleanup(func() { dirs.SetRootDir("") }) ++Index: snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests ++=================================================================== ++--- snapd-2.49.orig/packaging/ubuntu-16.04/tests/integrationtests +++++ snapd-2.49/packaging/ubuntu-16.04/tests/integrationtests ++@@ -74,6 +74,9 @@ backends: ++ - adt-local: ++ username: ubuntu ++ password: ubuntu +++prepare: | +++ # Copy external tools from the subtree to the "$TESTSLIB"/tools directory +++ cp -f "$TESTSLIB"/external/snapd-testing-tools/tools/* "$TESTSTOOLS" ++ suites: ++ tests/smoke/: ++ summary: Essenial system level tests for snapd ++Index: snapd-2.49/sandbox/apparmor/apparmor.go ++=================================================================== ++--- snapd-2.49.orig/sandbox/apparmor/apparmor.go +++++ snapd-2.49/sandbox/apparmor/apparmor.go ++@@ -35,6 +35,19 @@ import ( ++ "github.com/snapcore/snapd/strutil" ++ ) ++ +++// ValidateNoAppArmorRegexp will check that the given string does not +++// contain AppArmor regular expressions (AARE), double quotes or \0. +++// Note that to check the inverse of this, that is that a string has +++// valid AARE, one should use interfaces/utils.NewPathPattern(). +++func ValidateNoAppArmorRegexp(s string) error { +++ const AARE = `?*[]{}^"` + "\x00" +++ +++ if strings.ContainsAny(s, AARE) { +++ return fmt.Errorf("%q contains a reserved apparmor char from %s", s, AARE) +++ } +++ return nil +++} +++ ++ // LevelType encodes the kind of support for apparmor ++ // found on this system. ++ type LevelType int ++Index: snapd-2.49/sandbox/apparmor/apparmor_test.go ++=================================================================== ++--- snapd-2.49.orig/sandbox/apparmor/apparmor_test.go +++++ snapd-2.49/sandbox/apparmor/apparmor_test.go ++@@ -303,3 +303,19 @@ func (s *apparmorSuite) TestFeaturesProb ++ _, err = apparmor.ParserFeatures() ++ c.Assert(err, IsNil) ++ } +++ +++func (s *apparmorSuite) TestValidateFreeFromAAREUnhappy(c *C) { +++ var testCases = []string{"a?", "*b", "c[c", "dd]", "e{", "f}", "g^", `h"`, "f\000", "g\x00"} +++ +++ for _, s := range testCases { +++ c.Check(apparmor.ValidateNoAppArmorRegexp(s), ErrorMatches, ".* contains a reserved apparmor char from .*", Commentf("%q is not raising an error", s)) +++ } +++} +++ +++func (s *apparmorSuite) TestValidateFreeFromAAREhappy(c *C) { +++ var testCases = []string{"foo", "BaR", "b-z", "foo+bar", "b00m!", "be/ep", "a%b", "a&b", "a(b", "a)b", "a=b", "a#b", "a~b", "a'b", "a_b", "a,b", "a;b", "a>b", "a/tmp/snap-confine-stdout.log 2>/tmp/snap-confine-stderr.log" +++ tests.cleanup defer rm -f /tmp/snap-confine-stdout.log /tmp/snap-confine-stderr.log +++ +++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700" +++ +++ # contents should have been removed and tmp dir recreated with root +++ # ownership but foo file should have been removed +++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "root root 1777" +++ [ -f /tmp/snap.test-snapd-sh/tmp/foo ] && exit 1 +++ # actual dir should be owned by root now +++ stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700" +++ # and snap-confine should ensure the target binary is executed as the test user +++ MATCH "uid=12345$test$ gid=12345$test$" /tmp/snap-confine-stdout.log +++ ++Index: snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/main/snap-confine-unexpected-path/task.yaml ++@@ -0,0 +1,35 @@ +++summary: ensure snap-confine denies operation when not in expected location +++ +++details: | +++ Ensure that when running from an unexpected location, snap-confine will +++ not execute the snap-discard-ns helper from the same location since +++ this may not be the one which is expected. +++ +++environment: +++ SNAP_CONFINE: $(os.paths libexec-dir)/snapd/snap-confine +++ +++prepare: | +++ echo "Install a helper snap" +++ "$TESTSTOOLS"/snaps-state install-local test-snapd-sh +++ +++execute: | +++ # copy snap-confine with full permissions to /tmp - ideally we would do +++ # this by hardlinking snap-confine into /tmp to make this a more +++ # realistic test (as this is something a regular user could do assuming +++ # fs.protected_hardlinks is disabled) but some spread systems have /tmp +++ # on a tmpfs and hence a different mount point so instead copy it as +++ # root for the test +++ echo "Copying snap-confine to /tmp" +++ +++ cp -a "$SNAP_CONFINE" /tmp +++ tests.cleanup defer rm -f /tmp/snap-confine +++ # ensure has the correct permissions +++ diff <(stat -c "%U %G %a" "$SNAP_CONFINE") <(stat -c "%U %G %a" /tmp/snap-confine) +++ +++ # then execute /tmp/snap-confine - this should fail since snap-confine +++ # is not in the location it expects to be when it goes to find the +++ # snap-discard-ns etc helper binaries +++ env -i SNAP_INSTANCE_NAME=test-snapd-sh /tmp/snap-confine --base snapd snap.test-snapd-sh.sh /nonexistent 2>/tmp/snap-confine-output.txt && exit 1 +++ tests.cleanup defer rm -f /tmp/snap-confine-output.txt +++ MATCH "running from unexpected location: /tmp/snap-confine" /tmp/snap-confine-output.txt +++ ++Index: snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/main/snap-run-devmode-classic/task.yaml ++@@ -0,0 +1,202 @@ +++summary: Ensure snap run inside a devmode snap works (for now) +++ +++details: | +++ This test ensures inside a devmode snap the "snap run" command +++ works. +++ +++ Because of historic mistakes we allowed this and until we properly +++ deprecated it we need to ensure it works. We really do not want to +++ support running other snaps from devmode snaps as the use-case for +++ devmode is to get help on the way to confined snaps. But snaps can +++ not run other snaps so this does not make sense. +++ +++systems: +++ # run the classic test on xenial so that we can build the snapd snap +++ # destructively without needing the lxd snap and thus execute much quicker +++ # NOTE: if this test is moved to classic impish or later before the snapd +++ # snap moves off of building based on xenial, then building with LXD will +++ # not work because xenial containers do not boot/get networking properly +++ # when the host has cgroupsv2 in it +++ - ubuntu-16.04-* +++ +++environment: +++ # to build natively on the machine rather than with multipass or lxd +++ SNAPCRAFT_BUILD_ENVIRONMENT: host +++ +++ # ensure that re-exec is on by default like it should be +++ SNAP_REEXEC: "1" +++ +++ SNAP_TO_USE_FIRST/snapd_first: snapd +++ SNAP_TO_USE_FIRST/core_first: core +++ +++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for +++ # testing devmode confinement with base: core +++ BASE_CORE_DEVMODE_SNAP: godd +++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18 +++ +++ BASE_CORE_STRICT_SNAP: test-snapd-sh +++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18 +++ +++prepare: | +++ # much of what follows is copied from tests/main/snapd-snap +++ +++ # install snapcraft snap +++ +++ snap install snapcraft --channel=4.x/candidate --classic +++ tests.cleanup defer snap remove --purge snapcraft +++ +++ # shellcheck disable=SC2164 +++ pushd "$PROJECT_PATH" +++ echo "Build the snap" +++ snap run snapcraft snap --output snapd-from-branch.snap +++ popd +++ +++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap" +++ +++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c +++ # with defer, so just put what we want to run in a script and execute that +++ cat >> snapcraft-cleanup.sh < /snap/snapd/current/usr/bin/snap +++ # which effectively requires the snapd snap to be installed to execute other +++ # snaps from inside the devmode non-core based snap +++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP" +++ +++ # umask is the command we execute to avoid yet another layer of quoting +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}") +++ if [ "$OUTPUT" != "0022" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh") +++ if [ "$OUTPUT" != "0022" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ elif [ "$SNAP_TO_USE_FIRST" = "snapd" ]; then +++ # we already had the core snap installed, so we need to purge things +++ # and then install only the snapd snap to test this scenario +++ +++ snap remove go snapcraft +++ snap remove core18 +++ apt remove --purge -y snapd +++ apt install snapd -y +++ +++ snap install --dangerous snapd-from-branch.snap +++ +++ # snaps that don't depend on the core snap +++ snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP" +++ snap install "$BASE_NON_CORE_STRICT_SNAP" +++ +++ # umask is the command we execute to avoid yet another layer of quoting +++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" ) +++ if [ "$OUTPUT" != "0022" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ # now install the core snap and run those tests +++ echo "install the core snap" +++ snap install --dangerous core-from-branch.snap +++ +++ # trigger profile re-generation because the same build-id for snapd is +++ # in the core and snapd snaps we are using, so profiles won't be +++ # regenerated when we install the snapd snap above +++ systemctl stop snapd.socket snapd.service +++ rm /var/lib/snapd/system-key +++ systemctl start snapd.socket snapd.service +++ +++ snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP" +++ snap install "$BASE_CORE_STRICT_SNAP" +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_CORE_DEVMODE_SNAP}") +++ if [ "$OUTPUT" != "0022" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh") +++ if [ "$OUTPUT" != "0022" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ # docker can run from a devmode snap +++ snap install docker +++ echo "snap run docker run hello-world" | snap run --shell "${BASE_NON_CORE_DEVMODE_SNAP}.sh" | MATCH "Hello from Docker" +++ +++ +++ # undo the purging +++ apt install -y "$PROJECT_PATH/../snapd_1337.2.54.2_amd64.deb" +++ +++ else +++ echo "unknown variant $SNAP_TO_USE_FIRST" +++ exit 1 +++ fi +++ +++ ++Index: snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/nested/manual/core-seeding-devmode/task.yaml ++@@ -0,0 +1,22 @@ +++summary: Test that devmode snaps can be installed during seeding. +++ +++# testing with core16 (no snapd snap) and core18 (with snapd snap) is enough +++systems: [ubuntu-16.04-64, ubuntu-18.04-64] +++ +++environment: +++ NESTED_IMAGE_ID: core-seeding-devmode +++ +++prepare: | +++ # seed a devmode snap +++ snap download --beta godd +++ GODD_SNAP=$(ls godd_*.snap) +++ mv "$GODD_SNAP" "$(tests.nested get extra-snaps-path)" +++ +++ tests.nested build-image core +++ tests.nested create-vm core +++ +++execute: | +++ tests.nested exec "sudo snap wait system seed.loaded" +++ +++ # godd is installed +++ tests.nested exec "snap list godd" | MATCH "godd" ++Index: snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/nested/manual/devmode-snaps-can-run-other-snaps/task.yaml ++@@ -0,0 +1,220 @@ +++summary: | +++ Test that devmode confined snaps can execute other snaps. +++ +++systems: +++ - ubuntu-18.04-64 +++ - ubuntu-16.04-64 +++ +++environment: +++ # not needed to build snapd from source to use here, we have to manually +++ # build it ourselves anyways +++ NESTED_BUILD_SNAPD_FROM_CURRENT: false +++ +++ # TODO: we should probably have a smaller / simpler test-snapd-* snap for +++ # testing devmode confinement with base: core +++ BASE_CORE_DEVMODE_SNAP: godd +++ BASE_NON_CORE_DEVMODE_SNAP: test-snapd-tools-core18 +++ +++ BASE_CORE_STRICT_SNAP: test-snapd-sh +++ BASE_NON_CORE_STRICT_SNAP: test-snapd-sh-core18 +++ +++ # build the snap with lxd +++ SNAPCRAFT_BUILD_ENVIRONMENT: lxd +++ +++prepare: | +++ # install lxd so we can build the snapd snap +++ snap install lxd --channel="$LXD_SNAP_CHANNEL" +++ +++ snap install snapcraft --channel=4.x/candidate --classic +++ tests.cleanup defer snap remove --purge snapcraft +++ +++ # much of what follows is copied from tests/main/snapd-snap +++ +++ echo "Remove any installed debs (some images carry them) to ensure we test the snap" +++ # apt -v to test if apt is usable +++ if command -v apt && apt -v; then +++ # meh trusty's apt doesn't support -y, so use apt-get +++ apt-get autoremove -y lxd +++ if ! os.query is-debian-sid; then +++ # no lxd-client on debian sid +++ apt-get autoremove -y lxd-client +++ fi +++ fi +++ +++ # load the fuse kernel module before installing lxd +++ modprobe fuse +++ +++ snap set lxd waitready.timeout=240 +++ lxd waitready +++ lxd init --auto +++ +++ echo "Setting up proxy for lxc" +++ if [ -n "${http_proxy:-}" ]; then +++ lxd.lxc config set core.proxy_http "$http_proxy" +++ fi +++ if [ -n "${https_proxy:-}" ]; then +++ lxd.lxc config set core.proxy_https "$http_proxy" +++ fi +++ +++ # TODO: do we need to address the spread system prepare shenanigans as +++ # mentioned in tests/main/snapd-snap ? +++ +++ # shellcheck disable=SC2164 +++ pushd "$PROJECT_PATH" +++ echo "Build the snap" +++ snap run snapcraft snap --output snapd-from-branch.snap +++ popd +++ +++ mv "$PROJECT_PATH/snapd-from-branch.snap" "$PWD/snapd-from-branch.snap" +++ +++ # meh it doesn't work well to use quotas and "&&" in the arguments to sh -c +++ # with defer, so just put what we want to run in a script and execute that +++ cat >> snapcraft-cleanup.sh < /snap/snapd/current/usr/bin/snap +++ # which effectively requires the snapd snap to be installed to execute other +++ # snaps from inside the devmode non-core based snap +++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP" +++ +++ # umask is the command we execute to avoid yet another layer of quoting +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}") +++ if [ "$OUTPUT" != "0002" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh") +++ if [ "$OUTPUT" != "0002" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ elif os.query is-bionic; then +++ # on UC18, initially we will only have the snapd snap installed, run those +++ # tests first +++ tests.nested exec sudo snap install --dangerous snapd-from-branch.snap +++ +++ # snaps that don't depend on the core snap +++ tests.nested exec sudo snap install --devmode "$BASE_NON_CORE_DEVMODE_SNAP" +++ tests.nested exec sudo snap install "$BASE_NON_CORE_STRICT_SNAP" +++ +++ +++ # umask is the command we execute to avoid yet another layer of quoting +++ OUTPUT=$(echo "snap run ${BASE_NON_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh" ) +++ if [ "$OUTPUT" != "0002" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ # now install the core snap and run those tests +++ echo "install the core snap" +++ tests.nested exec sudo snap install --dangerous core-from-branch.snap +++ +++ # trigger regeneration of profiles +++ tests.nested exec sudo systemctl stop snapd.socket snapd.service +++ tests.nested exec sudo rm -f /var/lib/snapd/system-key +++ tests.nested exec sudo systemctl start snapd.socket snapd.service +++ +++ # snap that does depend on the core snap +++ tests.nested exec sudo snap install --devmode --beta "$BASE_CORE_DEVMODE_SNAP" +++ tests.nested exec sudo snap install "$BASE_CORE_STRICT_SNAP" +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_CORE_DEVMODE_SNAP}") +++ if [ "$OUTPUT" != "0002" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ OUTPUT=$(echo "snap run ${BASE_CORE_STRICT_SNAP}.sh -c umask" | tests.nested exec "snap run --shell ${BASE_NON_CORE_DEVMODE_SNAP}.sh") +++ if [ "$OUTPUT" != "0002" ]; then +++ echo "test failed" +++ exit 1 +++ fi +++ +++ else +++ echo "unsupported system for this test" +++ exit 1 +++ fi ++Index: snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/regression/lp-1949368/bad-layout/meta/snap.yaml ++@@ -0,0 +1,5 @@ +++name: bad-layout +++version: 1.0 +++layout: +++ /var/lib/foo: +++ bind: "$SNAP_DATA/var/*" ++Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/bin/sh ++@@ -0,0 +1,3 @@ +++#!/bin/sh +++PS1='$ ' +++exec /bin/sh "$@" ++Index: snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/regression/lp-1949368/content-consumer/meta/snap.yaml ++@@ -0,0 +1,12 @@ +++name: content-consumer +++version: 1.0 +++apps: +++ sh: +++ command: bin/sh +++plugs: +++ quoting: +++ interface: content +++ target: "$SNAP_DATA/a,comma" +++ invalid-char: +++ interface: content +++ target: "$SNAP_DATA/{this,that}" ++Index: snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/regression/lp-1949368/content-provider/meta/snap.yaml ++@@ -0,0 +1,9 @@ +++name: content-provider +++version: 1.0 +++slots: +++ quoting: +++ interface: content +++ read: ["$SNAP_DATA/a,comma"] +++ invalid-char: +++ interface: content +++ read: ["$SNAP_DATA/{this,that}"] ++Index: snapd-2.49/tests/regression/lp-1949368/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/regression/lp-1949368/task.yaml ++@@ -0,0 +1,35 @@ +++summary: Ensure that AppArmor paths are safe +++ +++details: | +++ Some interfaces allow the developer to specify filesystem paths in their +++ plug sttributes, which then get encoded into the AppArmor profile of the +++ applications. We need to make sure that these paths are properly quoted, +++ and that snapd will refuse to connect a plug whose paths include some +++ invalid characters. +++ +++prepare: | +++ echo "Creating the test snaps" +++ "$TESTSTOOLS"/snaps-state install-local content-provider +++ "$TESTSTOOLS"/snaps-state install-local content-consumer +++ +++ +++execute: | +++ echo "The plug is disconnected by default" +++ snap interfaces content-provider +++ +++ echo "Verify that the plug with invalid characters raised a warning" +++ snap warnings | +++ tr -d '\n' | # remove newlines +++ sed -e 's,\s\+, ,g' | # remove any extra spaces +++ MATCH 'snap "content-consumer" has bad plugs or slots: invalid-char' +++ +++ echo "Connect a valid plug" +++ snap connect content-consumer:quoting content-provider:quoting +++ +++ if [ "$(snap debug confinement)" = "strict" ]; then +++ echo "Verify that the AppArmor rule has proper quoting" +++ MATCH '"/var/snap/content-provider/x1/a,comma/\*\*" mrkix,' < /var/lib/snapd/apparmor/profiles/snap.content-consumer.sh +++ fi +++ +++ echo "Attempt to install a snap with an invalid layout" +++ "$TESTSTOOLS"/snaps-state install-local bad-layout 2>&1 |MATCH 'cannot validate snap "bad-layout".*contains a reserved apparmor char' diff --cc debian/patches/0016-cve-2021-2021-44730-44731-4120-auto-remove.patch index 00000000,00000000..054f9c64 new file mode 100644 --- /dev/null +++ b/debian/patches/0016-cve-2021-2021-44730-44731-4120-auto-remove.patch @@@ -1,0 -1,0 +1,621 @@@ ++Index: snapd-2.49/overlord/devicestate/firstboot_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/devicestate/firstboot_test.go +++++ snapd-2.49/overlord/devicestate/firstboot_test.go ++@@ -1215,7 +1215,14 @@ type: base` ++ snapdYaml := `name: snapd ++ version: 1.0 ++ ` ++- snapdFname, snapdDecl, snapdRev := s.MakeAssertedSnap(c, snapdYaml, nil, snap.R(2), "canonical") +++ // the info file is needed by the Ensure() loop of snapstate manager +++ snapdSnapFiles := [][]string{ +++ {"usr/lib/snapd/info", ` +++VERSION=2.54.3+git1.g479e745-dirty +++SNAPD_APPARMOR_REEXEC=0 +++`}, +++ } +++ snapdFname, snapdDecl, snapdRev := s.MakeAssertedSnap(c, snapdYaml, snapdSnapFiles, snap.R(2), "canonical") ++ s.WriteAssertions("snapd.asserts", snapdRev, snapdDecl) ++ ++ var kernelFname string ++Index: snapd-2.49/overlord/managers_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/managers_test.go +++++ snapd-2.49/overlord/managers_test.go ++@@ -347,6 +347,21 @@ func (s *baseMgrsSuite) SetUpTest(c *C) ++ }, ++ }) ++ +++ // commonly used core and snapd revisions in tests +++ defaultInfoFile := ` +++VERSION=2.54.3+git1.g479e745-dirty +++SNAPD_APPARMOR_REEXEC=0 +++` +++ for _, snapName := range []string{"snapd", "core"} { +++ for _, rev := range []string{"1", "11", "30"} { +++ infoFile := filepath.Join(dirs.GlobalRootDir, "snap", snapName, rev, dirs.CoreLibExecDir, "info") +++ err = os.MkdirAll(filepath.Dir(infoFile), 0755) +++ c.Assert(err, IsNil) +++ err = ioutil.WriteFile(infoFile, []byte(defaultInfoFile), 0644) +++ c.Assert(err, IsNil) +++ } +++ } +++ ++ // don't actually try to talk to the store on snapstate.Ensure ++ // needs doing after the call to devicestate.Manager (which happens in overlord.New) ++ snapstate.CanAutoRefresh = nil ++@@ -520,8 +535,10 @@ hooks: ++ ++ snapdirs, err := filepath.Glob(filepath.Join(dirs.SnapMountDir, "*")) ++ c.Assert(err, IsNil) ++- // just README and bin ++- c.Check(snapdirs, HasLen, 2) +++ // just README, bin, snapd, and core (snapd and core are there because we +++ // have info files for those snaps which need to be read from the snapstate +++ // Ensure loop) +++ c.Check(snapdirs, HasLen, 4) ++ for _, d := range snapdirs { ++ c.Check(filepath.Base(d), Not(Equals), "foo") ++ } ++Index: snapd-2.49/overlord/snapstate/snapmgr.go ++=================================================================== ++--- snapd-2.49.orig/overlord/snapstate/snapmgr.go +++++ snapd-2.49/overlord/snapstate/snapmgr.go ++@@ -25,6 +25,7 @@ import ( ++ "fmt" ++ "io" ++ "os" +++ "path/filepath" ++ "strings" ++ "time" ++ ++@@ -43,7 +44,9 @@ import ( ++ "github.com/snapcore/snapd/snap" ++ "github.com/snapcore/snapd/snap/channel" ++ "github.com/snapcore/snapd/snapdenv" +++ "github.com/snapcore/snapd/snapdtool" ++ "github.com/snapcore/snapd/store" +++ "github.com/snapcore/snapd/strutil" ++ ) ++ ++ var ( ++@@ -574,6 +577,120 @@ func (m *SnapManager) EnsureAutoRefreshe ++ return autoRefreshChgsInFlight, nil ++ } ++ +++func (m *SnapManager) ensureVulnerableSnapRemoved(name string) error { +++ var removedYet bool +++ key := fmt.Sprintf("%s-snap-cve-2021-44731-vuln-removed", name) +++ if err := m.state.Get(key, &removedYet); err != nil && err != state.ErrNoState { +++ return err +++ } +++ if removedYet { +++ return nil +++ } +++ var snapSt SnapState +++ err := Get(m.state, name, &snapSt) +++ if err != nil && err != state.ErrNoState { +++ return err +++ } +++ if err == state.ErrNoState { +++ // not installed, nothing to do +++ return nil +++ } +++ +++ // check if the installed, active version is fixed +++ fixedVersionInstalled := false +++ inactiveVulnRevisions := []snap.Revision{} +++ for _, si := range snapSt.Sequence { +++ // check this version +++ s := snap.Info{SideInfo: *si} +++ ver, err := snapdtool.SnapdVersionFromInfoFile(filepath.Join(s.MountDir(), dirs.CoreLibExecDir, "info")) +++ if err != nil { +++ return err +++ } +++ // res is < 0 if "ver" is lower than "2.54.3" +++ res, err := strutil.VersionCompare(ver, "2.54.3") +++ if err != nil { +++ return err +++ } +++ revIsVulnerable := (res < 0) +++ switch { +++ case !revIsVulnerable && si.Revision == snapSt.Current: +++ fixedVersionInstalled = true +++ case revIsVulnerable && si.Revision == snapSt.Current: +++ // the active installed revision is not fixed, we can break out +++ // early since we know we won't be able to remove old revisions +++ return nil +++ case revIsVulnerable && si.Revision != snapSt.Current: +++ // si revision is not fixed, but is not active, so it is a candidate +++ // for removal +++ inactiveVulnRevisions = append(inactiveVulnRevisions, si.Revision) +++ default: +++ // si revision is not active, but it is fixed, so just ignore it +++ } +++ } +++ +++ if !fixedVersionInstalled { +++ return nil +++ } +++ // TODO: should we use one change for removing all the snap revisions? +++ +++ // remove all the inactive vulnerable revisions +++ for _, rev := range inactiveVulnRevisions { +++ tss, err := Remove(m.state, name, rev, nil) +++ +++ if err != nil { +++ // in case of conflict, just trigger another ensure in a little +++ // bit and try again later +++ if _, ok := err.(*ChangeConflictError); ok { +++ m.state.EnsureBefore(time.Minute) +++ return nil +++ } +++ return fmt.Errorf("cannot make task set for removing %s snap: %v", name, err) +++ } +++ +++ msg := fmt.Sprintf(i18n.G("Remove vulnerable %q snap"), name) +++ +++ chg := m.state.NewChange("remove-snap", msg) +++ chg.AddAll(tss) +++ chg.Set("snap-names", []string{name}) +++ } +++ +++ // TODO: is it okay to set state here as done or should we do this +++ // elsewhere after the change is done somehow? +++ +++ // mark state as done +++ m.state.Set(key, true) +++ +++ // not strictly necessary, but does not hurt to ensure anyways +++ m.state.EnsureBefore(0) +++ +++ return nil +++} +++ +++func (m *SnapManager) ensureVulnerableSnapConfineVersionsRemovedOnClassic() error { +++ // only remove snaps on classic +++ if !release.OnClassic { +++ return nil +++ } +++ +++ m.state.Lock() +++ defer m.state.Unlock() +++ +++ // we have to remove vulnerable versions of both the core and snapd snaps +++ // only when we now have fixed versions installed / active +++ // the fixed version is 2.54.3, so if the version of the current core/snapd +++ // snap is that or higher, then we proceed (if we didn't already do this) +++ +++ if err := m.ensureVulnerableSnapRemoved("snapd"); err != nil { +++ return err +++ } +++ +++ if err := m.ensureVulnerableSnapRemoved("core"); err != nil { +++ return err +++ } +++ +++ return nil +++} +++ ++ // ensureForceDevmodeDropsDevmodeFromState undoes the forced devmode ++ // in snapstate for forced devmode distros. ++ func (m *SnapManager) ensureForceDevmodeDropsDevmodeFromState() error { ++@@ -873,6 +990,7 @@ func (m *SnapManager) Ensure() error { ++ m.refreshHints.Ensure(), ++ m.catalogRefresh.Ensure(), ++ m.localInstallCleanup(), +++ m.ensureVulnerableSnapConfineVersionsRemovedOnClassic(), ++ } ++ ++ //FIXME: use firstErr helper ++Index: snapd-2.49/overlord/snapstate/snapstate_config_defaults_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/snapstate/snapstate_config_defaults_test.go +++++ snapd-2.49/overlord/snapstate/snapstate_config_defaults_test.go ++@@ -271,7 +271,7 @@ func (s *snapmgrTestSuite) TestTransitio ++ ++ snapstate.Set(s.state, "core", &snapstate.SnapState{ ++ Active: true, ++- Sequence: []*snap.SideInfo{{RealName: "corecore", SnapID: "core-snap-id", Revision: snap.R(1)}}, +++ Sequence: []*snap.SideInfo{{RealName: "core", SnapID: "core-snap-id", Revision: snap.R(1)}}, ++ Current: snap.R(1), ++ SnapType: "os", ++ }) ++Index: snapd-2.49/overlord/snapstate/snapstate_test.go ++=================================================================== ++--- snapd-2.49.orig/overlord/snapstate/snapstate_test.go +++++ snapd-2.49/overlord/snapstate/snapstate_test.go ++@@ -213,6 +213,22 @@ func (s *snapmgrTestSuite) SetUpTest(c * ++ Current: snap.R(1), ++ SnapType: "os", ++ }) +++ +++ // commonly used revisions in tests +++ defaultInfoFile := ` +++VERSION=2.54.3+git1.g479e745-dirty +++SNAPD_APPARMOR_REEXEC=0 +++` +++ for _, snapName := range []string{"snapd", "core"} { +++ for _, rev := range []string{"1", "11"} { +++ infoFile := filepath.Join(dirs.GlobalRootDir, "snap", snapName, rev, dirs.CoreLibExecDir, "info") +++ err = os.MkdirAll(filepath.Dir(infoFile), 0755) +++ c.Assert(err, IsNil) +++ err = ioutil.WriteFile(infoFile, []byte(defaultInfoFile), 0644) +++ c.Assert(err, IsNil) +++ } +++ } +++ ++ s.state.Unlock() ++ ++ snapstate.AutoAliases = func(*state.State, *snap.Info) (map[string]string, error) { ++@@ -2668,6 +2684,228 @@ func (s *snapmgrTestSuite) TestErrreport ++ // no failure report was generated ++ } ++ +++func (s *snapmgrTestSuite) TestEnsureRemovesVulnerableCoreSnap(c *C) { +++ s.testEnsureRemovesVulnerableSnap(c, "core") +++} +++ +++func (s *snapmgrTestSuite) TestEnsureRemovesVulnerableSnapdSnap(c *C) { +++ s.testEnsureRemovesVulnerableSnap(c, "snapd") +++} +++ +++func (s *snapmgrTestSuite) testEnsureRemovesVulnerableSnap(c *C, snapName string) { +++ // make the currently installed snap info file fixed but an old version +++ // vulnerable +++ fixedInfoFile := ` +++VERSION=2.54.3+git1.g479e745-dirty +++SNAPD_APPARMOR_REEXEC=0 +++` +++ vulnInfoFile := ` +++VERSION=2.54.2+git1.g479e745-dirty +++SNAPD_APPARMOR_REEXEC=0 +++` +++ +++ // revision 1 vulnerable +++ infoFile := filepath.Join(dirs.GlobalRootDir, "snap", snapName, "1", dirs.CoreLibExecDir, "info") +++ err := os.MkdirAll(filepath.Dir(infoFile), 0755) +++ c.Assert(err, IsNil) +++ err = ioutil.WriteFile(infoFile, []byte(vulnInfoFile), 0644) +++ c.Assert(err, IsNil) +++ +++ // revision 2 fixed +++ infoFile2 := filepath.Join(dirs.GlobalRootDir, "snap", snapName, "2", dirs.CoreLibExecDir, "info") +++ err = os.MkdirAll(filepath.Dir(infoFile2), 0755) +++ c.Assert(err, IsNil) +++ err = ioutil.WriteFile(infoFile2, []byte(fixedInfoFile), 0644) +++ c.Assert(err, IsNil) +++ +++ // revision 11 fixed +++ infoFile11 := filepath.Join(dirs.GlobalRootDir, "snap", snapName, "11", dirs.CoreLibExecDir, "info") +++ err = os.MkdirAll(filepath.Dir(infoFile11), 0755) +++ c.Assert(err, IsNil) +++ err = ioutil.WriteFile(infoFile11, []byte(fixedInfoFile), 0644) +++ c.Assert(err, IsNil) +++ +++ // use generic classic model +++ r := snapstatetest.UseFallbackDeviceModel() +++ defer r() +++ +++ st := s.state +++ st.Lock() +++ // ensure that only this specific snap is installed +++ snapstate.Set(s.state, "core", nil) +++ snapstate.Set(s.state, "snapd", nil) +++ +++ snapSt := &snapstate.SnapState{ +++ Active: true, +++ Sequence: []*snap.SideInfo{ +++ {RealName: snapName, Revision: snap.R(1)}, +++ {RealName: snapName, Revision: snap.R(2)}, +++ {RealName: snapName, Revision: snap.R(11)}, +++ }, +++ Current: snap.R(11), +++ SnapType: "os", +++ } +++ if snapName == "snapd" { +++ snapSt.SnapType = "snapd" +++ } +++ snapstate.Set(s.state, snapName, snapSt) +++ st.Unlock() +++ +++ // special policy only on classic +++ r = release.MockOnClassic(true) +++ defer r() +++ ensureErr := s.snapmgr.Ensure() +++ c.Assert(ensureErr, IsNil) +++ +++ // we should have created a single remove change for revision 1, revision 2 +++ // should have been left alone +++ st.Lock() +++ defer st.Unlock() +++ +++ allChgs := st.Changes() +++ c.Assert(allChgs, HasLen, 1) +++ removeChg := allChgs[0] +++ c.Assert(removeChg.Status(), Equals, state.DoStatus) +++ c.Assert(removeChg.Kind(), Equals, "remove-snap") +++ c.Assert(removeChg.Summary(), Equals, fmt.Sprintf(`Remove vulnerable %q snap`, snapName)) +++ +++ c.Assert(removeChg.Tasks(), HasLen, 2) +++ clearSnap := removeChg.Tasks()[0] +++ discardSnap := removeChg.Tasks()[1] +++ c.Assert(clearSnap.Kind(), Equals, "clear-snap") +++ c.Assert(discardSnap.Kind(), Equals, "discard-snap") +++ var snapsup snapstate.SnapSetup +++ err = clearSnap.Get("snap-setup", &snapsup) +++ c.Assert(err, IsNil) +++ c.Assert(snapsup.SideInfo.Revision, Equals, snap.R(1)) +++ +++ // and we set the appropriate key in the state +++ var removeDone bool +++ st.Get(snapName+"-snap-cve-2021-44731-vuln-removed", &removeDone) +++ c.Assert(removeDone, Equals, true) +++} +++ +++func (s *snapmgrTestSuite) TestEnsureChecksSnapdInfoFileOnClassicOnly(c *C) { +++ // delete the core/snapd snap info files - they should always exist in real +++ // devices, but deleting them here makes it so we can see the failure +++ // trying to read the files easily +++ +++ infoFile := filepath.Join(dirs.GlobalRootDir, "snap", "core", "1", dirs.CoreLibExecDir, "info") +++ err := os.Remove(infoFile) +++ c.Assert(err, IsNil) +++ +++ // special policy only on classic +++ r := release.MockOnClassic(true) +++ defer r() +++ ensureErr := s.snapmgr.Ensure() +++ c.Assert(ensureErr, ErrorMatches, "cannot open snapd info file.*") +++ +++ // if we are not on classic nothing happens +++ r = release.MockOnClassic(false) +++ defer r() +++ +++ ensureErr = s.snapmgr.Ensure() +++ c.Assert(ensureErr, IsNil) +++} +++ +++func (s *snapmgrTestSuite) TestEnsureSkipsCheckingSnapdSnapInfoFileWhenStateSet(c *C) { +++ // we default from SetUp to having the core snap installed, remove it so we +++ // only have the snapd snap available +++ s.state.Lock() +++ snapstate.Set(s.state, "core", nil) +++ snapstate.Set(s.state, "snapd", &snapstate.SnapState{ +++ Active: true, +++ Sequence: []*snap.SideInfo{ +++ {RealName: "snapd", Revision: snap.R(1)}, +++ }, +++ Current: snap.R(1), +++ SnapType: "snapd", +++ }) +++ s.state.Unlock() +++ +++ s.testEnsureSkipsCheckingSnapdInfoFileWhenStateSet(c, "snapd") +++} +++ +++func (s *snapmgrTestSuite) TestEnsureSkipsCheckingCoreSnapInfoFileWhenStateSet(c *C) { +++ s.testEnsureSkipsCheckingSnapdInfoFileWhenStateSet(c, "core") +++} +++ +++func (s *snapmgrTestSuite) TestEnsureSkipsCheckingBothCoreAndSnapdSnapsInfoFileWhenStateSet(c *C) { +++ // special policy only on classic +++ r := release.MockOnClassic(true) +++ defer r() +++ +++ st := s.state +++ // also set snapd snapd as installed +++ st.Lock() +++ snapstate.Set(st, "snapd", &snapstate.SnapState{ +++ Active: true, +++ Sequence: []*snap.SideInfo{ +++ {RealName: "snapd", Revision: snap.R(1)}, +++ }, +++ Current: snap.R(1), +++ SnapType: "snapd", +++ }) +++ st.Unlock() +++ +++ infoFileFor := func(snapName string) string { +++ return filepath.Join(dirs.GlobalRootDir, "snap", snapName, "1", dirs.CoreLibExecDir, "info") +++ } +++ +++ // delete both snapd and core snap info files +++ for _, snapName := range []string{"core", "snapd"} { +++ err := os.Remove(infoFileFor(snapName)) +++ c.Assert(err, IsNil) +++ } +++ +++ // make sure Ensure makes a whole hearted attempt to read both files - snapd +++ // is tried first +++ ensureErr := s.snapmgr.Ensure() +++ c.Assert(ensureErr, ErrorMatches, fmt.Sprintf(`cannot open snapd info file "%s".*`, infoFileFor("snapd"))) +++ +++ st.Lock() +++ st.Set("snapd-snap-cve-2021-44731-vuln-removed", true) +++ st.Unlock() +++ +++ // still unhappy about core file missing +++ ensureErr = s.snapmgr.Ensure() +++ c.Assert(ensureErr, ErrorMatches, fmt.Sprintf(`cannot open snapd info file "%s".*`, infoFileFor("core"))) +++ +++ // but with core state flag set too, we are now happy +++ st.Lock() +++ st.Set("core-snap-cve-2021-44731-vuln-removed", true) +++ st.Unlock() +++ +++ ensureErr = s.snapmgr.Ensure() +++ c.Assert(ensureErr, IsNil) +++} +++ +++func (s *snapmgrTestSuite) testEnsureSkipsCheckingSnapdInfoFileWhenStateSet(c *C, snapName string) { +++ // special policy only on classic +++ r := release.MockOnClassic(true) +++ defer r() +++ +++ // delete the snap info file for this snap - they should always exist in +++ // real devices, but deleting them here makes it so we can see the failure +++ // trying to read the files easily +++ infoFile := filepath.Join(dirs.GlobalRootDir, "snap", snapName, "1", dirs.CoreLibExecDir, "info") +++ err := os.Remove(infoFile) +++ c.Assert(err, IsNil) +++ +++ // make sure it makes a whole hearted attempt to read it +++ ensureErr := s.snapmgr.Ensure() +++ c.Assert(ensureErr, ErrorMatches, "cannot open snapd info file.*") +++ +++ // now it should stop trying to check if state says so +++ st := s.state +++ st.Lock() +++ st.Set(snapName+"-snap-cve-2021-44731-vuln-removed", true) +++ st.Unlock() +++ +++ ensureErr = s.snapmgr.Ensure() +++ c.Assert(ensureErr, IsNil) +++} +++ ++ func (s *snapmgrTestSuite) TestEnsureRefreshesAtSeedPolicy(c *C) { ++ // special policy only on classic ++ r := release.MockOnClassic(true) ++@@ -4782,7 +5020,7 @@ func (s *snapmgrTestSuite) TestTransitio ++ ++ snapstate.Set(s.state, "core", &snapstate.SnapState{ ++ Active: true, ++- Sequence: []*snap.SideInfo{{RealName: "corecore", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "beta"}}, +++ Sequence: []*snap.SideInfo{{RealName: "core", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "beta"}}, ++ Current: snap.R(1), ++ SnapType: "os", ++ }) ++@@ -4801,7 +5039,7 @@ func (s *snapmgrTestSuite) TestTransitio ++ ++ snapstate.Set(s.state, "core", &snapstate.SnapState{ ++ Active: true, ++- Sequence: []*snap.SideInfo{{RealName: "corecore", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "beta"}}, +++ Sequence: []*snap.SideInfo{{RealName: "core", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "beta"}}, ++ Current: snap.R(1), ++ SnapType: "os", ++ }) ++@@ -4832,7 +5070,7 @@ func (s *snapmgrTestSuite) TestTransitio ++ ++ snapstate.Set(s.state, "core", &snapstate.SnapState{ ++ Active: true, ++- Sequence: []*snap.SideInfo{{RealName: "corecore", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "edge"}}, +++ Sequence: []*snap.SideInfo{{RealName: "core", SnapID: "core-snap-id", Revision: snap.R(1), Channel: "edge"}}, ++ Current: snap.R(1), ++ SnapType: "os", ++ // TrackingChannel ++Index: snapd-2.49/tests/nested/manual/snapd-removes-vulnerable-snap-confine-revs/task.yaml ++=================================================================== ++--- /dev/null +++++ snapd-2.49/tests/nested/manual/snapd-removes-vulnerable-snap-confine-revs/task.yaml ++@@ -0,0 +1,110 @@ +++summary: Check that refreshing snapd to a fixed version removes vulnerable revs +++ +++# just focal is fine for this test - we only need to check that things happen on +++# classic +++systems: [ubuntu-20.04-*] +++ +++environment: +++ # which snap snapd comes from in this test +++ SNAPD_SOURCE_SNAP/snapd: snapd +++ SNAPD_SOURCE_SNAP/core: core +++ +++ # needed to get a custom image +++ NESTED_IMAGE_ID: vuln-$SNAPD_SOURCE_SNAP-auto-removed +++ +++ # where we mount the image +++ IMAGE_MOUNTPOINT: /mnt/cloudimg +++ +++ # we don't actually use snapd from the branch in the seed of the VM initially, +++ # but we have to define this in order to get a custom image, see +++ # nested_get_image_name in nested.sh for this logic +++ NESTED_BUILD_SNAPD_FROM_CURRENT: true +++ +++ # meh snap-state doesn't have a consistent naming for these snaps, so we can't +++ # just do "$SNAPD_SOURCE_SNAP-from-deb.snap" +++ REPACKED_SNAP_NAME/core: core-from-snapd-deb.snap +++ REPACKED_SNAP_NAME/snapd: snapd-from-deb.snap +++ +++ # TODO: use more up to date, but still vulnerable revisions of core and snapd +++ # for this test to reduce the delta in functionality we end up testing here +++ +++ # a specific vulnerable snapd version we can base our image on +++ VULN_SNAP_REV_URL/snapd: https://storage.googleapis.com/snapd-spread-tests/snaps/snapd_2.49.1_11402.snap +++ +++ # a specific vulnerable core version we can base our image on +++ VULN_SNAP_REV_URL/core: https://storage.googleapis.com/snapd-spread-tests/snaps/core_2.45_9289.snap +++ +++prepare: | +++ #shellcheck source=tests/lib/preseed.sh +++ . "$TESTSLIB/preseed.sh" +++ +++ # create a VM and mount a cloud image +++ tests.nested build-image classic +++ mkdir -p "$IMAGE_MOUNTPOINT" +++ IMAGE_NAME=$(tests.nested get image-name classic) +++ mount_ubuntu_image "$(tests.nested get images-path)/$IMAGE_NAME" "$IMAGE_MOUNTPOINT" +++ +++ # repack the deb into the snap we want +++ "$TESTSTOOLS"/snaps-state repack_snapd_deb_into_snap "$SNAPD_SOURCE_SNAP" +++ +++ # add the known vulnerable version of snapd into the seed, dangerously +++ curl -s -o "$SNAPD_SOURCE_SNAP-vuln.snap" "$VULN_SNAP_REV_URL" +++ +++ # repack to ensure it is a dangerous revision +++ unsquashfs -d "$SNAPD_SOURCE_SNAP-vuln" "$SNAPD_SOURCE_SNAP-vuln.snap" +++ rm "$SNAPD_SOURCE_SNAP-vuln.snap" +++ snap pack "$SNAPD_SOURCE_SNAP-vuln" --filename="$SNAPD_SOURCE_SNAP.snap" +++ +++ # inject the vulnerable snap into the seed +++ inject_snap_into_seed "$IMAGE_MOUNTPOINT" "$SNAPD_SOURCE_SNAP" +++ +++ # undo any preseeding, the images may have been preseeded without our snaps +++ # so we want to undo that to ensure our snaps are on them +++ SNAPD_DEBUG=1 /usr/lib/snapd/snap-preseed --reset "$IMAGE_MOUNTPOINT" +++ +++ # unmount the image and start the VM +++ umount_ubuntu_image "$IMAGE_MOUNTPOINT" +++ tests.nested create-vm classic +++ +++execute: | +++ # check the current snapd snap is vulnerable +++ tests.nested exec cat /snap/$SNAPD_SOURCE_SNAP/current/usr/lib/snapd/info | MATCH '^VERSION=2\.4.*' +++ VULN_REV=$(tests.nested exec "snap list $SNAPD_SOURCE_SNAP" | tail -n +2 | awk '{print $3}') +++ +++ # now install our snapd deb from the branch - this is so we know the patched +++ # snapd is always executing, regardless of which snapd/core snap re-exec +++ # nonsense is going on +++ SNAPD_DEB_ARR=( "$SPREAD_PATH"/../snapd_*.deb ) +++ SNAPD_DEB=${SNAPD_DEB_ARR[0]} +++ tests.nested copy "$SNAPD_DEB" +++ tests.nested exec "sudo dpkg -i $(basename "$SNAPD_DEB")" +++ +++ # now send the snap version of snapd under test to the VM +++ tests.nested copy "$REPACKED_SNAP_NAME" +++ tests.nested exec "sudo snap install $REPACKED_SNAP_NAME --dangerous" +++ +++ # there is a race between the snap install finishing and removing the +++ # vulnerable revision, so we have to wait a bit +++ VULN_SNAP_REMOVED=false +++ #shellcheck disable=SC2034 +++ for i in $(seq 1 60); do +++ if tests.nested exec "snap list $SNAPD_SOURCE_SNAP --all" | NOMATCH "$VULN_REV"; then +++ VULN_SNAP_REMOVED=true +++ break +++ fi +++ sleep 1 +++ done +++ +++ if [ "$VULN_SNAP_REMOVED" != "true" ]; then +++ echo "vulnerable snap was not automatically removed" +++ exit 1 +++ fi +++ +++ # check that the current revision is not vulnerable +++ tests.nested exec cat /snap/$SNAPD_SOURCE_SNAP/current/usr/lib/snapd/info | NOMATCH '^VERSION=2\.4.*' +++ +++ # and there are no other revisions +++ if [ "$(tests.nested exec "snap list $SNAPD_SOURCE_SNAP" | tail -n +2 | wc -l)" != "1" ]; then +++ echo "unexpected extra revision of $SNAPD_SOURCE_SNAP installed" +++ exit 1 +++ fi diff --cc debian/patches/0017-cve-2022-3328-1.patch index 00000000,00000000..e8d84c39 new file mode 100644 --- /dev/null +++ b/debian/patches/0017-cve-2022-3328-1.patch @@@ -1,0 -1,0 +1,124 @@@ ++Backport of the following upstream patch: ++From 6226cdc57052f4b7057d92f2e549aa169e35cd2d Mon Sep 17 00:00:00 2001 ++From: Alex Murray ++Date: Thu, 20 Oct 2022 10:28:42 +1030 ++Subject: [PATCH 1/4] data: Add systemd-tmpfiles configuration to create ++ private tmp dir ++ ++Use systemd-tmpfiles to create the private tmp mount namespace root ++dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive ++permissions. We can use this as a known location to then create per-snap ++private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE) ++etc. ++ ++Signed-off-by: Alex Murray ++--- ++ data/Makefile | 1 + ++ data/systemd-tmpfiles/Makefile | 31 +++++++++++++++++++++++++++++++ ++ data/systemd-tmpfiles/snapd.conf | 1 + ++ packaging/fedora/snapd.spec | 3 +++ ++ packaging/opensuse/snapd.spec | 3 +++ ++ 5 files changed, 39 insertions(+) ++ create mode 100644 data/systemd-tmpfiles/Makefile ++ create mode 100644 data/systemd-tmpfiles/snapd.conf ++ ++--- a/data/Makefile +++++ b/data/Makefile ++@@ -2,6 +2,7 @@ ++ $(MAKE) -C systemd $@ ++ $(MAKE) -C systemd-user $@ ++ $(MAKE) -C systemd-env $@ +++ $(MAKE) -C systemd-tmpfiles $@ ++ $(MAKE) -C dbus $@ ++ $(MAKE) -C env $@ ++ $(MAKE) -C desktop $@ ++--- /dev/null +++++ b/data/systemd-tmpfiles/Makefile ++@@ -0,0 +1,31 @@ +++# +++# Copyright (C) 2022 Canonical Ltd +++# +++# This program is free software: you can redistribute it and/or modify +++# it under the terms of the GNU General Public License version 3 as +++# published by the Free Software Foundation. +++# +++# This program is distributed in the hope that it will be useful, +++# but WITHOUT ANY WARRANTY; without even the implied warranty of +++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +++# GNU General Public License for more details. +++# +++# You should have received a copy of the GNU General Public License +++# along with this program. If not, see . +++ +++LIBEXECDIR := /usr/lib +++TMPFILESDIR := $(LIBEXECDIR)/tmpfiles.d +++ +++TMPFILES_CONF = $(wildcard *.conf) +++ +++.PHONY: all +++all: $(TMPFILES_CONF) +++ +++.PHONY: install +++install: $(TMPFILES_CONF) +++ install -d -m 0755 $(DESTDIR)/$(TMPFILESDIR) +++ install -m 0644 -t $(DESTDIR)/$(TMPFILESDIR) $^ +++ +++.PHONY: clean +++clean: +++ echo "Nothing to see here." ++--- /dev/null +++++ b/data/systemd-tmpfiles/snapd.conf ++@@ -0,0 +1 @@ +++D! /tmp/snap-private-tmp 0700 root root - ++--- a/packaging/fedora/snapd.spec +++++ b/packaging/fedora/snapd.spec ++@@ -86,6 +86,7 @@ ++ %{!?_environmentdir: %global _environmentdir %{_prefix}/lib/environment.d} ++ %{!?_systemdgeneratordir: %global _systemdgeneratordir %{_prefix}/lib/systemd/system-generators} ++ %{!?_systemd_system_env_generator_dir: %global _systemd_system_env_generator_dir %{_prefix}/lib/systemd/system-environment-generators} +++%{!?_tmpfilesdir: %global _tmpfilesdir %{_prefix}/lib/tmpfiles.d} ++ ++ # Fedora selinux-policy includes 'map' permission on a 'file' class. However, ++ # Amazon Linux 2 does not have the updated policy containing the fix for ++@@ -582,6 +583,7 @@ ++ install -d -p %{buildroot}%{_environmentdir} ++ install -d -p %{buildroot}%{_systemdgeneratordir} ++ install -d -p %{buildroot}%{_systemd_system_env_generator_dir} +++install -d -p %{buildroot}%{_tmpfilesdir} ++ install -d -p %{buildroot}%{_unitdir} ++ install -d -p %{buildroot}%{_userunitdir} ++ install -d -p %{buildroot}%{_sysconfdir}/profile.d ++@@ -780,6 +782,7 @@ ++ %{_sysconfdir}/profile.d/snapd.sh ++ %{_mandir}/man8/snapd-env-generator.8* ++ %{_systemd_system_env_generator_dir}/snapd-env-generator +++%{_tmpfilesdir}/snapd.conf ++ %{_unitdir}/snapd.socket ++ %{_unitdir}/snapd.service ++ %{_unitdir}/snapd.autoimport.service ++--- a/packaging/opensuse/snapd.spec +++++ b/packaging/opensuse/snapd.spec ++@@ -49,6 +49,7 @@ ++ %{?!_systemdusergeneratordir: %global _systemdusergeneratordir %{_prefix}/lib/systemd/user-generators} ++ %{?!_systemd_system_env_generator_dir: %global _systemd_system_env_generator_dir %{_prefix}/lib/systemd/system-environment-generators} ++ %{?!_systemd_user_env_generator_dir: %global _systemd_user_env_generator_dir %{_prefix}/lib/systemd/user-environment-generators} +++%{!?_tmpfilesdir: %global _tmpfilesdir %{_prefix}/lib/tmpfiles.d} ++ ++ # This is fixed in SUSE Linux 15 ++ # Cf. https://build.opensuse.org/package/rdiff/Base:System/rpm?linkrev=base&rev=396 ++@@ -389,6 +390,7 @@ ++ %dir %{_sharedstatedir}/snapd/sequence ++ %dir %{_sharedstatedir}/snapd/snaps ++ %dir %{_systemd_system_env_generator_dir} +++%dir %{_tmpfilesdir} ++ %dir %{_systemdgeneratordir} ++ %dir %{_userunitdir} ++ %dir %{snap_mount_dir} ++@@ -443,6 +445,7 @@ ++ %{_sysconfdir}/xdg/autostart/snap-userd-autostart.desktop ++ %{_systemd_system_env_generator_dir}/snapd-env-generator ++ %{_systemdgeneratordir}/snapd-generator +++%{_tmpfilesdir}/snapd.conf ++ %{_unitdir}/snapd.failure.service ++ %{_unitdir}/snapd.seeded.service ++ %{_unitdir}/snapd.service diff --cc debian/patches/0018-cve-2022-3328-2.patch index 00000000,00000000..7cfaa1e0 new file mode 100644 --- /dev/null +++ b/debian/patches/0018-cve-2022-3328-2.patch @@@ -1,0 -1,0 +1,563 @@@ ++Backport of the following upstream patch: ++From fe2d2d8471665482628813934d9f19e8ca5e4a1f Mon Sep 17 00:00:00 2001 ++From: Alex Murray ++Date: Mon, 19 Sep 2022 13:50:36 +0930 ++Subject: [PATCH 2/4] many: Use /tmp/snap-private-tmp for per-snap private tmps ++ ++To avoid unprivileged users being able to interfere with the creation of the ++private snap mount namespace, instead of creating this as /tmp/snap.$SNAP_NAME/ ++we can now use the systemd-tmpfiles configuration to do this for us ++at boot with a known fixed name (/tmp/snap-private-tmp/) and then use that as ++the base dir for creating per-snap private tmp mount ++namespaces (eg. /tmp/snap-private-tmp/snap.$SNAP_INSTANCE/tmp) etc. ++ ++Signed-off-by: Alex Murray ++--- ++ cmd/snap-confine/mount-support-test.c | 40 ----- ++ cmd/snap-confine/mount-support.c | 166 +++++++----------- ++ cmd/snap-confine/snap-confine.apparmor.in | 8 +- ++ cmd/snap-update-ns/system.go | 6 +- ++ cmd/snap-update-ns/system_test.go | 8 +- ++ interfaces/builtin/x11.go | 6 +- ++ interfaces/builtin/x11_test.go | 4 +- ++ tests/lib/reset.sh | 4 +- ++ tests/main/cgroup-tracking/task.yaml | 6 +- ++ .../install-refresh-remove-hooks/task.yaml | 4 +- ++ .../main/interfaces-x11-unix-socket/task.yaml | 2 +- ++ tests/main/security-private-tmp/task.yaml | 2 +- ++ tests/main/snap-confine-tmp-mount/task.yaml | 37 +--- ++ .../task.yaml | 6 +- ++ 14 files changed, 100 insertions(+), 199 deletions(-) ++ ++--- a/cmd/snap-confine/mount-support-test.c +++++ b/cmd/snap-confine/mount-support-test.c ++@@ -92,50 +92,10 @@ ++ g_assert_false(is_subdir("/", "")); ++ } ++ ++-static void test_must_mkdir_and_open_with_perms(void) ++-{ ++- // make a directory with some contents and check we can ++- // must_mkdir_and_open_with_perms() to get control of it ++- GError *error = NULL; ++- GStatBuf st; ++- gchar *test_dir = g_dir_make_tmp("test-mkdir-XXXXXX", &error); ++- g_assert_no_error(error); ++- g_assert_nonnull(test_dir); ++- g_assert_cmpint(chmod(test_dir, 0755), ==, 0); ++- g_assert_true(g_file_test ++- (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); ++- g_assert_cmpint(g_stat(test_dir, &st), ==, 0); ++- g_assert_true(st.st_uid == getuid()); ++- g_assert_true(st.st_gid == getgid()); ++- g_assert_true(st.st_mode == (S_IFDIR | 0755)); ++- ++- gchar *test_subdir = g_build_filename(test_dir, "foo", NULL); ++- g_assert_cmpint(g_mkdir_with_parents(test_dir, 0755), ==, 0); ++- g_file_test(test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR); ++- ++- // take over dir ++- int fd = ++- must_mkdir_and_open_with_perms(test_dir, getuid(), getgid(), 0700); ++- // check can unlink dir itself with no contents successfully and it ++- // still exists ++- g_assert_cmpint(fd, >=, 0); ++- g_assert_false(g_file_test ++- (test_subdir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); ++- g_assert_true(g_file_test ++- (test_dir, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)); ++- g_assert_cmpint(g_stat(test_dir, &st), ==, 0); ++- g_assert_true(st.st_uid == getuid()); ++- g_assert_true(st.st_gid == getgid()); ++- g_assert_true(st.st_mode == (S_IFDIR | 0700)); ++- close(fd); ++-} ++- ++ static void __attribute__((constructor)) init(void) ++ { ++ g_test_add_func("/mount/get_nextpath/typical", ++ test_get_nextpath__typical); ++ g_test_add_func("/mount/get_nextpath/weird", test_get_nextpath__weird); ++ g_test_add_func("/mount/is_subdir", test_is_subdir); ++- g_test_add_func("/mount/must_mkdir_and_open_with_perms", ++- test_must_mkdir_and_open_with_perms); ++ } ++--- a/cmd/snap-confine/mount-support.c +++++ b/cmd/snap-confine/mount-support.c ++@@ -21,6 +21,7 @@ ++ ++ #include "mount-support.h" ++ +++#include ++ #include ++ #include ++ #include ++@@ -49,97 +50,13 @@ ++ #include "mount-support-nvidia.h" ++ ++ #define MAX_BUF 1000 +++#define SNAP_PRIVATE_TMP_ROOT_DIR "/tmp/snap-private-tmp" ++ ++ static void sc_detach_views_of_writable(sc_distro distro, bool normal_mode); ++ ++-static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid, ++- mode_t mode) ++-{ ++- int retries = 10; ++- int fd; ++- ++- mkdir: ++- if (--retries == 0) { ++- die("lost race to create dir %s too many times", dir); ++- } ++- // Ignore EEXIST since we want to reuse and we will open with ++- // O_NOFOLLOW, below. ++- if (mkdir(dir, 0700) < 0 && errno != EEXIST) { ++- die("cannot create directory %s", dir); ++- } ++- fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); ++- if (fd < 0) { ++- // if is not a directory then remove it and try again ++- if (errno == ENOTDIR && unlink(dir) == 0) { ++- goto mkdir; ++- } ++- die("cannot open directory %s", dir); ++- } ++- // ensure base_dir has the expected permissions since it may have ++- // already existed ++- struct stat st; ++- if (fstat(fd, &st) < 0) { ++- die("cannot stat base directory %s", dir); ++- } ++- if (st.st_uid != uid || st.st_gid != gid ++- || st.st_mode != (S_IFDIR | mode)) { ++- unsigned char random[10] = { 0 }; ++- char random_dir[MAX_BUF] = { 0 }; ++- int offset; ++- size_t i; ++- ++- // base_dir isn't what we expect - create a random ++- // directory name and rename the existing erroneous ++- // base_dir to this then try recreating it again - NOTE we ++- // don't use mkdtemp() here since we don't want to actually ++- // create the directory yet as we want rename() to do that ++- // for us ++-#ifdef SYS_getrandom ++- // use syscall(SYS_getrandom) since getrandom() is ++- // not available on older glibc ++- if (syscall(SYS_getrandom, random, sizeof(random), 0) != ++- sizeof(random)) { ++- die("cannot get random bytes"); ++- } ++-#else ++- // use /dev/urandom on older systems which don't support ++- // SYS_getrandom ++- int rfd = open("/dev/urandom", O_RDONLY); ++- if (rfd < 0) { ++- die("cannot open /dev/urandom"); ++- } ++- if (read(rfd, random, sizeof(random)) != sizeof(random)) { ++- die("cannot get random bytes"); ++- } ++- close(rfd); ++-#endif ++- offset = ++- sc_must_snprintf(random_dir, sizeof(random_dir), "%s.", ++- dir); ++- for (i = 0; i < sizeof(random); i++) { ++- offset += ++- sc_must_snprintf(random_dir + offset, ++- sizeof(random_dir) - offset, ++- "%02x", (unsigned int)random[i]); ++- } ++- // try and get dir which we own by renaming it to something ++- // else then creating it again ++- ++- // TODO - change this to use renameat2(RENAME_EXCHANGE) ++- // once we can use a newer version of glibc for snapd ++- if (rename(dir, random_dir) < 0) { ++- die("cannot rename base_dir to random_dir '%s'", ++- random_dir); ++- } ++- close(fd); ++- goto mkdir; ++- } ++- return fd; ++-} ++- ++ // TODO: simplify this, after all it is just a tmpfs ++ // TODO: fold this into bootstrap ++-static void setup_private_mount(const char *snap_name) +++static void setup_private_tmp(const char *snap_instance) ++ { ++ // Create a 0700 base directory. This is the "base" directory that is ++ // protected from other users. This directory name is NOT randomly ++@@ -162,37 +79,80 @@ ++ // Because the directories are reused across invocations by distinct users ++ // and because the directories are trivially guessable, each invocation ++ // unconditionally chowns/chmods them to appropriate values. ++- char base_dir[MAX_BUF] = { 0 }; +++ char base[MAX_BUF] = { 0 }; ++ char tmp_dir[MAX_BUF] = { 0 }; +++ int private_tmp_root_fd SC_CLEANUP(sc_cleanup_close) = -1; ++ int base_dir_fd SC_CLEANUP(sc_cleanup_close) = -1; ++ int tmp_dir_fd SC_CLEANUP(sc_cleanup_close) = -1; ++- sc_must_snprintf(base_dir, sizeof(base_dir), "/tmp/snap.%s", snap_name); ++- sc_must_snprintf(tmp_dir, sizeof(tmp_dir), "%s/tmp", base_dir); ++ ++- /* Switch to root group so that mkdir and open calls below create filesystem ++- * elements that are not owned by the user calling into snap-confine. */ +++ /* Switch to root group so that mkdir and open calls below create +++ * filesystem elements that are not owned by the user calling into +++ * snap-confine. */ ++ sc_identity old = sc_set_effective_identity(sc_root_group_identity()); ++- // Create /tmp/snap.$SNAP_NAME/ 0700 root.root. ++- base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700); ++- // Create /tmp/snap.$SNAP_NAME/tmp 01777 root.root Ignore EEXIST since we +++ +++ // /tmp/snap-private-tmp should have already been created by +++ // systemd-tmpfiles but we can try create it anyway since snapd may have +++ // just been installed in which case the tmpfiles conf would not have +++ // got executed yet +++ if (mkdir(SNAP_PRIVATE_TMP_ROOT_DIR, 0700) < 0 && errno != EEXIST) { +++ die("cannot create /tmp/snap-private-tmp"); +++ } +++ private_tmp_root_fd = open(SNAP_PRIVATE_TMP_ROOT_DIR, +++ O_RDONLY | O_DIRECTORY | O_CLOEXEC | +++ O_NOFOLLOW); +++ if (private_tmp_root_fd < 0) { +++ die("cannot open %s", SNAP_PRIVATE_TMP_ROOT_DIR); +++ } +++ struct stat st; +++ if (fstat(private_tmp_root_fd, &st) < 0) { +++ die("cannot stat %s", SNAP_PRIVATE_TMP_ROOT_DIR); +++ } +++ if (st.st_uid != 0 || st.st_gid != 0 || st.st_mode != (S_IFDIR | 0700)) { +++ die("%s has unexpected ownership / permissions", +++ SNAP_PRIVATE_TMP_ROOT_DIR); +++ } +++ // Create /tmp/snap-private-tmp/snap.$SNAP_INSTANCE_NAME/ 0700 root.root. +++ sc_must_snprintf(base, sizeof(base), "snap.%s", snap_instance); +++ if (mkdirat(private_tmp_root_fd, base, 0700) < 0 && errno != EEXIST) { +++ die("cannot create base directory: %s", base); +++ } +++ base_dir_fd = +++ openat(private_tmp_root_fd, base, +++ O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); +++ if (base_dir_fd < 0) { +++ die("cannot open base directory: %s", base); +++ } +++ if (fstat(base_dir_fd, &st) < 0) { +++ die("cannot stat %s/%s", SNAP_PRIVATE_TMP_ROOT_DIR, base); +++ } +++ if (st.st_uid != 0 || st.st_gid != 0 || st.st_mode != (S_IFDIR | 0700)) { +++ die("%s/%s has unexpected ownership / permissions", +++ SNAP_PRIVATE_TMP_ROOT_DIR, base); +++ } +++ // Create /tmp/$PRIVATE/snap.$SNAP_NAME/tmp 01777 root.root Ignore EEXIST since we ++ // want to reuse and we will open with O_NOFOLLOW, below. ++ if (mkdirat(base_dir_fd, "tmp", 01777) < 0 && errno != EEXIST) { ++- die("cannot create private tmp directory %s/tmp", base_dir); +++ die("cannot create private tmp directory %s/tmp", base); ++ } ++ (void)sc_set_effective_identity(old); ++ tmp_dir_fd = openat(base_dir_fd, "tmp", ++ O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); ++ if (tmp_dir_fd < 0) { ++- die("cannot open private tmp directory %s/tmp", base_dir); +++ die("cannot open private tmp directory %s/tmp", base); ++ } ++- if (fchown(tmp_dir_fd, 0, 0) < 0) { ++- die("cannot chown private tmp directory %s/tmp to root.root", ++- base_dir); ++- } ++- if (fchmod(tmp_dir_fd, 01777) < 0) { ++- die("cannot chmod private tmp directory %s/tmp to 01777", ++- base_dir); +++ if (fstat(tmp_dir_fd, &st) < 0) { +++ die("cannot stat %s/%s/tmp", SNAP_PRIVATE_TMP_ROOT_DIR, base); ++ } +++ if (st.st_uid != 0 || st.st_gid != 0 || st.st_mode != (S_IFDIR | 01777)) { +++ die("%s/%s/tmp has unexpected ownership / permissions", +++ SNAP_PRIVATE_TMP_ROOT_DIR, base); +++ } +++ // use the path to the file-descriptor in proc as the source mount point +++ // as this is a symlink itself to the real directory at +++ // /tmp/snap-private-tmp/snap.$SNAP_INSTANCE/tmp but doing it this way +++ // helps avoid any potential race +++ sc_must_snprintf(tmp_dir, sizeof(tmp_dir), +++ "/proc/self/fd/%d", tmp_dir_fd); ++ sc_do_mount(tmp_dir, "/tmp", NULL, MS_BIND, NULL); ++ sc_do_mount("none", "/tmp", NULL, MS_PRIVATE, NULL); ++ } ++@@ -765,7 +725,7 @@ ++ } ++ ++ // TODO: rename this and fold it into bootstrap ++- setup_private_mount(inv->snap_instance); +++ setup_private_tmp(inv->snap_instance); ++ // set up private /dev/pts ++ // TODO: fold this into bootstrap ++ setup_private_pts(); ++--- a/cmd/snap-confine/snap-confine.apparmor.in +++++ b/cmd/snap-confine/snap-confine.apparmor.in ++@@ -142,6 +142,7 @@ ++ mount options=(rw rshared) -> /var/lib/snapd/snap/, ++ ++ # boostrapping the mount namespace +++ /tmp/snap.rootfs_*/ rw, ++ mount options=(rw rshared) -> /, ++ mount options=(rw bind) /tmp/snap.rootfs_*/ -> /tmp/snap.rootfs_*/, ++ mount options=(rw unbindable) -> /tmp/snap.rootfs_*/, ++@@ -290,10 +291,11 @@ ++ # set up snap-specific private /tmp dir ++ capability chown, ++ /tmp/ rw, ++- /tmp/snap.*/ rw, ++- /tmp/snap.*/tmp/ rw, +++ /tmp/snap-private-tmp/ rw, +++ /tmp/snap-private-tmp/snap.*/ rw, +++ /tmp/snap-private-tmp/snap.*/tmp/ rw, ++ mount options=(rw private) -> /tmp/, ++- mount options=(rw bind) /tmp/snap.*/tmp/ -> /tmp/, +++ mount options=(rw bind) /tmp/snap-private-tmp/snap.*/tmp/ -> /tmp/, ++ mount fstype=devpts options=(rw) devpts -> /dev/pts/, ++ mount options=(rw bind) /dev/pts/ptmx -> /dev/ptmx, # for bind mounting ++ mount options=(rw bind) /dev/pts/ptmx -> /dev/pts/ptmx, # for bind mounting under LXD ++--- a/cmd/snap-update-ns/system.go +++++ b/cmd/snap-update-ns/system.go ++@@ -79,12 +79,12 @@ ++ // the slot-side snap, as there is no mechanism to convey this information. ++ // As such, provide write access to all of /tmp. ++ as.AddUnrestrictedPaths("/var/lib/snapd/hostfs/tmp") ++- as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap.*", 0700) ++- as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap.*/tmp", 1777) +++ as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.*", 0700) +++ as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.*/tmp", 1777) ++ // This is to ensure that unprivileged users can create the socket. This ++ // permission only matters if the plug-side app constructs its mount ++ // namespace before the slot-side app is launched. ++- as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap.*/tmp/.X11-unix", 1777) +++ as.AddModeHint("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.*/tmp/.X11-unix", 1777) ++ return as ++ } ++ ++--- a/cmd/snap-update-ns/system_test.go +++++ b/cmd/snap-update-ns/system_test.go ++@@ -56,10 +56,10 @@ ++ c.Check(as.ModeForPath("/stuff"), Equals, os.FileMode(0755)) ++ c.Check(as.ModeForPath("/tmp"), Equals, os.FileMode(0755)) ++ c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp"), Equals, os.FileMode(0755)) ++- c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server"), Equals, os.FileMode(0700)) ++- c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/tmp"), Equals, os.FileMode(1777)) ++- c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/foo"), Equals, os.FileMode(0755)) ++- c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap.x11-server/tmp/.X11-unix"), Equals, os.FileMode(1777)) +++ c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11-server"), Equals, os.FileMode(0700)) +++ c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11-server/tmp"), Equals, os.FileMode(1777)) +++ c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11-server/foo"), Equals, os.FileMode(0755)) +++ c.Check(as.ModeForPath("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11-server/tmp/.X11-unix"), Equals, os.FileMode(1777)) ++ ++ // Instances can, in addition, access /snap/$SNAP_INSTANCE_NAME ++ upCtx = update.NewSystemProfileUpdateContext("foo_instance", false) ++--- a/interfaces/builtin/x11.go +++++ b/interfaces/builtin/x11.go ++@@ -187,7 +187,7 @@ ++ } ++ slotSnapName := slot.Snap().InstanceName() ++ return spec.AddMountEntry(osutil.MountEntry{ ++- Name: fmt.Sprintf("/var/lib/snapd/hostfs/tmp/snap.%s/tmp/.X11-unix", slotSnapName), +++ Name: fmt.Sprintf("/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.%s/tmp/.X11-unix", slotSnapName), ++ Dir: "/tmp/.X11-unix", ++ Options: []string{"bind", "ro"}, ++ }) ++@@ -214,8 +214,8 @@ ++ slotSnapName := slot.Snap().InstanceName() ++ spec.AddUpdateNS(fmt.Sprintf(` ++ /tmp/.X11-unix/ rw, ++- /var/lib/snapd/hostfs/tmp/snap.%s/tmp/.X11-unix/ rw, ++- mount options=(rw, bind) /var/lib/snapd/hostfs/tmp/snap.%s/tmp/.X11-unix/ -> /tmp/.X11-unix/, +++ /var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.%s/tmp/.X11-unix/ rw, +++ mount options=(rw, bind) /var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.%s/tmp/.X11-unix/ -> /tmp/.X11-unix/, ++ mount options=(ro, remount, bind) -> /tmp/.X11-unix/, ++ mount options=(rslave) -> /tmp/.X11-unix/, ++ umount /tmp/.X11-unix/, ++--- a/interfaces/builtin/x11_test.go +++++ b/interfaces/builtin/x11_test.go ++@@ -119,7 +119,7 @@ ++ spec = &mount.Specification{} ++ c.Assert(spec.AddConnectedPlug(s.iface, s.plug, s.coreSlot), IsNil) ++ c.Assert(spec.MountEntries(), DeepEquals, []osutil.MountEntry{{ ++- Name: "/var/lib/snapd/hostfs/tmp/snap.x11/tmp/.X11-unix", +++ Name: "/var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11/tmp/.X11-unix", ++ Dir: "/tmp/.X11-unix", ++ Options: []string{"bind", "ro"}, ++ }}) ++@@ -155,7 +155,7 @@ ++ c.Assert(spec.SecurityTags(), DeepEquals, []string{"snap.consumer.app"}) ++ c.Assert(spec.SnippetForTag("snap.consumer.app"), testutil.Contains, "fontconfig") ++ c.Assert(spec.UpdateNS(), HasLen, 1) ++- c.Assert(spec.UpdateNS()[0], testutil.Contains, `mount options=(rw, bind) /var/lib/snapd/hostfs/tmp/snap.x11/tmp/.X11-unix/ -> /tmp/.X11-unix/,`) +++ c.Assert(spec.UpdateNS()[0], testutil.Contains, `mount options=(rw, bind) /var/lib/snapd/hostfs/tmp/snap-private-tmp/snap.x11/tmp/.X11-unix/ -> /tmp/.X11-unix/,`) ++ ++ // Slot side connection permissions ++ spec = &apparmor.Specification{} ++--- a/tests/lib/reset.sh +++++ b/tests/lib/reset.sh ++@@ -46,7 +46,7 @@ ++ ls -lR "$SNAP_MOUNT_DIR"/ /var/snap/ ++ exit 1 ++ fi ++- rm -rf /tmp/snap.* +++ rm -rf /tmp/snap-private-tmp ++ ++ case "$SPREAD_SYSTEM" in ++ fedora-*|centos-*) ++@@ -158,7 +158,7 @@ ++ systemctl stop snapd.service snapd.socket ++ restore_snapd_state ++ rm -rf /root/.snap ++- rm -rf /tmp/snap.* +++ rm -rf /tmp/snap-private-tmp/snap.* ++ if [ "$1" != "--keep-stopped" ]; then ++ systemctl start snapd.service snapd.socket ++ fi ++--- a/tests/main/cgroup-tracking/task.yaml +++++ b/tests/main/cgroup-tracking/task.yaml ++@@ -116,7 +116,7 @@ ++ trap "pkill sleep || true" EXIT ++ echo "Ensure that snap-confine has finished its task and that the snap process" ++ echo "is active. Note that we don't want to wait forever either." ++- retry -n 30 test -e /tmp/snap.test-snapd-tracking/tmp/1.stamp +++ retry -n 30 test -e /tmp/snap-private-tmp/snap.test-snapd-tracking/tmp/1.stamp ++ pid1_sleep=$(cat /tmp/1.pid) ++ ++ echo "During startup snap-run has asked systemd to move the process to a" ++@@ -135,7 +135,7 @@ ++ #shellcheck disable=SC2016 ++ tests.session -p /tmp/2.pid -u "$USER" exec snap run test-snapd-tracking.sh -c 'touch /tmp/2.stamp && exec sleep 2m' & ++ session2_pid=$! ++- retry -n 30 test -e /tmp/snap.test-snapd-tracking/tmp/2.stamp +++ retry -n 30 test -e /tmp/snap-private-tmp/snap.test-snapd-tracking/tmp/2.stamp ++ pid2_sleep=$(cat /tmp/2.pid) ++ pid2_tracking_cg_path="$(grep -E "^$base_cg_id:" < "/proc/$pid2_sleep/cgroup" | cut -d : -f 3)" ++ echo "$pid2_tracking_cg_path" | MATCH '.*/snap\.test-snapd-tracking\.sh\.[0-9a-f-]+\.scope' ++@@ -158,7 +158,7 @@ ++ #shellcheck disable=SC2016 ++ tests.session -p /tmp/3.pid -u "$USER" exec snap run test-snapd-tracking.sh -c 'touch /tmp/3.stamp && sleep 1m' & ++ session3_pid=$! ++- retry -n 30 test -e /tmp/snap.test-snapd-tracking/tmp/3.stamp +++ retry -n 30 test -e /tmp/snap-private-tmp/snap.test-snapd-tracking/tmp/3.stamp ++ pid3_sh=$(cat /tmp/3.pid) ++ pid3_tracking_cg_path="$(grep -E "^$base_cg_id:" < "/proc/$pid3_sh/cgroup" | cut -d : -f 3)" ++ MATCH "$pid3_sh" < "${base_cg_path}${pid3_tracking_cg_path}/cgroup.procs" ++--- a/tests/main/interfaces-x11-unix-socket/task.yaml +++++ b/tests/main/interfaces-x11-unix-socket/task.yaml ++@@ -25,7 +25,7 @@ ++ ++ echo "The snaps can communicate via the unix domain socket in /tmp" ++ x11-server & ++- retry -n 4 --wait 0.5 test -e /tmp/snap.x11-server/tmp/.X11-unix/X0 +++ retry -n 4 --wait 0.5 test -e /tmp/snap-private-tmp/snap.x11-server/tmp/.X11-unix/X0 ++ x11-client | MATCH "Hello from xserver" ++ ++ echo "The client cannot remove the unix domain sockets shared with it" ++--- a/tests/main/security-private-tmp/task.yaml +++++ b/tests/main/security-private-tmp/task.yaml ++@@ -18,7 +18,7 @@ ++ snap install --dangerous not-test-snapd-sh_1.0_all.snap ++ ++ restore: | ++- rm -rf "$SNAP_INSTALL_DIR" /tmp/foo /tmp/snap.not-test-snapd-sh /tmp/snap.test-snapd-sh/ +++ rm -rf "$SNAP_INSTALL_DIR" /tmp/foo /tmp/snap-private-tmp/snap.not-test-snapd-sh /tmp/snap-private-tmp/snap.test-snapd-sh/ ++ ++ execute: | ++ #shellcheck source=tests/lib/dirs.sh ++--- a/tests/main/snap-confine-tmp-mount/task.yaml +++++ b/tests/main/snap-confine-tmp-mount/task.yaml ++@@ -1,10 +1,8 @@ ++-summary: ensure snap-confine controls private mount namespace +++summary: ensure snap-confine correctly setups up the private tmp mount namespace ++ ++ details: | ++- Ensure that when creating the private mount namespace for a snap that ++- if it already exists but is not owned by root then any existing ++- contents within the private mount directory is first removed before the ++- mount is created. +++ Ensure that when creating the private tmp mount namespace for a snap that it +++ is done so under /tmp/snap-private-tmp/snap.SNAP_NAME which is owned by root ++ ++ # ubuntu-14.04: the test sets up a user session, which requires more recent systemd ++ systems: [-ubuntu-14.04-*] ++@@ -19,23 +17,6 @@ ++ tests.session -u test restore ++ ++ execute: | ++- rm -rf /tmp/snap.test-snapd-sh ++- # create /tmp/snap.test-snapd-sh as a regular user ++- tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh" ++- test_umask=$(tests.session -u test exec sh -c "umask") ++- # check permissions are as expected ++- expected=$(printf "%o" $((0777-test_umask))) ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "test test $expected" ++- # and place other contents there ++- tests.session -u test exec sh -c "mkdir /tmp/snap.test-snapd-sh/tmp" ++- tests.session -u test exec sh -c "touch /tmp/snap.test-snapd-sh/tmp/foo" ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "test test $expected" ++- expected=$(printf "%o" $((0666-test_umask))) ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp/foo | MATCH "test test $expected" ++- ++- # then execute snap-confine - this should take over our imposter base ++- # dir but execute id successfully - snap-confine outputs to stderr and ++- # id will output to stdout so capture each separately ++ SNAP_CONFINE=$(os.paths libexec-dir)/snapd/snap-confine ++ if os.query is-core; then ++ # on Ubuntu Core we need to use the correct path to ensure it is ++@@ -43,17 +24,15 @@ ++ # snap ++ SNAP_CONFINE=$(aa-status | grep "snap-confine$") ++ fi +++ # execute snap-confine as a standard user - this should create a private tmp +++ # dir as /tmp/snap-private-tmp/snap.test-snapd-sh/ - snap-confine outputs to +++ # stderr and id will output to stdout so capture each separately ++ tests.session -u test exec sh -c "env -i SNAPD_DEBUG=1 SNAP_INSTANCE_NAME=test-snapd-sh $SNAP_CONFINE --base core snap.test-snapd-sh.sh /bin/bash -c id 1>/tmp/snap-confine-stdout.log 2>/tmp/snap-confine-stderr.log" ++ tests.cleanup defer rm -f /tmp/snap-confine-stdout.log /tmp/snap-confine-stderr.log ++ ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700" +++ stat -c "%U %G %a" /tmp/snap-private-tmp/snap.test-snapd-sh | MATCH "root root 700" ++ ++- # contents should have been removed and tmp dir recreated with root ++- # ownership but foo file should have been removed ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh/tmp | MATCH "root root 1777" ++- [ -f /tmp/snap.test-snapd-sh/tmp/foo ] && exit 1 ++- # actual dir should be owned by root now ++- stat -c "%U %G %a" /tmp/snap.test-snapd-sh | MATCH "root root 700" +++ stat -c "%U %G %a" /tmp/snap-private-tmp/snap.test-snapd-sh/tmp | MATCH "root root 1777" ++ # and snap-confine should ensure the target binary is executed as the test user ++ MATCH "uid=12345$test$ gid=12345$test$" /tmp/snap-confine-stdout.log ++ ++--- a/tests/main/snap-confine-undesired-mode-group/task.yaml +++++ b/tests/main/snap-confine-undesired-mode-group/task.yaml ++@@ -16,7 +16,7 @@ ++ # trees. Such files may indicate that parts of code invomed from ++ # snap-confine (which includes snap-update-ns and snap-discard-ns) ran as ++ # the group of the calling user and did not manage that properly. ++- for dname in /run/snapd /sys/fs/cgroup /tmp/snap.*; do +++ for dname in /run/snapd /sys/fs/cgroup /tmp/snap-private-tmp/snap.*; do ++ # Filter out cgroups that are expected to be owned by the test user. ++ # Since we are a looking at sysfs, which is modified asynchronously, ++ # ignore errors of the kind where readdir and stat race with a ++@@ -28,7 +28,7 @@ ++ # - symbolic links, those are always 777 ++ # - the file cgroup.event_control which is ugo+w for some reason ++ # - the per-snap tmp directory as it is meant to be world-writable ++- find "$dname" -ignore_readdir_race ! -type s ! -type l ! -name cgroup.event_control ! -path '/tmp/snap.*/tmp' -perm /o+w >> world-writable.txt +++ find "$dname" -ignore_readdir_race ! -type s ! -type l ! -name cgroup.event_control ! -path '/tmp/snap-private-tmp/snap.*/tmp' -perm /o+w >> world-writable.txt ++ done ++ ++ # The test fails if any such file is detected ++@@ -53,4 +53,4 @@ ++ snap remove test-snapd-app ++ rm -f test-snapd-app_1.0_all.snap ++ rm -f wrong-*.txt ++- rm -rf /tmp/snap.test-snapd-app +++ rm -rf /tmp/snap-private-tmp/snap.test-snapd-app diff --cc debian/patches/0019-cve-2022-3328-3.patch index 00000000,00000000..b002a2e6 new file mode 100644 --- /dev/null +++ b/debian/patches/0019-cve-2022-3328-3.patch @@@ -1,0 -1,0 +1,98 @@@ ++Backport of the following upstream patch: ++From 2baff9272354bca07ae4d4256b8af0aae0d35a4a Mon Sep 17 00:00:00 2001 ++From: Alex Murray ++Date: Mon, 26 Sep 2022 16:34:48 +0930 ++Subject: [PATCH 4/4] overlord/snapmgr: Bump vulnerable snap version check ++ ++This should ensure that any older versions of snapd that are vulnerable to this ++new CVE-2022-3328 are uninstalled on upgrade to the fixed version. ++ ++Signed-off-by: Alex Murray ++--- ++ overlord/snapstate/snapmgr.go | 8 ++++---- ++ overlord/snapstate/snapstate_test.go | 12 ++++++------ ++ 2 files changed, 10 insertions(+), 10 deletions(-) ++ ++--- a/overlord/snapstate/snapmgr.go +++++ b/overlord/snapstate/snapmgr.go ++@@ -579,7 +579,7 @@ ++ ++ func (m *SnapManager) ensureVulnerableSnapRemoved(name string) error { ++ var removedYet bool ++- key := fmt.Sprintf("%s-snap-cve-2021-44731-vuln-removed", name) +++ key := fmt.Sprintf("%s-snap-cve-2022-3328-vuln-removed", name) ++ if err := m.state.Get(key, &removedYet); err != nil && err != state.ErrNoState { ++ return err ++ } ++@@ -606,8 +606,8 @@ ++ if err != nil { ++ return err ++ } ++- // res is < 0 if "ver" is lower than "2.54.3" ++- res, err := strutil.VersionCompare(ver, "2.54.3") +++ // res is < 0 if "ver" is lower than "2.57.6" +++ res, err := strutil.VersionCompare(ver, "2.57.6") ++ if err != nil { ++ return err ++ } ++@@ -677,7 +677,7 @@ ++ ++ // we have to remove vulnerable versions of both the core and snapd snaps ++ // only when we now have fixed versions installed / active ++- // the fixed version is 2.54.3, so if the version of the current core/snapd +++ // the fixed version is 2.57.6, so if the version of the current core/snapd ++ // snap is that or higher, then we proceed (if we didn't already do this) ++ ++ if err := m.ensureVulnerableSnapRemoved("snapd"); err != nil { ++--- a/overlord/snapstate/snapstate_test.go +++++ b/overlord/snapstate/snapstate_test.go ++@@ -2696,11 +2696,11 @@ ++ // make the currently installed snap info file fixed but an old version ++ // vulnerable ++ fixedInfoFile := ` ++-VERSION=2.54.3+git1.g479e745-dirty +++VERSION=2.57.6+git1.g479e745-dirty ++ SNAPD_APPARMOR_REEXEC=0 ++ ` ++ vulnInfoFile := ` ++-VERSION=2.54.2+git1.g479e745-dirty +++VERSION=2.57.5+git1.g479e745-dirty ++ SNAPD_APPARMOR_REEXEC=0 ++ ` ++ ++@@ -2781,7 +2781,7 @@ ++ ++ // and we set the appropriate key in the state ++ var removeDone bool ++- st.Get(snapName+"-snap-cve-2021-44731-vuln-removed", &removeDone) +++ st.Get(snapName+"-snap-cve-2022-3328-vuln-removed", &removeDone) ++ c.Assert(removeDone, Equals, true) ++ } ++ ++@@ -2864,7 +2864,7 @@ ++ c.Assert(ensureErr, ErrorMatches, fmt.Sprintf(`cannot open snapd info file "%s".*`, infoFileFor("snapd"))) ++ ++ st.Lock() ++- st.Set("snapd-snap-cve-2021-44731-vuln-removed", true) +++ st.Set("snapd-snap-cve-2022-3328-vuln-removed", true) ++ st.Unlock() ++ ++ // still unhappy about core file missing ++@@ -2873,7 +2873,7 @@ ++ ++ // but with core state flag set too, we are now happy ++ st.Lock() ++- st.Set("core-snap-cve-2021-44731-vuln-removed", true) +++ st.Set("core-snap-cve-2022-3328-vuln-removed", true) ++ st.Unlock() ++ ++ ensureErr = s.snapmgr.Ensure() ++@@ -2899,7 +2899,7 @@ ++ // now it should stop trying to check if state says so ++ st := s.state ++ st.Lock() ++- st.Set(snapName+"-snap-cve-2021-44731-vuln-removed", true) +++ st.Set(snapName+"-snap-cve-2022-3328-vuln-removed", true) ++ st.Unlock() ++ ++ ensureErr = s.snapmgr.Ensure() diff --cc debian/patches/no-seccomp-fork.patch index 00000000,00000000..97f6418a new file mode 100644 --- /dev/null +++ b/debian/patches/no-seccomp-fork.patch @@@ -1,0 -1,0 +1,21 @@@ ++Description: Do not use a fork of github.com/seccomp/libseccomp-golang ++ Upstream uses a fork of this library so it can work on Ubuntu 14.04. The ++ Debian package does not have to care about this so we can just use the ++ version from the archive. ++Author: Michael Hudson-Doyle ++Origin: vendor ++Forwarded: not-needed ++Last-Update: 2017-08-15 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/cmd/snap-seccomp/main.go +++++ b/cmd/snap-seccomp/main.go ++@@ -184,7 +184,7 @@ ++ // FIXME: we want github.com/seccomp/libseccomp-golang but that ++ // will not work with trusty because libseccomp-golang checks ++ // for the seccomp version and errors if it find one < 2.2.0 ++- "github.com/mvo5/libseccomp-golang" +++ "github.com/seccomp/libseccomp-golang" ++ ++ "github.com/snapcore/snapd/arch" ++ "github.com/snapcore/snapd/osutil" diff --cc debian/patches/no-snapfuse.patch index 00000000,00000000..e5ccf55a new file mode 100644 --- /dev/null +++ b/debian/patches/no-snapfuse.patch @@@ -1,0 -1,0 +1,11 @@@ ++--- a/systemd/systemd.go +++++ b/systemd/systemd.go ++@@ -33,8 +33,6 @@ ++ "sync/atomic" ++ "time" ++ ++- _ "github.com/snapcore/squashfuse" ++- ++ "github.com/snapcore/snapd/dirs" ++ "github.com/snapcore/snapd/osutil" ++ "github.com/snapcore/snapd/osutil/squashfs" diff --cc debian/patches/series index 00000000,00000000..29847d66 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,14 @@@ ++0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch ++0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch ++0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch ++0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch ++0005-advisor-errtracker-use-upstream-bolt-package.patch ++0006-systemd-disable-snapfuse-system.patch ++0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch ++0010-man-page-sections.patch ++0013-cherry-pick-pr9936.patch ++0015-cve-2021-44730-44731-4120.patch ++0016-cve-2021-2021-44730-44731-4120-auto-remove.patch ++0017-cve-2022-3328-1.patch ++0018-cve-2022-3328-2.patch ++0019-cve-2022-3328-3.patch diff --cc debian/rules index 00000000,00000000..cdf39ddb new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,294 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++# ++# These rules should work for any debian-ish distro that uses systemd ++# as init. That does _not_ include Ubuntu 14.04 ("trusty"); look for ++# its own special rule file. ++# ++# Please keep the diff between that and this relatively small, even if ++# it means having suboptimal code; these need to be kept in sync by ++# sentient bags of meat. ++ ++#export DH_VERBOSE=1 ++export DH_OPTIONS ++export DH_GOPKG := github.com/snapcore/snapd ++#export DEB_BUILD_OPTIONS=nocheck ++export DH_GOLANG_EXCLUDES=tests ++export DH_GOLANG_GO_GENERATE=1 ++ ++export PATH:=${PATH}:${CURDIR} ++ ++include /etc/os-release ++ ++# On 18.04 the released version of apt (1.6.1) has a bug that causes ++# problem on "apt purge snapd". To ensure this won't happen add the ++# right dependency on 18.04. ++ifeq (${VERSION_ID},"18.04") ++ SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.6.3)" ++endif ++# Same as above for 18.10 just a different version. ++ifeq (${VERSION_ID},"18.10") ++ SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.7.0~alpha2)" ++endif ++ ++# this is overridden in the ubuntu/14.04 release branch ++SYSTEMD_UNITS_DESTDIR="lib/systemd/system/" ++ ++# The go tool does not fully support vendoring with gccgo, but we can ++# work around that by constructing the appropriate -I flag by hand. ++GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes) ++ ++# Disable -buildmode=pie mode on i386 as can panics in spectacular ++# ways (LP: #1711052). ++# See also https://forum.snapcraft.io/t/artful-i386-panics/ ++# Note while the panic is only on artful, that's because artful ++# detects it; the issue potentially there on older things. ++BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std ++ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),i386) ++BUILDFLAGS+= -buildmode=pie ++endif ++ ++GCCGOFLAGS= ++ifeq ($(GCCGO),yes) ++GOARCH := $(shell go env GOARCH) ++GOOS := $(shell go env GOOS) ++BUILDFLAGS:= ++GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor" ++export DH_GOLANG_GO_GENERATE=0 ++# workaround for https://github.com/golang/go/issues/23721 ++export GOMAXPROCS=2 ++endif ++ ++# check if we need to include the testkeys in the binary ++# TAGS are the go build tags for all binaries, SNAP_TAGS are for snap ++# build only. ++TAGS=nosecboot ++SNAP_TAGS=nosecboot nomanagers ++ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS))) ++ TAGS+= withtestkeys ++ SNAP_TAGS+= withtestkeys ++endif ++ ++DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) ++ ++BUILT_USING_PACKAGES= ++# export DEB_BUILD_MAINT_OPTIONS = hardening=+all ++# DPKG_EXPORT_BUILDFLAGS = 1 ++# include /usr/share/dpkg/buildflags.mk ++ ++# Currently, we enable confinement for Ubuntu only, not for derivatives, ++# because derivatives may have different kernels that don't support all the ++# required confinement features and we don't to mislead anyone about the ++# security of the system. Discuss a proper approach to this for downstreams ++# if and when they approach us. ++ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) ++ # On Ubuntu 16.04 we need to produce a build that can be used on wide ++ # variety of systems. As such we prefer static linking over dynamic linking ++ # for stability, predicability and easy of deployment. We need to link some ++ # things dynamically though: udev has no stable IPC protocol between ++ # libudev and udevd so we need to link with it dynamically. ++ VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp --with-host-arch-triplet=$(DEB_HOST_MULTIARCH) ++ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64) ++ VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH) ++endif ++ BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev ++else ++ifeq ($(shell dpkg-vendor --query Vendor),Debian) ++ VENDOR_ARGS=--enable-nvidia-multiarch ++ BUILT_USING_PACKAGES=libcap-dev ++else ++ VENDOR_ARGS=--disable-apparmor ++endif ++endif ++BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) ++ ++%: ++ dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build ++ ++override_dh_fixperms: ++ dh_fixperms -Xusr/lib/snapd/snap-confine ++ ++ ++# The .real profile is a workaround for a bug in dpkg LP: #1673247 that causes ++# ubiquity to crash. It allows us to "move" the snap-confine profile from ++# snap-confine into snapd in a way that works with old dpkg that is in the live ++# CD image. ++# ++# Because both the usual and the .real profile describe the same binary the ++# .real profile takes priority (as it is loaded later). ++override_dh_installdeb: ++ dh_apparmor --profile-name=usr.lib.snapd.snap-confine.real -psnapd ++ dh_installdeb ++ ++override_dh_clean: ++ifneq (,$(TEST_GITHUB_AUTOPKGTEST)) ++ # this will be set by the GITHUB webhook to trigger a autopkgtest ++ # we only need to run "govendor sync" here and then its ready ++ (export GOPATH="/tmp/go"; \ ++ mkdir -p /tmp/go/src/github.com/snapcore/; \ ++ cp -ar . /tmp/go/src/github.com/snapcore/snapd; \ ++ go get -u github.com/kardianos/govendor; \ ++ (cd /tmp/go/src/github.com/snapcore/snapd ; /tmp/go/bin/govendor sync); \ ++ cp -ar /tmp/go/src/github.com/snapcore/snapd/vendor/ .; \ ++ ) ++endif ++ dh_clean ++ $(MAKE) -C data clean ++ # XXX: hacky ++ $(MAKE) -C cmd distclean || true ++ ++override_dh_auto_build: ++ # usually done via `go generate` but that is not supported on powerpc ++ ./mkversion.sh ++ # Build golang bits ++ mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data ++ cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/ ++ cp -a bootloader/assets/data _build/src/$(DH_GOPKG)/bootloader/assets ++ ++ # exclude certain parts that won't be used by debian ++ find _build/src/$(DH_GOPKG)/cmd/snap-bootstrap -name "*.go" | xargs rm -f ++ find _build/src/$(DH_GOPKG)/gadget/install -name "*.go" | grep -vE '(params\.go|install_dummy\.go)'| xargs rm -f ++ # XXX: once dh-golang understands go build tags this would not be needed ++ find _build/src/$(DH_GOPKG)/secboot/ -name "*.go" | grep -Ev '(encrypt\.go|secboot_dummy\.go|secboot\.go|encrypt_dummy\.go)' | xargs rm -f ++ # and build ++ dh_auto_build -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS) ++ ++ (cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build go build $(BUILDFLAGS) $(GCCGOFLAGS) -tags "$(SNAP_TAGS)" $(DH_GOPKG)/cmd/snap) ++ ++ # (static linking on powerpc with cgo is broken) ++ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc) ++ # Generate static snap-exec, snapctl and snap-update-ns - it somehow includes CGO so ++ # we must force a static build here. We need a static snap-{exec,update-ns} ++ # inside the core snap because not all bases will have a libc ++ (cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build CGO_ENABLED=0 go build $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-exec) ++ (cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build CGO_ENABLED=0 go build $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snapctl) ++ (cd _build/bin && GOPATH=$$(pwd)/.. GOCACHE=/tmp/go-build go build --ldflags '-extldflags "-static"' $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-update-ns) ++ ++ # ensure we generated a static build ++ $(shell if ldd _build/bin/snap-exec; then false "need static build"; fi) ++ $(shell if ldd _build/bin/snap-update-ns; then false "need static build"; fi) ++ $(shell if ldd _build/bin/snapctl; then false "need static build"; fi) ++endif ++ ++ # ensure snap-seccomp is build with a static libseccomp on Ubuntu ++ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) ++ # (static linking on powerpc with cgo is broken) ++ ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc) ++ sed -i "s|#cgo LDFLAGS:|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go ++ (cd _build/bin && GOPATH=$$(pwd)/.. CGO_LDFLAGS_ALLOW="/.*/libseccomp.a" go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-seccomp) ++ # ensure that libseccomp is not dynamically linked ++ ldd _build/bin/snap-seccomp ++ test "$$(ldd _build/bin/snap-seccomp | grep libseccomp)" = "" ++ # revert again so that the subsequent tests work ++ sed -i "s|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|#cgo LDFLAGS:|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go ++ endif ++endif ++ ++ # Build C bits, sadly manually ++ cd cmd && ( autoreconf -i -f ) ++ cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) ++ $(MAKE) -C cmd all ++ ++ # Generate the real systemd/dbus/env config files ++ $(MAKE) -C data all ++ ++override_dh_auto_test: ++ dh_auto_test -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS) ++# a tested default (production) build should have no test keys ++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) ++ # check that only the main trusted account-keys are included ++ [ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ] ++ strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" ++ strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" ++ # same for snap-repair ++ [ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ] ++ # common with snapd ++ strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" ++ strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" ++ # repair-root ++ strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$" ++endif ++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) ++ # run the snap-confine tests ++ $(MAKE) -C cmd check ++endif ++ ++override_dh_install-indep: ++ # we do not need this in the package, its just needed during build ++ rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go ++ # toolbelt is not shippable ++ rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt ++ # we do not like /usr/bin/snappy anymore ++ rm -f ${CURDIR}/debian/tmp/usr/bin/snappy ++ # chrorder generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder ++ # bootloader assets generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/genasset ++ # docs generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/docs ++ ++ dh_install ++ ++override_dh_install-arch: ++ # we do not need this in the package, its just needed during build ++ rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go ++ # toolbelt is not shippable ++ rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt ++ # we do not like /usr/bin/snappy anymore ++ rm -f ${CURDIR}/debian/tmp/usr/bin/snappy ++ # i18n stuff ++ mkdir -p debian/snapd/usr/share ++ if [ -d share/locale ]; then \ ++ cp -R share/locale debian/snapd/usr/share; \ ++ fi ++ # chrorder generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder ++ # bootloader assets generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/genasset ++ # docs generator ++ rm -f ${CURDIR}/debian/tmp/usr/bin/docs ++ ++ # Install snapd's systemd units / upstart jobs, done ++ # here instead of debian/snapd.install because the ++ # ubuntu/14.04 release branch adds/changes bits here ++ $(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \ ++ SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR) ++ # We called this apps-bin-path.sh instead of snapd.sh, and ++ # it's a conf file so we're stuck with it ++ mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh ++ ++ $(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp ++ ++ # Rename the apparmor profile, see dh_apparmor call above for an explanation. ++ mv $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine.real ++ ++ # On Ubuntu and Debian we don't need to install the apparmor helper service. ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.apparmor.service ++ rm $(CURDIR)/debian/tmp/usr/lib/snapd/snapd-apparmor ++ ++ # Ouside of core we don't need to install the following files: ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.autoimport.service ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.core-fixup.service ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.failure.service ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.service ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.timer ++ rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.system-shutdown.service ++ rm $(CURDIR)/debian/snapd/usr/lib/snapd/snapd.run-from-snap ++ ++ dh_install ++ ++override_dh_auto_install: snap.8 ++ dh_auto_install -O--buildsystem=golang ++ ++snap.8: ++ # fix reproducible builds as reported by: ++ # https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/snapd.html ++ # once golang-go-flags is fixed we can remove the "sed" expression ++ $(CURDIR)/_build/bin/snap help --man | sed '1 s/^.*/.TH snap 8 "$(shell date --reference=debian/changelog +"%d %B %Y")"/' > $@ ++ ++override_dh_auto_clean: ++ dh_auto_clean -O--buildsystem=golang ++ rm -vf snap.8 ++ ++override_dh_gencontrol: ++ dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" diff --cc debian/snap-confine.maintscript index 00000000,00000000..16bc8774 new file mode 100644 --- /dev/null +++ b/debian/snap-confine.maintscript @@@ -1,0 -1,0 +1,1 @@@ ++rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ diff --cc debian/snapd.autoimport.udev index 00000000,00000000..f06a9f3e new file mode 100644 --- /dev/null +++ b/debian/snapd.autoimport.udev @@@ -1,0 -1,0 +1,3 @@@ ++# probe for assertions, must run before udisks2 ++ACTION=="add", SUBSYSTEM=="block" \ ++ RUN+="/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/%k" diff --cc debian/snapd.dirs index 00000000,00000000..fa729904 new file mode 100644 --- /dev/null +++ b/debian/snapd.dirs @@@ -1,0 -1,0 +1,15 @@@ ++snap ++var/cache/snapd ++usr/lib/snapd ++var/lib/snapd/apparmor/snap-confine ++var/lib/snapd/auto-import ++var/lib/snapd/desktop ++var/lib/snapd/environment ++var/lib/snapd/firstboot ++var/lib/snapd/inhibit ++var/lib/snapd/lib/gl ++var/lib/snapd/lib/gl32 ++var/lib/snapd/lib/vulkan ++var/lib/snapd/snaps/partial ++var/lib/snapd/void ++var/snap diff --cc debian/snapd.install index 00000000,00000000..2cd62a51 new file mode 100644 --- /dev/null +++ b/debian/snapd.install @@@ -1,0 -1,0 +1,40 @@@ ++usr/bin/snap ++usr/bin/snapctl /usr/lib/snapd/ ++ ++usr/bin/snap-exec /usr/lib/snapd/ ++usr/bin/snap-update-ns /usr/lib/snapd/ ++usr/bin/snapd /usr/lib/snapd/ ++usr/bin/snap-seccomp /usr/lib/snapd/ ++ ++# bash completion ++data/completion/bash/snap /usr/share/bash-completion/completions ++data/completion/bash/complete.sh /usr/lib/snapd/ ++data/completion/bash/etelpmoc.sh /usr/lib/snapd/ ++# zsh completion ++data/completion/zsh/_snap /usr/share/zsh/vendor-completions ++# snap/snapd version information ++data/info /usr/lib/snapd/ ++# polkit actions ++data/polkit/io.snapcraft.snapd.policy /usr/share/polkit-1/actions/ ++# apt hook ++data/apt/20snapd.conf /etc/apt/apt.conf.d/ ++ ++# snap-confine stuff ++etc/apparmor.d/usr.lib.snapd.snap-confine.real ++usr/lib/snapd/snap-device-helper ++usr/lib/snapd/snap-mgmt ++usr/lib/snapd/snap-confine ++usr/lib/snapd/snap-discard-ns ++usr/share/man/ ++# for compatibility with ancient snap installs that wrote the shell based ++# wrapper scripts instead of the modern symlinks ++usr/bin/ubuntu-core-launcher ++ ++# gdb helper ++usr/lib/snapd/snap-gdb-shim ++usr/lib/snapd/snap-gdbserver-shim ++ ++# use "usr/lib" here because apparently systemd looks only there ++usr/lib/systemd/system-environment-generators ++# but system generators end up in lib ++lib/systemd/system-generators diff --cc debian/snapd.links index 00000000,00000000..2b9a1308 new file mode 100644 --- /dev/null +++ b/debian/snapd.links @@@ -1,0 -1,0 +1,6 @@@ ++/usr/lib/snapd/snap-device-helper /lib/udev/snappy-app-dev ++usr/lib/snapd/snapctl usr/bin/snapctl ++ ++# This should be removed once we can rely on debhelper >= 11.5: ++# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764678 ++/usr/lib/systemd/user/snapd.session-agent.socket /usr/lib/systemd/user/sockets.target.wants/snapd.session-agent.socket diff --cc debian/snapd.lintian-overrides index 00000000,00000000..b5be2587 new file mode 100644 --- /dev/null +++ b/debian/snapd.lintian-overrides @@@ -1,0 -1,0 +1,13 @@@ ++# Up for discussion whether we should use this directory on Debian, or ++# patch snap to use some different mountpoint; in the meantime, override to ++# pass the NEW queue. ++snapd: non-standard-toplevel-dir snap/ ++# Up for discussion whether we should use this directory on Debian, or ++# patch snap to use some different mountpoint; in the meantime, override. ++snapd: non-standard-dir-in-var var/snap/ ++# snapd is a very special case which needs to tear out its self-managed ++# units on purge, we certainly would not be able to use the Debian ++# abstractions for this ++snapd: maintainer-script-calls-systemctl postrm:9 ++# fortify functions aren't here because we use none of the libc functions. ++snapd: hardening-no-fortify-functions * diff --cc debian/snapd.maintscript index 00000000,00000000..4373efdc new file mode 100644 --- /dev/null +++ b/debian/snapd.maintscript @@@ -1,0 -1,0 +1,5 @@@ ++# keep mount point busy ++# we used to ship a custom grub config that is no longer needed ++rm_conffile /etc/grub.d/09_snappy 1.7.3ubuntu1 ++rm_conffile /etc/ld.so.conf.d/snappy.conf 2.0.7~ ++rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ snap-confine diff --cc debian/snapd.manpages index 00000000,00000000..b383785e new file mode 100644 --- /dev/null +++ b/debian/snapd.manpages @@@ -1,0 -1,0 +1,1 @@@ ++snap.8 diff --cc debian/snapd.postinst index 00000000,00000000..ac9a4d50 new file mode 100644 --- /dev/null +++ b/debian/snapd.postinst @@@ -1,0 -1,0 +1,41 @@@ ++#!/bin/sh ++ ++set -e ++ ++ ++case "$1" in ++ configure) ++ # ensure /var/lib/snapd/lib/gl is cleared ++ if dpkg --compare-versions "$2" lt-nl "2.0.7"; then ++ ldconfig ++ fi ++ ++ # Ensure that we undo the damage done by the snap.mount unit that was present ++ # in snapd 2.31. ++ # ++ # We found that update scripts make systemd stop inactive mount units and this ++ # in turn stops all the units that depend on it so when the snap.mount unit is ++ # stopped all the per-snap mount units gets stopped along with them. The 2.31 ++ # release was only out briefly in xenial-proposed and bionic but to keep the ++ # affected users safe let's start all the per-snap mount units so that snaps no ++ # longer appear as broken after update. ++ if dpkg --compare-versions "$2" ge-nl "2.31" && \ ++ dpkg --compare-versions "$2" lt-nl "2.32"; then ++ units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true) ++ mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true) ++ for unit in $mounts; do ++ # ensure its really a snap mount unit or systemd unit ++ if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then ++ echo "Skipping non-snapd systemd unit $unit" ++ continue ++ fi ++ ++ echo "Starting $unit" ++ deb-systemd-invoke start "$unit" || true ++ done ++ fi ++ # Ensure that the void directory has correct permissions. ++ chmod 111 /var/lib/snapd/void ++esac ++ ++#DEBHELPER# diff --cc debian/snapd.postrm index 00000000,00000000..141b4880 new file mode 100644 --- /dev/null +++ b/debian/snapd.postrm @@@ -1,0 -1,0 +1,145 @@@ ++#!/bin/sh ++ ++set -e ++ ++systemctl_stop() { ++ unit="$1" ++ ++ echo "Stopping unit $unit" ++ systemctl stop -q "$unit" || true ++ ++ for i in $(seq 20); do ++ echo "Waiting until unit $unit is stopped [attempt $i]" ++ if ! systemctl is-active -q "$unit"; then ++ echo "$unit is stopped." ++ return ++ fi ++ sleep .1 ++ done ++} ++ ++if [ "$1" = "purge" ]; then ++ # Undo any bind mounts to ${SNAP_MOUNT_DIR} or /var/snap done by parallel ++ # installs or LP:#1668659 ++ for mp in /snap /var/snap; do ++ if grep -q " $mp $mp" /proc/self/mountinfo; then ++ umount -l "$mp" || true ++ fi ++ done ++ ++ units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true) ++ mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true) ++ services=$(echo "$units" | grep '^snap[-.].*\.service$' || true) ++ ++ for unit in $services $mounts; do ++ # ensure its really a snap mount unit or systemd unit ++ if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then ++ echo "Skipping non-snapd systemd unit $unit" ++ continue ++ fi ++ ++ echo "Stopping $unit" ++ systemctl_stop "$unit" ++ ++ # if it is a mount unit, we can find the snap name in the mount ++ # unit (we just ignore unit files) ++ snap=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f3 -d/) ++ rev=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f4 -d/) ++ if [ -n "$snap" ]; then ++ echo "Removing snap $snap and revision $rev" ++ # aliases ++ if [ -d /snap/bin ]; then ++ find /snap/bin -maxdepth 1 -lname "$snap" -delete ++ find /snap/bin -maxdepth 1 -lname "$snap.*" -delete ++ fi ++ # generated binaries ++ rm -f "/snap/bin/$snap" ++ rm -f "/snap/bin/$snap".* ++ # snap mount dir ++ # we pass -d (clean up loopback devices) for trusty compatibility ++ umount -d -l "/snap/$snap/$rev" 2> /dev/null || true ++ rm -rf "/snap/$snap/$rev" ++ rm -f "/snap/$snap/current" ++ # snap data dir ++ rm -rf "/var/snap/$snap/$rev" ++ rm -rf "/var/snap/$snap/common" ++ rm -f "/var/snap/$snap/current" ++ # opportunistic remove (may fail if there are still revisions left ++ for d in "/snap/$snap" "/var/snap/$snap"; do ++ if [ -d "$d" ]; then ++ rmdir --ignore-fail-on-non-empty "$d" || true ++ fi ++ done ++ # udev rules ++ find /etc/udev/rules.d -name "*-snap.${snap}.rules" -execdir rm -f "{}" \; ++ # dbus policy files ++ if [ -d /etc/dbus-1/system.d ]; then ++ find /etc/dbus-1/system.d -name "snap.${snap}.*.conf" -execdir rm -f "{}" \; ++ fi ++ # modules ++ rm -f "/etc/modules-load.d/snap.${snap}.conf" ++ # timer and socket units ++ find /etc/systemd/system -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" | while read -r f; do ++ systemctl_stop "$(basename "$f")" ++ rm -f "$f" ++ done ++ # user services, sockets, and timers - we make no attempt to stop any of them. ++ # TODO: ask snapd to ask each snapd.session-agent.service to stop snaps ++ # user-session services and stop itself. ++ find /etc/systemd/user -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" -o -name "snap.${snap}.*.service" | while read -r f; do ++ rm -f "$f" ++ done ++ fi ++ ++ echo "Removing $unit" ++ rm -f "/etc/systemd/system/$unit" ++ rm -f "/etc/systemd/system/multi-user.target.wants/$unit" ++ done ++ ++ # snapd session-agent ++ rm -f /etc/systemd/user/snapd.session-agent.socket ++ rm -f /etc/systemd/user/snapd.session-agent.service ++ rm -f /etc/systemd/user/sockets.target.wants/snapd.session-agent.socket ++ ++ # generated readme files ++ rm -f "/snap/README" ++ ++ echo "Discarding preserved snap namespaces" ++ # opportunistic as those might not be actually mounted ++ if [ -d /run/snapd/ns ]; then ++ if [ "$(find /run/snapd/ns/ -name "*.mnt" | wc -l)" -gt 0 ]; then ++ for mnt in /run/snapd/ns/*.mnt; do ++ umount -l "$mnt" || true ++ rm -f "$mnt" ++ done ++ fi ++ find /run/snapd/ns/ $ -name '*.fstab' -o -name '*.user-fstab' -o -name '*.info' $ -delete ++ umount -l /run/snapd/ns/ || true ++ fi ++ ++ # inside containers we have a generator that creates a bind mount to /snap ++ if [ -e /run/systemd/container ]; then ++ echo "Unmount /snap inside a container" ++ umount /snap || true ++ fi ++ ++ echo "Final directory cleanup" ++ for d in "/snap/bin" "/snap" "/var/snap"; do ++ # Force remove due to directories for old revisions could still exist ++ rm -rf "$d" ++ if [ -d "$d" ]; then ++ echo "Cannot remove directory $d" ++ fi ++ done ++ ++ echo "Removing extra snap-confine apparmor rules" ++ rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine ++ ++ echo "Removing snapd cache" ++ rm -rf /var/cache/snapd/* ++ ++ echo "Removing snapd state" ++ rm -rf /var/lib/snapd ++fi ++ ++#DEBHELPER# diff --cc debian/snapd.prerm index 00000000,00000000..63824a2b new file mode 100755 --- /dev/null +++ b/debian/snapd.prerm @@@ -1,0 -1,0 +1,37 @@@ ++#!/bin/sh ++ ++set -e ++ ++systemctl_stop() { ++ unit="$1" ++ ++ echo "Stopping unit $unit" ++ systemctl stop -q "$unit" || true ++ ++ for i in $(seq 20); do ++ echo "Waiting until unit $unit is stopped [attempt $i]" ++ if ! systemctl is-active -q "$unit"; then ++ echo "$unit is stopped." ++ return ++ fi ++ sleep .1 ++ done ++} ++ ++if [ "$1" = "remove" ]; then ++ units=$(systemctl list-unit-files --full | grep '^snap\.' | cut -f1 -d ' ' | grep -vF snap.mount.service || true) ++ tostop=$(echo "$units" | grep -E '^snap\..*\.(service|timer|socket)$' || true) ++ ++ for unit in $tostop; do ++ # ensure it's really a snap mount unit or systemd unit ++ if ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then ++ echo "Skipping non-snapd systemd unit $unit" ++ continue ++ fi ++ ++ echo "Stopping $unit" ++ systemctl_stop "$unit" ++ done ++fi ++ ++#DEBHELPER# diff --cc debian/source/format index 00000000,00000000..163aaf8d new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/source/options index 00000000,00000000..8a90ced6 new file mode 100644 --- /dev/null +++ b/debian/source/options @@@ -1,0 -1,0 +1,1 @@@ ++include-removal diff --cc debian/tests/README.md index 00000000,00000000..c32e6db3 new file mode 100644 --- /dev/null +++ b/debian/tests/README.md @@@ -1,0 -1,0 +1,10 @@@ ++## Autopkgtest ++ ++In order to run the autopkgtest suite locally you need first to generate an image: ++ ++ $ adt-buildvm-ubuntu-cloud -a amd64 -r xenial -v ++ ++This will create a `adt-xenial-amd64-cloud.img` file, then you can run the tests from ++the project's root with: ++ ++ $ adt-run --unbuilt-tree . --- qemu ./adt-xenial-amd64-cloud.img diff --cc debian/tests/control index 00000000,00000000..7fce6df4 new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,12 @@@ ++Tests: integrationtests ++Restrictions: allow-stderr, rw-build-tree, needs-root, breaks-testbed, isolation-machine ++Depends: @builddeps@, ++ bzr, ++ ca-certificates, ++ git, ++ golang-golang-x-net-dev, ++ locales, ++ openssh-server, ++ netcat-openbsd, ++ net-tools, ++ snapd diff --cc debian/tests/integrationtests index 00000000,00000000..81dfd8c2 new file mode 100644 --- /dev/null +++ b/debian/tests/integrationtests @@@ -1,0 -1,0 +1,51 @@@ ++#!/bin/sh ++ ++set -ex ++ ++# required for the debian adt host ++mkdir -p /etc/systemd/system/snapd.service.d/ ++if [ "${http_proxy:-}" != "" ]; then ++ cat <> /etc/environment ++ echo "https_proxy=$http_proxy" >> /etc/environment ++fi ++systemctl daemon-reload ++ ++# ensure we are not get killed too easily ++printf '%s\n' "-950" > /proc/$$/oom_score_adj ++ ++# see what mem we have (for debugging) ++cat /proc/meminfo ++ ++# ensure we can do a connect to localhost ++echo ubuntu:ubuntu|chpasswd ++sed -i 's/$PermitRootLogin\|PasswordAuthentication$\>.*/\1 yes/' /etc/ssh/sshd_config ++systemctl reload sshd.service ++ ++# Map snapd deb package pockets to core snap channels. This is intended to cope ++# with the autopkgtest execution when testing packages from the different pockets ++if apt -qq list snapd | grep -q -- -proposed; then ++ export SPREAD_CORE_CHANNEL=candidate ++elif apt -qq list snapd | grep -q -- -updates; then ++ export SPREAD_CORE_CHANNEL=stable ++fi ++ ++# Spread will only buid with recent go ++snap install --classic go ++ ++# and now run spread against localhost ++# shellcheck disable=SC1091 ++. /etc/os-release ++export GOPATH=/tmp/go ++/snap/bin/go get -u github.com/snapcore/spread/cmd/spread ++/tmp/go/bin/spread -v "autopkgtest:${ID}-${VERSION_ID}-$(dpkg --print-architecture)":tests/smoke/ ++ ++# store journal info for inspectsion ++journalctl --sync ++journalctl -ab > "$ADT_ARTIFACTS"/journal.txt diff --cc debian/tests/testconfig.json index 00000000,00000000..c1669d09 new file mode 100644 --- /dev/null +++ b/debian/tests/testconfig.json @@@ -1,0 -1,0 +1,3 @@@ ++{ ++ "FromBranch": false ++} diff --cc debian/watch index 00000000,00000000..f24cda73 new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,4 @@@ ++version=3 ++opts=filenamemangle=s/.+\/snapd_(\d\S*)\.no-vendor\.tar\.xz/snapd-\$1\.tar\.gz/,\ ++uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/ \ ++ https://github.com/snapcore/snapd/releases .*/snapd_(\d\S*)\.no-vendor\.tar\.xz