From: Michael Hudson-Doyle Date: Tue, 16 Jan 2018 00:02:31 +0000 (+0000) Subject: Import snapd_2.30-4.debian.tar.xz X-Git-Tag: archive/raspbian/2.30-5+rpi1^2^2~5^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=a626304569ab11653cd4426c39af9ed2716971de;p=snapd.git Import snapd_2.30-4.debian.tar.xz [dgit import tarball snapd 2.30-4 snapd_2.30-4.debian.tar.xz] --- a626304569ab11653cd4426c39af9ed2716971de diff --git a/changelog b/changelog new file mode 100644 index 00000000..5da6d80b --- /dev/null +++ b/changelog @@ -0,0 +1,3913 @@ +snapd (2.30-4) unstable; urgency=medium + + * Fix Built-Using computation on Debian. + * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable + a flaky test. + + -- Michael Hudson-Doyle Tue, 16 Jan 2018 13:02:31 +1300 + +snapd (2.30-3) unstable; urgency=medium + + * Fix arch builds again, sigh, + + -- Michael Hudson-Doyle Tue, 09 Jan 2018 13:56:48 +1300 + +snapd (2.30-2) unstable; urgency=medium + + * Fix arch-all-only build. (Closes: 886431) + + -- Michael Hudson-Doyle Tue, 09 Jan 2018 10:48:20 +1300 + +snapd (2.30-1) unstable; urgency=medium + + * New upstream release. + * Remove several patches: + - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in + release. + - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream + now implements a better solution to the problem. + - pb.v1-canonical-path.patch: applied upstream. + * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream + + -- Michael Hudson-Doyle Fri, 05 Jan 2018 09:39:07 +1300 + +snapd (2.28.5) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - snap-confine: cleanup broken nvidia udev tags + - cmd/snap-confine: update valid security tag regexp + - overlord/ifacestate: refresh udev backend on startup + - dbus: ensure io.snapcraft.Launcher.service is created on re- + exec + - snap-confine: add support for handling /dev/nvidia-modeset + - interfaces/network-control: remove incorrect rules for tun + + -- Michael Vogt Fri, 13 Oct 2017 23:25:46 +0200 + +snapd (2.28.4) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces/opengl: don't udev tag nvidia devices and use snap- + confine instead + - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!) + + -- Michael Vogt Wed, 11 Oct 2017 19:40:57 +0200 + +snapd (2.28.3) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces/lxd: lxd slot implementation can also be an app + snap + + -- Michael Vogt Wed, 11 Oct 2017 08:20:26 +0200 + +snapd (2.28.2) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - interfaces: fix udev rules for tun + - release,cmd,dirs: Redo the distro checks to take into account + distribution families + + -- Michael Vogt Tue, 10 Oct 2017 18:39:58 +0200 + +snapd (2.28.1) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - snap-confine: update apparmor rules for fedora based basesnaps + - snapstate: rename refresh hook to post-refresh for consistency + + -- Michael Vogt Wed, 27 Sep 2017 17:59:49 -0400 + +snapd (2.28) xenial; urgency=medium + + * New upstream release, LP: #1714984 + - hooks: rename refresh to after-refresh + - snap-confine: bind mount /usr/lib/snapd relative to snap-confine + - cmd,dirs: treat "liri" the same way as "arch" + - snap-confine: fix base snaps on core + - hooks: substitute env vars when executing hooks + - interfaces: updates for default, browser-support, desktop, opengl, + upower and stub-resolv.conf + - cmd,dirs: treat manjaro the same as arch + - systemd: do not run auto-import and repair services on classic + - packaging/fedora: Ensure vendor/ is empty for builds and fix spec + to build current master + - many: fix TestSetConfNumber missing an Unlock and other fragility + improvements + - osutil: adjust StreamCommand tests for golang 1.9 + - daemon: allow polkit authorisation to install/remove snaps + - tests: make TestCmdWatch more robust + - debian: improve package description + - interfaces: add netlink kobject uevent to hardware observe + - debian: update trusted account-keys check on 14.04 packaging + - interfaces/network-{control,observe}: allow receiving + kobject_uevent() messages + - tests: fix lxd test for external backend + - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on + go1.7,ppc64 + - corecfg: mock "systemctl" in all corecfg tests + - tests: fix unit tests on Ubuntu 14.04 + - debian: add missing flags when building static snap-exec + - many: end-to-end support for the bare base snap + - overlord/snapstate: SetRootDir from SetUpTest, not in just some + tests + - store: have an ad-hoc method on cfg to get its list of uris for + tests + - daemon: let client decide whether to allow interactive auth via + polkit + - client,daemon,snap,store: add license field + - overlord/snapstate: rename HasCurrent to IsInstalled, remove + superfluous/misleading check from All + - cmd/snap: SetRootDir from SetUpTest, not in just some individual + tests. + - systemd: rename snap-repair.{service,timer} to snapd.snap- + repair.{service,timer} + - snap-seccomp: remove use of x/net/bpf from tests + - httputil: more naive per go version way to recreate a default + transport for tls reconfig + - cmd/snap-seccomp/main_test.go: add one more syscall for arm64 + - interfaces/opengl: use == to compare, not = + - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64 + - cmd/snap-repair: track and use a lower bound for the time for + TLS checks + - interfaces: expose bluez interface on classic OS + - snap-seccomp: add in-kernel bpf tests + - overlord: always try to get a serial, lazily on classic + - tests: add nmcli regression test + - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64 + - tests: add autopilot-introspection interface test + - vendor: fix artifact from manually editing vendor/vendor.json + - tests: rename complexion to test-snapd-complexion + - interfaces: add desktop and desktop-legacy + interfaces/desktop: add new 'desktop' interface for modern DEs + interfaces/builtin/desktop_test.go: use modern testing techniques + interfaces/wayland: allow read on /etc/drirc for Plasma desktop + interfaces/desktop-legacy: add new 'legacy' interface (currently + for a11y and input) + - tests: fix race in snap userd test + - devices/iio: add read/write for missing sysfs entries + - spread: don't set HTTPS?_PROXY for linode + - cmd/snap-repair: check signatures of repairs from Next + - env: set XDG_DATA_DIRS for wayland et.al. + - interfaces/{default,account-control}: Use username/group instead + of uid/gid + - interfaces/builtin: use udev tagging more broadly + - tests: add basic lxd test + - wrappers: ensure bash completion snaps install on core + - vendor: use old golang.org/x/crypto/ssh/terminal to build on + powerpc again + - docs: add PULL_REQUEST_TEMPLATE.md + - interfaces: fix network-manager plug + - hooks: do not error out when hook is optional and no hook handler + is registered + - cmd/snap: add userd command to replace snapd-xdg-open + - tests: new regex used to validate the core version on extra snaps + ass... + - snap: add new `snap switch` command + - tests: wait more and more debug info about fakestore start issues + - apparmor,release: add better apparmor detection/mocking code + - interfaces/i2c: adjust sysfs rule for alternate paths + - interfaces/apparmor: add missing call to dirs.SetRootDir + - cmd: "make hack" now also installs snap-update-ns + - tests: copy files with less verbosity + - cmd/snap-confine: allow using additional libraries required by + openSUSE + - packaging/fedora: Merge changes from Fedora Dist-Git + - snapstate: improve the error message when classic confinement is + not supported + - tests: add test to ensure amd64 can run i386 syscall binaries + - tests: adding extra info for fakestore when fails to start + - tests: install most important snaps + - cmd/snap-repair: more test coverage of filtering + - squashfs: remove runCommand/runCommandWithOutput as we do not need + it + - cmd/snap-repair: ignore superseded revisions, filter on arch and + models + - hooks: support for refresh hook + - Partial revert "overlord/devicestate, store: update device auth + endpoints URLs" + - cmd/snap-confine: allow reading /proc/filesystems + - cmd/snap-confine: genearlize apparmor profile for various lib + layout + - corecfg: fix proxy.* writing and add integration test + - corecfg: deal with system.power-key-action="" correctly + - vendor: update vendor.json after (presumed) manual edits + - cmd/snap: in `snap info`, don't print a newline between tracks + - daemon: add polkit support to /v2/login + - snapd,snapctl: decode json using Number + - client: fix go vet 1.7 errors + - tests: make 17.04 shellcheck clean + - tests: remove TestInterfacesHelp as it breaks when go-flags + changes + - snapstate: undo a daemon restart on classic if needed + - cmd/snap-repair: recover brand/model from + /var/lib/snapd/seed/assertions checking signatures and brand + account + - spread: opt into unsafe IO during spread tests + - snap-repair: update snap-repair/runner_test.go for API change in + makeMockServer + - cmd/snap-repair: skeleton code around actually running a repair + - tests: wait until the port is listening after start the fake store + - corecfg: fix typo in tests + - cmd/snap-repair: test that redirects works during fetching + - osutil: honor SNAPD_UNSAFE_IO for testing + - vendor: explode and make more precise our golang.go/x/crypto deps, + use same version as Debian unstable + - many: sanitize NewStoreStack signature, have shared default store + test private keys + - systemd: disable `Nice=-5` to fix error when running inside lxd + - spread.yaml: update delta ref to 2.27 + - cmd/snap-repair: use E-Tags when refetching a repair to retry + - interfaces/many: updates based on chromium and mrrescue denials + - cmd/snap-repair: implement most logic to get the next repair to + run/retry in a brand sequence + - asserts/assertstest: copy headers in SigningDB.Sign + - interfaces: convert uhid to common interface and test cases + improvement for time_control and opengl + - many tests: move all panicing fake store methods to a common place + - asserts: add store assertion type + - interfaces: don't crash if content slot has no attributes + - debian: do not build with -buildmode=pie on i386 + - wrappers: symlink completion snippets when symlinking binaries + - tests: adding more debug information for the interfaces-cups- + control … + - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set + - many: allow and support serials signed by the 'generic' authority + instead of the brand + - corecfg: add proxy configuration via `snap set core + proxy.{http,https,ftp}=...` + - interfaces: a bunch of interfaces test improvement + - tests: enable regression and completion suites for opensuse + - tests: installing snapd for nested test suite + - interfaces: convert lxd_support to common iface + - interfaces: add missing test for camera interface. + - snap: add support for parsing snap layout section + - cmd/snap-repair: like for downloads we cannot have a timeout (at + least for now), less aggressive retry strategies + - overlord: rely on more conservative ensure interval + - overlord,store: no piles of return args for methods gathering + device session request params + - overlord,store: send model assertion when setting up device + sessions + - interfaces/misc: updates for unity7/x11, browser- + support, network-control and mount-observe + interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT + interfaces/browser-support: update sysfs reads for + newer browser versions, interfaces/network-control: rw for + ieee80211 advanced wireless interfaces/mount-observe: allow read + on sysfs entries for block devices + - tests: use dnf --refresh install to avert stale cache + - osutil: ensure TestLockUnlockWorks uses supported flock + - interfaces: convert lxd to common iface + - tests: restart snapd to ensure re-exec settings are applied + - tests: fix interfaces-cups-control test + - interfaces: improve and tweak bunch of interfaces test cases. + - tests: adding extra worker for fedora + - asserts,overlord/devicestate: support predefined assertions that + don't establish foundational trust + - interfaces: convert two hardware_random interfaces to common iface + - interfaces: convert io_ports_control to common iface + - tests: fix for upgrade test on fedora + - daemon, client, cmd/snap: implement snap start/stop/restart + - cmd/snap-confine: set _FILE_OFFSET_BITS to 64 + - interfaces: covert framebuffer to commonInterface + - interfaces: convert joystick to common iface + - interfaces/builtin: add the spi interface + - wrappers, overlord/snapstate/backend: make link-snap clean up on + failure. + - interfaces/wayland: add wayland interface + - interfaces: convert kvm to common iface + - tests: extend upower-observe test to cover snaps providing slots + - tests: enable main suite for opensuse + - interfaces: convert physical_memory_observe to common iface + - interfaces: add missing test for optical_drive interface. + - interfaces: convert physical_memory_control to common iface + - interfaces: convert ppp to common iface + - interfaces: convert time-control to common iface + - tests: fix failover test + - interfaces/builtin: rework for avahi interface + - interfaces: convert broadcom-asic-control to common iface + - snap/snapenv: document the use of CoreSnapMountDir for SNAP + - packaging/arch: drop patches merged into master + - cmd: fix mustUnsetenv docstring (thanks to Chipaca) + - release: remove default from VERSION_ID + - tests: enable regression, upgrade and completion test suites for + fedora + - tests: restore interfaces-account-control properly + - overlord/devicestate, store: update device auth endpoints URLs + - tests: fix install-hook test failure + - tests: download core and ubuntu-core at most once + - interfaces: add common support for udev + - overlord/devicestate: fix, don't assume that the serial is backed + by a 1-key chain + - cmd/snap-confine: don't share /etc/nsswitch from host + - store: do not resume a download when we already have the whole + thing + - many: implement "snap logs" + - store: don't call useDeltas() twice in quick succession + - interfaces/builtin: add kvm interface + - snap/snapenv: always expect /snap for $SNAP + - cmd: mark arch as non-reexecing distro + - cmd: fix tests that assume /snap mount + - gitignore: ignore more build artefacts + - packaging: add current arch packaging + - interfaces/unity7: allow receiving media key events in (at least) + gnome-shell + - interfaces/many, cmd/snap-confine: miscellaneous policy updates + - interfaces/builtin: implement broadcom-asic-control interface + - interfaces/builtin: reduce duplication and remove cruft in + Sanitize{Plug,Slot} + - tests: apply underscore convention for SNAPMOUNTDIR variable + - interfaces/greengrass-support: adjust accesses now that have + working snap + - daemon, client, cmd/snap: implement "snap services" + - tests: fix refresh tests not stopping fake store for fedora + - many: add the interface command + - overlord/snapstate/backend: some copydata improvements + - many: support querying and completing assertion type names + - interfaces/builtin: discard empty Validate{Plug,Slot} + - cmd/snap-repair: start of Runner, implement first pass of Peek + and Fetch + - tests: enable main suite on fedora + - snap: do not always quote the snap info summary + - vendor: update go-flags to address crash in "snap debug" + - interfaces: opengl support pci device and vendor + - many: start implenting "base" snap type on the snapd side + - arch,release: map armv6 correctly + - many: expose service status in 'snap info' + - tests: add browser-support interface test + - tests: disable snapd-notify for the external backend + - interfaces: Add /run/uuid/request to openvswitch + - interfaces: add password-manager-service implicit classic + interface + - cmd: rework reexec detection + - cmd: fix re-exec bug when starting from snapd 2.21 + - tests: dependency packages installed during prepare-project + - tests: remove unneeded check for re-exec in InternalToolPath() + - cmd,tests: fix classic confinement confusing re-execution code + - store: configurable base api + - tests: fix how package lists are updated for opensuse and fedora + + -- Michael Vogt Mon, 25 Sep 2017 12:07:34 -0400 + +snapd (2.27.6-2) unstable; urgency=medium + + * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch + to fix FTBFS with Go 1.9. (Closes: #876867) + + -- Michael Hudson-Doyle Tue, 26 Sep 2017 13:41:53 -0400 + +snapd (2.27.6-1) unstable; urgency=medium + + * New upstream release, LP: #1703798: + - interfaces: add udev netlink support to hardware-observe + - interfaces/network-{control,observe}: allow receiving + kobject_uevent() messages + + -- Zygmunt Krynicki Fri, 08 Sep 2017 00:03:18 +0200 + +snapd (2.27.5-1) unstable; urgency=medium + + * New upstream release. + - interfaces: fix network-manager plug regression + - hooks: do not error when hook handler is not registered + - interfaces/alsa,pulseaudio: allow read on udev data for sound + - interfaces/optical-drive: read access to udev data for /dev/scd* + - interfaces/browser-support: read on /proc/vmstat and misc udev data + + -- Zygmunt Krynicki Thu, 31 Aug 2017 10:11:20 +0200 + +snapd (2.27.4-1) unstable; urgency=medium + + * New upstream release. + * Enable seccomp. + + -- Michael Hudson-Doyle Thu, 24 Aug 2017 22:12:52 +1200 + +snapd (2.27.2-2) unstable; urgency=medium + + * Fix re-exec test failure. + + -- Michael Hudson-Doyle Fri, 18 Aug 2017 11:37:47 +1200 + +snapd (2.27.2-1) unstable; urgency=medium + + * New upstream release. + * Stop using single-debian-patch, split delta into separate patches. + * Allow confining snap-confine even when --disable-apparmor is used. + * Pass --enable-static-libcap to cmd/configure, as was always the intention. + * Disable re-exec on Debian until core snap can cope with a partial apparmor + implementation. (Closes: #851473) + + -- Michael Hudson-Doyle Fri, 18 Aug 2017 11:00:31 +1200 + +snapd (2.27.1-1) unstable; urgency=medium + + * New upstream release. (Closes: #868959, #869268, #872071) + * New changes to upstream sources: + - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of + golang/x/net. + - Use upstream version of libseccomp-golang. + * Do not install ancient ubuntu-core-launcher symlink. + + -- Michael Hudson-Doyle Mon, 14 Aug 2017 21:53:09 +1200 + +snapd (2.27.1) xenial; urgency=medium + + * New upstream release, LP: #1703798: + - tests: use dnf --refresh install to avert stale cache + - tests: fix test failure on 14.04 due to old version of + flock + - updates for unity7/x11, browser-support, network-control, + mount-observe + - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT + - interfaces/browser-support: update sysfs reads for + newer browser versions + - interfaces/network-control: rw for ieee80211 advanced wireless + - interfaces/mount-observe: allow read on sysfs entries for block + devices + + -- Michael Vogt Mon, 14 Aug 2017 08:02:17 +0200 + +snapd (2.27) xenial; urgency=medium + + * New upstream release, LP: #1703798 + - fix build failure on 32bit fedora + - interfaces: add password-manager-service implicit classic interface + - interfaces/greengrass-support: adjust accesses now that have working + snap + - interfaces/many, cmd/snap-confine: miscellaneous policy updates + - interfaces/unity7: allow receiving media key events in (at least) + gnome-shell + - cmd: fix re-exec bug when starting from snapd 2.21 + - tests: restore interfaces-account-control properly + - cmd: fix tests that assume /snap mount + - cmd: mark arch as non-reexecing distro + - snap-confine: don't share /etc/nsswitch from host + - store: talk to api.snapcraft.io for purchases + - hooks: support for install and remove hooks + - packaging: fix Fedora support + - tests: add bluetooth-control interface test + - store: talk to api.snapcraft.io for assertions + - tests: remove snapd before building from branch + - tests: add avahi-observe interface test + - store: orders API now checks if customer is ready + - cmd/snap: snap find only searches stable + - interfaces: updates default, mir, optical-observe, system-observe, + screen-inhibit-control and unity7 + - tests: speedup prepare statement part 1 + - store: do not send empty refresh requests + - asserts: fix error handling in snap-developer consistency check + - systemd: add explicit sync to snapd.core-fixup.sh + - snapd: generate snap cookies on startup + - cmd,client,daemon: expose "force devmode" in sysinfo + - many: introduce and use strutil.ListContains and also + strutil.SortedListContains + - assserts,overlord/assertstate: test we don't accept chains of + assertions founded on a self-signed key coming externally + - interfaces: enable access to bridge settings + - interfaces: fix copy-pasted iio vs io in io-ports-control + - cmd/snap-confine: various small fixes and tweaks to seccomp + support code + - interfaces: bring back seccomp argument filtering + - systemd, osutil: rework systemd logs in preparation for services + commands + - tests: store /etc/systemd/system/snap-*core*.mount in snapd- + state.tar.gz + - tests: shellcheck improvements for tests/main tasks - first set of + tests + - cmd/snap: `--last` for abort and watch, and aliases + (search→find, change→tasks) + - tests: shellcheck improvements for tests/lib scripts + - tests: create ramdisk if it's not present + - tests: shellcheck improvements for nightly upgrade and regressions + tests + - snapd: fix for snapctl get panic on null config values. + - tests: fix for rng-tools service not restarting + - systemd: add snapd.core-fixup.service unit + - cmd: avoid using current symlink in InternalToolPath + - tests: fix timeout issue for test refresh core with hanging … + - intefaces: control bridged vlan/ppoe-tagged traffic + - cmd/snap: include snap type in notes + - overlord/state: Abort() only visits each task once + - tests: extend find-private test to cover more cases + - snap-seccomp: skip socket() tests on systems that use socketcall() + instead of socket() + - many: support snap title as localized/title-cased name + - snap-seccomp: deal with mknod on aarch64 in the seccomp tests + - interfaces: put base policy fragments inside each interface + - asserts: introduce NewDecoderWithTypeMaxBodySize + - tests: fix snapd-notify when it takes more time to restart + - snap-seccomp: fix snap-seccomp tests in artful + - tests: fix for create-key task to avoid rng-tools service ramains + alive + - snap-seccomp: make sure snap-seccomp writes the bpf file + atomically + - tests: do not disable ipv6 on core systems + - arch: the kernel architecture name is armv7l instead of armv7 + - snap-confine: ensure snap-confine waits some seconds for seccomp + security profiles + - tests: shellcheck improvements for tests/nested tasks + - wrappers: add SyslogIdentifier to the service unit files. + - tests: shellcheck improvements for unit tasks + - asserts: implement FindManyTrusted as well + - asserts: open up and optimize Encoder to help avoiding unnecessary + copying + - interfaces: simplify snap-confine by just loading pre-generated + bpf code + - tests: restart rng-tools services after few seconds + - interfaces, tests: add mising dbus abstraction to system-observe + and extend spread test + - store: change main store host to api.snapcraft.io + - overlord/cmdstate: new package for running commands as tasks. + - spread: help libapt resolve installing libudev-dev + - tests: show the IP from .travis.yaml + - tests/main: use pkgdb function in more test cases + - cmd,daemon: add debug command for displaying the base policy + - tests: prevent quoting error on opensuse + - tests: fix nightly suite + - tests: add linode-sru backend + - snap-confine: validate SNAP_NAME against security tag + - tests: fix ipv6 disable for ubuntu-core + - tests: extend core-revert test to cover bluez issues + - interfaces/greengrass-support: add support for Amazon Greengrass + as a snap + - asserts: support timestamp and optional disabled header on repair + - tests: reboot after upgrading to snapd on the -proposed pocket + - many: fix test cases to work with different DistroLibExecDir + - tests: reenable help test on ubuntu and debian systems + - packaging/{opensuse,fedora}: allow package build with testkeys + included + - tests/lib: generalize RPM build support + - interfaces/builtin: sync connected slot and permanent slot snippet + - tests: fix snap create-key by restarting automatically rng-tools + - many: switch to use http numeric statuses as agreed + - debian: add missing Type=notify in 14.04 packaging + - tests: mark interfaces-openvswitch as manual due to prepare errors + - debian: unify built_using between the 14.04 and 16.04 packaging + branch + - tests: pull from urandom when real entropy is not enough + - tests/main/manpages: install missing man package + - tests: add refresh --time output check + - debian: add missing "make -C data/systemd clean" + - tests: fix for upgrade test when it is repeated + - tests/main: use dir abstraction in a few more test cases + - tests/main: check for confinement in a few more interface tests + - spread: add fedora snap bin dir to global PATH + - tests: check that locale-control is not present on core + - many: snapctl outside hooks + - tests: add whoami check + - interfaces: compose the base declaration from interfaces + - tests: fix spread flaky tests linode + - tests,packaging: add package build support for openSUSE + - many: slight improvement of some snap error messaging + - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in + err reports + - tests: fix for the test postrm-purge + - tests: restoring the /etc/environment and service units config for + each test + - daemon: make snapd a "Type=notify" daemon and notify when startup + is done + - cmd/snap-confine: add support for --base snap + - many: derive implicit slots from interface meta-data + - tests: add core revert test + - tests,packaging: add package build support for Fedora for our + spread setup + - interfaces: move base declaration to the policy sub-package + - tests: fix for snapd-reexec test cheking for restart info on debug + log + - tests: show available entropy on error + - tests: clean journalctl logs on trusty + - tests: fix econnreset on staging + - tests: modify core before calling set + - tests: add snap-confine privilege test + - tests: add staging snap-id + - interfaces/builtin: silence ptrace denial for network-manager + - tests: add alsa interface spread test + - tests: prefer ipv4 over ipv6 + - tests: fix for econnreset test checking that the download already + started + - httputil,store: extract retry code to httputil, reorg usages + - errtracker: report if snapd did re-execute itself + - errtracker: include bits of snap-confine apparmor profile + - tests: take into account staging snap-ids for snap-info + - cmd: add stub new snap-repair command and add timer + - many: stop "snap refresh $x --channel invalid" from working + - interfaces: revert "interfaces: re-add reverted ioctl and quotactl + - snapstate: consider connect/disconnect tasks in + CheckChangeConflict. + - interfaces: disable "mknod |N" in the default seccomp template + again + - interfaces,overlord/ifacestate: make sure installing slots after + plugs works similarly to plugs after slots + - interfaces/seccomp: add bind() syscall for forced-devmode systems + - packaging/fedora: Sync packaging from Fedora Dist-Git + - tests: move static and unit tests to spread task + - many: error types should be called FooError, not ErrFoo. + - partition: add directory sync to the save uboot.env file code + - cmd: test everything (100% coverage \o/) + - many: make shell scripts shellcheck-clean + - tests: remove additional setup for docker on core + - interfaces: add summary to each interface + - many: remove interface meta-data from list of connections + - logger (& many more, to accommodate): drop explicit syslog. + - packaging: import packaging bits for opensuse + - snapstate,many: implement snap install --unaliased + - tests/lib: abstract build dependency installation a bit more + - interfaces, osutil: move flock code from interfaces/mount to + osutil + - cmd: auto import assertions only from ext4,vfat file systems + - many: refactor in preparation for 'snap start' + - overlord/snapstate: have an explicit code path last-refresh + unset/zero => immediately refresh try + - tests: fixes for executions using the staging store + - tests: use pollinate to seed the rng + - cmd/snap,tests: show the sha3-384 of the snap for snap info + --verbose SNAP-FILE + - asserts: simplify and adjust repair assertion definition + - cmd/snap,tests: show the snap id if available in snap info + - daemon,overlord/auth: store from model assertion wins + - cmd/snap,tests/main: add confinement switch instead of spread + system blacklisting + - many: cleanup MockCommands and don't leave a process around after + hookstate tests + - tests: update listing test to the core version number schema + - interfaces: allow snaps to use the timedatectl utility + - packaging: Add Fedora packaging files + - tests/libs: add distro_auto_remove_packages function + - cmd/snap: correct devmode note for anomalous state + - tests/main/snap-info: use proper pkgdb functions to install distro + packages + - tests/lib: use mktemp instead of tempfile to work cross-distro + - tests: abstract common dirs which differ on distributions + - many: model and expose interface meta-data. + - overlord: make config defaults from gadget work also at first boot + - interfaces/log-observe: allow using journalctl from hostfs for + classic distro + - partition,snap: add support for android boot + - errtracker: small simplification around readMachineID + - snap-confine: move rm_rf_tmp to test-utils. + - tests/lib: introduce pkgdb helper library + - errtracker: try multiple paths to read machine-id + - overlord/hooks: make sure only one hook for given snap is executed + at a time. + - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the + confinement env + - tests: bump kill-timeout and remove quiet call on build + - tests/lib/snaps: add a test store snap with a passthrough + configure hook + - daemon: teach the daemon to wait on active connections when + shutting down + - tests: remove unit tests task + - tests/main/completion: source from /usr/share/bash-completion + - assertions: add "repair" assertion + - interfaces/seccomp: document Backend.NewSpecification + - wrappers: make StartSnapServices cleanup any services that were + added if a later one fails + - overlord/snapstate: avoid creating command aliases for daemons + - vendor: remove unused packages + - vendor,partition: fix panics from uenv + - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from + core if possible + - daemon: do not allow to install ubuntu-core anymore + - wrappers: service start/stop were inconsistent + - tests: fix failing tests (snap core version, syslog changes) + - cmd/snap-update-ns: add actual implementation + - tests: improve entropy also for ubuntu + - cmd/snap-confine: use /etc/ssl from the core snap + - wrappers: don't convert between []byte and string needlessly. + - hooks: default timeout + - overlord/snapstate: Enable() was ignoring the flags from the + snap's state, resulting in losing "devmode" on disable/enable. + - difs,interfaces/mount: add support for locking namespaces + - interfaces/mount: keep track of kept mount entries + - tests/main: move a bunch of greps over to MATCH + - interfaces/builtin: make all interfaces private + - interfaces/mount: spell unmount correctly + - tests: allow 16-X.Y.Z version of core snap + - the timezone_control interface only allows changing /etc/timezone + and /etc/writable/timezone. systemd-timedated also updated the + link of /etc/localtime and /etc/writable/localtime ... allow + access to this file too + - cmd/snap-confine: aggregate operations holding global lock + - api, ifacestate: resolve disconnect early + - interfaces/builtin: ensure we don't register interfaces twice + + -- Michael Vogt Thu, 10 Aug 2017 12:43:16 +0200 + +snapd (2.26.14) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - cmd: fix incorrect re-exec when starting from snapd 2.21 + + -- Michael Vogt Thu, 20 Jul 2017 13:52:05 +0200 + +snapd (2.26.13) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - cmd,tests: fix classic confinement confusing re-execution code + - cmd: fix incorrect check check for re-exec in InternalToolPath() + - snap-seccomp: add secondary arch for unrestricted snaps as well + + -- Michael Vogt Tue, 18 Jul 2017 20:34:33 +0200 + +snapd (2.26.10) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64 + + -- Michael Vogt Mon, 17 Jul 2017 11:58:22 +0200 + +snapd (2.26.9) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - statically link libseccomp in snap-seccomp to fix refresh issue + on trusty + + -- Michael Vogt Wed, 12 Jul 2017 08:27:14 +0200 + +snapd (2.26.8) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64 + - add snapd.core-fixup.service unit + - ensure re-exec uses the right internal tools + + -- Michael Vogt Wed, 05 Jul 2017 07:48:22 +0200 + +snapd (2.26.6) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - interfaces: allow snaps to use the timedatectl utility in + time-control + + -- Michael Vogt Tue, 27 Jun 2017 08:36:23 +0100 + +snapd (2.26.5) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - backport of seccomp-bpf branch to the 2.26 release to ensure snap + revert with new seccomp syntax works correctly + + -- Michael Vogt Mon, 26 Jun 2017 15:30:15 +0100 + +snapd (2.26.4) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - partly revert aace15ab53 to unbreak core reverts + - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)" + - Disable "mknod |N" in the default seccomp template + reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition + - errtracker: include bits of snap-confine apparmor profile + - errtracker: report if snapd did re-execute itself + + -- Michael Vogt Thu, 01 Jun 2017 18:50:52 +0200 + +snapd (2.26.3) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make + sure the image tests are updated for the changes in the + `snap info core` output and the removal of the rsyslog + package from core. + + -- Michael Vogt Wed, 17 May 2017 11:31:56 +0200 + +snapd (2.26.2) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - cherry pick d444728 to make the uboot.env file parsing more + robust + + -- Michael Vogt Tue, 16 May 2017 18:37:07 +0200 + +snapd (2.26.1) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - store: fix panic error in auth + - tests: the new ubuntu-image snap needs classic confinement, adjust + tests + - cmd/snap-confine: don't fail on pre 3.8 kernel + + -- Michael Vogt Thu, 11 May 2017 21:44:27 +0200 + +snapd (2.26) xenial; urgency=medium + + * New upstream release, LP: #1690083 + - timeutil: avoid panicking when the window is very small + - image: fix go vet issue + - overlord/ifacestate: don't spam logs with harmless auto-connect + messages + - interfaces/builtin: add network-status interface + - interfaces/builtin: add online-accounts-service interface + - interfaces/builtin: distribute code of touching allInterfaces + - interfaces: API additions for interface hooks + - interfaces/builtin: add storage-framework-service interface + - tests: disable create-key test on ppc64el for artful (expect not + working) + - snap: make `snap prepare-image --extra-snaps` derive side info + - tests: unify tests/{main/completion,completion}/lib.exp0 + - cmd/snap: tweak info channels output + - interfaces: ensure that legacy interface methods are unused + - packaging: cleanup how built-using is generated + - tests: extend kernel-module-control interface test + - interfaces/network: workaround Go's need for NETLINK_ROUTE with + 'net'. + - cmd/snap-confine: use defensive argument parser + - tests: add test for empty snap name on revert + - overlord/hookstate: remove unused Context.timeout + - tests: additional setup in docker test for core systems + - configstate: return error if patch is invalid + - interfaces: add random interface + - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR + - cmd/snap, client: add "whoami" command + - cmd/snap: iterate interface tab completion + - snap: move locale-control to only be present on classic + - interfaces/browser-support: deny read on squashfs backing files + and LVM vg names + - tests: wait for the docker socket to be listening + - snap: add `snap refresh --time` option + - tests: re-enable and moderninze /media sharing test + - cmd: make rst2man optional + - tests: remove quoting from [[ ]] when globs + - interfaces: allow plugging DBus clients to introspect the slot + service + - packaging/ubuntu*/changelog: drop extra dash + - snap-confine: init the ENTRY variable, coverity is unhappy + otherwise + - cmd/snap-confine/spread-tests: discard useless --version test + - spread: add spread target qemu:debian-9-64 + - interfaces: mediate netlink sockets via seccomp + - tests,cmd/snap-confine: port older snapd-discard-ns tests + - cmd/snap-confine/tests: fix shellcheck on recently added files + - tests/upgrade: force install core snap from beta for debian + - overlord/snapstate/backend,interfaces/mount: move ns management + code. + - tests: extend network-control spread test to cope with network + namespaces + - tests: fail early in the spread suite if trying to run it inside a + container + - tests: set ownership of $PROJECT_PATH for the external backend + - tests: specify the auto-refreshable snap being tested + - many: fix tests with go1.8 / artful + - fix for tests: debian does not have /snap/bin in secure_path so + sudo + - snap: support for snap tasks --last=... + - cmd/snap-confine: remove obsolete debug message + - address review feedback, add a lot of comments :-), call + shellcheck on the completion scripts, fix a bug in compopt + + -- Michael Vogt Thu, 11 May 2017 10:05:44 +0200 + +snapd (2.25) xenial; urgency=medium + + * New upstream release, LP: #1686713 + - interfaces/default: allow mknod for regular files, pipes and + sockets + - many: use "SNAP.APP as ALIAS" instead of => when listing + added/removed aliases + - cmd/snap-confine: write current mount profile + - cmd/snap-discard-ns: remove current profile when cleaning up + - many: support debian in our CI + - tests: tweak time for econnreset test a bit more + - cmd/snap-confine: re-enable re-assciate fix for CE + - many: aliases v2 cleanups + - cmd/snap-confine: don't use apparmor if it is disabled on boot + - many: implement `snap prefer ` (aliases v2) + - many: adjust /aliases and "snap aliases" to aliases v2, also some + cleanup + - snapstate: normalize gadget defaults + - many: allow core refresh.schedule setting + - many: show alias changes on snap alias/unalias (aliases v2) + - client,cmd/snap: improve messaging on --devmode and --classic + - many: implement `snap unalias ` (aliases v2) + - store: retry on connection reset + - interfaces/mount: add Change.Perform + - tests: add openvswitch interface spread test + - interfaces/i2c: allow modifying device-specific sysfs entries + - interfaces: allow writing to /run/systemd/journal/stdout by + default + - tests: ensure travis fails early if static checks fail + - store,daemon: make store interpret channel="" as stable in most + cases + - overlord/snapstate: make UpdateAliases idempotent, simplify the + backend interface bits for aliases not used anymore (aliases v2) + - many: implement snap alias (aliases v2) + - snap-confine: add code to ensure that / or /snap is mounted + "shared" + - many: show available "tracks" in `snap info` + - cmd/snap: make users Xauthority file available in snap environment + - interfaces/mount: write current fstab files with mode 0644 + - overlord: switch to aliases v2 tasks for install/refresh etc ops + plus transition + - tests: parameterize gadget snap channel (#3117) + - tests: copy .real profile as .real + - tests: add empty initrd failover test + - many: mount squashfs as read-only + - cmd: make locking around namespaces explicit + - tests: address review comments from #3186 + - tests: add dbus interface spread test + - interfaces/mount: add ReadMountInfo and LoadMountInfo + - snap: require snap name for 'revert' + - overlord: maintain per-revision snapshots of snap configuration + - tests: relax network-bind interface regexps + - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f) + - store: retry once on hashsum mismatches in a Download() + - interfaces/builtin: don't panic if content plug has nil attrs + - interfaces/mount: pass mount.Profile to mount.NeededChanges + - packaging: add `built-using` header for 16.04 packaging + - interfaces: add media-hub interface + - interfaces/builtin: allow full access to properties iface of the + udisks service + - tests: handle case when both .real and plain are present + - interfaces/mount: add Change.String for readable output + - tests: ensure we mock force dev mode as well to fix FTBFS in + sbuild + - store: add more logs around retry in download + - interfaces/mount: add stub Change.{Needed,Perform} + - tests: allow installing snapd from -proposed for SRU validation + - interfaces/mount: parse mount options to map[string]string + - snap: added tasks subcommand + - tests: copy snap-confine apparmor profile into testbed + - interfaces/mount: improve go identifier names of mountinfo, parse + optional fields + - Arch Linux wants to respect FHS + (https://bugs.archlinux.org/task/53656), + - daemon: do not set RemoveSnapPath flag when doing a try + - debian: add maintscript helper to remove usr.lib.snapd.snap- + confine in snap-confine + - cmd/snap-confine: don't use plain "classic" term + - cmd/snap-confine: set TMPDIR and TEMPDIR each time + - many: fixes for `go vet` in go 1.7 + - tests: add kernel-module-control interface test + - overlord/snapstate: introduce tasks for aliases v2 semantics with + temporary names for now (aliases v2) + - overlord/devicestate: switch to ssh-keygen for device key + generation + - snap: skip /dev/ram from auto-import assertions to make it less + noisy (#3010) + - interfaces: add kubernetes-support interface and adjust related + interfaces (LP: #1664638) + - tests: download previous snapd package from published versions + instead of specific PPA + - snap: run snap-confine from core if snap is also running from core + - overlord/ifacestate: automatically rename connections on core snap + - many: break the /aliases mutation API with a clean 400 (aliases + v2) + - interfaces/builting: allow read-only access to /sys/module + - tests: add extra test after the core transition for snap get/set + core + - store: misc cleanups in tests + - interfaces/mount: add parser for mountinfo entries + - store: tests for unexpected EOF + - tests: fix unity test + - interfaces,overlord: log interface auto-connection failures + - cmd/snap-update-ns: add C preamble for setns + - interfaces: validate plug/slot uniqueness + + -- Michael Vogt Fri, 28 Apr 2017 07:57:49 +0200 + +snapd (2.24.1) xenial; urgency=medium + + * New upstream release, LP: #1681799: + - fix autopkgtest failures with stable core snap + - ensure the snap-confine transitional package cleans up + the no-longer-used apparmor profile to fix the kernels + autopkgtest failures + + -- Michael Vogt Wed, 19 Apr 2017 11:54:33 +0200 + +snapd (2.24) xenial; urgency=medium + + * New upstream release, LP: #1681799: + - interfaces/mount: add InfoEntry type + - many: fix plug auto-connect during core transition + - interfaces: fold network bind into core support with tests + - .travis.yml: add option to make raw log less noisy + - interfaces: adjust shm accesses to use 'm' for updated mmap kernel + mediation + - many: rename two core plugs that clash with slot names + - snap-confine,browser-support: /dev/tty for snap-confine, misc + browser-support for gnome-shell + - store: add download test with EOF in the middle + - tests: adjust to look for network-bind-plug + - store: make hash error message more accurate + - overlord/snapstate: simplify AliasesStatus down to just an + AutoAliasesDisabled bool flag (aliases v2) + - errtracker: never send errtracker reports when running under + SNAPPY_TESTING + - interfaces/repo: validate slot/plug names + - daemon: Give the snap directories via GET /v2/system-info + - interfaces/unity7: support unity messaging menu + - interfaces/mount: add high-level Profile functions + - git: ignore only the cmd/Makefile{,.in} + - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs + support + - daemon: add desktop file location for app to the API + - overlord,release: disable classic snap support when not possible + - overlord: fix TestEnsureLoopPrune not to be so racy + - many: abstract path to /bin/{true,false} + - data/systemd: tweak data/systemd/Makefile to be slightly simpler + - store: handle EOF via url.Error check + - packaging: use templates for relevant systemd units + - tests: run gccgo only on ubuntu-16.04-64 + - .travis.yml: remove travis matrix and do a single sequential run + - overlord/state: make sure that setting to nil a state key is + equivalent to deleting it + - tests: fix incorrect shell expression + - interfaces/mount: add OptsToFlags for converting arguments to + syscall… + - interfaces: add a joystick interface + - tests: enable docker test for more ubuntu-core systems + - tests: download and install additional dependencies when using + prepackaged snapd + - many: add support for partially static builds + - interfaces: allow slot to introspect dbus-daemon in dbus + interface, allow /usr/bin/arch by default + - interfaces/mount: fix golint issues + - interfaces/mount: add function for saving fstab-like file + - osutil: introducing GetenvInt64, like GetenvBool but Int64er. + - interfaces: drop udev tagging from framebuffer interface + - snapstate: more helpers to work with aliases state (aliases + v2) + - interfaces/mount: add function for parsing fstab-like file + - cmd: disable the re-associate fix as requested by jdstrand + - overlord/snapstate: unlock/relock the state less, especially not + across mutating the SnapState of a snap + - interfaces: allow executing ld.so (needed with new AppArmor base + abstraction) + - interfaces/mount: add function for parsing mount entries + - cmd: rework header check for xfs/xqm.h + - cmd: add poky to the list of distros which don't support reexec + - overlord: finish reorg, revert "be more conservative until we have + cut 2.23.x" + - cmd: select what socket to use in cmd/snap{,ctl} + - overlord: remove snap config values when snap is removed + - snapstate: introduce helper to apply to disk a alias states change + for a snap (aliases v2) + - configstate,hookstate: timeout the configure hook after 5 mins, + report failures to the errtracker + - interfaces/seccomp: add bind as part of the default seccomp policy + for hooks + - cmd: discard the C implementation of snap-update-ns + - tests: remove stale apt proxy leftover from cloud-init + - tests: move unity test to nightly suite + - interfaces: add support for location-observe for + dbus::ObjectManager session paths + - boot: log error in KernelOrOsRebootRequired + - interfaces: remove old API + - interfaces: use udev spec + - interfaces: convert systemd backend to new APIs + - osutil: add BootID + - tests: move docker test to new nightly suite + - interfaces/mount: compute mount changes required to transition + mount profiles + - data/selinux: add context definition for snapctl + - overlord: clean up organization under state packages + - overlord: make sure all managers packages have *state.go with the + main state manipulation/query APIs + - interfaces: use spec in the dbus backend + - store: download from authenticated URL if there is a device + session set + - tests: remove core_name variable + - interfaces: rename thumbnailer to thumbnailer-service + - interfaces: add chroot to base templates + - asserts: remove some unused things + - systemd: mount the squashfs with nodev + - overlord: when shutting down assume errors might be due to + cancellation so retry + - cmd: rename all unit tests to $command/unit-test + - cmd/snap: fix help string for version command + - asserts: don't allow revocations with other items for the same + developer + - tests: skip lp-1644439 test on older kernels + - interfaces: allow "sync" to be used by core support + - assertstate,snapstate: have assertstate.AutoAliases use the + "aliases" header + - interfaces: allow writing config.txt.tmp in the core-support + interface + - tests: adjust network-bind test + - interfaces: dbus backend spec + - asserts: introduce a snap-declaration "aliases" header to list + auto aliases with explicit targets + - cmd: enable large file support + - cmd/snap: handle missing snap-confine + - cmd/snap-confine: re-associate with pid-1 mount namespace if + required + - cmd/libsnap: make mountinfo structures public + - tests: fix interfaces-cups-control for zesty + - misc: revert "Log if the system goes into ForceDevMode" + - interfaces: seccomp tests cleanup + - cmd: validate SNAP_NAME + - interfaces: log if the system goes into ForceDevMode + - tests: fix classic-ubuntu-core-transition race + - interfaces: use apparmor spec in the apparmor backend + - interfaces: alphabetize framebuffer in base decl and add it to + all_test.go + - tests: add ubuntu-core-16-32 system to the external backend and + fix docker test + - cmd/libsnap: simplify sc_string_quote default case + - osutil: fix double expand in environment map code and add test + - interfaces: extend location-control out-of-process provider + support + - cmd/snap-update-ns: use bidirectional lists for mount entries + - tests: prevent automatic transition before setting the initial + state of the test + - release: detect if we are in ForcedDevMode by inspecting the + kernel + - tests: add core-snap-refresh test + - interfaces: add maliit input method interface + - interfaces: seccomp spec API tweaks for better tests + - interfaces: updates for mir-kiosk in browser-support, mir, opengl, + unity7 + - testutils: address review feedback from PR#2997 + - tests: specify the core version to be unsquashfs'ed in the + failover tests + - interfaces: use MockInfo in tests + - cmd/libsnap: add sc_quote_string + - cmd/snap-confine: use sc_do_umount everywhere + - interfaces: add unity8 plug permissions + - timeutil: a few helpers for the recurring events + - asserts: implement snap-developer type + - partition: deal with grub{,2}-editenv in tests + - many: add new (hidden) `snap debug ensure-state-soon` command and + use in tests + - interfaces/builtin: small refactor of dbus tests + - packaging, tests: use "systemctl list-unit-files --full" + everywhere + - many: some opensuse patches that are ready to go into master + - packaging: add opensuse permissions files + - client, daemon: move "snap list" name filtering into snapd. + - interfaces: use seccomp specs + - overlord/snapstate: small cleanup of + ensureForceDevmodeDropsDevmodeFromState + - interfaces/builtin/alsa: add read access to alsa state dir + - interfaces: use spec in kmod backend, updated firewall_control, + openvswitch_support, ppp + - cmd/snap-confine: use sc_do_mount everywhere + - tests: remove workaround for docker again, snap-declaration is + fixed now + - interfaces: interface to allow autopilot introspection + + -- Michael Vogt Tue, 11 Apr 2017 13:31:46 +0200 + +snapd (2.23.6) xenial; urgency=medium + + * New upstream release, LP: #1673568 + - cmd: use the most appropriate snap/snapctl sockets + - tests: fix interfaces-cups-control for zesty + - configstate,hookstate: timeout the configure hook after 5 mins, + report failures + - packaging: rename the file shipping snap-confine AA profile to + workaround dpkg bug #858004 + - many: ignore configure hook failures on core refresh to ensure + upgrades are always possible + - snapstate: restart as needed if we undid unlinking aka relinked + core or kernel snap + + -- Michael Vogt Wed, 29 Mar 2017 15:30:35 +0200 + +snapd (2.23.5) xenial; urgency=medium + + * New upstream release, LP: #1673568 + - allow "sync" in core-support + + -- Michael Vogt Fri, 17 Mar 2017 18:13:43 +0100 + +snapd (2.23.4) xenial; urgency=medium + + * New upstream release, LP: #1673568 + - fix core-support interface for the new pi-config options + + -- Michael Vogt Fri, 17 Mar 2017 16:05:57 +0100 + +snapd (2.23.3) xenial; urgency=medium + + * FTBFS due to missing files in vendor/ + + -- Zygmunt Krynicki Thu, 16 Mar 2017 19:56:55 +0100 + +snapd (2.23.2) xenial; urgency=medium + + * New upstream release, LP: #1673568 + - cmd/snap: handle missing snap-confine (#3041) + + -- Zygmunt Krynicki Thu, 16 Mar 2017 19:38:24 +0100 + +snapd (2.23.1) xenial; urgency=medium + + * New upstream release, LP: #1665608 + - packaging, tests: use "systemctl list-unit-files --full" + everywhere + - interfaces: fix default content attribute value + - tests: do not nuke the entire snapd.conf.d dir when changing + store settings + - hookstate: run the right "snap" command in the hookmanager + - snapstate: revert PR#2958, run configure hook again everywhere + + -- Michael Vogt Wed, 08 Mar 2017 14:29:56 +0100 + +snapd (2.23) xenial; urgency=medium + + * New upstream release, LP: #1665608 + - overlord: phase 2 with 2nd setup-profiles and hook done after + restart for core installation + - data: re-add snapd.refresh.{timer,service} with weekly schedule + - interfaces: allow 'getent' by default with some missing dbs to + various interfaces + - overlord/snapstate: drop forced devmode + - snapstate: disable running the configure hook on classic for the + core snap + - ifacestate: re-generate apparmor in InterfaceManager.initialize() + - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true} + - interfaces/bluez,network-manager: implement ConnectedSlot policy + - cmd: add helpers for mounting / unmounting + - snapstate: error in LinkSnap() if revision is unset + - release: add linuxmint 18 to the non-devmode distros + - cmd: fixes to run correctly on opensuse + - interfaces: consistently use 'const' instead of 'var' for security + policy + - interfaces: miscellaneous policy updates for unity7, udisks2 and + browser-support + - interfaces/apparmor: compensate for kernel behavior change + - many: only tweak core config if hook exists + - overlord/hookstate: don't report a run hook output error without + any context + - cmd/snap-update-ns: move test data and helpers to new module + - vet: fix vet error on mount test. + - tests: empty init (systemd) failover test + - cmd: add .indent.pro file to the tree + - interfaces: specs for apparmor, seccomp, udev + - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop + cmds + - tests: several improvements to the nested suite + - tests: do not use core for "All snaps up to date" check + - cmd/snap-update-ns: add function for sorting mount entries + - httputil: copy some headers over redirects + - data/selinux: merge SELinux policy module + - kmod: added Specification for kmod security backend + - tests: failover test for rc.local crash + - debian/tests: map snapd deb pockets to core snap channels for + autopkgtest + - many: switch channels on refresh if needed + - interfaces/builtin: add /boot/uboot/config.txt access to core- + support + - release: assume higher version of supported distros will still + work + - cmd/snap-update-ns: add compare function for mount entries + - tests: enable docker test + - tests: bail out if core snap is not installed + - interfaces: use mount.Entry instead of string snippets. + - osutil: trivial tweaks to build ID support + - many: display kernel version in 'snap version' + - osutil: add package for reading Build-ID + - snap: error when `snap list foo` is run and no snap is installed + - cmd/snap-confine: don't crash if nvidia module is loaded but + drivers are not available + - tests: update listing test for latest core snap version update + - overlord/hookstate/ctlcmd: helper function for creating a deep + copy of interface attributes + - interfaces: add a linux framebuffer interface + - cmd/snap, store: change error messages to reflect latest UX doc + - interfaces: initial unity8 interface + - asserts: improved information about assertions format in the + Decode doc comment + - snapstate: ensure snapstate.CanAutoRefresh is nil in tests + - mkversion.sh: Add support for taking the version as a parameter + - interfaces: add an interface for use by thumbnailer + - cmd/snap-confine: ensure that hostfs is root owned. + - screen-inhibit-control: add methods for delaying screensavers + - overlord: optional device registration and gadget support on + classic + - overlord: make seeding work also on classic, optionally + - image,cmd/snap: refactoring and initial envvar support to use + stores needing auth + - tests: add libvirt interface spread test + - cmd/libsnap: add helper for dropping permissions + - interfaces: misc updates for network-control, firewall-control, + unity7 and default policy + - interfaces: allow recv* and send* by default, accept4 with accept + and other cleanups + - interfaces/builtin: add classic-support interface + - store: use xdelta3 from core if available and not on the regular + system + - snap: add contact: line in `snap info` + - interfaces/builtin: add network-setup-control which allows rw + access to netplan + - unity7: support missing signals and methods for status icons + - cmd: autoconf for RHEL + - cmd/snap-confine: look for PROCFS_SUPER_MAGIC + - dirs: use the right snap mount dir for the distribution + - many: differentiate between "distro" and "core" libexecdir + - cmd: don't reexec on RHEL family + - config: make helpers reusable + - snap-exec: support nested environment variables in environment + - release: add galliumos support + - interfaces/builtin: more path options for serial + - i18n: look into core snaps when checking for translations + - tests: nested image testing + - tests: add basic test for docker + - hookstate,ifacestate: support snapctl set/get slot and plug attrs + (step 3) + - cmd/snap: add shell completion to connect + - cmd: add functions to load/save fstab-like files + - snap run: create "current" symlink in user data dir + - cmd: autoconf for centos + - tests: add more debug if ubuntu-core-upgrade fails + - tests: increase service retries + - packaging/ubuntu-14.04: inform user how to extend PATH with + /snap/bin. + - cmd: add helpers for working with mount/umount commands + - overlord/snapstate: prepare for using snap-update-ns + - cmd: use per-snap mount profile to populate the mount namespace + - overlord/ifacestate: setup seccomp security on startup + - interface/seccomp: sort combined snippets + - release: don't force devmode on LinuxMint "serena" + - tests: filter ubuntu-core systems for authenticated find-private + test + - interfaces/builtin/core-support: Allow modifying logind + configuration from the core snap + - tests: fix "snap managed" output check and suppress output from + expect in the authenticated login tests + - interfaces: shutdown: also allow shutdown/reboot/suspend via + logind + - cmd/snap-confine-tests: reformat test to pass shellcheck + - cmd: add sc_is_debug_enabled + - interfaces/mount: add dedicated mount entry type + - interfaces/core-support: allow modifying systemd-timesyncd and + sysctl configuration + - snap: improve message after `snap refresh pkg1 pkg2` + - tests: improve snap-env test + - interfaces/io-ports-control: use /dev/port, not /dev/ports + - interfaces/mount-observe: add quotactl with arg filtering (LP: + #1626359) + - interfaces/mount: generate per-snap mount profile + - tests: add spread test for delta downloads + - daemon: show "$snapname (delta)" in progress when downloading + deltas + - cmd: use safer functions in sc_mount_opt2str + - asserts: introduce a variant of model assertions for classic + systems + - interfaces/core-support: allow modifying snap rsyslog + configuration + - interfaces: remove some syscalls already in the default policy + plus comment cleanups + - interfaces: miscellaneous updates for hardware-observe, kernel- + module-control, unity7 and default + - snap-confine: add the key for which hsearch_r fails + - snap: improve the error message for `snap try` + - tests: fix pattern and use MATCH in find-private + - tests: stop tying setting up staging store access to the setup of + the state tarball + - tests: add regression spread test for #1660941 + - interfaces/default: don't allow TIOCSTI ioctl + - interfaces: allow nice/setpriority to 0-19 values for calling + process by default + - tests: improve debug when the core transition test hangs + - tests: disable ubuntu-core->core transition on ppc64el (its just + too slow) + - snapstate: move refresh from a systemd timer to the internal + snapstate Ensure() + - tests/lib/fakestore/refresh: some more info when we fail to copy + asserts + - overlord/devicestate: backoff between retries if the server seems + to have refused the serial-request + - image: check kernel/gadget publisher vs model brand, warn on store + disconnected snaps + - vendor: move gettext.go back to github.com/ojii/gettext.go + - store: retry on 502 http response as well + - tests: increase snap-service kill-timeout + - store,osutil: use new osutil.ExecutableExists(exe) check to only + use deltas if xdelta3 is present + - cmd: fix autogen.sh on fedora + - overlord/devicemgr: fix test: setup account-key before using the + key for signing + - cmd: add /usr/local/* to PATH + - cmd: add sc_string_append + - asserts: support for correctly suggesting format 2 for snap- + declaration + - interfaces: port mount backend to new APIs, unify content of per + app/hook profiles + - overlord/devicestate: implement policy about gadget and kernel + matching the model + - interfaces: allow sched_setscheduler again by default + - debian: update breaks/replaces for snap-confine->snapd + - debian: move the snap-confine packaging into snapd + - 14.04/integrationtests: rely on upstart to restart ssh. + - store: enable download deltas on classic by default + - spread: add unit suite + - snapctl: add config in client to disable auth and use it in + snapctl + - overlord/ifacestate: register all security backends with the + repository + - overlord,tests: have enable/disable affect security profiles + - tests: install ubuntu-core from the same channel as core + - overlord: move configstate.Transaction into config package + - seccomp-support.c: add PF_* domains which can be used instead of + AF_* + - store: always log retry summary when SNAPD_DEBUG is set + - tests: parameterize kernel snap channel + - snapenv: do not append ":" to the SNAP_LIBRARY_PATH + - interfaces/builtin: refine the content interface rules using $SLOT + - asserts,interfaces/policy: add support for + $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds + support for $SLOT(arg), $PLUG(arg) and $MISSING attribute + constraints in plugs and slots rules in snap-declarations: + - cmd/snap-confine: add snap-confine command line parser module + - tests: remove (some) garbage files found by restore cleanup + analysis + - cmd: fix issues uncovered by valgrind + - tests: fix typo in systems name + - cmd: collect string utilities in one module, add missing tests + - cmd: rename mountinfo to sc_mountinfo + - tests: allow to install snapd debs from a ppa instead of building + them + - spread: remove state tar on project restore + + -- Michael Vogt Fri, 17 Feb 2017 12:21:42 +0100 + +snapd (2.22.7) xenial; urgency=medium + + * New upstream release: + - errtracker,overlord/snapstate: more info in errtracker reports + - interfaces/apparmor: compensate for kernel behavior change + + -- Michael Vogt Fri, 24 Feb 2017 19:24:11 +0100 + +snapd (2.22.6) xenial; urgency=medium + + * New upstream release, LP: #1667105 + - overlord/ifacestate: don't fail if affected snap is gone + - revert #2910: osutil: add package for reading Build-ID (#2918) + - errtracker: include the build-id of host and core snapd (#2912) + - errtracker: include the number of ubuntu-core -> core retries + (#2915) + - snapstate: retry ubuntu-core -> core transition every 6h (#2914) + - osutil: add package for reading Build-ID (#2910) + - errtracker: include kernel version in error reports (#2905) + - release: return "unknown" if uname fails + - many: rebased uname branch for 2.22 + - errtracker: include snapd version in err reports + - overlord/ifacestate: don't unconditionally retry stuff (#2906) + - snapstate: fix incorrect cut of the timestamps for the error + reports (#2908) + - tests: update listing test for latest core snap version update + + -- Zygmunt Krynicki Wed, 22 Feb 2017 23:34:23 +0100 + +snapd (2.22.5) xenial; urgency=medium + + * Fix FTBFS due to machine-id file + + -- Zygmunt Krynicki Tue, 21 Feb 2017 09:43:42 +0100 + +snapd (2.22.4) xenial; urgency=medium + + * New bugfix release: + - errtracker: add support for error reporting via daisy.ubuntu.com + - snapstate: allow for 6 retries for the core transition + - httputils: ensure User-Agent works across redirects + + -- Michael Vogt Tue, 21 Feb 2017 09:07:10 +0100 + +snapd (2.22.3) xenial; urgency=medium + + * New bugfix release, LP: #1665729: + - Limit the number of retries for the ubuntu-core -> core + transition to fix possible store overload. + + -- Michael Vogt Fri, 17 Feb 2017 18:58:34 +0100 + +snapd (2.22.2) xenial; urgency=medium + + * New upstream release, LP: #1659522 + - cherry pick fix for sched_setscheduler regression + (LP: #1661265) + + -- Michael Vogt Thu, 02 Feb 2017 17:13:51 +0100 + +snapd (2.22.1) xenial; urgency=medium + + * New upstream release, LP: #1659522 + - cherry pick fix for snapctl auth.json handling + + -- Michael Vogt Wed, 01 Feb 2017 17:09:31 +0100 + +snapd (2.22) xenial; urgency=medium + + * New upstream release, LP: #1659522 + - many: make ubuntu-core-launcher mostly go + - interfaces/builtin: add account-control interface + - interfaces/builtin: add missing syscalls to core-support needed + for systemctl + - interfaces/builtin: rework core-support to only allow full access + to systemctl + - debian/tests: drop stale autopkgtest dependencies. + - tests: make the debugging of c-unit-tests more useful + - store: retry auth-related requests + - tests: integration test for system reload + - snap: be more helpful in the `snap install ` + error message + - tests: set SNAPPY_USE_STAGING_STORE in su call + - tests: use test snap + - spread: set SNAPD_DEBUG=1 in the core snap as well + - tests: add extra debugging to security-setuid-root test + - cmd,snap,wrappers: systemd reload command support + - interfaces: builtin: mir: Allow recv and send + - overlord/ifacestate: use ParseConnRef + - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core + -> core transition + - debian: remove aliases as well in snapd.postrm + - many: change interfaces.ParseID to return value + - interfaces/opengl: allow access to the nvidia abstract socket + - overlord, daemon: flag failures feature fancy forms. + - many: add --classic support to try and revert, and make missing + these things a little harder + - interfaces: allow reading non-PCI-attached usb devices via raw-usb + - many: rename snap-alter-ns to snap-update-ns + - interfaces/builtin: add core-support + - store: increase the retry.LimitTime() + - debian: move the packaging out into package/$id-$version_id + - overlord/stapstate: don't use unkeyed fields + - many: add stub implementation of snap-alter-ns + - asserts: improve error message when key is not valid at the given + time + - snapstate, ifacestate: add snapstate.CheckChangeConflict() to + ifacestate.{Connect,Disconnect} + - debian: remove trusty specific bits + - docs: Add a note about building snapd. + - interfaces: miscellaneous updates for default and network-control + - daemon: bubble out store.ErrSnapNotFound in the findOne codepath + - store: add retry logging into download as well + - snap: show price in `snap info` + - cmd: add fault injection support code + - interfaces: network-manager: allow rw access to /etc/netplan + - debian: move systemd files out of ./debian and into ./data/systemd + - asserts: implement SuggestFormat to help avoid specifying the + wrong format iteration for an assertion + - many: detect potentially insecure use of snap-confine + - interfaces: allow querying added security backends + - cmd: ensure that all .c files have a -test.c file + - asserts: don't use 'context' for the path of attributes, want to + reuse the concept for something else + - interfaces: abbreviate ConnRef construction + - tests: ensure systemd override directory is available before using + it + - cmd: more build system cleanups and a small fix + - tests: increase retries for service up + - cmd: move seccomp cleanup function to seccomp-support + - many: auto-connect plugs and slots symmetrically + - overlord: use a ticker for the pruning + - interfaces/builtin: add uhid interface + - cmd/snap-confine: add shutdown helper + - tests: fix path used when debugging + - cmd: switch to non-recursive make + - overlord/ifacestate: setup security of snaps affected by auto- + connection + - spread: refresh apt cache before first install + - overlord: allow max 500 changes in "ready" state to avoid growing + changes for 24h + - snap: add {Plug,Slot}Info.SecurityTags + - cmd: move snap-discard-ns to dedicated directory + - tests: skip i18n test when no "snappy.mo" file is available + - interfaces,overlord/ifacestate: small refactor around reference + methods + - tests: remove the snapd dirs last (should fix random test errors) + - interfaces: mm: permissions for protocol proxies + - interfaces/builtin: add evolution interfaces + - many: extract the logging http client and user-agent handling for + use in devicestate + - interfaces: unity8-download-manager is the chosen name for this + interface. + - tests: add "quiet" wrapper function that only prints output on + failure + - tests: fix failing snapd-reexec test + - docs: simplify HACKING.md that snapd itself supports setting up + the sockets + - overlord: flag required-snaps from model as required and prevent + removing them + - spread: exclude .o and .a files + - tests: parameterize remote store + - cmd: fix hardcoded paths to rst2man and support rst2man.py + - tests: improve debug output when reexec is used + - tests: disable ipv6 before unpacking delta + - interfaces: add new interface API + - tests: change TRUST_TEST_KEYS to be controlled from the host + - spread: add boilerplate for Linode delta uploads + - wrappers: add support for the X-Ayatana-Desktop-Shortcuts= + extension + - partition: add support for native grubenv read/write and use it + - tests: add test ensuring manual pages are shipped + + -- Michael Vogt Fri, 27 Jan 2017 23:18:57 +0100 + +snapd (2.21-2) unstable; urgency=medium + + * Modify snap-confine's apparmor rules to work on Debian when apparmor is + enabled on the kernel command line. + + -- Michael Hudson-Doyle Wed, 25 Jan 2017 10:26:51 +1300 + +snapd (2.21-1) unstable; urgency=medium + + * New upstream release. + * Disable i18n so the package can build in stretch without new packages. + + -- Michael Hudson-Doyle Mon, 16 Jan 2017 11:15:32 +1300 + +snapd (2.21) xenial; urgency=medium + + * New upstream release, LP: #1656382 + - daemon: re-enable reexec + - interfaces: allow reading installed files from previous revisions + by default + - daemon: make activation optional + - tests: run all snap-confine tests in c-unit-tests task + - many: fix abbreviated forms of disconnect + - tests: switch more tests to MATCH + - store: export userAgent. daemon: print store.UserAgent() on + startup. + - tests: test classic confinement `snap list` and `snap info` + output + - debian: skip snap-confine unit tests on nocheck + - overlord/snapstate: share code between Update and UpdateMany, so + that it deals with auto-aliases correctly + - interfaces: upower-observe: refactor to allow snaps to provide a + slot + - tests: add end-to-end store test for classic confinement + - overlord,overlord/snapstate: have UpdateMany retire/enable auto- + aliases even without new revision + - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc + /run/udev + - interfaces/builtin: add physical-memory-* and io-ports-control + - interfaces: allow getsockopt by default since it is so commonly + used + - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap + refresh" of a classic snap + - interfaces: allow read/write access of real-time clock with time- + control interface + - store: request no CDN via a header using SNAPPY_STORE_NO_CDN + envvar + - snap: add information about tracking channel (not just actual + channel) + - interfaces: use fewer dot imports + - overlord/snapstate: remove restrictions on ResetAliases + - overlord, store: move confinement filtering to the overlord (from + The Store) + - many: move interface test helpers to ifacetest package + - many: implement 'snap aliases' + - vet: fix for unkeyed fields error on aliases_test.go + - interfaces: miscellaneous policy updates for network-control, + unity7, pulseaudio, default and home + - tests: test for auto-aliases + - interface hooks: connect plug slot hooks (step 2) + - cmd/snap: fix internal naming in snap connect + - snap: use "size" as the json tag in snap.ChannelSnapInfo + - tests: restore the missing initialization of iface manager causing + race + - snap: fix missing sizes in `snap info ` + - tests: improve cleanup for c-unit-tests + - cmd/snap-confine: build non-installed libsnap-confine-private.a + - cmd/snap-confine: small tweaks to seccomp support code + - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04 + - many: obtain installed snaps developer/publisher username through + assertions + - store: setting of fields for details endpoint + - cmd/snap-confine: check for rst2man on configure + - snap: show `snap --help` output when just running `snap` + - interface/builtin: drop the obsolete checks in udisks2 + SanitizeSlot + - cmd/snap: remove currency switch following UX review + - spread: find top-level directory before running generate- + packaging-dir + - interface hooks: prepare plug slot hooks (step 1) + - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid + cgo + - many: put a marker in the User-Agent sent by snapd/snap when under + testingThe User-Agent will look like: + - tests: fix -reuse and -resend when govendor is missing + - snap: provide friendlier `snap find` message when no snaps are + found + - tests: fix mkversions.sh failure on zesty + - spread: install build-essentail unconditionally + - spread: improve qemu ubuntu-14.04-{32,64} support + - overlord/snapstate,daemon: implement GET /v2/aliases handling + - store: retry user info request + - tests: port more snap-confine regression tests + - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc + and restore state + - tests: debug zesty autopkgtest failures + - overlord/snapstate: use keyed fields on literals + - tests: use MATCH in install-remove-multi + - tests: increase wait time for service to be up + - tests: make debug-each succeed if DENIED doesn't match + - tests: skip packaging dir generation for non-git based autopkgtest + runs + - tests: port refresh-all-undo to MATCH + - tests: improve snap connect test + - tests: port additional snap-confine regression tests + - tests: show --version when it matches unknown + - tests: optionally use apt proxy for qemu + - tests: add hello-classic test + - many: behave more consistently when pointed to staging and + possibly the fake store + - overlord/ifacestate: remove stale comments + - interfaces/apparmor: ignore snippets in classic confinement + - tests: port first regression test from snap-confine + - cmd/snap-confine: disable old tests + + -- Michael Vogt Fri, 13 Jan 2017 19:39:51 +0100 + +snapd (2.20.1) xenial; urgency=medium + + * New upstream release, LP: #1648520 + - tests: enable the ppc64el tests again + - tests: add classic confinement test + - tests: run snap confine tests in debian/rules already + + -- Michael Vogt Mon, 19 Dec 2016 11:53:29 +0100 + +snapd (2.20-2) unstable; urgency=medium + + * Replace unversioned Conflicts on snap package with versioned + Breaks/Replaces, now that snap has dropped /usr/bin/snap. + Closes: #849162. + + -- Steve Langasek Sun, 25 Dec 2016 17:50:25 -0600 + +snapd (2.20-1) unstable; urgency=medium + + * New upstream release. + * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer + golang-go-flags-dev in unstable. + * Explicitly include 'udev' in Build-Depends. + * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754) + + -- Michael Hudson-Doyle Mon, 19 Dec 2016 11:43:55 +1300 + +snapd (2.20) xenial; urgency=medium + + * New upstream release, LP: #1648520 + - many: implement "snap alias --reset" using snapstate.ResetAliases + - debian: use a packaging branch for 14.04 + - store: retry downloads on io.Copy errors and sha3 checksum errors + - snap: show apps in `snap info` + - store: send an explicit X-Ubuntu-Classic header to the store + - overlord/snapstate: implement snapstate.ResetAliases + - interfaces/builtin: add dbus interface + - tests: fix tests on 17.04 + - store: use mocked retry strategy to make store tests faster + - overlord: apply auto-aliases information from the snap-declaration + on install or refresh + - many: prepare landing on trusty + - many: implement snap unalias using snapstate.Unalias + - overlord/snapstate: fixing the placement/grouping of some + functions + - interfaces: support network namespaces via 'ip netns' in network- + control + - interfaces/builtin: fix pulseaudio apparmor rules + - interfaces/builtin: add iio interface + - tests: update custom core snap with the freshly build snap-confine + - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow() + - overlord,overlord/snapstate: implement snapstate.Unalias by + generalizing the "alias" task + - interfaces: misc openstack snap enablement + - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx + - notifications, daemon: kill the unsupported events endpoint + - client: only allow Dangerous option in InstallPath + - overlord/ifacestate: no interface checks if no snap id + - many: implement alias command + - snap: tweak snap install output as designed by Mark + - debian: fix Pre-Depends on dpkg + - tests: check if snap-confine --version is unknown + - cmd/snap-confine: allow content interface mounts + - tests: remove ppa:snappy-dev/image again + - interfaces/apparmor: allow access to core snap + - tests: remove snap-confine/ubuntu-core-launcher after the tests + - overlord,overlord/snapstate: implement snapstate.Alias + - cmd/snap: reject "snap disconnect foo" + - debian: add split ubuntu-core-launcher and snap-confine packages + - cmd: fix mkversion.sh and add regression test + - overlord/snapstate: setup/remove aliases as we link/unlink snaps + - cmd/snap,tests: alias support in snap run + - snap/snapenv: don't obscure HOME if snap uses classic confinement + - store: decode response.Body json inside retry loops + - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0 + - vendor: update tomb package fixing context support + + -- Michael Vogt Thu, 15 Dec 2016 22:07:08 +0100 + +snapd (2.19) xenial; urgency=medium + + * New upstream release, LP: #1648520 + - cmd/snap-confine: disable support for XDG_RUNTIME_DIR + - cmd/snap-confine/tests: fix stale path after move to snapd + - cmd/snap-confine: don't use __attribute__((nonull)) + - snap: add description to `snap info` + - snap: show last refresh time + - store: switch default delta format from xdelta to xdelta3 + - interfaces: fix system-observe interface to work with ps_mem + - debian: add missing ca-certificates dependency + - cmd/snap-confine: add support for classic confinement + - snapstate/backend: add backend methods to manage aliases + - tests: re-enable snap-confine unit tests via spread + - many: merge snap-confine into snapd + - many: add support for classic confinement + - snap: abort install with ctrl+c + - cmd/snap: change terms accept URL following UX review + - interfaces/apparmor: use distinct apparmor template for classic + - snap: add snap size to `snap info` + - interfaces: add unconfined access to modem-manager + - snap: support for parsing and exposing on snap.Info aliases + - debian: disable autopkgtests on ppc64el + - snap: disable support for socket activation + - tests: fix incorrect restore of the current symlink + - asserts: introduce auto-aliases header in snap-declaration + - interfaces/seccomp: add support for classic confinement + - tests: do not use external snaps + - daemon: close the dup()ed file descriptor to not leak it + - overlord, daemon, progress: enable building snapd without CGO + - daemon, store: let snap info find things in any channel + - store: retry tweaks and logging + - snap: Improve `snap --help` output as designed by Mark + - interfaces/builtin: fix incorrect udev rule in i2c + - overlord: increase test timeout and improve failure message + - snap: remove unused experimental command + - debian: remove unneeded conflict against the "snappy" package + - daemon, strutil: move daemon.quotedNames to strutil.Quoted + - docs: document SNAP_DEBUG_HTTP in HACKING.md + - cmd/snap: have some completers + - snap: support "daemon: notify" in snap.yaml + - snap: fix try command when daemon linie is added + - interfaces: apparmor support for classic confinement + - debian/rules: build with -buildoptions=pie + - tests: include /boot in saved state (including bootenv and any + kernels) + - daemon: ensure `snap try` installs core if it's missing + - tests: save/restore /snap/core/current symlink + - tests: decrease the number of expected featured apps + - tests: add set -e to the prepare ssh script + - cmd/snap: add tests for section completion; fix bugs. + - cmd/snap: document 'snap list --all' + + -- Michael Vogt Thu, 08 Dec 2016 16:16:04 +0100 + +snapd (2.18.1) xenial; urgency=medium + + * New upstream release, LP: #1644625 + - daemon: fix crash when `snap refresh` contains a single update + - fix unhandled error from io.Copy() in download() + - interfaces/builtin: fix incorrect udev rule in i2c + + -- Michael Vogt Mon, 05 Dec 2016 15:04:13 +0100 + +snapd (2.18) xenial; urgency=medium + + * New upstream release, LP: #1644625 + - store: retry on io.EOF + - tests: skip pty tests on ppc64el and powerpc + - client, cmd/snap: introducing "snap info" + - snap: do exit 0 on install/remove if that snap is already + installed or already removed + - snap: add `snap watch ` to attach to a running change + - store: retry downloads using retry loop + - snap: try doesn't require snap-dir when run in snap's directory + - daemon: show what will change in the "refresh-all" changes + - tests: disable autorefresh for the external backend + - snap: add `snap list -a` to show all snaps (even inactive ones) + - many: unify boolean env var handling + - overlord/ifacestate: don't setup jailmode snaps with devmode + confinement + - snapstate: do not garbage collect the snaps used by the bootenv + - debian: drop hard xdelta dependency for now + - snap: make `snap login` ask for email if not given as argument + - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in + go-arch) + - many: rename DevmodeConfinement to DevModeConfinement + - store: resp.Body.Close() missing in ReadyToBuy + - many: use ConfinementOptions instead of ConfinementType + - snap, daemon, store: fake the channel map in the REST API + - misc: run github.com/gordonklaus/ineffassign as part of the static + checks + - docs: add goreportcard badge and remove coveralls badge + - tests: force gofmt -s in static checks + - many: run gofmt -s -w on all the code + - store: DRY actual retry code + - many: fix various errors uncovered by goreportcard.com + - interfaces/builtin: allow additional shared memory for webkit + - many: some more missing snapState->snapst + - asserts: introduce an optional freeform display-name for model + - interfaces/builtin: rename usb-raw to raw-usb + - progress: init pbar with correct total value + - daemon/api.go: add quotedNames() helper + - interfaces: add ConfinementOptions type + - tests: add a test about the extra bits that prepare-device can + specify for device registration + - tests: check that gpio device nodes are exported after reboot + - tests: parameterize core channel with env var for classic too + - many: rename variable "ss" to "snapsup" or "snapst" or "st" + (depending on context) + - tests: do not use external snaps in spread + - store: retry buy request + - store: retry store.Find + - store: retry assertion store call + - store: retry call for snap details + - many: use snap.ConfinementType rather than bool devmode + - daemon: if a bad snap is posted it is not an internal error but a + bad request + - client: add "Snap.Screenshots" to the client API + - interfaces: update base declaration documentation and policy for + on-classic and snap-type + - store: check payment method before TOS for a better UX + - interfaces: allow sched_setaffinity in process-control + - tests: parameterize core channel with env var + - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR + - interfaces: fcitx also listens on the session bus for Qt apps + - store: retry ListRefresh + - snap: use "Password of :" in the `snap login` + - many: reshuffle how we load/inject tests keys so image doesn't + need assertstate anymore + - store: use range requests if we have a local file already + - dirs,interfaces,overlord,snap,snapenv,test: export per-snap + XDG_RUNTIME_DIR per user + - osutil: make RealUser only look at SUDO_USER when uid==0 + - tests: do not use the ppa:snappy-dev/image in the tests + - store: retry readyToBuy request + - tests: increase `expect` timeouts + - static tests: add spell check + - tests: add debug to all flaky expect tests + - systemd: correct the mount arguments when mounting with squashfuse + - interfaces: add avahi-observe + - store: bring delta downloads back + - interfaces: add alsa + - interfaces/builtin: fix a broken test that snuck into master + - osutil: add chattr funcs + - image: init "snap_mode" on image creation time to avoid ugly + messages + - tests: test-snapd-fuse-consumer needs python-fuse as a build- + package + - interfaces/builtin: add i2c interface + - interfaces: add ofono interface + - tests: do not use hello-world in our tests + - snap: add support for classic confinement + - interfaces: remove LegacyAutoConnect() from the interfaces + - interfaces: miscellaneous policy updates + - tests: run autopkgtests in the autopkgtest.ubuntu.com + infrastructure + - Implement lxd-client interface exposing the lxd snap + - asserts: validate optional account username + - many: remove unnecessary snap name parameter from buying endpoint + - tests: do not hardcode the size of /dev/ram0 + - tests: add test that ensures the right content for /etc/os-release + - spread tests: fix snap mode check + - docs: fix path for source files location in HACKING.md + - interfaces/builtin/mir: allow slot to make recvfrom syscalls + - store: sections/featured snaps store support + + -- Michael Vogt Thu, 24 Nov 2016 19:43:08 +0100 + +snapd (2.17.1) xenial; urgency=medium + + * New upstream release, LP: #1637215: + - release: os-release on core has changed + - tests: /dev/ptmx does not work on powerpc, skip here + - docs: moved to github.com/snapcore/snapd/wiki (#2258) + - debian: golang is not installable on powerpc, use golang-any + + -- Michael Vogt Fri, 04 Nov 2016 18:13:10 +0200 + +snapd (2.17) xenial; urgency=medium + + * New upstream release, LP: #1637215: + - overlord/ifacestate: add unit tests for undo of setup-snap- + security (#2243) + - daemon,overlord,snap,tests: download to .partial in final dir + (#2237) + - overlord/state: marshaling tests for lanes (#2245) + - overlord/state: introduce state lanes (#2241) + - overlord/snapstate: fix revert+refresh (#2224) + - interfaces/sytemd: enable/disable generated service units (#2229) + - many: fix incorrect security files generation on undo + - overlord/snapstate: add dynamic snapdX.Y assumes (#2227) + - interfaces: network-manager: give slot full read-write access to + /run/NetworkManager + - docs: update the name of the command for the cross-build + - overlord/snapstate: fix missing argument to Noticef + - snapstate: ensure gadget/core/kernel can not be disabled (#2218) + - asserts: limit to 1y only if len(models) == 0 (#2219) + - debian: only install share/locale if available (missing on + powerpc) + - overlrod/snapstate: fix revert followed by refresh to old-current + (#2214) + - interfaces/builtin: network-manager and bluez can change hostname + (#2204) + - snap: switch the auto-import dir to /run/snapd/auto-import + - docs: less details about cloud.cfg as requested in trello (#2206) + - spread.yaml: Ensure ubuntu user has passwordless sudo for + autopkgtests (#2201) + - interfaces/builtin: add dcdbas-control interface + - boot: do not set boot to try mode if the revision is unchanged + - interfaces: add shutdown interface (#2162) + - interfaces: add system-power-control interface + - many: use the new systemd backend for configuring GPIOs + - overlord/ifacestate: setup security for slots before plugs + - snap: spool assertion candidates if snapd is not up yet + - store,daemon,overlord: download things to a partials dir + - asserts,daemon: implement system-user-authority header/concept + - interfaces/builtin: home base declaration rule using on-classic + for its policy + - interfaces/builtin: finish decl based checks + - asserts: bump snap-declaration to allow signing with new-style + plugs and slots + - overlord: checks for kernel installation/refresh based on model + assertion and previous kernel + - tests/lib/fakestore: fix logic to distinguish assertion not found + errors + - client: add a few explicit error types (around the request cycle) + - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo + - overlord/snapstate: two bugs for one + - snappy: disable auto-import of assertions on classic (#2122) + - overlord/snapstate: move trash cleanup to a cleanup handler + (#2173) + - daemon: make create-user --known fail on classic without --force- + managed (#2123) + - asserts,interfaces/policy: implement on-classic plug/slot + constraints + - overlord: check that the first installed gadget matches the model + assertion + - tests: use the snapd-control-consumer snap from the store + - cmd/snap: make snap run not talk to snapd for finding the revision + - snap/squashfs: try to hard link instead of copying. Also, switch + to osutil.CopyFile for cp invocation. + - store: send supported max-format when retrieving assertions + - snapstate, devicestate: do not remove seed + - boot,image,overlord,partition: read/write boot variables in single + operation + - tests: reenable ubuntu-core tests on qemu + - asserts,interfaces/policy: allow OR-ing of subrule constraints in + plug/slot rules + - many: move from flags as ints to flags as structs-of-bools (#2156) + - many: add supports for keeping and finding assertions with + different format iterations + - snap: stop using ubuntu-core-launcher, use snap-confine + - many: introduce an assertion format iteration concept, refuse to + add unsupported assertion + - interfaces: tweak wording and comment + - spread.yaml: dump apparmor denials on spread failure + - tests: unflake ubuntu-core-reboot (#2150) + - cmd/snap: tweak unknown command error message (#2139) + - client,daemon,cmd: add payment-declined error kind (#2107) + - cmd/snap: update remove command help (#2145) + - many: removed frameworks target and fixed service files (#2138) + - asserts,snap: validate attributes to a JSON-compatible type subset + (#2140) + - asserts: remove unused serial-proof type + - tests: skip auto-import tests on systems without test keys (#2142) + - overlord/devicestate: don't spam the debug log on classic (#2141) + - cmd/snap: simplify auto-import mountinfo parsing (#2135) + - tests: run ubuntu-core upgrades on isolated machine (#2137) + - overlord/devicestate: recover seeding from old external approach + (#2134) + - overlord: merge overlord/boot pkg into overlord/devicestate + (#2118) + - daemon: add postCreateUserSuite test suite (#2124) + - tests: abort tests if an update process is scheduled (#2119) + - snapstate: avoid reboots if nothing in the boot setup has changed + (#2117) + - cmd/snap: do not auto-import from loop or non-dev devices (#2121) + - tests: add spread test for `snap auto-import` (#2126) + - tests: add test for auto-mount assertion import (#2127) + - osutil: add missing unit tests for IsMounted (#2133) + - tests: check for failure creating user on managed ubuntu-core + systems (#2096) + - snap: ignore /dev/loop addings from udev (#2111) + - tests: remove snapd.boot-ok reference (#2109) + - tests: enable tests related to the home interface in all-snaps + (#2106) + - snapstate: only import defaults from gadget on install (#2105) + - many: move firstboot code into the snapd daemon (#2033) + - store: send correct JSON type of string for expected payment + amount (#2103) + - cmd/snap: rename is-managed to managed and tune (#2102) + - interfaces,overlord/ifacestate: initial cleaning up of no arg + AutoConnect related bits (#2090) + - client, cmd: prompt for password when buying (#2086) + - snapstate: fix hanging `snap remove` if snap is no longer mounted + - image: support gadget specific cloud.conf file (#2101) + - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093) + - store: local users download from the anonymous url (#2100) + - docs/hooks.md: fix typos (#2099) + - many: check installation of slots and plugs against declarations + - docs: fix missing "=" in the systemd-active docs + - store: do not set store auth for local users (#2092) + - interfaces,overlord/ifacestate: use declaration-based checking for + auto-connect (#2071) + - overlord, daemon, snap: support gadget config defaults (#2082)The + main semantic changes are: + - tests: fix snap-disconnect tests after core rename (#2088) + - client,daemon,overlord,cmd: add /v2/users and create-user on auto- + import (#2074) + - many: abbreviated forms of disconnect (#2066) + - asserts: require lowercase model until insensitive matching is + ready (#2076) + - cmd/snap: add version command, same as --version (#2075) + - all: use "core" by default but allow "ubuntu-core" still (#2070) + - overlord/devicestate, docs/hooks.md: nest prepare-device + configuration options + - daemon: fix login API to return local macaroons (#2078) + - daemon: do not hardcode UID in userLookup (#2080) + - client, cmd: connect fixes (#2026) + - many: preparations for switching most of autoconnect to use the + declarationsfor now: + - overlord/auth: update CheckMacaroon to verify local snapd + macaroons (#2069) + - cmd/snap: trivial auto-import and download tweaks (#2067) + - interfaces: add repo.ResolveConnect that handles name resolution + - interfaces/policy: introduce InstallCandidate and its checks + - interfaces/policy,overlord: check connection requests against the + declarations in ifacestate + - many: setup snapd macaroon for local users (#2051)Next step: do + snapd macaroons verification. + - interfaces/policy: implement snap-id/publisher-id checks + - many: change Connect to take ConnRef instead of strings (#2060) + - snap: auto mount block devices and import assertions (#2047) + - daemon: add `snap create-user --force-managed` support (#2041) + - docs: remove references to removed buying features (#2057) + - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content + iface (#2063) + - interfaces: add Plug/Slot/Connection reference helpers (#2056) + - client,daemon,cmd/snap: improve create-user APIs (#2054) + - many: introduce snap refresh --ignore-validation to + override refresh validation (#2052) + - daemon: add support for `snap create-user --known` (#2040) + - interfaces/policy: start of interface policy checking code based + on declarations (#2050) + - overlord/configstate: support nested configuration (#2039) + - asserts,interfaces/builtin,overlord/assertstate: introduce base- + declaration (#2037) + - interfaces: builtin: Allow writing DHCP lease files to + /run/NetworkManager/dhcp (#2049) + - many: remove all traces of the /v2/buy/methods endpoint (#2045) + - tests: add external spread backend (#1918) + - asserts: parse the slot rules in snap-declarations (#2035) + - interfaces: allow read of /etc/ld.so.preload by default for armhf + on series 16 (#2048) + - store: change purchase to order and store clean up first pass + (#2043) + - daemon, store: switch to new store APIs in snapd (#2036) + - many: add email to UserState (#2038) + - asserts: support parsing the plugs stanza i.e. plug rules in snap- + declarations (#2027) + - store: apply deltas if explicitly enabled (#2031) + - tests: fix create-key/snap-sign test isolation (#2032) + - snap/implicit: don't restrict the camera iface to classic (#2025) + - client, cmd: change buy command to match UX document (#2011) + - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030) + - store: download deltas if explicitly enabled (#2017) + - many: allow use of the system user assertion with create-user + (#1990) + - asserts,overlord,snap: add prepare-device hook for device + registration (#2005) + - debian: adjust packaging for trusty/deputy systemd (#2003) + - asserts: introduce AttributeConstraints (#2015) + - interface/builtin: access system bus on screen-inhibit-control + - tests: add firewall-control interface test (#2009) + - snapstate: pass errors from ListRefresh in updateInfo (#2018) + - README: add links to IRC, mailing list and social media (#2022) + - docs: add `configure` hook to hooks list (#2024)LP: #1596629 + - cmd/snap,configstate: rename apply-config variables to configure. + (#2023) + - store: retry download on 500 (#2019) + - interfaces/builtin: support time and date settings via + 'org.freedesktop.timedate1 (#1832) + + -- Michael Vogt Wed, 02 Nov 2016 01:17:36 +0200 + +snapd (2.16-1) unstable; urgency=medium + + [ Michael Hudson-Doyle ] + * New upstream release. + * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb. + * Switch to unconditional conflict against `snap` (Closes: #826884) + * Update Vcs-Git and Vcs-Browser to point to alioth. + + [ Steve Langasek ] + * Remove govendor from gbp.conf, and import Ubuntu tarball as our + orig.tar.gz (switching our packaging to non-native). + * Add Uploaders. + * Drop lintian overrides not used in Debian because we dynamically link + against golang-yaml.v2. + * Bump standards-version, no changes required. + * Add/fix various lintian overrides. + + -- Steve Langasek Wed, 02 Nov 2016 12:14:52 +0000 + +snapd (2.16) xenial; urgency=medium + + * New upstream release, LP: #1628425 + - overlord/state: prune old empty changes + - interfaces: ppp: load needed kernel module (#2007) + - interfaces/builtin: add missing rule to allow run-parts to + execute all resolvconf scripts + - many: rename apply-config hook to configure + - tests: use new spread `debug` feature + - many: finish `snap set` API. + - overlord: fix and simplify configstate.Transaction + - assertions: add system-user assertion + - snap: add `snap known --remote` + - tests: replace systemd-run with on-the-fly generation of units. + - overlord/boot: switch to using assertstate.Batch + - snap, daemon, store: pass through screenshots from store + - image: add meta/gadget.yaml infrastructure + - tests: add test benchmark script + - daemon: add the actual ssh keys that got added to the create-user + response + - daemon: add REST API behind `snap get` + - debian: re-add golang-github-gosexy-gettext-dev + - tests: added install_local function + - interfaces/builtin: fix resolvconf permissions for network-manager + interface + - tests: use apt as compatible with trusty + - many: discard preserved namespace after removing snap + - daemon, overlord, store: add ReadyToBuy API to snapd + - many: add support for installing/removing multiple snaps + - progress: use New64 and fix output newline + - interfaces/builtin: allow network-manager to access netplan conf + files + - tests: build once and install test snap from cache + - overlord/state: introduce cleanup support + - snap: move/clarify Info.Broken + - ctlcmd: add snapctl get. + - overlord,store: clean up serial-proof plumbing code + - interfaces/builtin: add network-setup-observe interface + - daemon,overlord/assertstate: support streams of assertions with + snap ack + - snapd: kmod backend + - tests: ensure HOME is also set correctly + - configstate,hookstate: add snapctl set + - tests: disable broken create-key test + - interfaces: adjust bluetooth-control to allow getsockopt (LP: + #1613572) + - tests: add a test for core about device initialization and device + registration and auth + - many: show snap name before the download progress bar + - interfaces/builtin: add rcvfrom for client connected plugs to mir + interface + - asserts: support for maps in assertions + - tests: increase timeout for key generation in create-key test + - many: validate refreshes against validation assertions by gating + snaps + - interfaces/apparmor: allow 'm' in default policy for snap-exec + - many: avoid snap.InfoFromSnapYaml in tests + - interfaces/builtin: allow /dev/net/tun with network-control + - tests: add spread test for snap create-key/snap sign + - tests: add missing quotes in security-device-cgroups/task.yaml + - interfaces: drop ErrUnknownSecurity + - store: add "ready to buy" method + - snap/snapenv, tests: use root's data dirs when running via sudo + - interfaces/builtin: add initial docker interface + - snap: remove extra newline after progress is done + - docs: fix formating of HACKING.md "Testing snapd" + - store : add requestOptions.ExtraHeaders so that individual + requests can customise headers. + - many: use unique plug/slot names in tests + - tests: add tests for the classic dimension + - many: add vendoring of dependencies by default + - tests: use in-tree snap{ctl,-exec} for all tests + - many: support snapctl -h + - tests: adjust regex after changes in stat output + - store,snap: initial support for delta downloads + - interfaces/builtin: add run/udev/data paths to mir interface + - snap: lessen annoyance of implicit interface tests + - tests: ensure http{,s}_proxy is defined inside the fake-store + - interfaces: allow xdg-open in unity7, unity7 cleanups + - daemon,store: move store login user logic to store + - tests: replace realpath with readlink -f for trusty support. + - tests: add https_proxy into environment as well + - interfaces/builtin: allow mmaping pulseaudio buffers + + -- Michael Vogt Wed, 28 Sep 2016 11:09:27 +0200 + +snapd (2.15.2ubuntu1) xenial; urgency=medium + + * New upstream release, LP: #1623579 + - snap/snapenv, tests: use root's data dirs when running via sudo + (cherry pick PR: #1857) + - tests: add https_proxy into environment + (cherry pick PR: #1926) + - interfaces: allow xdg-open in unity7, unity7 cleanups + (cherry pick PR: #1946) + - tests: ensure http{,s}_proxy is defined inside the fake-store + (cherry pick PR: #1949) + + -- Michael Vogt Wed, 21 Sep 2016 17:21:12 +0200 + +snapd (2.15.2) xenial; urgency=medium + + * New upstream release, LP: #1623579 + - asserts: define a bit less terse Ref.String + - interfaces: disable auto-connect in libvirt interface + - asserts: check that validation assertions are signed by the + publisher of the gating snap + + -- Michael Vogt Mon, 19 Sep 2016 10:42:29 +0200 + +snapd (2.15.1) xenial; urgency=medium + + * New upstream release, LP: #1623579 + - image: ensure local snaps are put last in seed.yaml + - asserts: revert change that made the account-key's name mandatory. + - many: refresh all snap decls + - interfaces/apparmor: allow reading /etc/environment + + -- Michael Vogt Mon, 19 Sep 2016 09:19:44 +0200 + +snapd (2.15) xenial; urgency=medium + + * New upstream release, LP: #1623579 + - tests: disable prepare-image-grub test in autopkgtest + - interfaces: allow special casing for auto-connect until we have + assertions + - docs: add a little documentation on hooks. + - hookstate,daemon: don't mock HookRunner, mock command. + - tests: add http_proxy to /etc/environment in the autopkgtest + environment + - backends: first bits of kernel-module security backend + - tests: ensure openssh-server is installed in autopkgtest + - tests: make ubuntu-core tests more robust + - many: mostly work to support ABA upgrades + - cmd/snap: do runtime linting of descriptions + - spread.yaml: don't assume LANG is set + - snap: fix SNAP* environment merging in `snap run` + - CONTRIBUTING.md: remove integration-tests, include spread + - store: don't discard error body from request device session call + - docs: add create-user documentation + - cmd/snap: match UX document for message when buying without login + - firstboot: do not overwrite any existing netplan config + - tests: add debug output to ubuntu-core-update-rollback- + stresstest: + - tests/lib/prepare.sh: test that classic does not setting bootvars + - snap: run all tests with gpg2 + - asserts: basic support for validation assertion and refresh- + control + - interfaces: miscellaneous policy updates for default, browser- + support and camera + - snap: (re)add --force-dangerous compat option + - tests: ensure SUDO_{USER,GID} is unset in the spread tests + - many: clean out left over references to integration tests + - overlord/auth,store: fix raciness in updating device/user in state + through authcontext and other issuesbonus fixes: + - tests: fix spread tests on yakkety + - store: refactor auth/refresh tests + - asserts: use gpg --fixed-list-mode to be compatible with both gpg1 + and gpg2 + - cmd/snap: i18n option descriptions + - asserts: required account key name header + - tests: add yakkety test host + - packaging: make sure debhelper-generated snippet is invoked on + postrm + - snap,store: capture newest digest from the store, make it + DownloadInfo only + - tests: add upower-observe spread test + - Merge github.com:snapcore/snapd + - tests: fixes to actually run the spread tests inside autopkgtest + - cmd/snap: make "snap find" error nicer. + - tests: get the gadget name from snap list + - cmd/snap: tweak help of 'snap download' + - cmd/snap,image: teach snap download to download also assertions + - interfaces/builtin: tweak opengl interface + - interfaces: serial-port use udevUsbDeviceSnippet + - store: ensure the payment methods method handles auth failure + - overlord/snapstate: support revert flags + - many: add snap configuration to REST API + - tests: use ubuntu-image for the ubuntu-core-16 image creation + - cmd/snap: serialise empty keys list as [] rather than null + - cmd/snap,client: add snap set and snap get commands + - asserts: update trusted account-key asserts with names + - overlord/snapstate: misc fixes/tweaks/cleanups + - image: have prepare-image set devmode correctly + - overlord/boot: have firstboot support assertion files with + multiple assertions + - daemon: bail from enable and disable if revision given, and from + multi-op if unsupported optons given + - osutil: call sync after cp if + requested.overlord/snapstate/backend: switch to use osutil instead + of another buggy call to cp + - cmd/snap: generate account-key-request "since" header in UTC + - many: use symlinks instead of wrappers + - tests: remove silly [Service] entry from snapd.socket.d/local.conf + - store: switch device session to use device-session-request + assertion + - snap: ensure that plug and slot names are unique + - cmd/snap: fix test suite (no Exit(0) on tests!) + - interfaces: add interface for hidraw devices + - tests: use the real model assertion when creating the core test + image + - interfaces/builtin: add udisks2 and removable-media interfaces + - interface: network_manager: enable resolvconf + - interfaces/builtin: usb serial-port support via udev + - interfaces/udev: support noneSecurityTag keyed snippets + - snap: switch to the new agreed regexp for snap names + - tests: adjust test setup after ubuntu user removal + - many: start services only after the snap is fully ready (link-snap + was run) + - asserts: don't have Add/Check panic in the face of unsupported no- + authority assertions + - asserts: initial support to generate/sign snap-build assertions + - asserts: support checking account-key-request assertions + - overlord: introduce AuthContext.DeviceSessionRequest with support + in devicestate + - overlord/state: fix for reloaded task/change crashing on Set if + checkpointed w. no custom data yet + - snapd.refresh.service: require snap.socket and /snap/*/current. + - many: spell --force-dangerous as just --dangerous, devmode should + imply it + - overlord/devicestate: try to fetch/refresh the signing key of + serial (also in case is not there yet) + - image,overlord/boot,snap: metadata from asserts for image snaps + - many: automatically restart all-snap devices after os/kernel + updates + - interfaces: modem-manager: ignore camera + - firstboot: only configure en* and eth* interfaces by default + - interfaces: fix interface handling on no-app snaps + - snap: set user variables even if HOME is unset (like with systemd + services) + + -- Michael Vogt Fri, 16 Sep 2016 07:46:22 +0200 + +snapd (2.14.2~16.04) xenial; urgency=medium + + * New upstream release: LP: #1618095 + - tests: use the spread tests with the adhoc interface inside + autopkgtest + - interfaces: add fwupd interface + - asserts,cmd/snap: add "name" header to account-key(-request) + - client,cmd/snap: display os-release data only on classic + - asserts/tool,cmd/snap: introduce hidden "snap sign" + - many: when installing snap file derive metadata from assertions + unless --force-dangerous + - osutil: tweak the createUserTests a bit and extract common code + - debian: umount --lazy before rm on snapd.postrm + - interfaces: updates to default policy, browser-support, and x11 + - store: set initial device session + - interfaces: add upower-observe interface (LP: #1595813) + - tests: use beta u-d-f in test by default + - interfaces/builtin: allow writing on /dev/vhci in bluetooth- + control + - interfaces/builtin: allow /dev/vhci on bluetooth-control + - tests: port integration tests to spread + - snapstate: use umount --lazy when removing the mount units + - spread: enable halt-timeout, tweak image selection + - tests: fix firstboot-assertions to actually be runnable on classic + again + - asserts: introduce device-session-request + - interfaces: add screen-inhibit-control interface (LP: #1604880) + - firstboot: change location of netplan config + - overlord/devicestate: some cleanups and solving a couple todos + - daemon,overlord: add subcommand handling to snapctl + + -- Michael Vogt Thu, 01 Sep 2016 18:52:05 +0200 + +snapd (2.14.1) xenial; urgency=medium + + * New upstream release: LP: #1618095 + - snap-exec: add support for commands with internal args in snap- + exec + - store: refresh expired device sessions + - debian: re-add ubuntu-core-snapd-units as a transitional package + - image: snap assertions into image + - overlord/assertstate,asserts/snapasserts: give snap assertions + helpers a package, introduce ReconstructSideInfo + - docs/interfaces: Add empty line after lxd-support title + - README: cover the new /run/snapd-snap.socket + - daemon: make socket split backward-compatible. + + -- Michael Vogt Tue, 30 Aug 2016 16:43:29 +0200 + +snapd (2.14) xenial; urgency=medium + + * New upstream release: LP: #1618095 + - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1 + - osutil: fix create-user on classic + - firstboot: disable firstboot on classic for now + - cmd/snap: add export-key --account= option + - many: split public snapd REST API into separate socket. + - many: drop ubuntu-core-snapd-units package, use release.OnClassic + instead + - tests: add content-shareing binary test that excersises snap- + confine + - snap: use "up to date" instead of "up-to-date" + - asserts: add an account-key-request assertion + - asserts: fix GPG key generation parameters + - tests, integration-tests: implement the cups-control manual test + as a spread test + - many: clarify/tie down model assertion + - cmd/snap: add "snap download" command + - integration-tests: remove them in favour of the spread tests + - tests: test all snap ubuntu core upgrade + - many: support install and remove by revision + - overlord/state: prevent change ready => unready + - tests: fixes to make the ubuntu-core-16 image usable with + -keep/-reuse + - asserts: authority-id and brand-id of serial must match + - firstboot: generate netplan config rather than ifupdown + - store: request device session macaroon from store + - tests: add workaround for u-d-f to unblock all-snap image tests + - tests: the stable ubuntu-core snap has snap run support now + - many: use make StripGlobalRootDir public + - asserts: add some stricter checks around format + - many: have AuthContext expose device store-id, serial and serial- + proof signing to the store + - tests: fix "tests/main/ack" to not break if asserts are alreay + there + - tests/main/ack: fix test/style + - snap: add key management commands + - firstboot: add firstboot assertions importing + + -- Michael Vogt Mon, 29 Aug 2016 17:07:20 +0200 + +snapd (2.13) xenial; urgency=medium + + * New upstream release: LP: #1616157 + - many: respect dirs.SnapSnapsDir in tests + - tests: update listing test for latest stable image + - many: hook in start of code to fetch/check assertions when + installing snap from store + - boot: add missing udevadm mock to fix FTBFS + - interfaces: add lxd-support interface + - dirs,snap: handle empty root directory in SetRootDir + - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON + - tests: spread all-snap test cleanup + - tests: add all-snap spread image tests + - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to + control talking to staging + - overlord/hookstate: use snap run posix parameters. + - interfaces/builtin: allow bind in the network interface + - asserts,overlord/devicestate: simplify private key/key pairs APIs, + they take just key ids + - dependencies: update godeps + - boot: add support for "devmode: {true,false}" in seed.yaml + - many: teach prepare-image to copy the model assertion (and + prereqs) into the seed area of the image + - tests: start teaching the fakestore about assertions + - asserts/sysdb: embed the new format official root/trusted + assertions + - overlord/devicestate: first pass at device registration logic + - tests: add process-control interface spread test + - tests: disable unity test + - tests: adapt to new spread version + - asserts: add serial-proof device assertion + - client, cmd/snap: use the new multi-refresh endpoint + - many: preparations for image code to fetch model prereqs + - debian: add extra checks when debian/snapd.postrm purge is run + - overlord/snapstate, daemon: support for multi-snap refresh + - tests: do not leave "squashfs-root" around + - snap-exec: Fix broken `snap run --shell` and add test + - overlord/snapstate: check changes to SnapState for conflicts also. + - docs/interfaces: change snappy command to snap + - tests: test `snap run --hook` using in-tree snap-exec. + - partition: ensure that snap_{kernel,core} is not overridden with an + empty value + - asserts,overlord/assertstate: introduce an assertstate task + handler to fetch snap assertions + - spread: disable re-exec to always test development tree. + - interfaces: implement a fuse interface + - interfaces/hardware-observe.go: re-add /run/udev/data + - overlord/assertstate,daemon: reorg how the assert manager exposes + the assertion db and adding to it + - release: Remove "UBUNTU_CODENAME" from the test data + - many: implement snapctl command. + - interfaces: mpris updates (fix unconfined introspection, add name + attribute) + - asserts: export DecodePublicKey + - asserts: introduce support for assertions with no authority, + implement serial-request + - interfaces: bluez: add a few more tests to verify interface + connection works + - interfaces: bluez: add missing mount security snippet case + - interfaces: add kernel-module interface for module insertion. + - integration-tests: look for ubuntu-device-flash on PATH before + calling sudo + - client, cmd, daemon, osutil: support --yaml and --sudoer flags for + create-user + - spread: use snap-confine from ppa:snappy-dev/image for the tests + - many: move to purely hash based key lookup and to new + key/signature format (v1) + - spread: Use /home/gopath in spread.yaml + - tests: base security spread tests + + -- Michael Vogt Wed, 24 Aug 2016 14:48:28 +0200 + +snapd (2.12) xenial; urgency=medium + + * New upstream release: LP: #1612362 + - many: do not require root for `snap prepare-image` + - tests: prevent restore error on test failure + - osutil: change escaping for create-user's sudoers + - docs: private flag doesn't exist on /v2/find (it's select) + - snap: do not sort the result of `snap find` + - interfaces/builtin: add gpio interface + - partition: fix cleaning of the boot variables on the second good + boot + - tests: add udev rules spread test + - docs: fix references to refresh action + - interfaces/udev,osutil: avoid doubled rules and put all in a per + snap file + - store: minor store improvements from previous reviews + - many: support interactive payments in snapd, filter from command + line + - docs/interfaces.md: improve interfaces documentation + - overlord,store: set store device authorization header + - store: add device nonce API support + - many: various fixes around the `create-user` command + - client, osutil: chown the auth file + - interfaces/builtin: add transitional browser-support interface + - snap: don't load unsupported implicit hooks. + - cmd/snap,cmd/snap-exec: support hooks again. + - interfaces/builtin: improve pulseaudio interface + - asserts: make account-key's `until` optional to represent a never- + expiring key + - store: refactor newRequest/doRequest to take requestOptions + - tests: allow-downgrades on upgrade test to prevent version errors + - daemon: stop using group membership as succedaneous of running + things with sudo + - interfaces: add bluetooth-control interfaces + - many: remove integration-test coverage metrics + - daemon,docs: drop license docs and error kind + - tests: add network-control interface spread test + - tests: add hardware-observe spread test + - interfaces: add system-trace interface LP: #1600085 + - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat) + - store: soft-refresh discharge macaroon from store when required + - partition: clear snap_try_{kernel,core} on success + - tests: add snapd-control interface spread test + - tests: add locale-control write spread test + - store: fix buy method after some refactoring broke it + - interfaces/builtin: read perms for network devices in network- + observe + - interfaces: also allow rfkill in network_control + - snapstate: remove artifacts from a snap try dir that vanished + - client, cmd/snap: better errors for empty snap list result + - wrappers: set BAMF_DESKTOP_FILE_HINT for unity + - many: cleanup/update rest.md; improve auth errors + - interfaces: miscelleneous policy updates for default, log-observe, + mount-observe, opengl, pulseaudio, system-observe and unity7 + - interfaces: add process-control interface (LP: #1598225) + - osutil: support both "nobody" and "nogroup" for grpnam tests + - cmd: support defaulting to the user's preferred payment method + - overlord: actually run hooks. + - overlord/state,overlord/ifacestate: define basic infrastructure + for and then setting up serialising of interface mgr tasks + - asserts: add Assertion.Prerequisites and SigningKey, Ref and + FindTrusted + - overlord/snapstate: ensure calls to store are done without the + state lock held + - asserts,client: switch snap-build and snap-revision to be indexed + by snap-sha3-384 + - many: make seed.yaml on firstboot mandatory and include sideInfo + - asserts,many: start supporting structured headers using the new + parseHeaders + - many: update code for the new snap_mode + - tests: added spread find private test + - store: deal with 404 froms the SSO store properly + - snap: remove meta/kernel.yaml again + - daemon: always mock release info in tests + - snapstate: drop revisions after "current" on refresh + - asserts: introduce new parseHeadersThis introduces the new + parseHeaders returning map[string]interface{} and capable of + accepting: + - asserts: remove/disable comma separated lists and their uses + + -- Michael Vogt Thu, 11 Aug 2016 19:30:36 +0200 + +snapd (2.11) xenial; urgency=medium + + * New upstream release: LP: #1605303 + - increase version number to reflect the nature of the update + better + - store, daemon, client, cmd/snap, docs/rest.md: adieu search + grammar + - debian: move snapd.refresh.timer into timers.target + - snapstate: add daemon-reload to fix autopkgtest on yakkety + - Interfaces: hardware-observe + - snap: rework the output after a snap operation + - daemon, cmd/snap: refresh --devmode + - store, daemon, client, cmd/snap: implement `snap find --private` + - tests: add network-observe interface spread test + - interfaces/builtin: allow getsockopt for connected x11 plugs + - osutil: check for nogrup instead of adm + - store: small cleanups (more needed) + - snap/squashfs: fix test not to hardcode snap size + - client,cmd/snap: cleanup cmd/snap test suite, add extra args + testThis cleans up the cmd/snap test suite: + - wrappers: map "never" restart condition to "no." + - wrappers: run update-desktop-database after add/remove of desktop + files + - release: work around elementary mistake + - many: remove all traces of channel from the buying codepath + - store: kill setUbuntuStoreHeaders + - docs: add payment methods documentation + - many: present user with a choice of payment backends + - asserts: add cross checks for snap asserts + - cmd/snap,cmd/snap-exec: support running hooks via snap-exec. + - tests: improve snap run symlink tests + - tests: add content sharing interface spread test + - store & many: a mechanical branch shortening store names + - snappy: remove old snappy pkg + - overlord/snapstate: kill flagscompat + - overlord/snapstate, daemon, client, cmd/snap: devmode override + (aka confined) + - tests: extend refresh test to talk to the staging and production + stores + - asserts,daemon: cross checks for account and account-key + assertions + - client: existing JSON fixtures uses tabs for indentation + - snap-exec: add proper integration test for snap-exec + - spread.yaml, tests: replace hello-world with test-snapd-tools + - tests: add locale-control interface spread test + - tests: add mount-observe interface spread test + - tests: add system-observe interface spread test + - many: add AuthContext to mediate user updates to the state + - store/auth: add helper for the macaroon refresh endpoint + - cmd: add buy command + - overlord: switch snapstate.Update to use ListRefresh (aka + /snaps/metadata) + - snap-exec: fix silly off-by-one error + - tests: stop using hello-world.echo in the tests + - tests: add env command to test-snapd-tools + - classic: remove (most of) "classic" mode, this is implemented as a + snap now + - many: remove snapstate.Candidate and other cleanups + - many: removed authenticator, store gets a user instead + - asserts: fix minor doc comment typo + - snap: ensure unknown arguments to `snap run` are ignored + - overlord/auth: add Device/SetDevice to persist device identity in + state + - overlord: make SyncBoot work again + - tests: add -y flag to apt autoremove command in unity task restore + - many: migrate SnapSetup and SideInfo to use RealName + - daemon: drop auther() + - client: improve error from client.do() on json decode failures + - tests: readd the fake store tests + - many: allow removal of broken snaps, add spread test + - overlord: implement &Retry{After: duration} support for handlers + - interface: add new interfaces.all.SecurityBackends + - integration-tests: remove login tests + - cmd,interfaces,snap: implement hook whitelist. + - daemon,overlord/auth,store: update macaroon authentication to use + the new endpoints + - daemon, overlord: add buy endpoint to REST API + - tests: use systemd-run for starting and stopping the unity app + - tests, integration-tests: port systemd service check test to + spread + - store: switch search to new snap-specific endpoint + - store, many: start using the new details endpoint + - tests, integration-tests: port unity test to spread + - tests: add spread test for tried snaps removal + - tests, integration-tests: port auth errors test to spread + - snapstate: rename OfficialName to RealName in the new tests + - many: rename SideInfo.OfficialName to SideInfo.RealName + - snapstate: use snapstate.Type in backend.RemoveSnapFiles + - many: add `snap enable/disable` commands + - tests, integration-tests: port refresh all test to spread + - snap: add `snap run --shell` + - tests: set yaml indentation to 4 spaces + - snapstate: cleanup downloaded temp snap files + - overlord: make patch1_test more robust + - debian: add snapd.postrm that purges + - integration-tests: drop already covered refresh app test + - many: add concept of "broken" snaps + - tests, integration-tests: port remove errors tests to spread + - tests, integration-tests: port revert test to spread + - debian: fix snapbuild path + - overlord: fix access to the state without lock in firstboot.go and + add test + - snapstate: add very simple garbage collection on upgrade + - asserts: introduce assertstest with helpers to test code involving + assertions + - tests, integration tests: port undone failed install test to + spread + - snap,store: switch to the new snaps/metadata endpoint, introduce + and start capturing DeveloperID + - tests, integration-tests: port the op remove retry test to spread + - po: remove snappy.pot from git, it will be generated at build time + - many: add some missing tests, clarify some things and nitpicks as + follow up to `snap revert` + - snapstate: when doing snapsate.Update|Install, talk to the store + early + - tests, integration-tests: port the op remove test to spread + - interfaces: allow /usr/bin/locale in default policy + - many: add `snap revert` + - overlord/auth,store: add macaroon serialization/deserialization + helpers + - many: embed main store trusted assertions in snapd, way to have + test ones, spread tests for ack and known + - overlord/snapstate,daemon: clarify active vs current, add + SnapState.HasCurrent,CurrentInfo + - tests: do not search for a specific snap (we hit 100 items) and + pagination kicks in + - tests: use printf instead of echo where we need portability + - tests: rename and generalize basic-binaries to test-snapd-tools + + -- Michael Vogt Tue, 26 Jul 2016 15:49:04 +0200 + +snapd (2.0.10) xenial; urgency=medium + + * New upstream release: LP: #1597329 + - interfaces: also allow @{PROC}/@{pid}/mountinfo and + @{PROC}/@{pid}/mountstats + - interfaces: allow read access to /etc/machine-id and + @{PROC}/@{pid}/smaps + - interfaces: miscelleneous policy updates for default, log-observe + and system-observe + - snapstate: add logging after a successful doLinkSnap + - tests, integration-tests: port try tests to spread + - store, cmd/snapd: send a basic user-agent to the store + - store: add buy method + - client: retry on failed GETs + - tests: actual refresh test + - docs: REST API update + - interfaces: add mount support for hooks. + - interfaces: add udev support for hooks. + - interfaces: add dbus support for hooks. + - tests, integration-tests: port refresh test to spread + - tests, integration-tests: port change errors test to spread + - overlord/ifacestate: don't retry snap security setup + - integration-tests: remove unused file + - tests: manage the socket unit when reseting state + - overlord: improve organization of state patches + - tests: wait for snapd listening after reset + - interfaces/builtin: allow other sr*/scd* optical devices + - systemd: add support for squashfuse + - snap: make snaps vanishing less fatal for the system + - snap-exec: os.Exec() needs argv0 in the args[] slice too + - many: add new `create-user` command + - interfaces: auto-connect content interfaces with the same content + and developer + - snapstate: add Current revision to SnapState + - readme: tweak readme blurb + - integration-tests: wait for listening port instead of active + service reported by systemd + - many: rename Current -> {CurrentSideInfo,CurrentInfo} + - spread: fix home interface test after suite move + - many: name unversioned data. + - interfaces: add "content" interface + - overlord/snapstate: defaultBackend can go away now + - debian: comment to remember why the timer is setup like it is + - tests,spread.yaml: introduce an upgrade test, support/split into + two suites for this + - overlord,overlord/snapstate: ensure we keep snap type in snapstate + of each snap + - many: rework the firstboot support + - integration-tests: fix test failure + - spread: keep core on suite restore + - tests: temporary fix for state reset + - overlord: add infrastructure for simple state format/content + migrations + - interfaces: add seccomp support for hooks. + - interfaces: allow gvfs shares in home and temporarily allow + socketcall by default (LP: #1592901, LP: #1594675) + - tests, integration-tests: port network-bind interface tests to + spread + - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly + and remove MockSnapWithHooks + - interfaces: add mpris interface + - tests: enable `snap run` on i386 + - tests, integration-tests: port network interface test to spread + - tests, integration-tests: port interfaces cli to spread + - tests, integration-tests: port leftover install tests to spread + - interfaces: add apparmor support for hooks. + - tests, integration-tests: port log-observe interface tests to + spread + - asserts: improve Decode doc comment about assertion format + - tests: moved snaps to lib + - many: add the camera interface + - many: add optical-drive interface + - interfaces: auto-connect home if running on classic + - spread: bump gccgo test timeout + - interfaces: use security tags to index security snippets. + - daemon, overlord/snapstate, store: send confinement header to the + store for install + - spread: run tests on 16.04 i386 concurrently + - tests,integration-tests: port install error tests to spread + - interfaces: add a serial-port interface + - tests, integration-tests, debian: port sideload install tests to + spread + - interfaces: add new bind security backend and refactor + backendtests + - snap: load and validate implicit hooks. + - tests: add a build/run test for gccgo in spread + - cmd/snap/cmd_login: Adjust message after adding support for wheel + group + - tests, integration-tests: ported install from store tests to + spread + - snap: make `snap change ` show task progress + - tests, integration-tests: port search tests to spread + - overlord/state,daemon: make abort proceed immediately, fix doc + comment, improve tests + - daemon: extend privileged access to users in "wheel" group + - snap: tweak `snap refresh` and `snap refresh --list` outputTiny + branch that does three things: + - interfaces: refactor auto-connection candidate check + - snap: add support for snap {install,refresh} + --{edge,beta,candidate,stable} + - release: don't force KDE Neon into devmode. + + -- Michael Vogt Wed, 29 Jun 2016 21:02:39 +0200 + +snapd (2.0.9) xenial; urgency=medium + + * New upstream release: LP: #1593201 + - snap: add the magic redirect part of `snap run` + - tests, integration-tests: port server related tests to spread + - overlord/snapstate: log restarting in the task + - daemon: test restart wiring, fix setup/teardown + - cmd: don't show the price if a snap has already been purchased + - tests, integration-tests: port listing tests to spread + - integration-tests: do not try to kill ubuntu-clock-app.clock (no + longer a process) + - several: tie up overlord's restart handler into daemon; adjust + snap to cope + - tests, integration-tests: port abort tests to spread + - integration-tests: fix flaky TestRemoveBusyRetries + - testutils: refactor/mock exec + - snap,cmd: add hook support to snap run. + - overlord/snapstate: remove Download from backend + - store: use a custom logging transport + - overlord/hookstate: implement basic HookManager. + - spread: move the suite restore to restore-each + - asserts: turn model os into model core field, making it also more + like the kernel and gadget fields + - asserts: / is not allowed in primary key headers, follow the store + in this + - release: enable full confinement on Elementary 0.4 + - integration-tests: fix another i386 autopkgtest failure. + - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run` + - many: have the installation of the core snap request a restart (on + classic) + - asserts: allow to load also account assertions into the trusted + set + - many: install snaps in devmode on distributions without complete + apparmor and seccomp support + - spread: run on travis + - snapenv: do not hardcode amd64 in tests + - spread: initial harness and first test + - interfaces: miscelleneous policy updates for chromium, x86, + opengl, etc + - integration-tests: remove daemon to use the log-observe interface + - client: remove client.Revision and import snap.Revision instead + - integration-tests: wait for network-bind service in try test + - many: move over from snappy to snapstate/backend SetupSnap and + related code + - integration-tests: add interfaces cli tests + - snapenv: cleanup snapenv.{Basic,User} + - cmd/snap: also print slots that connect to the wanted snap (LP: + #1590704) + - asserts: error style, use "cannot" instead of "failed to" + following the main decided style + - integration-tests: wait until the network-bind service is up + before testing + - many: add new `snap run` command + - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install + - many: add some shared testing helpers to snap/snaptest and to + boot/boottest + - rest-api: support to send apps per snap (LP: #1564076) + + -- Michael Vogt Thu, 16 Jun 2016 13:56:12 +0200 + +snapd (2.0.8.1) UNRELEASED; urgency=medium + + * New upstream release + - Cherry pick four commits that show snaps as installed in devmode on + distributions without full confinement dependencies available: + + 25634d3364a46b5e9147e4466932c59b1b572d35 + 53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0 + 38771f4cc324ad9dd4aa48b03108d13a2c361aad + c46e069351c61e45c338c98ab12689a319790bd5 + + -- Zygmunt Krynicki Tue, 14 Jun 2016 15:55:30 +0200 + +snapd (2.0.8+1) unstable; urgency=medium + + * New upstream release. + * Update lintian-overrides for new paths. + * debian/copyright: fix a typo (thanks, lintian!) + + -- Steve Langasek Fri, 10 Jun 2016 23:17:22 +0000 + +snapd (2.0.8) xenial; urgency=medium + + * New upstream release: LP: #1589534 + - debian: make `snap refresh` times more random (LP: #1537793) + - cmd: ExecInCoreSnap looks in "core" snap first, and only in + "ubuntu-core" snap if rev>125. + - cmd/snap: have 'snap list' display helper message on stderr + (LP: #1587445) + - snap: make app names more restrictive. + + -- Michael Vogt Wed, 08 Jun 2016 07:56:58 +0200 + +snapd (2.0.7) xenial; urgency=medium + + * New upstream release: LP: #1589534 + - debian: do not ship /etc/ld.so.conf.d/snappy.conf (LP: #1589006) + - debian: fix snapd.refresh.service install and usage (LP: #1588977) + - ovlerlord/state: actually support task setting themself as + done/undone + - snap: do not use "." import in revision_test.go, as this breaks + gccgo-6 (fix build failure on powerpc) + - interfaces: add fcitx and mozc input methods to unity7 + - interfaces: add global gsettings interfaces + - interfaces: autoconnect home and doc updates (LP: #1588886) + - integration-tests: remove + abortSuite.TestAbortWithValidIdInDoingStatus + - many: adding backward compatible code to upgrade SnapSetup.Flags + - overlord/snapstate: handle sideloading over an old sideloaded snap + without panicing + - interfaces: add socketcall() to the network/network-bind + interfaces (LP: #1588100) + - overlord/snapstate,snappy: move over CanRemoveThis moves over the + CanRemove check to snapstate itself.overlord/snapstate + - snappy: move over CanRemove + - overlord/snapstate,snappy: move over CopyData and Remove*Data code + + -- Michael Vogt Mon, 06 Jun 2016 16:35:50 +0200 + +snapd (2.0.6) xenial; urgency=medium + + * New upstream release: LP: #1588052: + - many: repository moved to snapcore/snapd + - debian: add transitional pkg for the github location change + - snap: ensure `snap try` work with relative paths + - debian: drop run/build dependency on lsb-release + - asserts/tool: gpg key pair manager + - many: add new snap-exec + - many: implement `snap refresh --list` and `snap refresh` + - snap: add parsing support for hooks. + - many: add the cups interface + - interfaces: misc policy fixes (LP: #1583794) + - many: add `snap try` + - interfaces: allow using sysctl and scmp_sys_resolver for parsing + kernel logs + - debian: make snapd get its environ from /etc/environment + - daemon,client,snap: revisions are now strings + - interfaces: allow access to new ibus abstract socket path + LP: #1580463 + - integration-tests: add remove tests + - asserts: stronger crypto choices and follow better latest designs + - snappy,daemon: hollow out more of snappy (either removing or not + exporting stuff on its way out), snappy/gadget.go is gone + - asserts: rename device-serial to serial + - asserts: rename identity to account (and username access) + - integration-tests: add changes tests + - backend: add tests for environment wrapper generation + - interfaces/builtin: add location-control interface + - overlord/snapstate: move over check snap logic from snappy + - release: use os-release instead of lsb-release for cross-distro + use + - asserts: allow empty snap-name for snap-declaration + - interfaces/builtin,docs,snap: add the pulseaudio interface + - many: add support for an environment map inside snap.yaml + - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap + with sanity unit tests + - snap: parse epoch property + - snappy: do nothing in SetNextBoot when running on classic + - snap: validate snap type + - integration-tests: extend find command tests + - asserts: extend tests to cover mandatory and empty headers + - tests: stop the update-pot check in run-checks + - snap: parse confinement property. + - store: change applyUbuntuStoreHeaders to not take accept, and to + take a channel + - many: struct-based revisions, new representation + - interfaces: remove 'audit deny' rules from network_control.go + - interfaces: add com.canonical.UrlLauncher.XdgOpen to unity7 + interface + - interfaces: firewall-control can access xtables lock file + - interfaces: allow unity7 AppMenu + - interfaces: allow unity7 launcher API + - interfaces/builtin: add location-observe interface + - snap: fixed snap empty list text LP: #1587445 + + -- Michael Vogt Thu, 02 Jun 2016 08:23:50 +0200 + +snapd (2.0.5+1) unstable; urgency=medium + + * Initial Debian upload. Closes: #824943. + * release/release{,_test}.go: use /etc/os-release, which is guaranteed to + be part of base-files on both Ubuntu and Debian, instead of + /etc/lsb-release which doesn't exist at all on Debian. + * drop transitional packages, not needed in Debian. + * Add lintian overrides for false-positive detection of embedded libyaml. + * Update Vcs-* fields to point at maintainer's branch. + * Add a further lintian override for the /snap directory so that the + package is not automatically rejected by the NEW queue; this directory + location is certainly subject to discussion for Debian, but let's have + the discussion rather than blocking the package at the archive level. + + -- Steve Langasek Mon, 23 May 2016 00:36:06 +0000 + +snapd (2.0.5) xenial; urgency=medium + + * New upstream release: LP: #1583085 + - interfaces: add dbusmenu, freedesktop and kde notifications to + unity7 (LP: #1573188) + - daemon: make localSnapInfo return SnapState + - cmd: make snap list with no snaps not special + - debian: workaround for XDG_DATA_DIRS issues + - cmd,po: fix conflicts, apply review from #1154 + - snap,store: load and store the private flag sent by the store in + SideInfo + - interfaces/apparmor/template.go: adjust /dev/shm to be more usable + - store: use purchase decorator in Snap and FindSnaps + - interfaces: first version of the networkmanager interface + - snap, snappy: implement the new (minmimal) kernel spec + - cmd/snap, debian: move manpage generation to depend on an environ + key; also, fix completion + + -- Michael Vogt Thu, 19 May 2016 15:29:16 +0200 + +snapd (2.0.4) xenial; urgency=medium + + * New upstream release: + - interfaces: cleanup explicit denies + - integration-tests: remove the ancient integration daemon tests + - integration-tests: add network-bind interface test + - integration-tests: add actual checks for undoing install + - integration-tests: add store login test + - snap: add certain implicit slots only on classic + - integration-tests: add coverage flags to snapd.service ExecStart + setting when building from branch + - integration-tests: remove the tests for features removed in 16.04. + - daemon, overlord/snapstate: "(de)activate" is no longer a thing + - docs: update meta.md and security.md for current snappy + - debian: always start snapd + - integration-tests: add test for undoing failed install + - overlord: handle ensureNext being in the past + - overlord/snapstate,overlord/snapstate/backend,snappy: start + backend porting LinkSnap and UnlinkSnap + - debian/tests: add reboot capability to autopkgtest and execute + snapPersistsSuite + - daemon,snappy,progress: drop license agreement broken logic + - daemon,client,cmd/snap: nice access denied message + (LP: #1574829) + - daemon: add user parameter to all commands + - snap, store: rework purchase methods into decorators + - many: simplify release package and add OnClassic + - interfaces: miscellaneous policy updates + - snappy,wrappers: move desktop files handling to wrappers + - snappy: remove some obviously dead code + - interfaces/builtin: quote apparmor label + - many: remove the gadget yaml support from snappy + - snappy,systemd,wrappers: move service units generation to wrappers + - store: add method to determine if a snap must be bought + - store: add methods to read purchases from the store + - wrappers,snappy: move binary wrapper generation to new package + wrappers + - snap: add `snap help` command + - integration-tests: remove framework-test data and avoid using + config-snap for now + - add integration test to verify fix for LP: #1571721 + + -- Michael Vogt Fri, 13 May 2016 17:19:37 -0700 + +snapd (2.0.3) xenial; urgency=medium + + * New upstream micro release: + - integration-tests, debian/tests: add unity snap autopkg test + - snappy: introduce first feature flag for assumes: common-data-dir + - timeout,snap: add YAML unmarshal function for timeout.Timeout + - many: go into state.Retry state when unmounting a snap fails. + (LP: #1571721, #1575399) + - daemon,client,cmd/snap: improve output after snap + install/refresh/remove (LP: #1574830) + - integration-tests, debian/tests: add test for home interface + - interfaces,overlord: support unversioned data + - interfaces/builtin: improve the bluez interface + - cmd: don't include the unit tests when building with go test -c + for integration tests + - integration-tests: teach some new trick to the fake store, + reenable the app refresh test + - many: move with some simplifications test snap building to + snap/snaptest + - asserts: define type for revision related errors + - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify + mocking snaps behind MockSnap + - snappy: fix openSnapFile's handling of sideInfo + - daemon: improve snap sideload form handling + - snap: add short and long description to the man-page + (LP: #1570280) + - snappy: remove unused SetProperty + - snappy: use more accurate test data + - integration-tests: add a integration test about remove removing + all revisions + - overlord/snapstate: make "snap remove" remove all revisions of a + snap (LP: #1571710) + - integration-tests: re-enable a bunch of integration tests + - snappy: remove unused dbus code + - overlord/ifacestate: fix setup-profiles to use new snap revision + for setup (LP: #1572463) + - integration-tests: add regression test for auth bug LP:#1571491 + - client, snap: remove obsolete TypeCore which was used in the old + SystemImage days + - integration-tests: add apparmor test + - cmd: don't perform type assertion when we know error to be nil + - client: list correct snap types + - intefaces/builtin: allow getsockname on connected x11 plugs + (LP: #1574526) + - daemon,overlord/snapstate: read name out of sideloaded snap early, + improved change summary + - overlord: keep tasks unlinked from a change hidden, prune them + - integration-tests: snap list on fresh boot is good again + - integration-tests: add partial term to the find test + - integration-tests: changed default release to 16 + - integration-tests: add regression test for snaps not present after + reboot + - integration-tests: network interface + - integration-tests: add proxy related environment variables to + snapd env file + - README.md: snappy => snap + - etc: trivial typo fix (LP:#1569892) + - debian: remove unneeded /var/lib/snapd/apparmor/additional + directory (LP: #1569577) + - builtin/unity7.go: allow using gmenu. LP: #1576287 + + -- Michael Vogt Tue, 03 May 2016 07:51:57 +0200 + +snapd (2.0.2) xenial; urgency=medium + + * New upstream release: + - systemd: add multi-user.target (LP: #1572125) + - release: our series is 16 + - integration-tests: fix snapd binary path for mounting the daemon + built from branch + - overlord,snap: add firstboot state sync + + -- Michael Vogt Tue, 19 Apr 2016 16:02:44 +0200 + +snapd (2.0.1) xenial; urgency=medium + + * client,daemon,overlord: fix authentication: + - fix incorrect authenication check (LP: #1571491) + + -- Michael Vogt Mon, 18 Apr 2016 07:24:33 +0200 + +snapd (2.0) xenial; urgency=medium + + * New upstream release: + - debian: put snapd in /usr/lib/snapd/ + - cmd/snap: minor polishing + - cmd,client,daemon: add snap abort command + - overlord: don't hold locks when callling backends + - release,store,daemon: no more default-channel, release=>series + - many: drop support for deprecated environment variables + (SNAP_APP_*) + - many: support individual ids in changes cmd + - overlord/state: use numeric change and task ids + - overlord/auth,daemon,client,cmd/snap: logout + - daemon: don't install ubuntu-core twice + - daemon,client,overlord/state,cmd: add changes command + - interfaces/dbus: drop superfluous backslash from template + - daemon, overlord/snapstate: updates are users too! + - cmd/snap,daemon,overlord/ifacestate: add support for developer + mode + - daemon,overlord/snapstate: on refresh use the remembered channel, + default to stable channel otherwise + - cmd/snap: improve UX of snap interfaces when there are no results + - overlord/state: include time in task log messages + - overlord: prune and abort old changes and tasks + - overlord/ifacestate: add implicit slots in setup-profiles + - daemon,overlord: setup authentication for store downloads + - daemon: macaroon-authed users are like root, and sudoers can login + - daemon,client,docs: send install options to daemon + + -- Michael Vogt Sat, 16 Apr 2016 22:15:40 +0200 + +snapd (1.9.4) xenial; urgency=medium + + * New upstream release: + - etc: fix desktop file location + - overlord/snapstate: stop an update once download sees the revision + is already installed + - overlord: make SnapState.DevMode a method, store flags + - snappy: no more snapYaml in snappy.Snap + - daemon,cmd,dirs,lockfile: drop all lockfiles + - debian: use sudo in setup of the proxy environment + - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app + environment + - snap: validate similarly to what we did with old snapYaml info + from squashfs snaps + - daemon,store: plug in authentication for store search/details + - overlord/snapstate: fix JSON name of SnapState.Candidate + - overlord/snapstate: start using revisions higher than 100000 for + local installs (sideloads) + - interfaces,overlorf/ifacestate: honor user choice and don't auto- + connect disconnected plugs + - overlord/auth,daemon,client: hide user ids again + - daemon,overlord/snapstate: back /snaps (and so snap list) using + state + - daemon,client,overlord/auth: rework state auth data + - overlord/snapstate: disable Activate and Deactivate + - debian: fix silly typo in autopkgtest setup + - overlord/ifacestate: remove connection state with discard-conns + task, on the removal of last snap + - daemon,client: rename API update action to refresh + - cmd/snap: rework login to be more resilient + - overlord/snapstate: deny two changes on one snap + - snappy: fix crash on certain snap.yaml + - systemd: use native systemctl enable instead of our own + implementation + - store: add workaround for misbehaving store + - debian: make autopkgtest use the right env vars + - state: log do/undo status too when a task is run + - docs: update rest.md with price information + - daemon: only include price property if the snap is non-free + - daemon, client, cmd/snap: connect/disconnect now async + - snap,snappy: allow snaps to require system features + - integration-tests: fix report of skips in SetUpTest method + - snappy: clean out major bits (still using Installed) now + unreferenced as cmd/snappy is gone + - daemon/api,overlord/auth: add helper to get UserState from a + client request + + -- Michael Vogt Fri, 15 Apr 2016 23:30:00 +0200 + +snapd (1.9.3) xenial; urgency=medium + + * New upstream release: + - many: prepare for opengl support on classic + - interfaces/apparmor: load all apparmor profiles on snap setup + - daemon,client: move async resource to change in meta + - debian: disable autopilot + - snap: add basic progress reporting + - client,cmd,daemon,snap,store: show the price of snaps in the cli + - state: add minimal taskrunner logging + - daemon,snap,overlord/snapstate: in the API get the snap icon using + state + - client,daemon,overlord: don't guess snap file vs. name + - overlord/ifacestate: reload snap connections when setting up + security for a given snap + - snappy: remove cmd/snappy (superseded in favour of cmd/snap) + - interfaecs/apparmor: remove all traces of old-security from + apparmor backend + - interfaces/builtin: add bluez interface + - overlord/ifacestate: don't crash if connection cannot be reloaded + - debian: add searchSuite to autopkgtest + - client, daemon, cmd/snap: no more tasks; everything is changes + - client: send authorization header in client requests + - client, daemon: marshal suggested currency over REST + - docs, snap: enumerate snap types correctly in docs and comments + - many: add store authenticator parameter + - overlord/ifacestate,daemon: setup security on conect and + disconnect + - interfaces/apparmor: remove unused apparmor variables + - snapstate: add missing "TaskProgressAdapter.Write()" for working + progress reporting + - many: clean out snap config related code not for OS + - daemon,client,cmd: return snap list from /v2/snaps + - docs: update `/v2/snaps` endpoint documentation + - interfaces: rename developerMode to devMode + - daemon,client,overlord: progress current => done + - daemon,client,cmd/snap: move query metadata to top-level doc + - interfaces: add TestSecurityBackend + - many: replace typographic quotes with ASCII + - client, daemon: rework rest changes to export "ready" and "err" + - overlord/snapstate,snap,store: track snap-id in side-info and + therefore in state + - daemon: improve mocking of interfaces API tests + - integration-tests: remove origins in default snap names for udf + call + - integration-test: use "snap list" in GetCurrentVersion + - many: almost no more NewInstalledSnap reading manifest from + snapstate and backend + - daemon: auto install ubuntu-core if missing + - oauth,store: remove OAuth authentication logic + - overlord/ifacestate: simplify some tests with implicit manager + initialization + - store, snappy: move away from hitting details directly + - overlord/ifacestate: reload connections when restarting the + manager + - overlord/ifacestate: increase flexibility of unit tests + - overlord: use state to discover all installed snaps + - overlord/ifacestate: track connections in the state + - many: separate copy-data from unlinking of current snap + - overlord/auth,store/auth: add macaroon authenticator to UserState + - client: support for /v2/changes and /v2/changes/{id} + - daemon/api,overlord/auth: rework authenticated users information + in state + + -- Michael Vogt Thu, 14 Apr 2016 23:29:43 +0200 + +snapd (1.9.2) xenial; urgency=medium + + * New upstream release: + - cmd/snap,daemon,store: rework login command to use daemon login + API + - store: cache suggested currency from the store + - overlord/ifacestate: modularize and extend tests + - integration-tests: reenable failure tests + - daemon: include progress in rest changes + - daemon, overlord/state: expose individual changes + - overlord/ifacestate: drop duplicate package comment + - overlord/ifacestate: allow tests to override security backends + - cmd/snap: install *.snap and *.snap.* as files too + - interfaces/apparmor: replace /var/lib/snap with /var/snap + - daemon,overlord/ifacestate: connect REST API to interfaces in the + overlord + - debian: remove unneeded dependencies from snapd + - overlord/state: checkpoint on final progress only + - osutil: introduce IsUIDInAny + - overlord/snapstate: rename GetSnapState to Get, SetSnapState to + Set + - daemon: add id to changes json + - overlord/snapstate: SetSnapState() needs locks + - overlord: fix broken tests + - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as + Info) actually using the state + + -- Michael Vogt Wed, 13 Apr 2016 17:27:00 +0200 + +snapd (1.9.1.1) xenial; urgency=medium + + * debian/tests/control: + - add git to make autopkgtest work + + -- Michael Vogt Tue, 12 Apr 2016 17:19:19 +0200 + +snapd (1.9.1) xenial; urgency=medium + + * Add warning about installing ubuntu-core-snapd-units on Desktop systems. + * Add ${misc:Depends} to ubuntu-core-snapd-units. + * interfaces,overlord: add support for auto-connecting plugs on + install + * fix sideloading snaps and (re)add tests for this + * add `ca-certificates` to the test-dependencies to fix autopkgtest + failure on armhf + + -- Michael Vogt Tue, 12 Apr 2016 14:39:57 +0200 + +snapd (1.9) xenial; urgency=medium + + * rename source and binary package to "snapd" + * update directory layout to final 16.04 layout + * use `snap` command instead of the previous `snappy` + * use `interface` based security + * use new state engine for install/update/remove + + -- Michael Vogt Tue, 12 Apr 2016 01:05:09 +0200 + +ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium + + - debian: update versionized ubuntu-core-launcher dependency + - debian: tweak desktop file dir, ship Xsession.d snip for seamless + integration + - snappy: fix hw-assign to work with per-app udev tags + - snappy: use $snap.$app as per-app udev tag + - snap,snappy,systemd: %s/\/SNAP_DEVELOPER/g + - snappy: add mksquashfs --no-xattrs parameter + - snap,snappy,systemd: kill SNAP_FULLNAME + + -- Michael Vogt Thu, 10 Mar 2016 09:26:20 +0100 + +ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium + + - snappy,snap: move icon under meta/gui/ + - debian: add snap.8 manpage + - debian: move snapd to /usr/lib/snappy/snapd + - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR + - snappy,dirs: add support to use desktop files from inside snaps + - daemon: snapd API events endpoint redux + - interfaces/builtin: add "network" interface + - overlord/state: do small fixes (typo, id clashes paranoia) + - overlord: add first pass of the logic in StateEngine itself + - overlord/state: introduce Status/SetStatus on Change + - interfaces: support permanent security snippets + - overlord/state: introduce Status/SetStatus and + Progress/SetProgress on Task + - overlord/state: introduce Task and Change.NewTask + - many: selectively swap semantics of plugs and slots + - client,cmd/snap: remove useless indirection in Interfaces + - interfaces: maintain Plug and Slot connection details + - client,daemon,cmd/snap: change POST /2.0/interfaces to work with + lists + - overlord/state: introduce Change and NewChange on state to create + them + - snappy: bugfix for snap.yaml parsing to be more consistent with + the spec + - snappy,systemd: remove "ports" from snap.yaml + + -- Michael Vogt Tue, 08 Mar 2016 11:24:09 +0100 + +ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium + + * rename: + debian/golang-snappy-dev.install -> + debian/golang-github-ubuntu-core-snappy-dev.install: + + -- Michael Vogt Thu, 03 Mar 2016 12:29:16 +0100 + +ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium + + * really fix typo in dependency name + + -- Michael Vogt Thu, 03 Mar 2016 12:21:39 +0100 + +ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium + + * fix typo in dependency name + + -- Michael Vogt Thu, 03 Mar 2016 12:05:36 +0100 + +ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium + + - debian: update build-depends for MIR + - many: implement new REST API: GET /2.0/interfaces + - integration-tests: properly stop snapd from branch + - cmd/snap: update tests for go-flags changes + - overlord/state: implement Lock/Unlock with implicit checkpointing + - overlord: split out the managers and State to their own + subpackages of overlord + - snappy: rename "migration-skill" to "old-security" and use new + interface names instead of skills + - client,cmd/snap: clarify name ambiguity in Plug or Slot + - overlord: start working on state engine along spec v2, have the + main skeleton follow that + - classic, oauth: update tests for change in MakeRandomString() + - client,cmd/snap: s/add/install/:-( + - interfaces,daemon: specialize Name to either Plug or Slot + - interfaces,interfaces/types: unify security snippet functions + - snapd: close the listener on Stop, to force the http.Serve loop to + exit + - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose + explicit channel selection to rest api + - interfaces,daemon: rename package holding built-in interfaces + - integration-tests: add the first classic dimension tests + - client,deaemon,docs: rename skills to interfaces on the wire + - asserts: add identity assertion type + - integration-tests: add the no_proxy env var + - debian: update build-depends for new package names + - oauth: fix oauth & quoting in the oauth_signature + - integration-tests: remove unused field + - integration-tests: add the http proxy argument + - interfaces,interfaces/types,deamon: mass internal rename to + interfaces + - client,cmd/snap: rename skills to interfaces (part 2) + - arch: fix missing mapping for powerpc + + -- Michael Vogt Thu, 03 Mar 2016 11:00:19 +0100 + +ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium + + - integration-tests: always use the built snapd when compiling + binaries from branch + - cmd/snap: rename skills to interfaces + - testutil,skills/types,skills,daemon: tweak discovery of know skill + types + - docs: add docs for arm64 cross building + - overlord: implement basic ReadState/WriteState + - overlord: implement Get/Set/Copy on State + - integration-tests: fix dd output check + - integration-tests: add fromBranch config field + - integration-tests: use cli pkg methods in hwAssignSuite + - debian: do not create the snappypkg user, we don't need it anymore + - arch: fix build failure on s390x + - classic: cleanup downloaded lxd tarball + - cmd/snap,client,integration-tests: rename snap subcmds + 'assert'=>'ack', 'asserts'=>'known' + - skills: fix broken tests builds + - skills,skills/types: pass slot to SlotSecuritySnippet() + - skills/types: teach bool-file about udev security + + -- Michael Vogt Thu, 25 Feb 2016 16:17:19 +0100 + +ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium + + * New git snapshot: + - asserts: introduce snap-declaration + - cmd/snap: fix integration tests for the "cmd_asserts" + - integration-tests: fix fanctl output check + - cmd/snap: fix test failure after merging 23a64e6 + - cmd/snap: replace skip-help with empty description + - docs: update security.md to match current migration-skill + semantics + - snappy: treat commands with 'daemon' field as services + - asserts: use more consistent names for receivers in + snap_asserts*.go + - debian: add missing golang-websocket-dev build-dependency + - classic: if classic fails to get created, undo the bind mounts + - snappy: never return nil in NewLocalSnapRepository() + - notifications: A simple notification system + - snappy: when using staging, authenticate there instead + - integration-tests/snapd: fix the start of the test snapd socket + - skills/types: use CamelCase for security names + - skills: add support for implicit revoke + - skills: add security layer + - integration-tests: use exec.Command wrapper for updates + - cmd/snap: add 'snap skills' + - cms/snap: add 'snap revoke' + - docs: add docs for skills API + - cmd/snap: add 'snap grant' + - cmd/snappy, coreconfig, daemon, snappy: move config to always be + bytes (in and out) + - overlord: start with a skeleton and stubs for Overlord, + StateEngine, StateJournal and managers + - integration-tests: skip tests affected by LP: #1544507 + - skills/types: add bool-file + - po: refresh translation templates + - cmd/snap: add 'snap experimental remove-skill-slot' + - asserts: introduce device assertion + - cmd/snap: implemented add, remove, purge, refresh, rollback, + activate, deactivate + - cmd/snap: add 'snap experimental add-skill-slot' + - cmd/snap: add 'snap experimental remove-skill' + - cmd/snap: add tests for common skills code + - cmd/snap: add 'snap experimental add-skill' + - asserts: make assertion checkers used by db.Check modular and + pluggable + - cmd,client,daemon,caps,docs,po: remove capabilities + - scripts: move the script to get dependencies to a separate file + - asserts: make the disk layout compatible for storing more than one + revision + - cmd/snap: make the assert command options exported + - integration-tests: Remove the target release and channel + - asserts: introduce model assertion + - integration-tests: add exec.Cmd wrapper + - cmd/snap: add client test support methods + - cmd/snap: move key=value attribute parsing to commmon + - cmd/snap: apply new style consistency to "snap" commands. + - cmd/snap: support redirecting the client for testing + - cmd/snap: support testing command output + - snappy,daemon: remove the meta repositories abstractions + - cmd: add support for experimental commands + - cmd/snappy,daemon,snap,snappy: remove SetActive from parts + - cmd/snappy,daemon,snappy,snap: remove config from parts interface + - client: improve test data + - cmd: allow to construct a fresh parser + - cmd: don't treat help as an error + - cmd/snappy,snappy: remove "Details" from the repository interface + - asserts: check that primary keys are set when + Decode()ing/assembling assertions + - snap,snappy: refactor to remove "Install" from the Part interface + - client,cmd: make client.New() configurable + - client: enable retrieving asynchronous operation information with + `Client.Operation`. + + -- Michael Vogt Tue, 23 Feb 2016 11:28:18 +0100 + +ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium + + * New git snapshot: + - integration-tests: fix the rollback error messages + - integration-test: use the common cli method when trying to install + an unexisting snap + - integration-tests: rename snap find test + - daemon: refactor makeErrorResponder() + - integration: add regression test for LP: #1541317 + - integration-tests: reenable TestRollbackMustRebootToOtherVersion + - asserts: introduce "snap asserts" subcmd to show assertions in the + system db + - docs: fix parameter style + - daemon: use underscore in JSON interface + - client: add skills API + - asserts,docs/rest.md: change Encoder not to add extra newlines at + the end of the stream + - integration-tests: "snappy search" is no more, its "snap search" + now + - README, integration-tests/tests: chmod snapd.socket after manual + start. + - snappy: add default security profile if none is specified + - skills,daemon: add REST APIs for skills + - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`. + - The first step towards REST world domination: search is now done + via + - debian: remove obsolete /etc/grub.d/09_snappy on upgrade + - skills: provide different security snippets for skill and slot + side + - osutil: make go vet happy again + - snappy,systemd: use Type field in systemd.ServiceDescription + - skills: add basic grant-revoke methods + - client,daemon,asserts: expose the ability to query assertions in + the system db + - skills: add basic methods for slot handling + - snappy,daemon,snap: move "Uninstall" into overlord + - snappy: move SnapFile.Install() into Overlord.Install() + - integration-tests: re-enable some failover tests + - client: remove snaps + - asserts: uniform searching across trusted (account keys) and main + backstore + - asserts: introduce Decoder to parse streams of assertions and + Encoder to build them + - client: filter snaps with a search query + - client: pass query as well as path in client internals + - skills: provide different security snippets for skill and slot + side + - snappy: refactor snapYaml to remove methods on snapYaml type + - snappy: remove unused variable from test + - skills: add basic methods for skill handing + - snappy: remove support for meta/package.yaml and implement new + meta/snap.yaml + - snappy: add new overlord type responsible for + Installed/Install/Uninstall/SetActive and stub it out + - skills: add basic methods for type handling + - daemon, snappy: add find (aka search) + - client: filter snaps by type + - skills: tweak valid names and error messages + - skills: add special skill type for testing + - cmd/snapd,daemon: filter snaps by type + - partition: remove obsolete uEnv.txt + - skills: add Type interface + - integration-tests: fix the bootloader path + - asserts: introduce a memory backed assertion backstore + - integration-tests: get name of OS snap from bootloader + - cmd/snapd,daemon: filter snaps by source + - asserts,daemon: bump some copyright years for things that have + been touched in the new year + - skills: add the initial Repository type + - skills: add a name validation function + - client: filter snaps by source + - snappy: unmount the squashfs snap again if it fails to install + - snap: make a copy of the search uri before mutating it + Closes: LP#1537005 + - cmd/snap,client,daemon,asserts: introduce "assert " snap + subcommand + - cmd/snappy, snappy: fix failover handling of the "active" + kernel/os snap + - daemon, client, docs/rest.md, snapd integration tests: move to the + new error response + - asserts: change Backstore interface, backstores can now access + primary key names from types + - asserts: make AssertionType into a real struct exposing the + metadata Name and PrimaryKey + - caps: improve bool-file sanitization + - asserts: fixup toolbelt to use exposed key ID. + - client: return by reference rather than by value + - asserts: exported filesystem backstores + explicit backstores + + -- Michael Vogt Thu, 04 Feb 2016 16:35:31 +0100 + +ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium + + * New git snapshot + + -- Michael Vogt Wed, 13 Jan 2016 11:25:40 +0100 + +ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium + + * New upstream release: + - bin-path integration + - assertions/capability work + - fix squashfs based snap building + + -- Michael Vogt Fri, 04 Dec 2015 08:46:35 +0100 + +ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium + + * New upstream release: + - fix dependencies + - fix armhf builds + + -- Michael Vogt Wed, 02 Dec 2015 07:46:07 +0100 + +ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium + + * New upstream release: + - kernel/os snap support + - squashfs snap support + - initial capabilities work + - initial assertitions work + - rest API support + + -- Michael Vogt Wed, 18 Nov 2015 19:59:51 +0100 + +ubuntu-snappy (1.6ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Fix hwaccess for gpio (LP: #1493389, LP: #1488618) + - Fix handleAssets name normalization + - Run boot-ok job late (LP: #1476129) + - Add support for systemd socket files + - Add "snappy service" command + - Documentation improvements + - Many test improvements (unit and integration) + - Override sideload versions + - Go1.5 fixes + - Add i18n + - Add man-page + - Add .snapignore + - Run services that uses external ports only after the network is up + - Bufix in Synbootloader (LP: 1474125) + - Use uboot.env for boot state tracking + + -- Michael Vogt Wed, 09 Sep 2015 14:20:22 +0200 + +ubuntu-snappy (1.5ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Use O_TRUNC when copying files + - Added path redefinition to include test's binaries location + - Don't run update-grub, instead use grub.cfg from the oem + package + - Do network configuration from first boot + - zero size systemd of new partition made executable to + prevent unrecoverable boot failure + - Close downloaded files + + -- Ricardo Salveti de Araujo Mon, 06 Jul 2015 15:14:37 -0300 + +ubuntu-snappy (1.4ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Allow to run the integration tests using snappy from branch + - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile + - add a bunch of missing i18n.G() now that we have gettext + - Generate only the translators comments that start with + TRANSLATORS + - Try both clickpkg and snappypkg when dropping privs + + -- Ricardo Salveti de Araujo Thu, 02 Jul 2015 16:21:53 -0300 + +ubuntu-snappy (1.3ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - gettext support + - use snappypkg user for the installed snaps + - switch to system-image-3.x as the system-image backend + - more reliable developer mode detection + + -- Michael Vogt Wed, 01 Jul 2015 10:37:05 +0200 + +ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Consider the root directory when installing and removing policies + - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir + before creating the partition type + - In the PartitionTestSuite, remove the unnecessary patches for + defaultCacheDir + - Fix the help output of "snappy install -h" + + -- Ricardo Salveti de Araujo Wed, 17 Jun 2015 11:42:47 -0300 + +ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Remove compatibility for click-bin-path in generated exec-wrappers + - Release the readme.md after parsing it + + -- Ricardo Salveti de Araujo Thu, 11 Jun 2015 23:42:49 -0300 + +ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium + + * New upstream release, including the following changes: + - Set all app services to restart on failure + - Fixes the missing oauth quoting and makes the code a bit nicer + - Added integrate() to set Integration to default values needed for + integration + - Moved setActivateClick to be a method of SnapPart + - Make unsetActiveClick a method of SnapPart + - Check the package.yaml for the required fields + - Integrate lp:snappy/selftest branch into snappy itself + - API to record information about the image and to check if the kernel was + sideloaded. + - Factor out update from cmd + - Continue updating when a sideload error is returned + + -- Ricardo Salveti de Araujo Wed, 10 Jun 2015 15:54:12 -0300 + +ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low + + * New wily upload with fix for go 1.4 syscall.Setgid() breakage + + -- Michael Vogt Tue, 09 Jun 2015 10:02:04 +0200 + +ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low + + * fix symlink unpacking + * fix typo in apparmor rules generation + + -- Michael Vogt Thu, 23 Apr 2015 16:09:56 +0200 + +ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low + + * 15.04 archive upload + + -- Michael Vogt Thu, 23 Apr 2015 11:08:22 +0200 + +ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium + + * initial ubuntu archive upload + + -- Michael Vogt Mon, 13 Apr 2015 22:48:13 -0500 + +ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low + + * new snapshot + + -- Michael Vogt Thu, 12 Feb 2015 13:51:22 +0100 + +ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium + + * Initial packaging + + -- Sergio Schvezov Fri, 06 Feb 2015 02:25:43 -0200 diff --git a/compat b/compat new file mode 100644 index 00000000..ec635144 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/control b/control new file mode 100644 index 00000000..16141c79 --- /dev/null +++ b/control @@ -0,0 +1,116 @@ +Source: snapd +Section: devel +Priority: optional +Maintainer: Steve Langasek +Uploaders: Michael Hudson-Doyle , + Zygmunt Krynicki , + Luke Faraone +Build-Depends: autoconf, + automake, + autotools-dev, + bash-completion, + dbus, + debhelper (>= 9), + dh-apparmor, + dh-autoreconf, + dh-golang (>=1.7), + dh-systemd, + fakeroot, + gettext, + grub-common, + gnupg2, + golang-check.v1-dev, + golang-context-dev, + golang-dbus-dev, + golang-github-coreos-go-systemd-dev, + golang-github-gorilla-mux-dev, + golang-github-gosexy-gettext-dev, + golang-github-mvo5-goconfigparser-dev, + golang-github-seccomp-libseccomp-golang-dev, + golang-go, + golang-go-flags-dev, + golang-golang-x-crypto-dev, + golang-golang-x-net-dev, + golang-gopkg-tomb.v2-dev (>= 0.0~git20161208.0.d5d1b58-1), + golang-yaml.v2-dev, + golang-gopkg-macaroon.v1-dev, + golang-gopkg-mgo.v2-dev, + golang-gopkg-retry.v1-dev, + golang-gopkg-tylerb-graceful.v1-dev, + golang-github-gosexy-gettext-dev, + golang-any (>=2:1.6) | golang-1.6, + indent, + init-system-helpers, + libcap-dev, + libapparmor-dev, + libglib2.0-dev, + libseccomp-dev, + libudev-dev, + openssh-client, + pkg-config, + python3, + python3-docutils, + python3-markdown, + squashfs-tools, + tzdata, + udev, + xfslibs-dev +Standards-Version: 3.9.8 +Homepage: https://github.com/snapcore/snapd +Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/snapd.git +Vcs-Git: git://anonscm.debian.org/collab-maint/snapd.git + +Package: golang-github-ubuntu-core-snappy-dev +Architecture: all +Depends: golang-github-snapcore-snapd-dev, ${misc:Depends} +Section: oldlibs +Description: transitional dummy package + This is a transitional dummy package. It can safely be removed. + +Package: golang-github-snapcore-snapd-dev +Architecture: all +Breaks: golang-github-ubuntu-core-snappy-dev (<< 2.0.6), + golang-snappy-dev (<< 1.7.3+20160303ubuntu4) +Replaces: golang-github-ubuntu-core-snappy-dev (<< 2.0.6), + golang-snappy-dev (<< 1.7.3+20160303ubuntu4) +Depends: ${misc:Depends} +Description: snappy development go packages. + Use these to use the snappy API. + +Package: snapd +Architecture: any +Depends: adduser, + apparmor (>= 2.10.95-0ubuntu2.2), + ca-certificates, + gnupg1 | gnupg, + openssh-client, + squashfs-tools, + systemd, + ${misc:Depends}, + ${shlibs:Depends} +Breaks: snap (<< 2013-11-29-5~), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) +Replaces: snap (<< 2013-11-29-5~), snap-confine (<< 2.23), ubuntu-core-launcher (<< 2.22) +Built-Using: ${Built-Using} ${misc:Built-Using} +Description: Tool to interact with Ubuntu Core Snappy. + Install, configure, refresh and remove snap packages. Snaps are + 'universal' packages that work across many different Linux systems, + enabling secure distribution of the latest apps and utilities for + cloud, servers, desktops and the internet of things. + . + This is the CLI for snapd, a background service that takes care of + snaps on the system. Start with 'snap list' to see installed snaps. + +Package: snap-confine +Architecture: any +Section: oldlibs +Depends: snapd (= ${binary:Version}), ${misc:Depends} +Description: Transitional package for snapd + This is a transitional dummy package. It can safely be removed. + +Package: ubuntu-core-launcher +Architecture: any +Depends: snapd (= ${binary:Version}), ${misc:Depends} +Section: oldlibs +Pre-Depends: dpkg (>= 1.15.7.2) +Description: Transitional package for snapd + This is a transitional dummy package. It can safely be removed. diff --git a/copyright b/copyright new file mode 100644 index 00000000..0b980b94 --- /dev/null +++ b/copyright @@ -0,0 +1,22 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: snappy +Source: https://github.com/snapcore/snapd + +Files: * +Copyright: Copyright (C) 2014,2015 Canonical, Ltd. +License: GPL-3 + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License version 3, as + published by the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranties of + MERCHANTABILITY, SATISFACTORY QUALITY or FITNESS FOR A PARTICULAR + PURPOSE. See the applicable version of the GNU Lesser General Public + License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU General Public License + can be found in `/usr/share/common-licenses/GPL-3' diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..113bcf34 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +debian-branch = debian +export-dir = ../build-area diff --git a/golang-github-snapcore-snapd-dev.install b/golang-github-snapcore-snapd-dev.install new file mode 100644 index 00000000..1dfbabc8 --- /dev/null +++ b/golang-github-snapcore-snapd-dev.install @@ -0,0 +1 @@ +debian/tmp/usr/share/gocode/src/* diff --git a/not-installed b/not-installed new file mode 100644 index 00000000..8183e8d6 --- /dev/null +++ b/not-installed @@ -0,0 +1,2 @@ +usr/bin/snap-repair +usr/lib/snapd/system-shutdown \ No newline at end of file diff --git a/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch b/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch new file mode 100644 index 00000000..0d79a456 --- /dev/null +++ b/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch @@ -0,0 +1,10 @@ +--- a/overlord/devicestate/devicestate_test.go ++++ b/overlord/devicestate/devicestate_test.go +@@ -764,6 +764,7 @@ + } + + func (s *deviceMgrSuite) TestDoRequestSerialErrorsOnNoHost(c *C) { ++ c.Skip("test is flaky, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887067") + privKey, _ := assertstest.GenerateKey(testKeyLength) + + nowhere := "http://nowhere.nowhere.test" diff --git a/patches/disable-i18n.patch b/patches/disable-i18n.patch new file mode 100644 index 00000000..a7e60d77 --- /dev/null +++ b/patches/disable-i18n.patch @@ -0,0 +1,293 @@ +Description: disable i18n + The i18n support in snapd depends on a package that has not yet been packaged. + Disable for now until we get the ITP done. +Author: Michael Hudson-Doyle +Origin: vendor +Forwarded: not-needed +Last-Update: 2018-08-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/i18n/i18n.go ++++ b/i18n/i18n.go +@@ -21,86 +21,7 @@ + + //go:generate update-pot + +-import ( +- "fmt" +- "os" +- "path/filepath" +- "strings" +- +- "github.com/ojii/gettext.go" +- +- "github.com/snapcore/snapd/dirs" +- "github.com/snapcore/snapd/osutil" +-) +- +-// TEXTDOMAIN is the message domain used by snappy; see dgettext(3) +-// for more information. +-var ( +- TEXTDOMAIN = "snappy" +- locale gettext.Catalog +- translations gettext.Translations +-) +- +-func init() { +- bindTextDomain(TEXTDOMAIN, "/usr/share/locale") +- setLocale("") +-} +- +-func langpackResolver(baseRoot string, locale string, domain string) string { +- // first check for the real locale (e.g. de_DE) +- // then try to simplify the locale (e.g. de_DE -> de) +- locales := []string{locale, strings.SplitN(locale, "_", 2)[0]} +- for _, locale := range locales { +- r := filepath.Join(locale, "LC_MESSAGES", fmt.Sprintf("%s.mo", domain)) +- +- // look into the core snaps first for translations, +- // then the main system +- candidateDirs := []string{ +- filepath.Join(dirs.SnapMountDir, "/core/current/", baseRoot), +- baseRoot, +- } +- for _, root := range candidateDirs { +- // ubuntu uses /usr/lib/locale-langpack and patches the glibc gettext +- // implementation +- langpack := filepath.Join(root, "..", "locale-langpack", r) +- if osutil.FileExists(langpack) { +- return langpack +- } +- +- regular := filepath.Join(root, r) +- if osutil.FileExists(regular) { +- return regular +- } +- } +- } +- +- return "" +-} +- +-func bindTextDomain(domain, dir string) { +- translations = gettext.NewTranslations(dir, domain, langpackResolver) +-} +- +-func setLocale(loc string) { +- if loc == "" { +- loc = os.Getenv("LC_MESSAGES") +- if loc == "" { +- loc = os.Getenv("LANG") +- } +- } +- // de_DE.UTF-8, de_DE@euro all need to get simplified +- loc = strings.Split(loc, "@")[0] +- loc = strings.Split(loc, ".")[0] +- +- locale = translations.Locale(loc) +-} +- + // G is the shorthand for Gettext + func G(msgid string) string { +- return locale.Gettext(msgid) +-} +- +-// NG is the shorthand for NGettext +-func NG(msgid string, msgidPlural string, n uint32) string { +- return locale.NGettext(msgid, msgidPlural, n) ++ return msgid + } +--- a/i18n/i18n_test.go ++++ /dev/null +@@ -1,162 +0,0 @@ +-// -*- Mode: Go; indent-tabs-mode: t -*- +- +-/* +- * Copyright (C) 2014-2015 Canonical Ltd +- * +- * This program is free software: you can redistribute it and/or modify +- * it under the terms of the GNU General Public License version 3 as +- * published by the Free Software Foundation. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program. If not, see . +- * +- */ +- +-package i18n +- +-import ( +- "io/ioutil" +- "os" +- "os/exec" +- "path/filepath" +- "testing" +- +- . "gopkg.in/check.v1" +- +- "github.com/snapcore/snapd/dirs" +-) +- +-// Hook up check.v1 into the "go test" runner +-func Test(t *testing.T) { TestingT(t) } +- +-var mockLocalePo = []byte(` +-msgid "" +-msgstr "" +-"Project-Id-Version: snappy-test\n" +-"Report-Msgid-Bugs-To: snappy-devel@lists.ubuntu.com\n" +-"POT-Creation-Date: 2015-06-16 09:08+0200\n" +-"Language: en_DK\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" +-"Plural-Forms: nplurals=2; plural=n != 1;>\n" +- +-msgid "plural_1" +-msgid_plural "plural_2" +-msgstr[0] "translated plural_1" +-msgstr[1] "translated plural_2" +- +-msgid "singular" +-msgstr "translated singular" +-`) +- +-func makeMockTranslations(c *C, localeDir string) { +- fullLocaleDir := filepath.Join(localeDir, "en_DK", "LC_MESSAGES") +- err := os.MkdirAll(fullLocaleDir, 0755) +- c.Assert(err, IsNil) +- +- po := filepath.Join(fullLocaleDir, "snappy-test.po") +- mo := filepath.Join(fullLocaleDir, "snappy-test.mo") +- err = ioutil.WriteFile(po, mockLocalePo, 0644) +- c.Assert(err, IsNil) +- +- cmd := exec.Command("msgfmt", po, "--output-file", mo) +- cmd.Stdout = os.Stdout +- cmd.Stderr = os.Stderr +- err = cmd.Run() +- c.Assert(err, IsNil) +-} +- +-type i18nTestSuite struct { +- origLang string +- origLcMessages string +-} +- +-var _ = Suite(&i18nTestSuite{}) +- +-func (s *i18nTestSuite) SetUpTest(c *C) { +- // this dir contains a special hand-crafted en_DK/snappy-test.mo +- // file +- localeDir := c.MkDir() +- makeMockTranslations(c, localeDir) +- +- // we use a custom test mo file +- TEXTDOMAIN = "snappy-test" +- +- s.origLang = os.Getenv("LANG") +- s.origLcMessages = os.Getenv("LC_MESSAGES") +- +- bindTextDomain("snappy-test", localeDir) +- os.Setenv("LANG", "en_DK.UTF-8") +- setLocale("") +-} +- +-func (s *i18nTestSuite) TearDownTest(c *C) { +- os.Setenv("LANG", s.origLang) +- os.Setenv("LC_MESSAGES", s.origLcMessages) +-} +- +-func (s *i18nTestSuite) TestTranslatedSingular(c *C) { +- // no G() to avoid adding the test string to snappy-pot +- var Gtest = G +- c.Assert(Gtest("singular"), Equals, "translated singular") +-} +- +-func (s *i18nTestSuite) TestTranslatesPlural(c *C) { +- // no NG() to avoid adding the test string to snappy-pot +- var NGtest = NG +- c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "translated plural_1") +-} +- +-func (s *i18nTestSuite) TestTranslatedMissingLangNoCrash(c *C) { +- setLocale("invalid") +- +- // no G() to avoid adding the test string to snappy-pot +- var Gtest = G +- c.Assert(Gtest("singular"), Equals, "singular") +-} +- +-func (s *i18nTestSuite) TestInvalidTextDomainDir(c *C) { +- bindTextDomain("snappy-test", "/random/not/existing/dir") +- setLocale("invalid") +- +- // no G() to avoid adding the test string to snappy-pot +- var Gtest = G +- c.Assert(Gtest("singular"), Equals, "singular") +-} +- +-func (s *i18nTestSuite) TestLangpackResolverFromLangpack(c *C) { +- root := c.MkDir() +- localeDir := filepath.Join(root, "/usr/share/locale") +- err := os.MkdirAll(localeDir, 0755) +- c.Assert(err, IsNil) +- +- d := filepath.Join(root, "/usr/share/locale-langpack") +- makeMockTranslations(c, d) +- bindTextDomain("snappy-test", localeDir) +- setLocale("") +- +- // no G() to avoid adding the test string to snappy-pot +- var Gtest = G +- c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d)) +-} +- +-func (s *i18nTestSuite) TestLangpackResolverFromCore(c *C) { +- origSnapMountDir := dirs.SnapMountDir +- defer func() { dirs.SnapMountDir = origSnapMountDir }() +- dirs.SnapMountDir = c.MkDir() +- +- d := filepath.Join(dirs.SnapMountDir, "/core/current/usr/share/locale") +- makeMockTranslations(c, d) +- bindTextDomain("snappy-test", "/usr/share/locale") +- setLocale("") +- +- // no G() to avoid adding the test string to snappy-pot +- var Gtest = G +- c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d)) +-} +--- a/tests/main/i18n/task.yaml ++++ /dev/null +@@ -1,26 +0,0 @@ +-summary: Test that i18n works +- +-execute: | +- # The snapd deb from the archive does not contain .mo files, those +- # are stripped out by the langpack buildd stuff and put into the +- # the various langpacks. +- # Therefore this test only makes sense when we build snapd from +- # the local source. When running against an official snapd deb +- # or against the core we will not see translations +- if [ ! -f /usr/share/locale/de/LC_MESSAGES/snappy.mo ]; then +- echo "SKIP: No mo files for snapd available" +- exit 0 +- fi +- +- echo "Ensure that i18n works" +- LANG=de snap changes everything | MATCH "Ja, ja, allerdings." +- +- echo "Basic smoke test to ensure no locale causes crashes nor warnings" +- for p in /usr/share/locale/*; do +- out=$( LANG=$(basename $p) snap 2>&1 >/dev/null ) +- if [ -n "$out" ]; then +- echo "$p" +- echo "$out" +- exit 1 +- fi +- done diff --git a/patches/disable-seccomp-tests.patch b/patches/disable-seccomp-tests.patch new file mode 100644 index 00000000..177aee0f --- /dev/null +++ b/patches/disable-seccomp-tests.patch @@ -0,0 +1,29 @@ +Description: disable cmd/snap-seccomp tests + The snap-seccomp tests require a fork of the golang/x/net library to run. + Disable the tests until the necessary changes are upstream. +Author: Michael Hudson-Doyle +Origin: vendor +Forwarded: not-needed +Last-Update: 2017-08-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/cmd/snap-seccomp/export_test.go ++++ b/cmd/snap-seccomp/export_test.go +@@ -1,5 +1,7 @@ + // -*- Mode: Go; indent-tabs-mode: t -*- + ++// +build ignore ++ + /* + * Copyright (C) 2017 Canonical Ltd + * +--- a/cmd/snap-seccomp/main_test.go ++++ b/cmd/snap-seccomp/main_test.go +@@ -1,5 +1,7 @@ + // -*- Mode: Go; indent-tabs-mode: t -*- + ++// +build ignore ++ + /* + * Copyright (C) 2017 Canonical Ltd + * diff --git a/patches/no-seccomp-fork.patch b/patches/no-seccomp-fork.patch new file mode 100644 index 00000000..e9f671e1 --- /dev/null +++ b/patches/no-seccomp-fork.patch @@ -0,0 +1,21 @@ +Description: Do not use a fork of github.com/seccomp/libseccomp-golang + Upstream uses a fork of this library so it can work on Ubuntu 14.04. The + Debian package does not have to care about this so we can just use the + version from the archive. +Author: Michael Hudson-Doyle +Origin: vendor +Forwarded: not-needed +Last-Update: 2017-08-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/cmd/snap-seccomp/main.go ++++ b/cmd/snap-seccomp/main.go +@@ -151,7 +151,7 @@ + // FIXME: we want github.com/seccomp/libseccomp-golang but that + // will not work with trusty because libseccomp-golang checks + // for the seccomp version and errors if it find one < 2.2.0 +- "github.com/mvo5/libseccomp-golang" ++ "github.com/seccomp/libseccomp-golang" + + "github.com/snapcore/snapd/arch" + "github.com/snapcore/snapd/osutil" diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..d5887a9b --- /dev/null +++ b/patches/series @@ -0,0 +1,4 @@ +disable-i18n.patch +disable-seccomp-tests.patch +no-seccomp-fork.patch +disable-TestDoRequestSerialErrorsOnNoHost.patch diff --git a/rules b/rules new file mode 100755 index 00000000..471d8b26 --- /dev/null +++ b/rules @@ -0,0 +1,218 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# +# These rules should work for any debian-ish distro that uses systemd +# as init. That does _not_ include Ubuntu 14.04 ("trusty"); look for +# its own special rule file. +# +# Please keep the diff between that and this relatively small, even if +# it means having suboptimal code; these need to be kept in sync by +# sentient bags of meat. + +#export DH_VERBOSE=1 +export DH_OPTIONS +export DH_GOPKG := github.com/snapcore/snapd +#export DEB_BUILD_OPTIONS=nocheck +export DH_GOLANG_EXCLUDES=tests +export DH_GOLANG_GO_GENERATE=1 + +export PATH:=${PATH}:${CURDIR} +# make sure that correct go version is found on trusty +export PATH:=/usr/lib/go-1.6/bin:${PATH} + +include /etc/os-release + +# this is overridden in the ubuntu/14.04 release branch +SYSTEMD_UNITS_DESTDIR="lib/systemd/system/" + +# The go tool does not fully support vendoring with gccgo, but we can +# work around that by constructing the appropriate -I flag by hand. +GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes) + +# Disable -buildmode=pie mode on i386 as can panics in spectacular +# ways (LP: #1711052). +# See also https://forum.snapcraft.io/t/artful-i386-panics/ +# Note while the panic is only on artful, that's because artful +# detects it; the issue potentially there on older things. +BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std +ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),i386) +BUILDFLAGS+= -buildmode=pie +endif + +GCCGOFLAGS= +ifeq ($(GCCGO),yes) +GOARCH := $(shell go env GOARCH) +GOOS := $(shell go env GOOS) +BUILDFLAGS:= +GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor" +export DH_GOLANG_GO_GENERATE=0 +endif + +# check if we need to include the testkeys in the binary +TAGS= +ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS))) + TAGS=-tags withtestkeys +endif + +BUILT_USING_PACKAGES= +# export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# DPKG_EXPORT_BUILDFLAGS = 1 +# include /usr/share/dpkg/buildflags.mk + +# Currently, we enable confinement for Ubuntu only, not for derivatives, +# because derivatives may have different kernels that don't support all the +# required confinement features and we don't to mislead anyone about the +# security of the system. Discuss a proper approach to this for downstreams +# if and when they approach us. +ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu) + # On Ubuntu 16.04 we need to produce a build that can be used on wide + # variety of systems. As such we prefer static linking over dynamic linking + # for stability, predicability and easy of deployment. We need to link some + # things dynamically though: udev has no stable IPC protocol between + # libudev and udevd so we need to link with it dynamically. + VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp + BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev + BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES)) +else +ifeq ($(shell dpkg-vendor --query Vendor),Debian) + VENDOR_ARGS=--enable-nvidia-multiarch + BUILT_USING= +else + VENDOR_ARGS=--disable-apparmor +endif +endif + +%: + dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build + +override_dh_fixperms: + dh_fixperms -Xusr/lib/snapd/snap-confine + + +# The .real profile is a workaround for a bug in dpkg LP: #1673247 that causes +# ubiquity to crash. It allows us to "move" the snap-confine profile from +# snap-confine into snapd in a way that works with old dpkg that is in the live +# CD image. +# +# Because both the usual and the .real profile describe the same binary the +# .real profile takes priority (as it is loaded later). +override_dh_installdeb: + dh_apparmor --profile-name=usr.lib.snapd.snap-confine.real -psnapd + dh_installdeb + +override_dh_clean: +ifneq (,$(TEST_GITHUB_AUTOPKGTEST)) + # this will be set by the GITHUB webhook to trigger a autopkgtest + # we only need to run "govendor sync" here and then its ready + (export GOPATH="/tmp/go"; \ + mkdir -p /tmp/go/src/github.com/snapcore/; \ + cp -ar . /tmp/go/src/github.com/snapcore/snapd; \ + go get -u github.com/kardianos/govendor; \ + (cd /tmp/go/src/github.com/snapcore/snapd ; /tmp/go/bin/govendor sync); \ + cp -ar /tmp/go/src/github.com/snapcore/snapd/vendor/ .; \ + ) +endif + dh_clean + $(MAKE) -C data clean + # XXX: hacky + $(MAKE) -C cmd distclean || true + +override_dh_auto_build: + # usually done via `go generate` but that is not supported on powerpc + ./mkversion.sh + # Build golang bits + mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data + cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/ + dh_auto_build -- $(BUILDFLAGS) $(TAGS) $(GCCGOFLAGS) + + # (static linking on powerpc with cgo is broken) +ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc) + # Generate static snap-exec and snap-update-ns - it somehow includes CGO so + # we must force a static build here. We need a static snap-{exec,update-ns} + # inside the core snap because not all bases will have a libc + (cd _build/bin && GOPATH=$$(pwd)/.. CGO_ENABLED=0 go build $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-exec) + (cd _build/bin && GOPATH=$$(pwd)/.. go build --ldflags '-extldflags "-static"' $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-update-ns) + + # ensure we generated a static build + $(shell if ldd _build/bin/snap-exec; then false "need static build"; fi) + $(shell if ldd _build/bin/snap-update-ns; then false "need static build"; fi) +endif + + # Build C bits, sadly manually + cd cmd && ( autoreconf -i -f ) + cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS)) + $(MAKE) -C cmd all + + # Generate the real systemd/dbus/env config files + $(MAKE) -C data all + +override_dh_auto_test: + dh_auto_test -- $(GCCGOFLAGS) +# a tested default (production) build should have no test keys +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # check that only the main trusted account-keys are included + [ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ] + strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" + strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" + # same for snap-repair + [ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ] + # common with snapd + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$" + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$" + # repair-root + strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$" +endif +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # run the snap-confine tests + $(MAKE) -C cmd check +endif + +override_dh_install-indep: + # we do not need this in the package, its just needed during build + rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go + # toolbelt is not shippable + rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt + # we do not like /usr/bin/snappy anymore + rm -f ${CURDIR}/debian/tmp/usr/bin/snappy + dh_install + +override_dh_install-arch: + # we do not need this in the package, its just needed during build + rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go + # toolbelt is not shippable + rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt + # we do not like /usr/bin/snappy anymore + rm -f ${CURDIR}/debian/tmp/usr/bin/snappy + # i18n stuff + mkdir -p debian/snapd/usr/share + if [ -d share/locale ]; then \ + cp -R share/locale debian/snapd/usr/share; \ + fi + + # install snapd's systemd units / upstart jobs, done + # here instead of debian/snapd.install because the + # ubuntu/14.04 release branch adds/changes bits here + $(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \ + SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR) + # we called this apps-bin-path.sh instead of snapd.sh, and + # it's a conf file so we're stuck with it + mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh + + $(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp + + # Rename the apparmor profile, see dh_apparmor call above for an explanation. + mv $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine.real + dh_install + +override_dh_auto_install: snap.8 + dh_auto_install -O--buildsystem=golang + +snap.8: + $(CURDIR)/_build/bin/snap help --man > $@ + +override_dh_auto_clean: + dh_auto_clean -O--buildsystem=golang + rm -vf snap.8 + +override_dh_gencontrol: + dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)" diff --git a/snap-confine.maintscript b/snap-confine.maintscript new file mode 100644 index 00000000..16bc8774 --- /dev/null +++ b/snap-confine.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ diff --git a/snapd.autoimport.udev b/snapd.autoimport.udev new file mode 100644 index 00000000..f06a9f3e --- /dev/null +++ b/snapd.autoimport.udev @@ -0,0 +1,3 @@ +# probe for assertions, must run before udisks2 +ACTION=="add", SUBSYSTEM=="block" \ + RUN+="/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/%k" diff --git a/snapd.dirs b/snapd.dirs new file mode 100644 index 00000000..7d458bfd --- /dev/null +++ b/snapd.dirs @@ -0,0 +1,12 @@ +snap +var/cache/snapd +usr/lib/snapd +var/lib/snapd/apparmor/snap-confine.d +var/lib/snapd/auto-import +var/lib/snapd/desktop +var/lib/snapd/environment +var/lib/snapd/firstboot +var/lib/snapd/lib/gl +var/lib/snapd/snaps/partial +var/lib/snapd/void +var/snap diff --git a/snapd.install b/snapd.install new file mode 100644 index 00000000..d4aaf7e5 --- /dev/null +++ b/snapd.install @@ -0,0 +1,28 @@ +usr/bin/snap +usr/bin/snapctl +usr/bin/snap-exec /usr/lib/snapd/ +usr/bin/snap-update-ns /usr/lib/snapd/ +usr/bin/snapd /usr/lib/snapd/ +usr/bin/snap-seccomp /usr/lib/snapd/ + +# bash completion +data/completion/snap /usr/share/bash-completion/completions +data/completion/complete.sh /usr/lib/snapd/ +data/completion/etelpmoc.sh /usr/lib/snapd/ +# udev, must be installed before 80-udisks +data/udev/rules.d/66-snapd-autoimport.rules /lib/udev/rules.d +# snap/snapd version information +data/info /usr/lib/snapd/ +# polkit actions +data/polkit/io.snapcraft.snapd.policy /usr/share/polkit-1/actions/ + +# snap-confine stuff +etc/apparmor.d/usr.lib.snapd.snap-confine.real +lib/udev/snappy-app-dev +usr/lib/snapd/snap-confine +usr/lib/snapd/snap-discard-ns +usr/share/man/man1/snap-confine.1 +usr/share/man/man5/snap-discard-ns.5 +# for compatibility with ancient snap installs that wrote the shell based +# wrapper scripts instead of the modern symlinks +usr/bin/ubuntu-core-launcher diff --git a/snapd.lintian-overrides b/snapd.lintian-overrides new file mode 100644 index 00000000..b5be2587 --- /dev/null +++ b/snapd.lintian-overrides @@ -0,0 +1,13 @@ +# Up for discussion whether we should use this directory on Debian, or +# patch snap to use some different mountpoint; in the meantime, override to +# pass the NEW queue. +snapd: non-standard-toplevel-dir snap/ +# Up for discussion whether we should use this directory on Debian, or +# patch snap to use some different mountpoint; in the meantime, override. +snapd: non-standard-dir-in-var var/snap/ +# snapd is a very special case which needs to tear out its self-managed +# units on purge, we certainly would not be able to use the Debian +# abstractions for this +snapd: maintainer-script-calls-systemctl postrm:9 +# fortify functions aren't here because we use none of the libc functions. +snapd: hardening-no-fortify-functions * diff --git a/snapd.maintscript b/snapd.maintscript new file mode 100644 index 00000000..77dd38ba --- /dev/null +++ b/snapd.maintscript @@ -0,0 +1,5 @@ +# keep mount point busy +# we used to ship a custom grub config that is no longer needed +rm_conffile /etc/grub.d/09_snappy 1.7.3ubuntu1 +rm_conffile /etc/ld.so.conf.d/snappy.conf 2.0.7~ +rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ diff --git a/snapd.manpages b/snapd.manpages new file mode 100644 index 00000000..b383785e --- /dev/null +++ b/snapd.manpages @@ -0,0 +1 @@ +snap.8 diff --git a/snapd.postinst b/snapd.postinst new file mode 100644 index 00000000..9aefd971 --- /dev/null +++ b/snapd.postinst @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + + +case "$1" in + configure) + # ensure /var/lib/snapd/lib/gl is cleared + if dpkg --compare-versions "$2" lt-nl "2.0.7"; then + ldconfig + fi +esac diff --git a/snapd.postrm b/snapd.postrm new file mode 100644 index 00000000..945c3c17 --- /dev/null +++ b/snapd.postrm @@ -0,0 +1,103 @@ +#!/bin/sh + +set -e + +systemctl_stop() { + unit="$1" + for i in $(seq 10); do + if ! systemctl is-active -q "$unit"; then + echo "$unit is stopped." + break + fi + echo "Stoping $unit [attempt $i]" + systemctl stop -q "$unit" || true + sleep .1 + done +} + +if [ "$1" = "purge" ]; then + # undo any bind mount to /snap that resulted from LP:#1668659 + # (that bug can't happen in trusty -- and doing this would mess up snap.mount.service there) + if grep -q "/snap /snap" /proc/self/mountinfo; then + umount -l /snap || true + fi + + units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true) + mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true) + services=$(echo "$units" | grep '^snap[-.].*\.service$' || true) + + for unit in $services $mounts; do + # ensure its really a snap mount unit or systemd unit + if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then + echo "Skipping non-snapd systemd unit $unit" + continue + fi + + echo "Stopping $unit" + systemctl_stop "$unit" + + # if it is a mount unit, we can find the snap name in the mount + # unit (we just ignore unit files) + snap=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f3 -d/) + rev=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f4 -d/) + if [ -n "$snap" ]; then + echo "Removing snap $snap" + # aliases + if [ -d /snap/bin ]; then + find /snap/bin -maxdepth 1 -lname "$snap" -delete + find /snap/bin -maxdepth 1 -lname "$snap.*" -delete + fi + # generated binaries + rm -f "/snap/bin/$snap" + rm -f "/snap/bin/$snap".* + # snap mount dir + # we pass -d (clean up loopback devices) for trusty compatibility + umount -d -l "/snap/$snap/$rev" 2> /dev/null || true + rm -rf "/snap/$snap/$rev" + rm -f "/snap/$snap/current" + # snap data dir + rm -rf "/var/snap/$snap/$rev" + rm -rf "/var/snap/$snap/common" + rm -f "/var/snap/$snap/current" + # opportunistic remove (may fail if there are still revisions left + for d in "/snap/$snap" "/var/snap/$snap"; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty "$d" || true + fi + done + fi + + echo "Removing $unit" + rm -f "/etc/systemd/system/$unit" + rm -f "/etc/systemd/system/multi-user.target.wants/$unit" + done + + echo "Final directory cleanup" + for d in "/snap/bin" "/snap" "/var/snap"; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty $d + fi + done + + echo "Discarding preserved snap namespaces" + # opportunistic as those might not be actually mounted + for mnt in /run/snapd/ns/*.mnt; do + umount -l "$mnt" || true + rm -f "$mnt" + done + for fstab in /run/snapd/ns/*.fstab; do + rm -f "$fstab" + done + umount -l /run/snapd/ns/ || true + + echo "Removing extra snap-confine apparmor rules" + rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine + + echo "Removing snapd cache" + rm -f /var/cache/snapd/* + + echo "Removing snapd state" + rm -rf /var/lib/snapd +fi + +#DEBHELPER# diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/options b/source/options new file mode 100644 index 00000000..8a90ced6 --- /dev/null +++ b/source/options @@ -0,0 +1 @@ +include-removal diff --git a/tests/README.md b/tests/README.md new file mode 100644 index 00000000..c32e6db3 --- /dev/null +++ b/tests/README.md @@ -0,0 +1,10 @@ +## Autopkgtest + +In order to run the autopkgtest suite locally you need first to generate an image: + + $ adt-buildvm-ubuntu-cloud -a amd64 -r xenial -v + +This will create a `adt-xenial-amd64-cloud.img` file, then you can run the tests from +the project's root with: + + $ adt-run --unbuilt-tree . --- qemu ./adt-xenial-amd64-cloud.img diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..9627b005 --- /dev/null +++ b/tests/control @@ -0,0 +1,9 @@ +Tests: integrationtests +Restrictions: allow-stderr, rw-build-tree, needs-root, breaks-testbed, isolation-machine +Depends: @builddeps@, + bzr, + ca-certificates, + git, + golang-golang-x-net-dev, + openssh-server, + snapd diff --git a/tests/integrationtests b/tests/integrationtests new file mode 100644 index 00000000..cc4b749e --- /dev/null +++ b/tests/integrationtests @@ -0,0 +1,38 @@ +#!/bin/sh + +set -ex + +# required for the debian adt host +mkdir -p /etc/systemd/system/snapd.service.d/ +if [ "${http_proxy:-}" != "" ]; then + cat <> /etc/environment + echo "https_proxy=$http_proxy" >> /etc/environment +fi +systemctl daemon-reload + +# ensure we can do a connect to localhost +echo ubuntu:ubuntu|chpasswd +sed -i 's/\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/' /etc/ssh/sshd_config +systemctl reload sshd.service + +# Map snapd deb package pockets to core snap channels. This is intended to cope +# with the autopkgtest execution when testing packages from the different pockets +if apt -qq list snapd | grep -q -- -proposed; then + export SPREAD_CORE_CHANNEL=candidate +elif apt -qq list snapd | grep -q -- -updates; then + export SPREAD_CORE_CHANNEL=stable +fi + +# and now run spread against localhost +# shellcheck disable=SC1091 +. /etc/os-release +export GOPATH=/tmp/go +go get -u github.com/snapcore/spread/cmd/spread +/tmp/go/bin/spread -v "autopkgtest:${ID}-${VERSION_ID}-$(dpkg --print-architecture)" diff --git a/tests/testconfig.json b/tests/testconfig.json new file mode 100644 index 00000000..c1669d09 --- /dev/null +++ b/tests/testconfig.json @@ -0,0 +1,3 @@ +{ + "FromBranch": false +} diff --git a/watch b/watch new file mode 100644 index 00000000..6105d210 --- /dev/null +++ b/watch @@ -0,0 +1,4 @@ +version=3 +opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/snapd-\$1\.tar\.gz/,\ +uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/ \ + https://github.com/snapcore/snapd/tags .*/v?(\d\S*)\.tar\.gz \ No newline at end of file