From: Michael Vogt Date: Thu, 1 Dec 2022 16:35:36 +0000 (+0000) Subject: snapd (2.57.6-1) unstable; urgency=high X-Git-Tag: archive/raspbian/2.57.6-1+rpi1^2~10 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f02e10a7792dddc3da5e1470df5789e81cf42c82;p=snapd.git snapd (2.57.6-1) unstable; urgency=high * SECURITY UPDATE: Local privilege escalation - snap-confine: Fix race condition in snap-confine when preparing a private tmp mount namespace for a snap - CVE-2022-3328 * sync packaging changes from upstream * d/p/0015-fix-build-5bd97b39a03.patch: - cherry-pick 5bd97b39a03 to build FTBFS * d/p/0016-skip-TestPopulateFromSeedWithConnectHook.patch: - skip TestPopulateFromSeedWithConnectHook as it does not converge [dgit import unpatched snapd 2.57.6-1] --- f02e10a7792dddc3da5e1470df5789e81cf42c82 diff --cc debian/README.Source index 00000000,00000000..2a4c1231 new file mode 100644 --- /dev/null +++ b/debian/README.Source @@@ -1,0 -1,0 +1,35 @@@ ++# Overview ++ ++The packaging is maintained in the upstream git repo at ++ ++github.com/snapcore/snapd in the packaging/debian-sid dir ++ ++Please push any debian changes back there to make packaging ++easier. ++ ++## Release a new version ++ ++To release a new upstream version the following steps are ++recommended: ++ ++ # one time setup ++ $ git clone git@salsa.debian.org:debian/snapd ++ $ cd snapd ++ $ git remote add upstream https://github.com/snapcore/snapd ++ ++ # releasing a new version ++ $ git fetch upstream ++ $ git merge upstream/ # e.g. upstream/2.44 ++ $ cp -ar packaging/debian-sid/* debian/ ++ # ensure to git add any new files ++ # set debian/changelog to UNRELEASED ++ $ git commit -a -m 'debian: sync packaging changes from upstream' ++ # update changelog ++ $ debcommit -ar ++ $ gbp buildpackage -S -d ++ # testbuild ++ $ pbuilder-dist sid update ++ $ pbuilder-dist sid build ../build-area/snapd_.dsc ++ $ dput ftp-master ../build-area/snapd__source.changes ++ ++ -- Michael Vogt , Wed, 18 Mar 2020 13:11:03 +0100 diff --cc debian/changelog index 00000000,00000000..f6419968 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,9666 @@@ ++snapd (2.57.6-1) unstable; urgency=high ++ ++ * SECURITY UPDATE: Local privilege escalation ++ - snap-confine: Fix race condition in snap-confine when preparing a ++ private tmp mount namespace for a snap ++ - CVE-2022-3328 ++ * sync packaging changes from upstream ++ * d/p/0015-fix-build-5bd97b39a03.patch: ++ - cherry-pick 5bd97b39a03 to build FTBFS ++ * d/p/0016-skip-TestPopulateFromSeedWithConnectHook.patch: ++ - skip TestPopulateFromSeedWithConnectHook as it does not ++ converge ++ ++ -- Michael Vogt Thu, 01 Dec 2022 17:35:36 +0100 ++ ++snapd (2.57.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - image: clean snapd mount after preseeding ++ - wrappers,snap/quota: clear LogsDirectory= in the service unit ++ for journal namespaces ++ - cmd/snap,daemon: allow zero values from client to daemon for ++ journal rate-limit ++ - interfaces: steam-support allow pivot /run/media and /etc/nvidia ++ mount ++ - o/ifacestate: introduce DebugAutoConnectCheck hook ++ - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2 ++ - autopkgtests: fix running autopkgtest on kinetic ++ - interfaces: add microceph interface ++ - interfaces: steam-support allow additional mounts ++ - many: add stub services ++ - interfaces: add kconfig paths to system-observe ++ - i/b/system_observe: honour root dir when checking for ++ /boot/config-* ++ - interfaces: grant access to speech-dispatcher socket ++ - interfaces: rework logic of unclashMountEntries ++ ++ -- Michael Vogt Mon, 17 Oct 2022 18:25:18 +0200 ++ ++snapd (2.57.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - release, snapd-apparmor: fixed outdated WSL detection ++ - overlord/ifacestate: fix conflict detection of auto-connection ++ - overlord: run install-device hook during factory reset ++ - image/preseed/preseed_linux: add missing new line ++ - boot: add factory-reset cases for boot-flags. ++ - interfaces: added read/write access to /proc/self/coredump_filter ++ for process-control ++ - interfaces: add read access to /proc/cgroups and ++ /proc/sys/vm/swappiness to system-observe ++ - fde: run fde-reveal-key with `DefaultDependencies=no` ++ - snapdenv: added wsl to userAgent ++ - tests: fix restore section for persistent-journal-namespace ++ - i/b/mount-control: add optional `/` to umount rules ++ - cmd/snap-bootstrap: changes to be able to boot classic rootfs ++ - cmd/snap-bootstrap: add CVM mode ++ ++ -- Michael Vogt Thu, 29 Sep 2022 09:54:21 +0200 ++ ++snapd (2.57.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - wrappers: journal namespaces did not honor journal.persistent ++ - snap/quota,wrappers: allow using 0 values for the journal rate to ++ override the system default values ++ - multiple: clear up naming convention for cpu-set quota ++ - i/b/mount-control: allow custom filesystem types ++ - i/b/system-observe: allow reading processes security label ++ - sandbox/cgroup: don't check V1 cgroup if V2 is active ++ - asserts,boot,secboot: switch to a secboot version measuring ++ classic ++ ++ -- Michael Vogt Thu, 15 Sep 2022 12:37:30 +0200 ++ ++snapd (2.57.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - store/tooling,tests: support UBUNTU_STORE_URL override env var ++ - packaging/*/tests/integrationtests: reload ssh.service, not ++ sshd.service ++ - tests: check snap download with snapcraft v7+ export-login auth ++ data ++ - store/tooling: support using snapcraft v7+ base64-encoded auth ++ data ++ - many: progress bars should use the overridable stdouts ++ - many: refactor store code to be able to use simpler form of auth ++ creds ++ - snap,store: drop support/consideration for anonymous download urls ++ - data: include snapd/mounts in preseeded blob ++ - many: Set SNAPD_APPARMOR_REEXEC=1 ++ - overlord: track security profiles for non-active snaps ++ ++ -- Michael Vogt Fri, 02 Sep 2022 17:56:46 +0200 ++ ++snapd (2.57.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY ++ - cmd/snap-update-ns: print current mount entries ++ - cmd/snap-update-ns: check the unused mounts with a cleaned path ++ - snap-confine: disable -Werror=array-bounds in __overflow tests to ++ fix build error on Ubuntu 22.10 ++ - systemd: add `WantedBy=default.target` to snap mount units ++ (LP: #1983528) ++ ++ -- Alberto Mardegan Wed, 10 Aug 2022 09:30:50 +0300 ++ ++snapd (2.57-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1983035 ++ - tests: Fix calls to systemctl is-system-running ++ - osutil/disks: handle GPT for 4k disk and too small tables ++ - packaging: import change from the 2.54.3-1.1 upload ++ - many: revert "features: disable refresh-app-awarness by default ++ again" ++ - tests: improve robustness of preparation for regression/lp-1803542 ++ - tests: get the ubuntu-image binary built with test keys ++ - tests: remove commented code from lxd test ++ - interfaces/builtin: add more permissions for steam-support ++ - tests: skip interfaces-network-control on i386 ++ - tests: tweak the "tests/nested/manual/connections" test ++ - interfaces: posix-mq: allow specifying message queue paths as an ++ array ++ - bootloader/assets: add ttyS0,115200n8 to grub.cfg ++ - i/b/desktop,unity7: remove name= specification on D-Bus signals ++ - tests: ensure that microk8s does not produce DENIED messages ++ - many: support non-default provenance snap-revisions in ++ DeriveSideInfo ++ - tests: fix `core20-new-snapd-does-not-break-old-initrd` test ++ - many: device and provenance revision authority cross checks ++ - tests: fix nested save-data test on 22.04 ++ - sandbox/cgroup: ignore container slices when tracking snaps ++ - tests: improve 'ignore-running' spread test ++ - tests: add `debug:` section to `tests/nested/manual/connections` ++ - tests: remove leaking `pc-kernel.snap` in `repack_kernel_snap` ++ - many: preparations for revision authority cross checks including ++ device scope ++ - daemon,overlord/servicestate: followup changes from PR #11960 to ++ snap logs ++ - cmd/snap: fix visual representation of 'AxB%' cpu quota modifier. ++ - many: expose and support provenance from snap.yaml metadata ++ - overlord,snap: add support for per-snap storage on ubuntu-save ++ - nested: fix core-early-config nested test ++ - tests: revert lxd change to support nested lxd launch ++ - tests: add invariant check for leftover cgroup scopes ++ - daemon,systemd: introduce support for namespaces in 'snap logs' ++ - cmd/snap: do not track apps that wish to stay outside of the life- ++ cycle system ++ - asserts: allow classic + snaps models and add distribution to ++ model ++ - cmd/snap: add snap debug connections/connection commands ++ - data: start snapd after time-set.target ++ - tests: remove ubuntu 21.10 from spread tests due to end of life ++ - tests: Update the whitebox word to avoid inclusive naming issues ++ - many: mount gadget in run folder ++ - interfaces/hardware-observe: clean up reading access to sysfs ++ - tests: use overlayfs for interfaces-opengl-nvidia test ++ - tests: update fake-netplan-apply test for 22.04 ++ - tests: add executions for ubuntu 22.04 ++ - tests: enable centos-9 ++ - tests: make more robust the files check in preseed-core20 test ++ - bootloader/assets: add fallback entry to grub.cfg ++ - interfaces/apparmor: add permissions for per-snap directory on ++ ubuntu-save partition ++ - devicestate: add more path to `fixupWritableDefaultDirs()` ++ - boot,secboot: reset DA lockout counter after successful boot ++ - many: Revert "overlord,snap: add support for per-snap storage on ++ ubuntu-save" ++ - overlord,snap: add support for per-snap storage on ubuntu-save ++ - tests: exclude centos-7 from kernel-module-load test ++ - dirs: remove unused SnapAppArmorAdditionalDir ++ - boot,device: extract SealedKey helpers from boot to device ++ - boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it ++ - interfaces/display-control: allow changing brightness value ++ - asserts: add more context to key expiry error ++ - many: introduce IsUndo flag in LinkContext ++ - i/apparmor: allow calling which.debianutils ++ - tests: new profile id for apparmor in test preseed-core20 ++ - tests: detect 403 in apt-hooks and skip test in this case ++ - overlord/servicestate: restart the relevant journald service when ++ a journal quota group is modified ++ - client,cmd/snap: add journal quota frontend (5/n) ++ - gadget/device: introduce package which provides helpers for ++ locations of things ++ - features: disable refresh-app-awarness by default again ++ - many: install bash completion files in writable directory ++ - image: fix handling of var/lib/extrausers when preseeding ++ uc20 ++ - tests: force version 2.48.3 on xenial ESM ++ - tests: fix snap-network-erros on uc16 ++ - cmd/snap-confine: be compatible with a snap rootfs built as a ++ tmpfs ++ - o/snapstate: allow install of unasserted gadget/kernel on ++ dangerous models ++ - interfaces: dynamic loading of kernel modules ++ - many: add optional primary key provenance to snap-revision, allow ++ delegating via snap-declaration revision-authority ++ - tests: fix boringcripto errors in centos7 ++ - tests: fix snap-validate-enforce in opensuse-tumbleweed ++ - test: print User-Agent on failed checks ++ - interfaces: add memory stats to system_observe ++ - interfaces/pwm: Remove implicitOnCore/implicitOnClassic ++ - spread: add openSUSE Leap 15.4 ++ - tests: disable core20-to-core22 nested test ++ - tests: fix nested/manual/connections test ++ - tests: add spread test for migrate-home command ++ - overlord/servicestate: refresh security profiles when services are ++ affected by quotas ++ - interfaces/apparmor: add missing apparmor rules for journal ++ namespaces ++ - tests: add nested test variant that adds 4k sector size ++ - cmd/snap: fix test failing due to timezone differences ++ - build-aux/snap: build against the snappy-dev/image PPA ++ - daemon: implement api handler for refresh with enforced validation ++ sets ++ - preseed: suggest to install "qemu-user-static" ++ - many: add migrate-home debug command ++ - o/snapstate: support passing validation sets to storehelpers via ++ RevisionOptions ++ - cmd/snapd-apparmor: fix unit tests on distros which do not support ++ reexec ++ - o/devicestate: post factory reset ensure, spread test update ++ - tests/core/basic20: Enable on uc22 ++ - packaging/arch: install snapd-apparmor ++ - o/snapstate: support migrating snap home as change ++ - tests: enable snapd.apparmor service in all the opensuse systems ++ - snapd-apparmor: add more integration-ish tests ++ - asserts: store required revisions for missing snaps in ++ CheckInstalledSnaps ++ - overlord/ifacestate: fix path for journal redirect ++ - o/devicestate: factory reset with encryption ++ - cmd/snapd-apparmor: reimplement snapd-apparmor in Go ++ - squashfs: improve error reporting when `unsquashfs` fails ++ - o/assertstate: support multiple extra validation sets in ++ EnforcedValidationSets ++ - tests: enable mount-order-regression test for arm devices ++ - tests: fix interfaces network control ++ - interfaces: update AppArmor template to allow read the memory … ++ - cmd/snap-update-ns: add /run/systemd to unrestricted paths ++ - wrappers: fix LogNamespace being written to the wrong file ++ - boot: release the new PCR handles when sealing for factory reset ++ - tests: add support fof uc22 in test uboot-unpacked-assets ++ - boot: post factory reset cleanup ++ - tests: add support for uc22 in listing test ++ - spread.yaml: add ubuntu-22.04-06 to qemu-nested ++ - gadget: check also mbr type when testing for implicit data ++ partition ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/ ++ - tests/nested/manual/core20-early-config: revert changes that ++ disable netplan checks ++ - o/ifacestate: warn if the snapd.apparmor service is disabled ++ - tests: add spread execution for fedora 36 ++ - overlord/hookstate/ctlcmd: fix timestamp coming out of sync in ++ unit tests ++ - gadget/install: do not assume dm device has same block size as ++ disk ++ - interfaces: update network-control interface with permissions ++ required by resolvectl ++ - secboot: stage and transition encryption keys ++ - secboot, boot: support and use alternative PCR handles during ++ factory reset ++ - overlord/ifacestate: add journal bind-mount snap layout when snap ++ is in a journal quota group (4/n) ++ - secboot/keymgr, cmd/snap-fde-keymgr: two step encryption key ++ change ++ - cmd/snap: cleanup and make the code a bit easier to read/maintain ++ for quota options ++ - overlord/hookstate/ctlcmd: add 'snapctl model' command (3/3) ++ - cmd/snap-repair: fix snap-repair tests silently failing ++ - spread: drop openSUSE Leap 15.2 ++ - interfaces/builtin: remove the name=org.freedesktop.DBus ++ restriction in cups-control AppArmor rules ++ - wrappers: write journald config files for quota groups with ++ journal quotas (3/n) ++ - o/assertstate: auto aliases for apps that exist ++ - o/state: use more detailed NoStateError in state ++ - tests/main/interfaces-browser-support: verify jupyter notebooks ++ access ++ - o/snapstate: exclude services from refresh app awareness hard ++ running check ++ - tests/main/nfs-support: be robust against umount failures ++ - tests: update centos images and add new centos 9 image ++ - many: print valid/invalid status on snap validate --monitor ++ - secboot, boot: TPM provisioning mode enum, introduce ++ reprovisioning ++ - tests: allow to re-execute aborted tests ++ - cmd/snapd-apparmor: add explicit WSL detection to ++ is_container_with_internal_policy ++ - tests: avoid launching lxd inside lxd on cloud images ++ - interfaces: extra htop apparmor rules ++ - gadget/install: encrypted system factory reset support ++ - secboot: helpers for dealing with PCR handles and TPM resources ++ - systemd: improve error handling for systemd-sysctl command ++ - boot, secboot: separate the TPM provisioning and key sealing ++ - o/snapstate: fix validation sets restoring and snap revert on ++ failed refresh ++ - interfaces/builtin/system-observe: extend access for htop ++ - cmd/snap: support custom apparmor features dir with snap prepare- ++ image ++ - interfaces/mount-observe: Allow read access to /run/mount/utab ++ - cmd/snap: add help strings for set-quota options ++ - interfaces/builtin: add README file ++ - cmd/snap-confine: mount support cleanups ++ - overlord: execute snapshot cleanup in task ++ - i/b/accounts_service: fix path of introspectable objects ++ - interfaces/opengl: update allowed PCI accesses for RPi ++ - configcore: add core.system.ctrl-alt-del-action config option ++ - many: structured startup timings ++ - spread: switch back to building ubuntu-image from source ++ - many: optional recovery keys ++ - tests/lib/nested: fix unbound variable ++ - run-checks: fail on equality checks w/ ErrNoState ++ - snap-bootstrap: Mount as private ++ - tests: Test for gadget connections ++ - tests: set `br54.dhcp4=false` in the netplan-cfg test ++ - tests: core20 preseed/nested spread test ++ - systemd: remove the systemctl stop timeout handling ++ - interfaces/shared-memory: Update AppArmor permissions for ++ mmap+link ++ - many: replace ErrNoState equality checks w/ errors.Is() ++ - cmd/snap: exit w/ non-zero code on missing snap ++ - systemd: fix snapd systemd-unit stop progress notifications ++ - .github: Trigger daily riscv64 snapd edge builds ++ - interfaces/serial-port: add ttyGS to serial port allow list ++ - interfaces/modem-manager: Don't generate DBus plug policy ++ - tests: add spread test to test upgrade from release snapd to ++ current ++ - wrappers: refactor EnsureSnapServices ++ - testutil: add ErrorIs test checker ++ - tests: import spread shellcheck changes ++ - cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key ++ - interfaces/udev: refactor handling of udevadm triggers for input ++ - secboot: support for changing encryption keys via keymgr ++ ++ -- Michael Vogt Thu, 28 Jul 2022 16:59:39 +0200 ++ ++snapd (2.56.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1974147 ++ - devicestate: add more path to `fixupWritableDefaultDirs()` ++ - many: introduce IsUndo flag in LinkContext ++ - i/apparmor: allow calling which.debianutils ++ - interfaces: update AppArmor template to allow reading snap's ++ memory statistics ++ - interfaces: add memory stats to system_observe ++ - i/b/{mount,system}-observe: extend access for htop ++ - features: disable refresh-app-awarness by default again ++ - image: fix handling of var/lib/extrausers when preseeding ++ uc20 ++ - interfaces/modem-manager: Don't generate DBus policy for plugs ++ - interfaces/modem-manager: Only generate DBus plug policy on ++ Core ++ - interfaces/serial_port_test: fix static-checks errors ++ - interfaces/serial-port: add USB gadget serial devices (ttyGSX) to ++ allowed list ++ - interface/serial_port_test: adjust variable IDs ++ ++ -- Michael Vogt Wed, 13 Jul 2022 09:26:57 +0200 ++ ++snapd (2.56.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1974147 ++ - o/snapstate: exclude services from refresh app awareness hard ++ running check ++ - cmd/snap: support custom apparmor features dir with snap ++ prepare-image ++ ++ -- Michael Vogt Wed, 15 Jun 2022 14:22:31 +0200 ++ ++snapd (2.56.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1974147 ++ - gadget/install: do not assume dm device has same block size as ++ disk ++ - gadget: check also mbr type when testing for implicit data ++ partition ++ - interfaces: update network-control interface with permissions ++ required by resolvectl ++ - interfaces/builtin: remove the name=org.freedesktop.DBus ++ restriction in cups-control AppArmor rules ++ - many: print valid/invalid status on snap validate --monitor ... ++ - o/snapstate: fix validation sets restoring and snap revert on ++ failed refresh ++ - interfaces/opengl: update allowed PCI accesses for RPi ++ - interfaces/shared-memory: Update AppArmor permissions for ++ mmap+linkpaths ++ ++ -- Michael Vogt Wed, 15 Jun 2022 09:57:54 +0200 ++ ++snapd (2.56-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1974147 ++ - portal-info: Add CommonID Field ++ - asserts/info,mkversion.sh: capture max assertion formats in ++ snapd/info ++ - tests: improve the unit testing workflow to run in parallel ++ - interfaces: allow map and execute permissions for files on ++ removable media ++ - tests: add spread test to verify that connections are preserved if ++ snap refresh fails ++ - tests: Apparmor sandbox profile mocking ++ - cmd/snap-fde-keymgr: support for multiple devices and ++ authorizations for add/remove recovery key ++ - cmd/snap-bootstrap: Listen to keyboard added after start and ++ handle switch root ++ - interfaces,overlord: add support for adding extra mount layouts ++ - cmd/snap: replace existing code for 'snap model' to use shared ++ code in clientutil (2/3) ++ - interfaces: fix opengl interface on RISC-V ++ - interfaces: allow access to the file locking for cryptosetup in ++ the dm-crypt interface ++ - interfaces: network-manager: add AppArmor rule for configuring ++ bridges ++ - i/b/hardware-observe.go: add access to the thermal sysfs ++ - interfaces: opengl: add rules for NXP i.MX GPU drivers ++ - i/b/mount_control: add an optional "/" to the mount target rule ++ - snap/quota: add values for journal quotas (journal quota 2/n) ++ - tests: spread test for uc20 preseeding covering snap prepare-image ++ - o/snapstate: remove deadcode breaking static checks ++ - secboot/keymgr: extend unit tests, add helper for identify keyslot ++ used error ++ - tests: use new snaps.name and snaps.cleanup tools ++ - interfaces: tweak getPath() slightly and add some more tests ++ - tests: update snapd testing tools ++ - client/clientutil: add shared code for printing model assertions ++ as yaml or json (1/3) ++ - debug-tools: list all snaps ++ - cmd/snap: join search terms passed in the command line ++ - osutil/disks: partition UUID lookup ++ - o/snapshotstate: refactor snapshot read/write logic ++ - interfaces: Allow locking in block-devices ++ - daemon: /v2/system-recovery-keys remove API ++ - snapstate: do not auto-migrate to ~/Snap for core22 just yet ++ - tests: run failed tests by default ++ - o/snapshotstate: check installed snaps before running 'save' tasks ++ - secboot/keymgr: remove recovery key, authorize with existing key ++ - deps: bump libseccomp to include build fixes, run unit tests using ++ CC=clang ++ - cmd/snap-seccomp: only compare the bottom 32-bits of the flags arg ++ of copy_file_range ++ - osutil/disks: helper for obtaining the UUID of a partition which ++ is a mount point source ++ - image/preseed: umount the base snap last after writable paths ++ - tests: new set of nested tests for uc22 ++ - tests: run failed tests on nested suite ++ - interfaces: posix-mq: add new interface ++ - tests/main/user-session-env: remove openSUSE-specific tweaks ++ - tests: skip external backend in mem-cgroup-disabled test ++ - snap/quota: change the journal quota period to be a time.Duration ++ - interfaces/apparmor: allow executing /usr/bin/numfmt in the base ++ template ++ - tests: add lz4 dependency for jammy to avoid issues repacking ++ kernel ++ - snap-bootstrap, o/devicestate: use seed parallelism ++ - cmd/snap-update-ns: correctly set sticky bit on created ++ directories where applicable ++ - tests: install snapd while restoring in snap-mgmt ++ - .github: skip misspell and ineffassign on go 1.13 ++ - many: use UC20+/pre-UC20 in user messages as needed ++ - o/devicestate: use snap handler for copying and checksuming ++ preseeded snaps ++ - image, cmd/snap-preseed: allow passing custom apparmor features ++ path ++ - o/assertstate: fix handling of validation set tracking update in ++ enforcing mode ++ - packaging: restart our units only after the upgrade ++ - interfaces: add a steam-support interface ++ - gadget/install, o/devicestate: do not create recovery and ++ reinstall keys during installation ++ - many: move recovery key responsibility to devicestate/secboot, ++ prepare for a future with just optional recovery key ++ - tests: do not run mem-cgroup-disabled on external backends ++ - snap: implement "star" developers ++ - o/devicestate: fix install tests on systems with ++ /var/lib/snapd/snap ++ - cmd/snap-fde-keymgr, secboot: followup cleanups ++ - seed: let SnapHandler provided a different final path for snaps ++ - o/devicestate: implement maybeApplyPreseededData function to apply ++ preseed artifact ++ - tests/lib/tools: add piboot to boot_path() ++ - interfaces/builtin: shared-memory drop plugs allow-installation: ++ true ++ - tests/main/user-session-env: for for opensuse ++ - cmd/snap-fde-keymgr, secboot: add a tiny FDE key manager ++ - tests: re-execute the failed tests when "Run failed" label is set ++ in the PR ++ - interfaces/builtin/custom-device: fix unit tests on hosts with ++ different libexecdir ++ - sandbox: move profile load/unload to sandbox/apparmor ++ - cmd/snap: handler call verifications for cmd_quota_tests ++ - secboot/keys: introduce a package for secboot key types, use the ++ package throughout the code base ++ - snap/quota: add journal quotas to resources.go ++ - many: let provide a SnapHandler to Seed.Load*Meta* ++ - osutil: allow setting desired mtime on the AtomicFile, preserve ++ mtime on copy ++ - systemd: add systemd.Run() wrapper for systemd-run ++ - tests: test fresh install of core22-based snap (#11696) ++ - tests: initial set of tests to uc22 nested execution ++ - o/snapstate: migration overwrites existing snap dir ++ - tests: fix interfaces-location-control tests leaking provider.py ++ process ++ - tests/nested: fix custom-device test ++ - tests: test migration w/ revert, refresh and XDG dir creation ++ - asserts,store: complete support for optional primary key headers ++ for assertions ++ - seed: support parallelism when loading/verifying snap metadata ++ - image/preseed, cmd/snap-preseed: create and sign preseed assertion ++ - tests: Initial changes to run nested tests on uc22 ++ - o/snapstate: fix TestSnapdRefreshTasks test after two r-a-a PRs ++ - interfaces: add ACRN hypervisor support ++ - o/snapstate: exclude TypeSnapd and TypeOS snaps from refresh-app- ++ awareness ++ - features: enable refresh-app-awareness by default ++ - libsnap-confine-private: show proper error when aa_change_onexec() ++ fails ++ - i/apparmor: remove leftover comment ++ - gadget: drop unused code in unit tests ++ - image, store: move ToolingStore to store/tooling package ++ - HACKING: update info for snapcraft remote build ++ - seed: return all essential snaps found if no types are given to ++ LoadEssentialMeta ++ - i/b/custom_device: fix generation of udev rules ++ - tests/nested/manual/core20-early-config: disable netplan checks ++ - bootloader/assets, tests: add factory-reset mode, test non- ++ encrypted factory-reset ++ - interfaces/modem-manager: add support for Cinterion modules ++ - gadget: fully support multi-volume gadget asset updates in ++ Update() on UC20+ ++ - i/b/content: use slot.Lookup() as suggested by TODO comment ++ - tests: install linux-tools-gcp on jammy to avoid bpftool ++ dependency error ++ - tests/main: add spread tests for new cpu and thread quotas ++ - snap-debug-info: print validation sets and validation set ++ assertions ++ - many: renaming related to inclusive language part 2 ++ - c/snap-seccomp: update syscalls to match libseccomp 2657109 ++ - github: cancel workflows when pushing to pull request branches ++ - .github: use reviewdog action from woke tool ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/gtk-doc ++ - interfaces: add max_map_count to system-observe ++ - o/snapstate: print pids of running processes on BusySnapError ++ - .github: run woke tool on PR's ++ - snapshots: follow-up on exclusions PR ++ - cmd/snap: add check switch for snap debug state ++ - tests: do not run mount-order-regression test on i386 ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/xubuntu-docs ++ - interfaces/hardware_observe: add read access for various devices ++ - packaging: use latest go to build spread ++ - tests: Enable more tests for UC22 ++ - interfaces/builtin/network-control: also allow for mstp and bchat ++ devices too ++ - interfaces/builtin: update apparmor profile to allow creating ++ mimic over /usr/share* ++ - data/selinux: allow snap-update-ns to mount on top of /var/snap ++ inside the mount ns ++ - interfaces/cpu-control: fix apparmor rules of paths with CPU ID ++ - tests: remove the file that configures nm as default ++ - tests: fix the change done for netplan-cfg test ++ - tests: disable netplan-cfg test ++ - cmd/snap-update-ns: apply content mounts before layouts ++ - overlord/state: add a helper to detect cyclic dependencies between ++ tasks in change ++ - packaging/ubuntu-16.04/control: recommend `fuse3 | fuse` ++ - many: change "transactional" flag to a "transaction" option ++ - b/piboot.go: check EEPROM version for RPi4 ++ - snap/quota,spread: raise lower memory quota limit to 640kb ++ - boot,bootloader: add missing grub.cfg assets mocks in some tests ++ - many: support --ignore-running with refresh many ++ - tests: skip the test interfaces-many-snap-provided in ++ trusty ++ - o/snapstate: rename XDG dirs during HOME migration ++ - cmd/snap,wrappers: fix wrong implementation of zero count cpu ++ quota ++ - i/b/kernel_module_load: expand $SNAP_COMMON in module options ++ - interfaces/u2f-devices: add Solo V2 ++ - overlord: add missing grub.cfg assets mocks in manager_tests.go ++ - asserts: extend optional primary keys support to the in-memory ++ backend ++ - tests: update the lxd-no-fuse test ++ - many: fix failing golangci checks ++ - seed,many: allow to limit LoadMeta to snaps of a precise mode ++ - tests: allow ubuntu-image to be built with a compatible snapd tree ++ - o/snapstate: account for repeat migration in ~/Snap undo ++ - asserts: start supporting optional primary keys in fs backend, ++ assemble and signing ++ - b/a: do not set console in kernel command line for arm64 ++ - tests/main/snap-quota-groups: fix spread test ++ - sandbox,quota: ensure cgroup is available when creating mem ++ quotas ++ - tests: add debug output what keeps `/home` busy ++ - sanity: rename "sanity.Check" to "syscheck.CheckSystem" ++ - interfaces: add pkcs11 interface ++ - o/snapstate: undo migration on 'snap revert' ++ - overlord: snapshot exclusions ++ - interfaces: add private /dev/shm support to shared-memory ++ interface ++ - gadget/install: implement factory reset for unencrypted system ++ - packaging: install Go snap from 1.17 channel in the integration ++ tests ++ - snap-exec: fix detection if `cups` interface is connected ++ - tests: extend gadget-config-defaults test with refresh.retain ++ - cmd/snap,strutil: move lineWrap to WordWrapPadded ++ - bootloader/piboot: add support for armhf ++ - snap,wrappers: add `sigint{,-all}` to supported stop-modes ++ - packaging/ubuntu-16.04/control: depend on fuse3 | fuse ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/libreoffice/help ++ - daemon: add a /v2/accessories/changes/{ID} endpoint ++ - interfaces/appstream-metadata: Re-create app-info links to ++ swcatalog ++ - debug-tools: add script to help debugging GCE instances which fail ++ to boot ++ - gadget/install, kernel: more ICE helpers/support ++ - asserts: exclude empty snap id from duplicates lookup with preseed ++ assert ++ - cmd/snap, signtool: move key-manager related helpers to signtool ++ package ++ - tests/main/snap-quota-groups: add 219 as possible exit code ++ - store: set validation-sets on actions when refreshing ++ - github/workflows: update golangci-lint version ++ - run-check: use go install instead of go get ++ - tests: set as manual the interfaces-cups-control test ++ - interfaces/appstream-metadata: Support new swcatalog directory ++ names ++ - image/preseed: migrate tests from cmd/snap-preseed ++ - tests/main/uc20-create-partitions: update the test for new Go ++ versions ++ - strutil: move wrapGeneric function to strutil as WordWrap ++ - many: small inconsequential tweaks ++ - quota: detect/error if cpu-set is used with cgroup v1 ++ - tests: moving ubuntu-image to candidate to fix uc16 tests ++ - image: integrate UC20 preseeding with image.Prepare ++ - cmd/snap,client: frontend for cpu/thread quotas ++ - quota: add test for `Resource.clone()` ++ - many: replace use of "sanity" with more inclusive naming (part 2) ++ - tests: switch to "test-snapd-swtpm" ++ - i/b/network-manager: split rule with more than one peers ++ - tests: fix restore of the BUILD_DIR in failover test on uc18 ++ - cmd/snap/debug: sort changes by their spawn times ++ - asserts,interfaces/policy: slot-snap-id allow-installation ++ constraints ++ - o/devicestate: factory reset mode, no encryption ++ - debug-tools/snap-debug-info.sh: print message if no gadget snap ++ found ++ - overlord/devicestate: install system cleanups ++ - cmd/snap-bootstrap: support booting into factory-reset mode ++ - o/snapstate, ifacestate: pass preseeding flag to ++ AddSnapdSnapServices ++ - o/devicestate: restore device key and serial when assertion is ++ found ++ - data: add static preseed.json file ++ - sandbox: improve error message from `ProbeCgroupVersion()` ++ - tests: fix the nested remodel tests ++ - quota: add some more unit tests around Resource.Change() ++ - debug-tools/snap-debug-info.sh: add debug script ++ - tests: workaround lxd issue lp:10079 (function not implemented) on ++ prep-snapd-in-lxd ++ - osutil/disks: blockdev need not be available in the PATH ++ - cmd/snap-preseed: address deadcode linter ++ - tests/lib/fakestore/store: return snap base in details ++ - tests/lib/nested.sh: rm core18 snap after download ++ - systemd: do not reload system when enabling/disabling services ++ - i/b/kubernetes_support: add access to Java certificates ++ ++ -- Michael Vogt Thu, 19 May 2022 09:57:33 +0200 ++ ++snapd (2.55.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - snapstate: do not auto-migrate to ~/Snap for core22 just yet ++ - cmd/snap-seccomp: add copy_file_range to ++ syscallsWithNegArgsMaskHi32 ++ - cmd/snap-update-ns: correctly set sticky bit on created ++ directories where applicable ++ - .github: Skip misspell and ineffassign on go 1.13 ++ - tests: add lz4 dependency for jammy to avoid issues repacking ++ kernel ++ - interfaces: posix-mq: add new interface ++ ++ -- Michael Vogt Wed, 11 May 2022 06:38:24 +0200 ++ ++snapd (2.55.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - tests: do not run mount-order-regression test on i386 ++ - c/snap-seccomp: update syscalls ++ - o/snapstate: overwrite ~/.snap subdir when migrating ++ - o/assertstate: fix handling of validation set tracking update in ++ enforcing mode ++ - packaging: restart our units only after the upgrade ++ - interfaces: add a steam-support interface ++ - features: enable refresh-app-awareness by default ++ - i/b/custom_device: fix generation of udev rules ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/gtk-doc ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/xubuntu-docs ++ - interfaces/builtin/network-control: also allow for mstp and bchat ++ devices too ++ - interfaces/builtin: update apparmor profile to allow creating ++ mimic over /usr/share ++ - data/selinux: allow snap-update-ns to mount on top of /var/snap ++ inside the mount ns ++ - interfaces/cpu-control: fix apparmor rules of paths with CPU ID ++ ++ -- Michael Vogt Sat, 30 Apr 2022 10:04:39 +0200 ++ ++snapd (2.55.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - cmd/snap-update-ns: apply content mounts before layouts ++ - many: change "transactional" flag to a "transaction" option ++ - b/piboot.go: check EEPROM version for RPi4 ++ - snap/quota,spread: raise lower memory quota limit to 640kb ++ - boot,bootloader: add missing grub.cfg assets mocks in some ++ tests ++ - many: support --ignore-running with refresh many ++ - cmd/snap,wrappers: fix wrong implementation of zero count cpu ++ quota ++ - quota: add some more unit tests around Resource.Change() ++ - quota: detect/error if cpu-set is used with cgroup v1 ++ - quota: add test for `Resource.clone() ++ - cmd/snap,client: frontend for cpu/thread quotas ++ - tests: update spread test to check right XDG dirs ++ - snap: set XDG env vars to new dirs ++ - o/snapstate: initialize XDG dirs in HOME migration ++ - i/b/kernel_module_load: expand $SNAP_COMMON in module options ++ - overlord: add missing grub.cfg assets mocks in manager_tests.go ++ - o/snapstate: account for repeat migration in ~/Snap undo ++ - b/a: do not set console in kernel command line for arm64 ++ - sandbox: improve error message from `ProbeCgroupVersion()` ++ - tests/main/snap-quota-groups: fix spread test ++ - interfaces: add pkcs11 interface ++ - o/snapstate: undo migration on 'snap revert' ++ - overlord: snapshot exclusions ++ - interfaces: add private /dev/shm support to shared-memory ++ interface ++ - packaging: install Go snap from 1.17 channel in the integration ++ tests ++ - snap-exec: fix detection if `cups` interface is connected ++ - bootloader/piboot: add support for armhf ++ - interfaces/system-packages-doc: allow read-only access to ++ /usr/share/libreoffice/help ++ - daemon: add a /v2/accessories/changes/{ID} endpoint ++ - interfaces/appstream-metadata: Re-create app-info links to ++ swcatalog ++ - tests/main/snap-quota-groups: add 219 as possible exit code ++ - store: set validation-sets on actions when refreshing ++ - interfaces/appstream-metadata: Support new swcatalog directory ++ names ++ - asserts,interfaces/policy: slot-snap-id allow-installation ++ constraints ++ - i/b/network-manager: change rule for ResolveAddress to check only ++ label ++ - cmd/snap-bootstrap: support booting into factory-reset mode ++ - systemd: do not reload system when enabling/disabling services ++ ++ -- Michael Vogt Fri, 08 Apr 2022 16:48:35 +0200 ++ ++snapd (2.55.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - cmd/snap-update-ns: actually use entirely non-existent dirs ++ ++ -- Ian Johnson Mon, 21 Mar 2022 22:16:54 -0500 ++ ++snapd (2.55.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime ++ instead ++ ++ -- Ian Johnson Mon, 21 Mar 2022 20:45:56 -0500 ++ ++snapd (2.55-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1965808 ++ - kernel/fde: add PartitionName to various structs ++ - osutil/disks: calculate the last usable LBA instead of reading it ++ - snap/quota: additional validation in resources.go ++ - o/snapstate: avoid setting up single reboot when update includes ++ base, kernel and gadget ++ - overlord/state: add helper for aborting unready lanes ++ - snap-bootstrap: Partially revert simplifications of mount ++ dependencies ++ - cmd/snap-update-ns/change.go: sort needed, desired and not reused ++ mount entries ++ - cmd/snap-preseed, image: move preseeding code to image/preseed ++ - interfaces/docker-support: make generic rules not conflict with ++ snap-confine ++ - i/b/modem-manager: provide access to ObjectManager ++ - i/b/network_{control,manager}.go: add more access to resolved ++ - overlord/state: drop unused lanes field ++ - cmd/snap: make 1.18 vet happy ++ - o/snapstate: allow installing the snapd-desktop-integration snap ++ even if the user-daemons feature is otherwise disabled ++ - snap/quota: fix bug in quota group tree validation code ++ - o/snapstate: make sure that snapd is a prerequisite for updating ++ base snaps ++ - bootloader: add support for piboot ++ - i/seccomp/template.go: add close_range to the allowed syscalls ++ - snap: add new cpu quotas ++ - boot: support factory-reset when sealing and resealing ++ - tests: fix test to avoid editing the test-snapd-tools snap.yaml ++ file ++ - dirs: remove unused SnapMetaDir variable ++ - overlord: extend single reboot test to include a non-base, non- ++ kernel snap ++ - github: replace "sanity check" with "quick check" in workflow ++ - fde: add new DeviceUnlock() call ++ - many: replace use of "sanity" with more inclusive naming in ++ comments ++ - asserts: minimal changes to disable authority-delegation before ++ full revert ++ - tests: updating the test-snapd-cups-control-consumer snap to ++ core20 based ++ - many: replace use of "sanity" for interface implementation checks ++ - cmd/snap-preseed: support for core20 preseeding ++ - cmd: set core22 migration related env vars and update spread test ++ - interface/opengl: allow read on ++ /proc/sys/dev/i915/perf_stream_paranoid ++ - tests/lib/tools/report-mongodb: fix typo in help text ++ - tests: Include the source github url as part of the mongo db ++ issues ++ - o/devicestate: split mocks to separate calls for creating a model ++ and a gadget ++ - snap: Add missing zlib ++ - cmd/snap: add support for rebooting to factory-reset ++ - interfaces/apparmor: Update base template for systemd-machined ++ - i/a/template.go: add ld path for jammy ++ - o/devicestate, daemon: introduce factory-reset mode, allow ++ switching ++ - o/state: fix undo with independent tasks in same change and lane ++ - tests: validate tests tools just on google and qemu backends ++ - tests/lib/external/snapd-testing-tools: update from upstream ++ - tests: skip interfaces-cups-control from debian-sid ++ - Increase the times in snapd-sigterm for arm devices ++ - interfaces/browser-support: allow RealtimeKit's ++ MakeThreadRealtimeWithPID ++ - cmd: misc analyzer fixes ++ - interfaces/builtin/account-control: allow to execute pam_tally2 ++ - tests/main/user-session-env: special case bash profile on ++ Tumbleweed ++ - o/snapstate: implement transactional lanes for prereqs ++ - o/snapstate: add core22 migration logic ++ - tests/main/mount-ns: unmount /run/qemu ++ - release: 2.54.4 changelog to master ++ - gadget: add buildVolumeStructureToLocation, ++ volumeStructureToLocationMap ++ - interfaces/apparmor: add missing unit tests for special devmode ++ rules/behavior ++ - cmd/snap-confine: coverity fixes ++ - interfaces/systemd: use batch systemd operations ++ - tests: small adjustments to fix vuln spread tests ++ - osutil/disks: trigger udev on the partition device node ++ - interfaces/network-control: add D-Bus rules for resolved too ++ - interfaces/cpu-control: add extra idleruntime data/reset files to ++ cpu-control ++ - packaging/ubuntu-16.04/rules: don't run unit tests on riscv64 ++ - data/selinux: allow the snap command to run systemctl ++ - boot: mock amd64 arch for mabootable 20 suite ++ - testutil: add Backup helper to save/restore values, usually for ++ mocking ++ - tests/nested/core/core20-reinstall-partitions: update test summary ++ - asserts: return an explicit error when key cannot be found ++ - interfaces: custom-device ++ - Fix snap-run-gdbserver test by retrying the check ++ - overlord, boot: fix unit tests on arches other than amd64 ++ - Get lxd snap from candidate channel ++ - bootloader: allow different names for the grub binary in different ++ archs ++ - cmd/snap-mgmt, packaging: trigger daemon reload after purging unit ++ files ++ - tests: add test to ensure consecutive refreshes do garbage ++ collection of old revs ++ - o/snapstate: deal with potentially invalid type of refresh.retain ++ value due to lax validation ++ - seed,image: changes necessary for ubuntu-image to support ++ preseeding extra snaps in classic images ++ - tests: add debugging to snap-confine-tmp-mount ++ - o/snapstate: add ~/Snap init related to backend ++ - data/env: cosmetic tweak for fish ++ - tests: include new testing tools and utils ++ - wrappers: do not reload the deamon or restart snapd services when ++ preseeding on core ++ - Fix smoke/install test for other architectures than pc ++ - tests: skip boot loader check during testing preparation on s390x ++ - t/m/interfaces-network-manager: use different channel depending on ++ system ++ - o/devicestate: pick system from seed systems/ for preseeding (1/N) ++ - asserts: add preseed assertion type ++ - data/env: more workarounds for even older fish shells, provide ++ reasonable defaults ++ - tests/main/snap-run-devmode-classic: reinstall snapcraft to clean ++ up ++ - gadget/update.go: add buildNewVolumeToDeviceMapping for existing ++ devices ++ - tests: allow run spread tests using a private ppaTo validate it ++ - interfaces/{cpu,power}-control: add more accesses for commercial ++ device tuning ++ - gadget: add searchForVolumeWithTraits + tests ++ - gadget/install: measure and save disk volume traits during ++ install.Run() ++ - tests: fix "undo purging" step in snap-run-devmode-classic ++ - many: move call to shutdown to the boot package ++ - spread.yaml: add core22 version of rsync to skip ++ - overlord, o/snapstate: fix mocking on systems without /snap ++ - many: move boot.Device to snap.Device ++ - tests: smoke test support for core22 ++ - tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer ++ snaps ++ - snapstate: make "remove vulnerable version" message more ++ friendly ++ - o/devicestate/firstboot_preseed_test.go: remove deadcode ++ - o/devicestate: preseeding test cleanup ++ - gadget: refactor StructureEncryption to have a concrete type ++ instead of map ++ - tests: add created_at timestamp to mongo issues ++ - tests: fix security-udev-input-subsystem test ++ - o/devicestate/handlers_install.go: use --all to get binary data ++ too for logs ++ - o/snapstate: rename "corecore" -> "core" ++ - o/snapstate: implement transactional flag ++ - tests: skip ~/.snap migration test on openSUSE ++ - asserts,interfaces/policy: move and prepare DeviceScopeConstraint ++ for reuse ++ - asserts: fetching code should fetch authority-delegation ++ assertions with signing keys as needed ++ - tests: prepare and restore nested tests ++ - asserts: first-class support for formatting/encoding signatory-id ++ - asserts: remove unused function, fix for linter ++ - gadget: identify/match encryption parts, include in traits info ++ - asserts,cmd/snap-repair: support delegation when validating ++ signatures ++ - many: fix leftover empty snap dirs ++ - libsnap-confine-private: string functions simplification ++ - tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add ++ gadget variant ++ - interfaces/u2f-devices: add U2F-TOKEN ++ - tests/core/mem-cgroup-disabled: minor fixups ++ - data/env: fix fish env for all versions of fish, unexport local ++ vars, export XDG_DATA_DIRS ++ - tests: reboot test running remodel ++ - Add extra disk space to nested images to "avoid No space left on ++ device" error ++ - tests: add regression tests for disabled memory cgroup operation ++ - many: fix issues flagged by golangci and configure it to fail ++ build ++ - docs: fix incorrect link ++ - cmd/snap: rename the verbose logging flag in snap run ++ - docs: cosmetic cleanups ++ - cmd/snap-confine: build const data structures at compile- ++ time ++ - o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing ++ notification ++ - snap-bootstrap: Cleanup dependencies in systemd mounts ++ - interfaces/seccomp: Add rseq to base seccomp template ++ - cmd/snap-confine: remove mention of "legacy mode" from comment ++ - gadget/gadget_test.go: fix variable type ++ - gadget/gadget.go: add AllDiskVolumeDeviceTraits ++ - spread: non-functional cleanup of go1.6 legacy ++ - cmd/snap-confine: update ambiguous comment ++ - o/snapstate: revert migration on refresh if flag is disabled ++ - packaging/fedora: sync with downstream, packaging improvements ++ - tests: updated the documentation to run spread tests using ++ external backend ++ - osutil/mkfs: Expose more fakeroot flags ++ - interfaces/cups: add cups-socket-directory attr, use to specify ++ mount rules in backend ++ - tests/main/snap-system-key: reset-failed snapd and snapd.socket ++ - gadget/install: add unit tests for install.Run() ++ - tests/nested/manual/remodel-cross-store,remodel-simple: wait for ++ serial ++ - vscode: added integrated support for MS VSCODE ++ - cmd/snap/auto-import: use osutil.LoadMountInfo impl instead ++ - gadget/install: add unit tests for makeFilesystem, allow mocking ++ mkfs.Make() ++ - systemd: batched operations ++ - gadget/install/partition.go: include DiskIndex in synthesized ++ OnDiskStructure ++ - gadget/install: rm unused support for writing non-filesystem ++ structures ++ - cmd/snap: close refresh notifications after trying to run a snap ++ while inhibited ++ - o/servicestate: revert #11003 checking for memory cgroup being ++ disabled ++ - tests/core/failover: verify failover handling with the kernel snap ++ - snap-confine: allow numbers in hook security tag ++ - cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed ++ - spread: switch to CentOS 8 Stream image ++ - overlord/servicestate: disallow mixing snaps and subgroups. ++ - cmd/snap: add --debug to snap run ++ - gadget: mv modelCharateristics to gadgettest.ModelCharacteristics ++ - cmd/snap: remove use of zenity, use notifications for snap run ++ inhibition ++ - o/devicestate: verify that the new model is self contained before ++ remodeling ++ - usersession/userd: query xdg-mime to check for fallback handlers ++ of a given scheme ++ - gadget, gadgettest: reimplement tests to use new gadgettest ++ examples.go file ++ - asserts: start implementing authority-delegationTODO in later PRs: ++ - overlord: skip manager tests on riscv for now ++ - o/servicestate: quota group error should be more explanative when ++ memory cgroup is disabled ++ - i/builtin: allow modem-manager interface to access some files in ++ sysfs ++ - tests: ensure that interface hook works with hotplug plug ++ - tests: fix repair test failure when run in a loop ++ - o/snapstate: re-write state after undo migration ++ - interfaces/opengl: add support for ARM Mali ++ - tests: enable snap-userd-reexec on ubuntu and debian ++ - tests: skip bind mount in snapd-snap test when the core snap in ++ not repacked ++ - many: add transactional flag to snapd API ++ - tests: new Jammy image for testing ++ - asserts: start generalizing attrMatcherGeneralization is along ++ - tests: ensure the ca-certificates package is installed ++ - devicestate: ensure permissions of /var/lib/snapd/void are ++ correct ++ - many: add altlinux support ++ - cmd/snap-update-ns: convert some unexpected decimal file mode ++ constants to octal. ++ - tests: use system ubuntu-21.10-64 in nested tests ++ - tests: skip version check on lp-1871652 for sru validation ++ - snap/quota: add positive tests for the quota.Resources logic ++ - asserts: start splitting out attrMatcher for reuse to ++ constraint.go ++ - systemd: actually test the function passed as a parameter ++ - tests: fix snaps-state test for sru validation ++ - many: add Transactional to snapstate.Flags ++ - gadget: rename DiskVolume...Opts to DiskVolume...Options ++ - tests: Handle PPAs being served from ppa.launchpadcontent.net ++ - tests/main/cgroup-tracking-failure: Make it pass when run alone ++ - tests: skip migration test on centOS ++ - tests: add back systemd-timesyncd to newer debian distros ++ - many: add conversion for interface attribute values ++ - many: unit test fix when SNAPD_DEBUG=1 is set ++ - gadget/install/partition.go: use device rescan trick only when ++ gadget says to ++ - osutil: refactoring the code exporting mocking APIs to other ++ packages ++ - mkversion: check that snapd is a git source tree before guessing ++ the version ++ - overlord: small refactoring of group quota implementation in ++ preparation of multiple quota values ++ - tests: drop 21.04 tests (it's EOL) ++ - osutil/mkfs: Expose option for --lib flag in fakeroot call ++ - cmd/snapd-apparmor: fix bad variable initialization ++ - packaging, systemd: fix socket (re-)start race ++ - tests: fix running tests.invariant on testflinger systems ++ - tests: spread test snap dir migration ++ - interfaces/shared-memory: support single wild-cards in the ++ read/write paths ++ - tests: cross store remodel ++ - packaging,tests: fix running autopkgtest ++ - spread-shellcheck: add a caching layer ++ - tests: add jammy to spread executions ++ - osutils: deal with ENOENT in UserMaybeSudoUser() ++ - packaging/ubuntu-16.04/control: adjust libfuse3 dependency as ++ suggested ++ - gadget/update.go: add DiskTraitsFromDeviceAndValidate ++ - tests/lib/prepare.sh: add debug kernel command line params via ++ gadget on UC20 ++ - check-commit-email: do not fail when current dir is not under git ++ - configcore: implement netplan write support via dbus ++ - run-checks, check-commit-email.py: check commit email addresses ++ for validity ++ - tests: setup snapd remodel testing bits ++ - cmd/snap: adjust /cmd to migration changes ++ - systemd: enable batched calls for systemd calls operation on units ++ - o/ifacestate: add convenience Active() method to ConnectionState ++ struct ++ - o/snapstate: migrate to hidden dir on refresh/install ++ - store: fix flaky test ++ - i/builtin/xilinx-dma: add interface for Xilinx DMA driver ++ - go.mod: tidy up ++ - overlord/h/c/umount: remove handling of required parameter ++ - systemd: add NeedDaemonReload to the unit state ++ - mount-control: step 3 ++ - tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted ++ case too ++ - gadget: fix typo with filesystem message ++ - gadget: misc helper fixes for implicit system-data role handling ++ - tests: fix uses of fakestore new-snap-declaration ++ - spread-shellcheck: use safe_load rather than load with a loder ++ - interfaces: allow access to new at-spi socket location in desktop- ++ legacy ++ - cmd/snap: setup tracking cgroup when invoking a service directly ++ as a user ++ - tests/main/snap-info: use yaml.safe_load rather than yaml.load ++ - cmd/snap: rm unnecessary validation ++ - tests: fix `tests/core/create-user` on testflinger pi3 ++ - tests: fix parallel-install-basic on external UC16 devices ++ - tests: ubuntu-image 2.0 compatibility fixes ++ - tests/lib/prepare-restore: use go install rather than go get ++ - cmd/snap, daemon: add debug command for getting OnDiskVolume ++ dump ++ - gadget: resolve index ambiguity between OnDiskStructure and ++ LaidOutStructuretype: bare structures). ++ - tests: workaround missing bluez snap ++ - HACKING.md: add dbus-x11 to packages needed to run unit tests ++ - spread.yaml: add debian-{10,11}, drop debian-9 ++ - cmd/snap/quota: fix typo in the help message ++ - gadget: allow gadget struct with unspecified filesystem to match ++ part with fs ++ - tests: re-enable kernel-module-load tests on arm ++ - tests/lib/uc20-create-partitions/main.go: setup a logger for ++ messages ++ - cmd: support installing multiple local snaps ++ - usersession: implement method to close notifications via ++ usersession REST API ++ - data/env: treat XDG_DATA_DIRS like PATH for fish ++ - cmd/snap, cmd/snap-confine: extend manpage, update links ++ - tests: fix fwupd interface test in debian sid ++ - tests: do not run k8s smoke test on 32 bit systems ++ - tests: fix testing in trusty qemu ++ - packaging: merge 2.54.2 changelog back to master ++ - overlord: fix issue with concurrent execution of two snapd ++ processes ++ - interfaces: add a polkit interface ++ - gadget/install/partition.go: wait for udev settle when creating ++ partitions too ++ - tests: exclude interfaces-kernel-module load on arm ++ - tests: ensure that test-snapd-kernel-module-load is ++ removed ++ - tests: do not test microk8s-smoke on arm ++ - packaging, bloader, github: restore cleanliness of snapd info ++ file; check in GA workflow ++ - tests/lib/tools/tests.invariant: simplify check ++ - tests/nested/manual/core20-to-core22: wait for device to be ++ initialized before starting a remodel ++ - build-aux/snap/snapcraft.yaml: use build-packages, don't fail ++ dirty builds ++ - tests/lib/tools/tests.invariant: add invariant for detecting ++ broken snaps ++ - tests/core/failover: replace boot-state with snap debug boot-vars ++ - tests: fix remodel-kernel test when running on external devices ++ - data/selinux: allow poking /proc/xen ++ - gadget: do not crash if gadget.yaml has an empty Volumes section ++ - i/b/mount-control: support creating tmpfs mounts ++ - packaging: Update openSUSE spec file with apparmor-parser and ++ datadir for fish ++ - cmd/snap-device-helper: fix variable name typo in the unit tests ++ - tests: fixed an issue with retrieval of the squashfuse repo ++ - release: 2.54.1 ++ - tests: tidy up the top-level of ubuntu-seed during tests ++ - build-aux: detect/fix dirty git revisions while snapcraft ++ building ++ - release: 2.54 ++ ++ -- Ian Johnson Mon, 21 Mar 2022 15:55:16 -0500 ++ ++snapd (2.54.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1955137 ++ - t/m/interfaces-network-manager: use different channel depending on ++ system ++ - many: backport attrer interface changes to 2.54 ++ - tests: skip version check on lp-1871652 for sru validation ++ - i/builtin: allow modem-manager interface to access some files in ++ sysfs ++ - snapstate: make "remove vulnerable version" message more ++ friendly ++ - tests: fix "undo purging" step in snap-run-devmode-classic ++ - o/snapstate: deal with potentially invalid type of refresh.retain ++ value due to lax validation ++ - interfaces: custom-device ++ - packaging/ubuntu-16.04/control: adjust libfuse3 dependency ++ - data/env: fix fish env for all versions of fish ++ - packaging/ubuntu-16.04/snapd.postinst: start socket and service ++ first ++ - interfaces/u2f-devices: add U2F-TOKEN ++ - interfaces/seccomp: Add rseq to base seccomp template ++ - tests: remove disabled snaps before calling save_snapd_state ++ - overlord: skip manager tests on riscv for now ++ - interfaces/opengl: add support for ARM Mali ++ - devicestate: ensure permissions of /var/lib/snapd/void are ++ correct ++ - cmd/snap-update-ns: convert some unexpected decimal file mode ++ constants to octal. ++ - interfaces/shared-memory: support single wild-cards in the ++ read/write paths ++ - packaging: fix running autopkgtest ++ - i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver ++ - tests: fix `tests/core/create-user` on testflinger pi3 ++ - tests: fix parallel-install-basic on external UC16 devices ++ - tests: re-enable kernel-module-load tests on arm ++ - tests: do not run k8s smoke test on 32 bit systems ++ ++ -- Michael Vogt Thu, 03 Mar 2022 09:44:21 +0100 ++ ++snapd (2.54.3-1.1) unstable; urgency=medium ++ ++ * Non-maintainer upload. ++ * Remove unused Build-Depends and replace transitional packages ++ (Closes: #1014184) ++ * Add patch for failed test with godbus 5.0.5 (Closes: #1008450) ++ ++ -- Shengjing Zhu Sun, 17 Jul 2022 20:18:10 +0800 ++ ++snapd (2.54.3-1) unstable; urgency=high ++ ++ * SECURITY UPDATE: Local privilege escalation ++ - snap-confine: Add validations of the location of the snap-confine ++ binary within snapd. ++ - snap-confine: Fix race condition in snap-confine when preparing a ++ private mount namespace for a snap. ++ - CVE-2021-44730 ++ - CVE-2021-44731 ++ * SECURITY UPDATE: Data injection from malicious snaps ++ - interfaces: Add validations of snap content interface and layout ++ paths in snapd. ++ - CVE-2021-4120 ++ - LP: #1949368 ++ ++ -- Michael Vogt Wed, 23 Feb 2022 10:04:21 +0100 ++ ++snapd (2.54.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1955137 ++ - tests: exclude interfaces-kernel-module load on arm ++ - tests: ensure that test-snapd-kernel-module-load is ++ removed ++ - tests: do not test microk8s-smoke on arm ++ - tests/core/failover: replace boot-state with snap debug boot-vars ++ - tests: use snap info|awk to extract tracking channel ++ - tests: fix remodel-kernel test when running on external devices ++ - .github/workflows/test.yaml: also check internal snapd version for ++ cleanliness ++ - packaging/ubuntu-16.04/rules: eliminate seccomp modification ++ - bootloader/assets/grub_*cfg_asset.go: update Copyright ++ - build-aux/snap/snapcraft.yaml: adjust comment about get-version ++ - .github/workflows/test.yaml: add check in github actions for dirty ++ snapd snaps ++ - build-aux/snap/snapcraft.yaml: use build-packages, don't fail ++ dirty builds ++ - data/selinux: allow poking /proc/xen ++ ++ -- Ian Johnson Thu, 06 Jan 2022 15:25:16 -0600 ++ ++snapd (2.54.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1955137 ++ - buid-aux: set version before calling ./generate-packaging-dir ++ This fixes the "dirty" suffix in the auto-generated version ++ ++ * Upstream fixes for Debian bugs: ++ - cgroups v2 are now supported (closes: #934372) ++ - transitional package golang-github-ubuntu-core-snappy-dev ++ dropped (closes: #940782) ++ - support squashfs-tools 4.5 properly (closes: #993233) ++ - fix FTBFS (closes: #997257) ++ ++ * Updated the debian packaging: ++ - add myself to the uploaders (partly addresses 1001999) ++ - remove npn-default series patches) ++ - bump standards-version to 4.6.0 (required removal of ++ non-default series files) ++ ++ -- Michael Vogt Mon, 20 Dec 2021 15:15:32 +0100 ++ ++snapd (2.54-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1955137 ++ - interfaces/builtin/opengl.go: add boot_vga sys/devices file ++ - o/configstate/configcore: add tmpfs.size option ++ - tests: moving to manual opensuse 15.2 ++ - cmd/snap-device-helper: bring back the device type identification ++ behavior, but for remove action fallback only ++ - cmd/snap-failure: use snapd from the snapd snap if core is not ++ present ++ - tests/core/failover: enable the test on core18 ++ - o/devicestate: ensure proper order when remodel does a simple ++ switch-snap-channel ++ - builtin/interfaces: add shared memory interface ++ - overlord: extend kernel/base success and failover with bootenv ++ checks ++ - o/snapstate: check disk space w/o store if possible ++ - snap-bootstrap: Mount snaps read only ++ - gadget/install: do not re-create partitions using OnDiskVolume ++ after deletion ++ - many: fix formatting w/ latest go version ++ - devicestate,timeutil: improve logging of NTP sync ++ - tests/main/security-device-cgroups-helper: more debugs ++ - cmd/snap: print a placeholder for version of broken snaps ++ - o/snapstate: mock system with classic confinement support ++ - cmd: Fixup .clangd to use correct syntax ++ - tests: run spread tests in fedora-35 ++ - data/selinux: allow snapd to access /etc/modprobe.d ++ - mount-control: step 2 ++ - daemon: add multiple snap sideload to API ++ - tests/lib/pkgdb: install dbus-user-session during prepare, drop ++ dbus-x11 ++ - systemd: provide more detailed errors for unimplemented method in ++ emulation mode ++ - tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base ++ test ++ - tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot ++ test ++ - o/snapstate: add hide/expose snap data to backend ++ - interfaces: kernel-module-load ++ - snap: add support for `snap watch ++ --last={revert,enable,disable,switch}` ++ - tests/main/security-udev-input-subsystem: drop info from udev ++ - tests/core/kernel-and-base-single-reboot-failover, ++ tests/lib/fakestore: verify failover scenario ++ - tests/main/security-device-cgroups-helper: collect some debug info ++ when the test fails ++ - tests/nested/manual/core20-remodel: wait for device to have a ++ serial before starting a remodel ++ - tests/main/generic-unregister: test re-registration if not blocked ++ - o/snapstate, assertsate: validation sets/undo on partial failure ++ - tests: ensure snapd can be downloaded as a module ++ - snapdtool, many: support additional key/value flags in info file ++ - data/env: improve fish shell env setup ++ - usersession/client: provide a way for client to send messages to a ++ subset of users ++ - tests: verify that simultaneous refresh of kernel and base ++ triggers a single reboot only ++ - devicestate: Unregister deletes the device key pair as well ++ - daemon,tests: support forgetting device serial via API ++ - asserts: change behavior of alternative attribute matcher ++ - configcore: relax validation rules for hostname ++ - cmd/snap-confine: do not include libglvnd libraries from the host ++ system ++ - overlord, tests: add managers and a spread test for UC20 to UC22 ++ remodel ++ - HACKING.md: adjust again for building the snapd snap ++ - systemd: add support for systemd unit alias names ++ - o/snapstate: add InstallPathMany ++ - gadget: allow EnsureLayoutCompatibility to ensure disk has all ++ laid out structsnow reject/fail: ++ - packaging/ubuntu, packaging/debian: depend on dbus-session-bus ++ provider (#11111) ++ - interfaces/interfaces/scsi_generic: add interface for scsi generic ++ de… (#10936) ++ - osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping ++ - interfaces/microstack-support: set controlsDeviceCgroup to true ++ - network-setup-control: add netplan generate D-Bus rules ++ - interface/builtin/log_observe: allow to access /dev/kmsg ++ - .github/workflows/test.yaml: restore failing of spread tests on ++ errors (nested) ++ - gadget: tweaks to DiskStructureDeviceTraits + expand test cases ++ - tests/lib/nested.sh: allow tests to use their own core18 in extra- ++ snaps-path ++ - interfaces/browser-support: Update rules for Edge ++ - o/devicestate: during remodel first check pending download tasks ++ for snaps ++ - polkit: add a package to validate polkit policy files ++ - HACKING.md: document building the snapd snap and splicing it into ++ the core snap ++ - interfaces/udev: fix installing snaps inside lxd in 21.10 ++ - o/snapstate: refactor disk space checks ++ - tests: add (strict) microk8s smoke test ++ - osutil/strace: try to enable strace on more arches ++ - cmd/libsnap-confine-private: fix snap-device-helper device allow ++ list modification on cgroup v2 ++ - tests/main/snapd-reexec-snapd-snap: improve debugging ++ - daemon: write formdata file parts to snaps dir ++ - systemd: add support for .target units ++ - tests: run snap-disconnect on uc16 ++ - many: add experimental setting to allow using ~/.snap/data instead ++ of ~/snap ++ - overlord/snapstate: perform a single reboot when updating boot ++ base and kernel ++ - kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver, ++ use w/ disks pkg ++ - o/devicestate: introduce DeviceManager.Unregister ++ - interfaces: allow receiving PropertiesChanged on the mpris plug ++ - tests: new tool used to retrieve data from mongo db ++ - daemon: amend ssh keys coming from the store ++ - tests: Include the tools from snapd-testing-tools project in ++ "$TESTSTOOLS" ++ - tests: new workflow step used to report spread error to mongodb ++ - interfaces/builtin/dsp: update proc files for ambarella flavor ++ - gadget: replace ondisk implementation with disks package, refactor ++ part calcs ++ - tests: Revert "tests: disable flaky uc18 tests until systemd is ++ fixed" ++ - Revert: "many: Vendor apparmor-3.0.3 into the snapd snap" ++ - asserts: rename "white box" to "clear box" (woke checker) ++ - many: Vendor apparmor-3.0.3 into the snapd snap ++ - tests: reorganize the debug-each on the spread.yaml ++ - packaging: sync with downstream packaging in Fedora and openSUSE ++ - tests: disable flaky uc18 tests until systemd is fixed ++ - data/env: provide profile setup for fish shell ++ - tests: use ubuntu-image 1.11 from stable channel ++ - gadget/gadget.go: include disk schema in the disk device volume ++ traits too ++ - tests/main/security-device-cgroups-strict-enforced: extend the ++ comments ++ - README.md: point at bugs.launchpad.net/snapd instead of snappy ++ project ++ - osutil/disks: introduce RegisterDeviceMapperBackResolver + use for ++ crypt-luks2 ++ - packaging: make postrm script robust against `rm` failures ++ - tests: print extra debug on auto-refresh-gating test failure ++ - o/assertstate, api: move enforcing/monitoring from api to ++ assertstate, save history ++ - tests: skip the test-snapd-timedate-control-consumer.date to avoid ++ NTP sync error ++ - gadget/install: use disks functions to implement deviceFromRole, ++ also rename ++ - tests: the `lxd` test is failing right now on 21.10 ++ - o/snapstate: account for deleted revs when undoing install ++ - interfaces/builtin/block_devices: allow blkid to print block ++ device attributes ++ - gadget: include size + sector-size in DiskVolumeDeviceTraits ++ - cmd/libsnap-confine-private: do not deny all devices when reusing ++ the device cgroup ++ - interfaces/builtin/time-control: allow pps access ++ - o/snapstate/handlers: propagate read errors on "copy-snap-data" ++ - osutil/disks: add more fields to Partition, populate them during ++ discovery ++ - interfaces/u2f-devices: add Trezor and Trezor v2 keys ++ - interfaces: timezone-control, add permission for ListTimezones ++ DBus call ++ - o/snapstate: remove repeated test assertions ++ - tests: skip `snap advise-command` test if the store is overloaded ++ - cmd: create ~/snap dir with 0700 perms ++ - interfaces/apparmor/template.go: allow udevadm from merged usr ++ systems ++ - github: leave a comment documenting reasons for pipefail ++ - github: enable pipefail when running spread ++ - osutil/disks: add DiskFromPartitionDeviceNode ++ - gadget, many: add model param to Update() ++ - cmd/snap-seccomp: add riscv64 support ++ - o/snapstate: maintain a RevertStatus map in SnapState ++ - tests: enable lxd tests on impish system ++ - tests: (partially) revert the memory limits PR#r10241 ++ - o/assertstate: functions for handling validation sets tracking ++ history ++ - tests: some improvements for the spread log parser ++ - interfaces/network-manager-observe: Update for libnm / dart ++ clients ++ - tests: add ntp related debug around "auto-refresh" test ++ - boot: expand on the fact that reseal taking modeenv is very ++ intentional ++ - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp ++ abad8a8f4 ++ - data/selinux: update the policy to allow snapd to talk to ++ org.freedesktop.timedate1 ++ - o/snapstate: keep old revision if install doesn't add new one ++ - overlord/state: add a unit test for a kernel+base refresh like ++ sequence ++ - desktop, usersession: observe notifications ++ - osutil/disks: add AllPhysicalDisks() ++ - timeutil,deviceutil: fix unit tests on systems without dbus or ++ without ntp-sync ++ - cmd/snap-bootstrap/README: explain all the things (well most of ++ them anyways) ++ - docs: add run-checks dependency install instruction ++ - o/snapstate: do not prune refresh-candidates if gate-auto-refresh- ++ hook feature is not enabled ++ - o/snapstate: test relink remodel helpers do a proper subset of ++ doInstall and rework the verify*Tasks helpers ++ - tests/main/mount-ns: make the test run early ++ - tests: add `--debug` to netplan apply ++ - many: wait for up to 10min for NTP synchronization before ++ autorefresh ++ - tests: initialize CHANGE_ID in _wait_autorefresh ++ - sandbox/cgroup: freeze and thaw cgroups related to services and ++ scopes only ++ - tests: add more debug around qemu-nbd ++ - o/hookstate: print cohort with snapctl refresh --pending (#10985) ++ - tests: misc robustness changes ++ - o/snapstate: improve install/update tests (#10850) ++ - tests: clean up test tools ++ - spread.yaml: show `journalctl -e` for all suites on debug ++ - tests: give interfaces-udisks2 more time for the loop device to ++ appear ++ - tests: set memory limit for snapd ++ - tests: increase timeout/add debug around nbd0 mounting (up, see ++ LP:#1949513) ++ - snapstate: add debug message where a snap is mounted ++ - tests: give nbd0 more time to show up in preseed-lxd ++ - interfaces/dsp: add more ambarella things ++ - cmd/snap: improve snap disconnect arg parsing and err msg ++ - tests: disable nested lxd snapd testing ++ - tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32 ++ - o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite ++ - sandbox/cgroup: wait for start transient unit job to finish ++ - o/snapstate: fix task order, tweak errors, add unit tests for ++ remodel helpers ++ - osutil/disks: re-org methods for end of usable region, size ++ information ++ - build-aux: ensure that debian packaging matches build-base ++ - docs: update HACKING.md instructions for snapd 2.52 and later ++ - spread: run lxd tests with version from latest/edge ++ - interfaces: suppress denial of sys_module capability ++ - osutil/disks: add methods to replace gadget/ondisk functions ++ - tests: split test tools - part 1 ++ - tests: fix nested tests on uc20 ++ - data/selinux: allow snap-confine to read udev's database ++ - i/b/common_test: refactor AppArmor features test ++ - tests: run spread tests on debian 11 ++ - o/devicestate: copy timesyncd clock timestamp during install ++ - interfaces/builtin: do not probe parser features when apparmor ++ isn't available ++ - interface/modem-manager: allow connecting to the mbim/qmi proxy ++ - tests: fix error message in run-checks ++ - tests: spread test for validation sets enforcing ++ - cmd/snap-confine: lazy set up of device cgroup, only when devices ++ were assigned ++ - o/snapstate: deduplicate snap names in remove/install/update ++ - tests/main/selinux-data-context: use session when performing ++ actions as test user ++ - packaging/opensuse: sync with openSUSE packaging, enable AppArmor ++ on 15.3+ ++ - interfaces: skip connection of netlink interface on older ++ systems ++ - asserts, o/snapstate: honor IgnoreValidation flag when checking ++ installed snaps ++ - tests/main/apparmor-batch-reload: fix fake apparmor_parser to ++ handle --preprocess ++ - sandbox/apparmor, interfaces/apparmor: detect bpf capability, ++ generate snippet for s-c ++ - release-tools/repack-debian-tarball.sh: fix c-vendor dir ++ - tests: test for enforcing with prerequisites ++ - tests/main/snapd-sigterm: fix race conditions ++ - spread: run lxd tests with version from latest/stable ++ - run-checks: remove --spread from help message ++ - secboot: use latest secboot with tpm legacy platform and v2 fully ++ optional ++ - tests/lib/pkgdb: install strace on Debian 11 and Sid ++ - tests: ensure systemd-timesyncd is installed on debian ++ - interfaces/u2f-devices: add Nitrokey 3 ++ - tests: update the ubuntu-image channel to candidate ++ - osutil/disks/labels: simplify decoding algorithm ++ - tests: not testing lxd snap anymore on i386 architecture ++ - o/snapstate, hookstate: print remaining hold time on snapctl ++ --hold ++ - cmd/snap: support --ignore-validation with snap install client ++ command ++ - tests/snapd-sigterm: be more robust against service restart ++ - tests: simplify mock script for apparmor_parser ++ - o/devicestate, o/servicestate: update gadget assets and cmdline ++ when remodeling ++ - tests/nested/manual/refresh-revert-fundamentals: re-enable ++ encryption ++ - osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel ++ - gadget, osutil/disks: fix some bugs from prior PR'sin the dir. ++ - secboot: revert move to new version (revert #10715) ++ - cmd/snap-confine: die when snap process is outside of snap ++ specific cgroup ++ - many: mv MockDeviceNameDisksToPartitionMapping -> ++ MockDeviceNameToDiskMapping ++ - interfaces/builtin: Add '/com/canonical/dbusmenu' path access to ++ 'unity7' interface ++ - interfaces/builtin/hardware-observer: add /proc/bus/input/devices ++ too ++ - osutil/disks, many: switch to defining Partitions directly for ++ MockDiskMapping ++ - tests: remove extra-snaps-assertions test ++ - interface/modem-manager: add accept for MBIM/QMI proxy clients ++ - tests/nested/core/core20-create-recovery: fix passing of data to ++ curl ++ - daemon: allow enabling enforce mode ++ - daemon: use the syscall connection to get the socket credentials ++ - i/builtin/kubernetes_support: add access to Calico lock file ++ - osutil: ensure parent dir is opened and sync'd ++ - tests: using test-snapd-curl snap instead of http snap ++ - overlord: add managers unit test demonstrating cyclic dependency ++ between gadget and kernel updates ++ - gadget/ondisk.go: include the filesystem UUID in the returned ++ OnDiskVolume ++ - packaging: fixes for building on openSUSE ++ - o/configcore: allow hostnames up to 253 characters, with dot- ++ delimited elements ++ - gadget/ondisk.go: add listBlockDevices() to get all block devices ++ on a system ++ - gadget: add mapping trait types + functions to save/load ++ - interfaces: add polkit security backend ++ - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for ++ s390x impish ++ - tests: merge coverage results ++ - tests: remove "features" from fde-setup.go example ++ - fde: add new device-setup support to fde-setup ++ - gadget: add `encryptedDevice` and add encryptedDeviceLUKS ++ - spread: use `bios: uefi` for uc20 ++ - client: fail fast on non-retryable errors ++ - tests: support running all spread tests with experimental features ++ - tests: check that a snap that doesn't have gate-auto-refresh hook ++ can call --proceed ++ - o/snapstate: support ignore-validation flag when updating to a ++ specific snap revision ++ - o/snapstate: test prereq update if started by old version ++ - tests/main: disable cgroup-devices-v1 and freezer tests on 21.10 ++ - tests/main/interfaces-many: run both variants on all possible ++ Ubuntu systems ++ - gadget: mv ensureLayoutCompatibility to gadget proper, add ++ gadgettest pkg ++ - many: replace state.State restart support with overlord/restart ++ - overlord: fix generated snap-revision assertions in remodel unit ++ tests ++ ++ -- Michael Vogt Fri, 17 Dec 2021 15:49:18 +0100 ++ ++snapd (2.53.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to ++ avoid host env leaking into tests ++ - timeutil: return NoTimedate1Error if it can't connect to the ++ system bus ++ ++ -- Ian Johnson Thu, 02 Dec 2021 17:16:48 -0600 ++ ++snapd (2.53.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - devicestate: Unregister deletes the device key pair as well ++ - daemon,tests: support forgetting device serial via API ++ - configcore: relax validation rules for hostname ++ - o/devicestate: introduce DeviceManager.Unregister ++ - packaging/ubuntu, packaging/debian: depend on dbus-session-bus ++ provider ++ - many: wait for up to 10min for NTP synchronization before ++ autorefresh ++ - interfaces/interfaces/scsi_generic: add interface for scsi generic ++ devices ++ - interfaces/microstack-support: set controlsDeviceCgroup to true ++ - interface/builtin/log_observe: allow to access /dev/kmsg ++ - daemon: write formdata file parts to snaps dir ++ - spread: run lxd tests with version from latest/edge ++ - cmd/libsnap-confine-private: fix snap-device-helper device allow ++ list modification on cgroup v2 ++ - interfaces/builtin/dsp: add proc files for monitoring Ambarella ++ DSP firmware ++ - interfaces/builtin/dsp: update proc file accordingly ++ ++ -- Ian Johnson Thu, 02 Dec 2021 11:42:15 -0600 ++ ++snapd (2.53.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1946127 ++ - interfaces/builtin/block_devices: allow blkid to print block ++ device attributes/run/udev/data/b{major}:{minor} ++ - cmd/libsnap-confine-private: do not deny all devices when reusing ++ the device cgroup ++ - interfaces/builtin/time-control: allow pps access ++ - interfaces/u2f-devices: add Trezor and Trezor v2 keys ++ - interfaces: timezone-control, add permission for ListTimezones ++ DBus call ++ - interfaces/apparmor/template.go: allow udevadm from merged usr ++ systems ++ - interface/modem-manager: allow connecting to the mbim/qmi proxy ++ - interfaces/network-manager-observe: Update for libnm client ++ library ++ - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp ++ abad8a8f4 ++ - sandbox/cgroup: freeze and thaw cgroups related to services and ++ scopes only ++ - o/hookstate: print cohort with snapctl refresh --pending ++ - cmd/snap-confine: lazy set up of device cgroup, only when devices ++ were assigned ++ - tests: ensure systemd-timesyncd is installed on debian ++ - tests/lib/pkgdb: install strace on Debian 11 and Sid ++ - tests/main/snapd-sigterm: flush, use retry ++ - tests/main/snapd-sigterm: fix race conditions ++ - release-tools/repack-debian-tarball.sh: fix c-vendor dir ++ - data/selinux: allow snap-confine to read udev's database ++ - interfaces/dsp: add more ambarella things* interfaces/dsp: add ++ more ambarella things ++ ++ -- Ian Johnson Mon, 15 Nov 2021 16:09:09 -0600 ++ ++snapd (2.53.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1946127 ++ - spread: run lxd tests with version from latest/stable ++ - secboot: use latest secboot with tpm legacy platform and v2 fully ++ optional (#10946) ++ - cmd/snap-confine: die when snap process is outside of snap ++ specific cgroup (2.53) ++ - interfaces/u2f-devices: add Nitrokey 3 ++ - Update the ubuntu-image channel to candidate ++ - Allow hostnames up to 253 characters, with dot-delimited elements ++ (as suggested by man 7 hostname). ++ - Disable i386 until it is possible to build snapd using lxd ++ - o/snapstate, hookstate: print remaining hold time on snapctl ++ --hold ++ - tests/snapd-sigterm: be more robust against service restart ++ - tests: add a regression test for snapd hanging on SIGTERM ++ - daemon: use the syscall connection to get the socket ++ credentials ++ - interfaces/builtin/hardware-observer: add /proc/bus/input/devices ++ too ++ - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for ++ s390x impish ++ - interface/modem-manager: add accept for MBIM/QMI proxy clients ++ - secboot: revert move to new version ++ ++ -- Ian Johnson Thu, 21 Oct 2021 11:55:31 -0500 ++ ++snapd (2.53-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1946127 ++ - overlord: fix generated snap-revision assertions in remodel unit ++ tests ++ - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` ++ - interfaces/modem-manager: add access to PCIe modems ++ - overlord/devicestate: record recovery capable system on a ++ successful remodel ++ - o/snapstate: use device ctx in prerequisite install/update ++ - osutil/disks: support filtering by mount opts in ++ MountPointsForPartitionRoot ++ - many: support an API flag system-restart-immediate to make snap ++ ops proceed immediately with system restarts ++ - osutil/disks: add RootMountPointsForPartition ++ - overlord/devicestate, tests: enable UC20 remodel, add spread tests ++ - cmd/snap: improve snap run help message ++ - o/snapstate: support ignore validation flag on install/update ++ - osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label ++ - desktop: implement gtk notification backend and provide minimal ++ notification api ++ - tests: use the latest cpu family for nested tests execution ++ - osutil/disks: add Partition struct and Disks.Partitions() ++ - o/snapstate: prevent install hang if prereq install fails ++ - osutil/disks: add Disk.KernelDevice{Node,Path} methods ++ - disks: add `Size(path)` helper ++ - tests: reset some mount units failing on ubuntu impish ++ - osutil/disks: add DiskFromDevicePath, other misc changes ++ - interfaces/apparmor: do not fail during initialization when there ++ is no AppArmor profile for snap-confine ++ - daemon: implement access checkers for themes API ++ - interfaces/seccomp: add clone3 to default template ++ - interfaces/u2f-devices: add GoTrust Idem Key ++ - o/snapstate: validation sets enforcing on update ++ - o/ifacestate: don't fail remove if disconnect hook fails ++ - tests: fix error trying to create the extra-snaps dir which ++ already exists ++ - devicestate: use EncryptionType ++ - cmd/libsnap-confine-private: workaround BPF memory accounting, ++ update apparmor profile ++ - tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is ++ false ++ - interfaces/dsp: add a usb rule to the ambarella flavor ++ - interfaces/apparmor/template.go: allow inspection of dbus ++ mediation level ++ - tests/main/security-device-cgroups: fix when both variants run on ++ the same host ++ - cmd/snap-confine: update s-c apparmor profile to allow versioned ++ ld.so ++ - many: rename systemd.Kind to Backend for a bit more clarity ++ - cmd/libsnap-confine-private: fix set but unused variable in the ++ unit tests ++ - tests: fix netplan test on i386 architecture ++ - tests: fix lxd-mount-units test which is based on core20 in ubuntu ++ focal system ++ - osutil/disks: add new `CreateLinearMapperDevice` helper ++ - cmd/snap: wait while inhibition file is present ++ - tests: cleanup the job workspace as first step of the actions ++ workflow ++ - tests: use our own image for ubuntu impish ++ - o/snapstate: update default provider if missing required content ++ - o/assertstate, api: update validation set assertions only when ++ updating all snaps ++ - fde: add HasDeviceUnlock() helper ++ - secboot: move to new version ++ - o/ifacestate: don't lose connections if snaps are broken ++ - spread: display information about current device cgroup in debug ++ dump ++ - sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp ++ - tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak ++ tests for cgroupv2, update builtin interfaces ++ - sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on ++ grade signed ++ - usersession/client: refactor doMany() method ++ - interfaces/builtin/opengl.go: add libOpenGL.so* too ++ - o/assertstate: check installed snaps when refreshing validation ++ set assertions ++ - osutil: helper for injecting run time faults in snapd ++ - tests: update test nested tool part 2 ++ - libsnap-confine: use the pid parameter ++ - gadget/gadget.go: LaidOutSystemVolumeFromGadget -> ++ LaidOutVolumesFromGadget ++ - tests: update the time tolerance to fix the snapd-state test ++ - .github/workflows/test.yaml: revert #10809 ++ - tests: rename interfaces-hooks-misbehaving spread test to install- ++ hook-misbehaving ++ - data/selinux: update the policy to allow s-c to manipulate BPF map ++ and programs ++ - overlord/devicestate: make settle wait longer in remodel tests ++ - kernel/fde: mock systemd-run in unit test ++ - o/ifacestate: do not create stray task in batchConnectTasks if ++ there are no connections ++ - gadget: add VolumeName to Volume and VolumeStructure ++ - cmd/libsnap-confine-private: use root when necessary for BPF ++ related operations ++ - .github/workflows/test.yaml: bump action-build to 1.0.9 ++ - o/snapstate: enforce validation sets/enforce on InstallMany ++ - asserts, snapstate: return full validation set keys from ++ CheckPresenceRequired and CheckPresenceInvalid ++ - cmd/snap: only log translation warnings in debug/testing ++ - tests/main/preseed: update for new base snap of the lxd snap ++ - tests/nested/manual: use loop for checking for initialize-system ++ task done ++ - tests: add a local snap variant to testing prepare-image gating ++ support ++ - tests/main/security-device-cgroups-strict-enforced: demonstrate ++ device cgroup being enforced ++ - store: one more tweak for the test action timeout ++ - github: do not fail when codecov upload fails ++ - o/devicestate: fix flaky test remodel clash ++ - o/snapstate: add ChangeID to conflict error ++ - tests: fix regex of TestSnapActionTimeout test ++ - tests: fix tests for 21.10 ++ - tests: add test for store.SnapAction() request timeout ++ - tests: print user sessions info on debug-each ++ - packaging: backports of golang-go 1.13 are good enough ++ - sysconfig/cloudinit: add cloudDatasourcesInUseForDir ++ - cmd: build gdb shims as static binaries ++ - packaging/ubuntu: pass GO111MODULE to dh_auto_test ++ - cmd/libsnap-confine-private, tests, sandbox: remove warnings about ++ cgroup v2, drop forced devmode ++ - tests: increase memory quota in quota-groups-systemd-accounting ++ - tests: be more robust against a new day stepping in ++ - usersession/xdgopenproxy: move PortalLauncher class to own package ++ - interfaces/builtin: fix microstack unit tests on distros using ++ /usr/libexec ++ - cmd/snap-confine: handle CURRENT_TAGS on systems that support it ++ - cmd/libsnap-confine-private: device cgroup v2 support ++ - o/servicestate: Update task summary for restart action ++ - packaging, tests/lib/prepare-restore: build packages without ++ network access, fix building debs with go modules ++ - systemd: add AtLeast() method, add mocking in systemdtest ++ - systemd: use text.template to generate mount unit ++ - o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command ++ - o/snapstate: optimize conflicts around snaps stored on ++ conditional-auto-refresh task ++ - tests/lib/prepare.sh: download core20 for UC20 runs via ++ BASE_CHANNEL ++ - mount-control: step 1 ++ - go: update go.mod dependencies ++ - o/snapstate: enforce validation sets on snap install ++ - tests: revert revert manual lxd removal ++ - tests: pre-cache snaps in classic and core systems ++ - tests/lib/nested.sh: split out additional helper for adding files ++ to VM imgs ++ - tests: update nested tool - part1 ++ - image/image_linux.go: add newline ++ - interfaces/block-devices: support to access the state of block ++ devices ++ - o/hookstate: require snap-refresh-control interface for snapctl ++ refresh --proceed ++ - build-aux: stage libgcc1 library into snapd snap ++ - configcore: add read-only netplan support ++ - tests: fix fakedevicesvc service already exists ++ - tests: fix interfaces-libvirt test ++ - tests: remove travis leftovers ++ - spread: bump delta ref to 2.52 ++ - packaging: ship the `snapd.apparmor.service` unit in debian ++ - packaging: remove duplicated `golang-go` build-dependency ++ - boot: record recovery capable systems in recovery bootenv ++ - tests: skip overlord tests on riscv64 due to timeouts. ++ - overlord/ifacestate: fix arguments in unit tests ++ - ifacestate: undo repository connection if doConnect fails ++ - many: remove unused parameters ++ - tests: failure of prereqs on content interface doesn't prevent ++ install ++ - tests/nested/manual/refresh-revert-fundamentals: fix variable use ++ - strutil: add Intersection() ++ - o/ifacestate: special-case system-files and force refreshing its ++ static attributes ++ - interface/builtin: add qualcomm-ipc-router interface for ++ AF_QIPCRTR socket protocol ++ - tests: new snapd-state tool ++ - codecov: fix files pathnames ++ - systemd: add mock systemd helper ++ - tests/nested/core/extra-snaps-assertions: fix the match pattern ++ - image,c/snap,tests: support enforcing validations in prepare-image ++ via --customize JSON validation enforce(|ignore) ++ - o/snapstate: enforce validation sets assertions when removing ++ snaps ++ - many: update deps ++ - interfaces/network-control: additional ethernet rule ++ - tests: use host-scaled settle timeout for hookstate tests ++ - many: move to go modules ++ - interfaces: no need for snapRefreshControlInterface struct ++ - interfaces: introduce snap-refresh-control interface ++ - tests: move interfaces-libvirt test back to 16.04 ++ - tests: bump the number of retries when waiting for /dev/nbd0p1 ++ - tests: add more space on ubuntu xenial ++ - spread: add 21.10 to qemu, remove 20.10 (EOL) ++ - packaging: add libfuse3-dev build dependency ++ - interfaces: add microstack-support interface ++ - wrappers: fix a bunch of duplicated service definitions in tests ++ - tests: use host-scaled timeout to avoid riscv64 test failure ++ - many: fix run-checks gofmt check ++ - tests: spread test for snapctl refresh --pending/--proceed from ++ the snap ++ - o/assertstate,daemon: refresh validation sets assertions with snap ++ declarations ++ - tests: migrate tests that are only executed on xenial to bionic ++ - tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs ++ - packaging: update master changelog for 2.51.7 ++ - sysconfig/cloudinit: fix bug around error state of cloud-init ++ - interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag ++ - interfaces/interfaces/ion-memory-control: add: add interface for ++ ion buf ++ - interfaces/dsp: add /dev/ambad into dsp interface ++ - tests: new spread log parser ++ - tests: check files and dirs are cleaned for each test ++ - o/hookstate/ctlcmd: unify the error message when context is ++ missing ++ - o/hookstate: support snapctl refresh --pending from snap ++ - many: remove unused/dead code ++ - cmd/libsnap-confine-private: add BPF support helpers ++ - interfaces/hardware-observe: add some dmi properties ++ - snapstate: abort kernel refresh if no gadget update can be found ++ - many: shellcheck fixes ++ - cmd/snap: add Size column to refresh --list ++ - packaging: build without dwarf debugging data ++ - snapstate: fix misleading `assumes` error message ++ - tests: fix restore in snapfuse spread tests ++ - o/assertstate: fix missing 'scheduled' header when auto refreshing ++ assertions ++ - o/snapstate: fail remove with invalid snap names ++ - o/hookstate/ctlcmd: correct err message if missing root ++ - .github/workflows/test.yaml: fix logic ++ - o/snapstate: don't hold some snaps if not all snaps can be held by ++ the given gating snap ++ - c-vendor.c: new c-vendor subdir ++ - store: make sure expectedZeroFields in tests gets updated ++ - overlord: add manager test for "assumes" checking ++ - store: deal correctly with "assumes" from the store raw yaml ++ - sysconfig/cloudinit.go: add functions for filtering cloud-init ++ config ++ - cgroup-support: allow to hide cgroupv2 warning via ENV ++ - gadget: Export mkfs functions for use in ubuntu-image ++ - tests: set to 10 minutes the kill timeout for tests failing on ++ slow boards ++ - .github/workflows/test.yaml: test github.events key ++ - i18n/xgettext-go: preserve already escaped quotes ++ - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp ++ v2.2.0-428-g5c22d4b ++ - github: do not try to upload coverage when working with cached run ++ - tests/main/services-install-hook-can-run-svcs: shellcheck issue ++ fix ++ - interfaces/u2f-devices: add Nitrokey FIDO2 ++ - testutil: add DeepUnsortedMatches Checker ++ - cmd, packaging: import BPF headers from kernel, detect whether ++ host headers are usable ++ - tests: fix services-refresh-mode test ++ - tests: clean snaps.sh helper ++ - tests: fix timing issue on security-dev-input-event-denied test ++ - tests: update systems for sru validation ++ - .github/workflows: add codedov again ++ - secboot: remove duplicate import ++ - tests: stop the service when is active in test interfaces- ++ firewall-control test ++ - packaging: remove TEST_GITHUB_AUTOPKGTEST support ++ - packaging: merge 2.51.6 changelog back to master ++ - secboot: use half the mem for KDF in AddRecoveryKey ++ - secboot: switch main key KDF memory cost to 32KB ++ - tests: remove the test user just when it was installed on create- ++ user-2 test ++ - spread: temporarily fix the ownership of /home/ubuntu/.ssh on ++ 21.10 ++ - daemon, o/snapstate: handle IgnoreValidation flag on install (2/3) ++ - usersession/agent: refactor common JSON validation into own ++ function ++ - o/hookstate: allow snapctl refresh --proceed from snaps ++ - cmd/libsnap-confine-private: fix issues identified by coverity ++ - cmd/snap: print logs in local timezone ++ - packaging: changelog for 2.51.5 to master ++ - build-aux: build with go-1.13 in the snapcraft build too ++ - config: rename "virtual" config to "external" config ++ - devicestate: add `snap debug timings --ensure=install-system` ++ - interfaces/builtin/raw_usb: fix platform typo, fix access to usb ++ devices accessible through platform ++ - o/snapstate: remove commented out code ++ - cmd/snap-device-helper: reimplement snap-device-helper ++ - cmd/libsnap-confine-private: fix coverity issues in tests, tweak ++ uses of g_assert() ++ - o/devicestate/handlers_install.go: add workaround to create dirs ++ for install ++ - o/assertstate: implement ValidationSetAssertionForEnforce helper ++ - clang-format: stop breaking my includes ++ - o/snapstate: allow auto-refresh limited to snaps affected by a ++ specific gating snap ++ - tests: fix core-early-config test to use tests.nested tool ++ - sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init ++ datasource ++ - c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags ++ to snap/snapctl ++ - corecfg: add "system.hostname" setting to the system settings ++ - wrappers: measure time to enable services in StartServices() ++ - configcore: fix early config timezone handling ++ - tests/nested/manual: enable serial assertions on testkeys nested ++ VM's ++ - configcore: fix a bunch of incorrect error returns ++ - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd ++ snap ++ - packaging: merge 2.51.4 changelog back to master ++ - {device,snap}state: skip kernel extraction in seeding ++ - vendor: move to snapshot-4c814e1 branch and set fixed KDF options ++ - tests: use bigger storage on ubuntu 21.10 ++ - snap: support links map in snap.yaml (and later from the store ++ API) ++ - o/snapstate: add AffectedByRefreshCandidates helper ++ - configcore: register virtual config for timezone reading ++ - cmd/libsnap-confine-private: move device cgroup files, add helper ++ to deny a device ++ - tests: fix cached-results condition in github actions workflow ++ - interfaces/tee: add support for Qualcomm qseecom device node ++ - packaging: fix build failure on bionic and simplify rules ++ - o/snapstate: affectedByRefresh tweaks ++ - tests: update nested wait for snapd command ++ - interfaces/builtin: allow access to per-user GTK CSS overrides ++ - tests/main/snapd-snap: install 4.x snapcraft to build the snapd ++ snap ++ - snap/squashfs: handle squashfs-tools 4.5+ ++ - asserts/snapasserts: CheckPresenceInvalid and ++ CheckPresenceRequired methods ++ - cmd/snap-confine: refactor device cgroup handling to enable easier ++ v2 integration ++ - tests: skip udp protocol on latest ubuntus ++ - cmd/libsnap-confine-private: g_spawn_check_exit_status is ++ deprecated since glib 2.69 ++ - interfaces: s/specifc/specific/ ++ - github: enable gofmt for Go 1.13 jobs ++ - overlord/devicestate: UC20 specific set-model, managers tests ++ - o/devicestate, sysconfig: refactor cloud-init config permission ++ handling ++ - config: add "virtual" config via config.RegisterVirtualConfig ++ - packaging: switch ubuntu to use golang-1.13 ++ - snap: change `snap login --help` to not mention "buy" ++ - tests: removing Ubuntu 20.10, adding 21.04 nested in spread ++ - tests/many: remove lxd systemd unit to prevent unexpected ++ leftovers ++ - tests/main/services-install-hook-can-run-svcs: make variants more ++ obvious ++ - tests: force snapd-session-agent.socket to be re-generated ++ ++ -- Michael Vogt Tue, 05 Oct 2021 20:29:14 +0200 ++ ++snapd (2.52.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1942646 ++ - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk` ++ for the disk (if not present already) ++ - many: support an API flag system-restart-immediate to make snap ++ ops proceed immediately with system restarts ++ - cmd/libsnap-confine-private: g_spawn_check_exit_status is ++ deprecated since glib 2.69 ++ - interfaces/seccomp: add clone3 to default template ++ - interfaces/apparmor/template.go: allow inspection of dbus ++ mediation level ++ - interfaces/dsp: add a usb rule to the ambarella flavor ++ - cmd/snap-confine: update s-c apparmor profile to allow versioned ++ ld.so ++ - o/ifacestate: don't lose connections if snaps are broken ++ - interfaces/builtin/opengl.go: add libOpenGL.so* too ++ - interfaces/hardware-observe: add some dmi properties ++ - build-aux: stage libgcc1 library into snapd snap ++ - interfaces/block-devices: support to access the state of block ++ devices ++ - packaging: ship the `snapd.apparmor.service` unit in debian ++ ++ -- Michael Vogt Tue, 05 Oct 2021 13:29:25 +0200 ++ ++snapd (2.52-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1942646 ++ - interface/builtin: add qualcomm-ipc-router interface for ++ AF_QIPCRTR socket protocol ++ - o/ifacestate: special-case system-files and force refreshing its ++ static attributes ++ - interfaces/network-control: additional ethernet rule ++ - packaging: update 2.52 changelog with 2.51.7 ++ - interfaces/interfaces/ion-memory-control: add: add interface for ++ ion buf ++ - packaging: merge 2.51.6 changelog back to 2.52 ++ - secboot: use half the mem for KDF in AddRecoveryKey ++ - secboot: switch main key KDF memory cost to 32KB ++ - many: merge release/2.51 change to release/2.52 ++ - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd ++ snap ++ - o/servicestate: use snap app names for ExplicitServices of ++ ServiceAction ++ - tests/main/services-install-hook-can-run-svcs: add variant w/o ++ --enable ++ - o/servicestate: revert only start enabled services ++ - tests: adding Ubuntu 21.10 to spread test suite ++ - interface/modem-manager: add support for MBIM/QMI proxy clients ++ - cmd/snap/model: support storage-safety and snaps headers too ++ - o/assertstate: Implement EnforcedValidationSets helper ++ - tests: using retry tool for nested tests ++ - gadget: check for system-save with multi volumes if encrypting ++ correctly ++ - interfaces: make the service naming entirely internal to systemd ++ BE ++ - tests/lib/reset.sh: fix removing disabled snaps ++ - store/store_download.go: use system snap provided xdelta3 priority ++ + fallback ++ - packaging: merge changelog from 2.51.3 back to master ++ - overlord: only start enabled services ++ - interfaces/builtin: add sd-control interface ++ - tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests, ++ use 2.45 ++ - tests/lib/reset.sh: add workaround from refresh-vs-services tests ++ for all tests ++ - o/assertstate: check for conflicts when refreshing and committing ++ validation set asserts ++ - devicestate: add support to save timings from install mode ++ - tests: new tests.nested commands copy and wait-for ++ - install: add a bunch of nested timings ++ - tests: drop any-python wrapper ++ - store: set ResponseHeaderTimeout on the default transport ++ - tests: fix test-snapd-user-service-sockets test removing snap ++ - tests: moving nested_exec to nested.tests exec ++ - tests: add tests about services vs snapd refreshes ++ - client, cmd/snap, daemon: refactor REST API for quotas to match ++ CLI org ++ - c/snap,asserts: create/delete-key external keypair manager ++ interaction ++ - tests: revert disable of the delta download tests ++ - tests/main/system-usernames-microk8s: disable on centos 7 too ++ - boot: support device change ++ - o/snapstate: remove unused refreshSchedule argument for ++ isRefreshHeld helper ++ - daemon/api_quotas.go: handle conflicts, returning conflict ++ response ++ - tests: test for gate-auto-refresh hook error resulting in hold ++ - release: 2.51.2 ++ - snapstate/check_snap: add snap_microk8s to shared system- ++ usernames ++ - snapstate: remove temporary snap file for local revisions early ++ - interface: allows reading sd cards internal info from block- ++ devices interface ++ - tests: Renaming tool nested-state to tests.nested ++ - testutil: fix typo in json checker unit tests ++ - tests: ack assertions by default, add --noack option ++ - overlord/devicestate: try to pick alternative recovery labels ++ during remodel ++ - bootloader/assets: update recovery grub to allow system labels ++ generated by snapd ++ - tests: print serial log just once for nested tests ++ - tests: remove xenial 32 bits ++ - sandbox/cgroup: do not be so eager to fail when paths do not exist ++ - tests: run spread tests in ubuntu bionic 32bits ++ - c/snap,asserts: start supporting ExternalKeypairManager in the ++ snap key-related commands ++ - tests: refresh control spread test ++ - cmd/libsnap-confine-private: do not fail on ENOENT, better getline ++ error handling ++ - tests: disable delta download tests for now until the store is ++ fixed ++ - tests/nested/manual/preseed: fix for cloud images that ship ++ without core18 ++ - boot: properly handle tried system model ++ - tests/lib/store.sh: revert #10470 ++ - boot, seed/seedtest: tweak test helpers ++ - o/servicestate: TODO and fix preexisting typo ++ - o/servicestate: detect conflicts for quota group operations ++ - cmd/snap/quotas: adjust help texts for quota commands ++ - many/quotas: little adjustments ++ - tests: add spread test for classic snaps content slots ++ - o/snapstate: fix check-rerefresh task summary when refresh control ++ is used ++ - many: use changes + tasks for quota group operations ++ - tests: fix test snap-quota-groups when checking file ++ cgroupProcsFile ++ - asserts: introduce ExternalKeypairManager ++ - o/ifacestate: do not visit same halt tasks in waitChainSearch to ++ avoid cycles ++ - tests/lib/store.sh: fix make_snap_installable_with_id() ++ - overlord/devicestate, overlord/assertstate: use a temporary DB ++ when creating recovery systems ++ - corecfg: allow using `# snapd-edit: no` header to disable pi- ++ config# snapd-edit: no ++ - tests/main/interfaces-ssh-keys: tweak checks for openSUSE ++ Tumbleweed ++ - cmd/snap: prevent cycles in waitChainSearch with snap debug state ++ - o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for ++ marking self as affecting ++ - tests: new parameter used by retry tool to set env vars ++ - tests: support parameters for match-log on journal-state tool ++ - configcore: ignore system.pi-config.* setting on measured kernels ++ - sandbox/cgroup: support freezing groups with unified ++ hierarchy ++ - tests: fix preseed test to used core20 snap on latest systems ++ - testutil: introduce a checker which compares the type after having ++ passed them through a JSON marshaller ++ - store: tweak error message when store.Sections() download fails ++ - o/servicestate: stop setting DoneStatus prematurely for quota- ++ control ++ - cmd/libsnap-confine-private: bump max depth of groups hierarchy to ++ 32 ++ - many: turn Contact into an accessor ++ - store: make the log with download size a debug one ++ - cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to ++ include search path" ++ - o/devicestate: move SystemMode method before first usage ++ - tests: skip tests when the sections cannot be retrieved ++ - boot: support resealing with a try model ++ - o/hookstate: dedicated handler for gate-auto-refresh hook ++ - tests: make sure the /root/snap dir is backed up on test snap- ++ user-dir-perms-fixed ++ - cmd/snap-confine: make mount ns use check cgroup v2 compatible ++ - snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set ++ - cmd/libsnap-confine-private/cgroup-support.c: Fix typo ++ - cmd/snap-confine, cmd/snapd-generator: fix issues identified by ++ sparse ++ - o/snapstate: make conditional-auto-refresh conflict with other ++ tasks via affected snaps ++ - many: pass device/model info to configcore via sysconfig.Device ++ interface ++ - o/hookstate: return bool flag from Error function of hook handler ++ to ignore hook errors ++ - cmd/snap-update-ns: add SRCDIR to include search path ++ - tests: fix for tests/main/lxd-mount-units test and enable ++ ubuntu-21.04 ++ - overlord, o/devicestate: use a single test helper for resetting to ++ a post boot state ++ - HACKING.md: update instructions for go1.16+ ++ - tests: fix restore for security-dev-input-event-denied test ++ - o/servicestate: move SetStatus to doQuotaControl ++ - tests: fix classic-prepare-image test ++ - o/snapstate: prune gating information and refresh-candidates on ++ snap removal ++ - o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add ++ mock helper ++ - cmd: a bunch of tweaks and updates ++ - o/servicestate: refactor meter handling, eliminate some common ++ parameters ++ - o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed ++ syntax. ++ - o/snapstate: prune refresh candidates in check-rerefresh ++ - osutil: pass --extrausers option to groupdel ++ - o/snapstate: remove refreshed snap from snaps-hold in ++ snapstate.doInstall ++ - tests/nested: add spread test for uc20 cloud.conf from gadgets ++ - boot: drop model from resealing and boostate ++ - o/servicestate, snap/quota: eliminate workaround for buggy ++ systemds, add spread test ++ - o/servicestate: introduce internal and servicestatetest ++ - o/servicestate/quota_control.go: enforce minimum of 4K for quota ++ groups ++ - overlord/servicestate: avoid unnecessary computation of disabled ++ services ++ - o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately ++ from snapctl ++ - o/snapstate: prune hold state during autoRefreshPhase1 ++ - wrappers/services.go: do not restart disabled or inactive ++ services ++ - sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed ++ config ++ - spread: switch LXD back to latest/candidate channel ++ - interfaces/opengl: add support for Imagination PowerVR ++ - boot: decouple model from seal/reseal handling via an auxiliary ++ type ++ - spread, tests/main/lxd: no longer manual, switch to latest/stable ++ - github: try out golangci-lint ++ - tests: set lxd test to manual until failures are fixed ++ - tests: connect 30% of the interfaces on test interfaces-many-core- ++ provided ++ - packaging/debian-sid: update snap-seccomp patches for latest ++ master ++ - many: fix imports order (according to gci) ++ - o/snapstate: consider held snaps in autoRefreshPhase2 ++ - o/snapstate: unlock the state before calling backend in ++ undoStartSnapServices ++ - tests: replace "not MATCH" by NOMATCH in tests ++ - README.md: refer to new IRC server ++ - cmd/snap-preseed: provide more error info if snap-preseed fails ++ early on mount ++ - daemon: add a Daemon argument to AccessChecker.CheckAccess ++ - c/snap-bootstrap: add bind option with tests ++ - interfaces/builtin/netlink_driver_test.go: add test snippet ++ - overlord/devicestate: set up recovery system tasks when attempting ++ a remodel ++ - osutil,strutil,testutil: fix imports order (according to gci) ++ - release: merge 2.51.1 changelog ++ - cmd: fix imports order (according to gci) ++ - tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control ++ interface ++ - o/servicestate: move handlers tests to quota_handlers_test.go file ++ instead ++ - interfaces: add netlink-driver interface ++ - interfaces: remove leftover debug print ++ - systemd: refactor property parsers for int values in ++ CurrentTasksCount, etc. ++ - tests: fix debug section for postrm-purge test ++ - tests/many: change all cloud-init passwords for ubuntu to use ++ plain_test_passwd ++ - asserts,interfaces,snap: fix imports order (according to gci) ++ - o/servicestate/quota_control_test.go: test the handlers directly ++ - tests: fix issue when checking the udev tag on test security- ++ device-cgroups ++ - many: introduce Store.SnapExists and use it in ++ /v2/accessories/themes ++ - o/snapstate: update LastRefreshTime in doLinkSnap handler ++ - o/hookstate: handle snapctl refresh --proceed and --hold ++ - boot: fix model inconsistency check in modeenv, extend unit tests ++ - overlord/servicestate: improve test robustness with locking ++ - tests: first part of the cleanup ++ - tests: new note in HACKING file to clarify about ++ yamlordereddictloader dependency ++ - daemon: make CheckAccess return an apiError ++ - overlord: fix imports ordering (according to gci) ++ - o/servicestate: add quotastate handlers ++ - boot: track model's sign key ID, prepare infra for tracking ++ candidate model ++ - daemon: have apiBaseSuite.errorReq return *apiError directly ++ - o/servicestate/service_control.go: add comment about ++ ExplicitServices ++ - interfaces: builtin: add dm-crypt interface to support external ++ storage encryption ++ - daemon: split out error response code from response*.go to ++ errors*.go ++ - interfaces/dsp: fix typo in udev rule ++ - daemon,o/devicestate: have DeviceManager.SystemMode take an ++ expectation on the system ++ - o/snapstate: add helpers for setting and querying holding time for ++ snaps ++ - many: fix quota groups for centos 7, amazon linux 2 w/ workaround ++ for buggy systemd ++ - overlord/servicestate: mv ensureSnapServicesForGroup to new file ++ - overlord/snapstate: lock the mutex before returning from stop snap ++ services undo ++ - daemon: drop resp completely in favor of using respJSON ++ consistently ++ - overlord/devicestate: support for snap downloads in recovery ++ system handlers ++ - daemon: introduce a separate findResponse, simplify SyncRespone ++ and drop Meta ++ - overlord/snapstate, overlord/devicestate: exclusive change ++ conflict check ++ - wrappers, packaging, snap-mgmt: handle removing slices on purge ++ too ++ - services: remember if acting on the entire snap ++ - store: extend context and action objects of SnapAction with ++ validation-sets ++ - o/snapstate: refresh control - autorefresh phase2 ++ - cmd/snap/quota: refactor quota CLI as per new design ++ - interfaces: opengl: change path for Xilinx zocl driver ++ - tests: update spread images for ubuntu-core-20 and ubuntu-21.04 ++ - o/servicestate/quota_control_test.go: change helper escaping ++ - o/configstate/configcore: support snap set system swap.size=... ++ - o/devicestate: require serial assertion before remodeling can be ++ started ++ - systemd: improve systemctl error reporting ++ - tests/core/remodel: use model assertions signed with valid keys ++ - daemon: use apiError for more of the code ++ - store: fix typo in snapActionResult struct json tag ++ - userd: mock `systemd --version` in privilegedDesktopLauncherSuite ++ - packaging/fedora: sync with downstream packaging ++ - daemon/api_quotas.go: include current memory usage information in ++ results ++ - daemon: introduce StructuredResponse and apiError ++ - o/patch: check if we have snapd snap with correct snap type ++ already in snapstate ++ - tests/main/snapd-snap: build the snapd snap on all platforms with ++ lxd ++ - tests: new commands for snaps-state tool ++ - tests/main/snap-quota-groups: add functional spread test for quota ++ groups ++ - interfaces/dsp: add /dev/cavalry into dsp interface ++ - cmd/snap/cmd_info_test.go: make test robust against TZ changes ++ - tests: moving to tests directories snaps built locally - part 2 ++ - usersession/userd: fix unit tests on systems using /var/lib/snapd ++ - sandbox/cgroup: wait for pid to be moved to the desired cgroup ++ - tests: fix snap-user-dir-perms-fixed vs format checks ++ - interfaces/desktop-launch: support confined snaps launching other ++ snaps ++ - features: enable dbus-activation by default ++ - usersession/autostart: change ~/snap perms to 0700 on startup ++ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid ++ - tests: new test static checker ++ - release-tool/changelog.py: misc fixes from real world usage ++ - release-tools/changelog.py: add function to generate github ++ release template ++ - spread, tests: Fedora 32 is EOL, drop it ++ - o/snapstate: bump max postponement from 60 to 95 days ++ - interfaces/apparmor: limit the number of jobs when running with a ++ single CPU ++ - packaging/fedora/snapd.spec: correct date format in changelog ++ - packaging: merge 2.51 changelog back to master ++ - packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs, ++ placeholder for 2.51 ++ - interfaces: allow read access to /proc/tty/drivers to modem- ++ manager and ppp/dev/tty ++ ++ -- Ian Johnson Fri, 03 Sep 2021 16:06:15 -0500 ++ ++snapd (2.51.7-2) unstable; urgency=medium ++ ++ * debian: cherry-pick PR#10745 ++ - cherry pick https://github.com/snapcore/snapd/pull/10745 ++ (closes: #993783) ++ * debian/control: ++ - build with go-1.15 for now until snapd-2.52 is released ++ which fully supports go.mod ++ ++ -- Michael Vogt Tue, 07 Sep 2021 13:53:22 +0200 ++ ++snapd (2.51.7-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp ++ v2.2.0-428-g5c22d4b1 ++ - tests: cherry-pick shellcheck fix `bd730fd4` ++ - interfaces/dsp: add /dev/ambad into dsp interface ++ - many: shellcheck fixes ++ - snapstate: abort kernel refresh if no gadget update can be found ++ - overlord: add manager test for "assumes" checking ++ - store: deal correctly with "assumes" from the store raw yaml ++ ++ -- Michael Vogt Wed, 01 Sep 2021 13:32:06 +0200 ++ ++snapd (2.51.6-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - secboot: use half the mem for KDF in AddRecoveryKey ++ - secboot: switch main key KDF memory cost to 32KB ++ ++ -- Ian Johnson Thu, 19 Aug 2021 15:49:47 -0500 ++ ++snapd (2.51.5-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - snap/squashfs: handle squashfs-tools 4.5+ ++ - tests/core20-install-device-file-install-via-hook-hack: adjust ++ test for 2.51 ++ - o/devicestate/handlers_install.go: add workaround to create dirs ++ for install ++ - tests: fix linter warning ++ - tests: update other spread tests for new behaviour ++ - tests: ack assertions by default, add --noack option ++ - release-tools/changelog.py: also fix opensuse changelog date ++ format ++ - release-tools/changelog.py: fix typo in function name ++ - release-tools/changelog.py: fix fedora date format ++ - release-tools/changelog.py: handle case where we don't have a TZ ++ - release-tools/changelog.py: fix line length check ++ - release-tools/changelog.py: specify the LP bug for the release as ++ an arg too ++ - interface/modem-manager: add support for MBIM/QMI proxy ++ clients ++ - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd ++ snap ++ ++ -- Ian Johnson Mon, 16 Aug 2021 15:02:40 -0500 ++ ++snapd (2.51.4-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - {device,snap}state: skip kernel extraction in seeding ++ - vendor: move to snapshot-4c814e1 branch and set fixed KDF options ++ - tests/interfaces/tee: fix HasLen check for udev snippets ++ - interfaces/tee: add support for Qualcomm qseecom device node ++ - gadget: check for system-save with multi volumes if encrypting ++ correctly ++ - gadget: drive-by: drop unnecessary/supported passthrough in test ++ gadget.yaml ++ ++ -- Ian Johnson Mon, 09 Aug 2021 18:56:18 -0500 ++ ++snapd (2.51.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - interfaces/builtin: add sd-control interface ++ - store: set ResponseHeaderTimeout on the default transport ++ ++ -- Ian Johnson Wed, 14 Jul 2021 15:26:54 -0500 ++ ++snapd (2.51.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - snapstate: remove temporary snap file for local revisions early ++ - interface: allows reading sd cards internal info from block- ++ devices interface ++ - o/ifacestate: do not visit same halt tasks in waitChainSearch to ++ avoid slow convergence (or unlikely cycles) ++ - corecfg: allow using `# snapd-edit: no` header to disable pi- ++ config ++ - configcore: ignore system.pi-config.* setting on measured kernels ++ - many: pass device/model info to configcore via sysconfig.Device ++ interface ++ - o/configstate/configcore: support snap set system swap.size=... ++ - store: make the log with download size a debug one ++ - interfaces/opengl: add support for Imagination PowerVR ++ ++ -- Michael Vogt Wed, 07 Jul 2021 15:35:46 +0200 ++ ++snapd (2.51.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - interfaces: add netlink-driver interface ++ - interfaces: builtin: add dm-crypt interface to support external ++ storage encryption ++ - interfaces/dsp: fix typo in udev rule ++ - overlord/snapstate: lock the mutex before returning from stop ++ snap services undo ++ - interfaces: opengl: change path for Xilinx zocl driver ++ - interfaces/dsp: add /dev/cavalry into dsp interface ++ - packaging/fedora/snapd.spec: correct date format in changelog ++ ++ -- Michael Vogt Tue, 15 Jun 2021 12:45:08 +0200 ++ ++snapd (2.51-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1929842 ++ - cmd/snap: stacktraces debug endpoint ++ - secboot: deactivate volume again when model checker fails ++ - store: extra log message, a few minor cleanups ++ - packaging/debian-sid: update systemd patch ++ - snapstate: adjust update-gadget-assets user visible message ++ - tests/nested/core/core20-create-recovery: verify that recovery ++ system can be created at runtime ++ - gadget: support creating vfat partitions during bootstrap ++ - daemon/api_quotas.go: support updating quotas with ensure action ++ - daemon: tighten access to a couple of POST endpoints that should ++ be really be root-only ++ - seed/seedtest, overlord/devicestate: move seed validation helper ++ to seedtest ++ - overlord/hookstate/ctlcmd: remove unneeded parameter ++ - snap/quota: add CurrentMemoryUsage for current memory usage of a ++ quota group ++ - systemd: add CurrentMemoryUsage to get current memory usage for a ++ unit ++ - o/snapstate: introduce minimalInstallInfo interface ++ - o/hookstate: print pending info (ready, inhibited or none) ++ - osutil: a helper to find out the total amount of memory in the ++ system ++ - overlord, overlord/devicestate: allow for reloading modeenv in ++ devicemgr when testing ++ - daemon: refine access testing ++ - spread: disable unattended-upgrades on debian ++ - tests/lib/reset: make nc exit after a while when connection is ++ idle ++ - daemon: replace access control flags on commands with access ++ checkers ++ - release-tools/changelog.py: refactor regexp + file reading/writing ++ - packaging/debian-sid: update locale patch for the latest master ++ - overlord/devicestate: tasks for creating recovery systems at ++ runtime ++ - release-tools/changelog.py: implement script to update all the ++ changelog files ++ - tests: change machine type used for nested testsPrices: ++ - cmd/snap: include locale when linting description being lower case ++ - o/servicestate: add RemoveSnapFromQuota ++ - interfaces/serial-port: add Qualcomm serial port devices to ++ allowed list ++ - packaging: merge 2.50.1 changelog back ++ - interfaces/builtin: introduce raw-input interface ++ - tests: remove tests.cleanup prepare from nested test ++ - cmd/snap-update-ns: fix linter errors ++ - asserts: fix errors reported by linter ++ - o/hookstate/ctlcmd: allow system-mode for non-root ++ - overlord/devicestate: comment why explicit system mode check is ++ needed in ensuring tried recovery systems (#10275) ++ - overlord/devicesate: observe snap writes when creating recovery ++ systems ++ - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1 ++ - tests: moving to tests directories snaps built locally - part 1 ++ - seed/seedwriter: fail early when system seed directory exists ++ - o/snapstate: autorefresh phase1 for refresh-control ++ - c/snap: more precise message for ErrorKindSystemRestart op != ++ reboot ++ - tests: simplify the tests.cleanup tool ++ - boot: helpers for manipulating current and good recovery systems ++ list ++ - o/hookstate, o/snapstate: print revision, version, channel with ++ snapctl --pending ++ - overlord: unit test tweaks, use well known snap IDs, setup snap ++ declarations for most common snaps ++ - tests/nested/manual: add test for install-device + snapctl reboot ++ - o/servicestate: restart slices + services on modifications ++ - tests: update mount-ns test to support changes in the distro ++ - interfaces: fix linter issues ++ - overlord: mock logger in managers unit tests ++ - tests: adding support for fedora-34 ++ - tests: adding support for debian 10 on gce ++ - boot: reseal given keys when the respective boot chain has changed ++ - secboot: switch encryption key size to 32 byte (thanks to Chris) ++ - interfaces/dbus: allow claiming 'well-known' D-Bus names with a ++ wildcard suffix ++ - spread: bump delta reference version ++ - interfaces: builtin: update permitted paths to be compatible with ++ UC20 ++ - overlord: fix errors reported by linter ++ - tests: remove old fedora systems from tests ++ - tests: update spread url ++ - interfaces/camera: allow devices in /sys/devices/platform/**/usb* ++ - interfaces/udisks2: Allow access to the login manager via dbus ++ - cmd/snap: exit normally if "snap changes" has no changes ++ (LP #1823974) ++ - tests: more fixes for spread suite on openSUSE ++ - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed ++ - daemon: fix linter errors ++ - spread: add Fedora 34, leave a TODO about dropping Fedora 32 ++ - interfaces: fix linter errors ++ - tests: use op.paths tools instead of dirs.sh helper - part 2 ++ - client: Fix linter errors ++ - cmd/snap: Fix errors reported by linter ++ - cmd/snap-repair: fix linter issues ++ - cmd/snap-bootstrap: Fix linter errors ++ - tests: update permission denied message for test-snapd-event on ++ ubuntu 2104 ++ - cmd/snap: small tweaks based on previous reviews ++ - snap/snaptest: helper that mocks both the squashfs file and a snap ++ directory ++ - overlord/devicestate: tweak comment about creating recovery ++ systems, formatting tweaks ++ - overlord/devicestate: move devicemgr base suite helpers closer to ++ test suite struct ++ - overlord/devicestate: keep track of tried recovery system ++ - seed/seedwriter: clarify in the diagram when SetInfo is called ++ - overlord/devicestate: add helper for creating recovery systems at ++ runtime ++ - snap-seccomp: update syscalls.go list ++ - boot,image: support image.Customizations.BootFlags ++ - overlord: support snapctl --halt|--poweroff in gadget install- ++ device ++ - features,servicestate: add experimental.quota-groups flag ++ - o/servicestate: address comments from previous PR ++ - tests: basic spread test for snap quota commands ++ - tests: moving the snaps which are not locally built to the store ++ directory ++ - image,c/snap: implement prepare-image --customize ++ - daemon: implement REST API for quota groups (create / list / get) ++ - cmd/snap, client: snap quotas command ++ - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods ++ and snapctl system-mode ++ - o/servicestate/quota_control.go: introduce (very) basic group ++ manipulation methods ++ - cmd/snap, client: snap remove-quota command ++ - wrappers, quota: implement quota groups slice generation ++ - snap/quotas: followups from previous PR ++ - cmd/snap: introduce 'snap quota' command ++ - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in ++ uc20 run mode ++ - o/servicestate: test has internal ordering issues, consider both ++ cases ++ - o/servicestate/quotas: add functions for getting and setting ++ quotas in state ++ - tests: new buckets for snapd-spread project on gce ++ - spread.yaml: update the gce project to start using snapd-spread ++ - quota: new package for managing resource groups ++ - many: bind and check keys against models when using FDE hooks v2 ++ - many: move responsibilities down seboot -> kernel/fde and boot -> ++ secboot ++ - packaging: add placeholder changelog ++ - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap ++ bug ++ - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu ++ Core system ++ - many: hide EncryptionKey size and refactors for fde hook v2 next ++ steps ++ - tests: adding debug info for create user tests ++ - o/hookstate: add "refresh" command to snapctl (hidden, not ++ complete yet) ++ - systemd: wait for zfs mounts (LP #1922293) ++ - testutil: support referencing files in FileEquals checker ++ - many: refactor to kernel/fde and allow `fde-setup initial-setup` ++ to return json ++ - o/snapstate: store refresh-candidates in the state ++ - o/snapstate: helper for creating gate-auto-refresh hooks ++ - bootloader/bootloadertest: provide interface implementation as ++ mixins, provide a mock for recovery-aware-trusted-asses bootloader ++ - tests/lib/nested: do not compress images, return early when ++ restored from pristine image ++ - boot: split out a helper for making recovery system bootable ++ - tests: update os.query check to match new bullseye codename used ++ on sid images ++ - o/snapstate: helper for getting snaps affected by refresh, define ++ new hook ++ - wrappers: support in EnsureSnapServices a callback to observe ++ changes (#10176) ++ - gadget: multi line support in gadget's cmdline file ++ - daemon: test that requesting restart from (early) Ensure works ++ - tests: use op.paths tools instead of dirs.sh helper - part 1 ++ - tests: add new command to snaps-state to get current core, kernel ++ and gadget ++ - boot, gadget: move opening the snap container into the gadget ++ helper ++ - tests, overlord: extend unit tests, extend spread tests to cover ++ full command line support ++ - interfaces/builtin: introduce dsp interface ++ - boot, bootloader, bootloader/assets: support for full command line ++ override from gadget ++ - overlord/devicestate, overlord/snapstate: add task for updating ++ kernel command lines from gadget ++ - o/snapstate: remove unused DeviceCtx argument of ++ ensureInstallPreconditions ++ - tests/lib/nested: proper status return for tpm/secure boot checks ++ - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars ++ - wrappers/services.go: refactor helper lambda function to separate ++ function ++ - boot/flags.go: add HostUbuntuDataForMode ++ - boot: handle updating of components that contribute to kernel ++ command line ++ - tests: add 20.04 to systems for nested/core ++ - daemon: add new accessChecker implementations ++ - boot, overlord/devicestate: consider gadget command lines when ++ updating boot config ++ - tests: fix prepare-image-grub-core18 for arm devices ++ - tests: fix gadget-kernel-refs-update-pc test on arm and when ++ $TRUST_TEST_KEY is false ++ - tests: enable help test for all the systems ++ - boot: set extra command line arguments when preparing run mode ++ - boot: load bits of kernel command line from gadget snaps ++ - tests: update layout for tests - part 2 ++ - tests: update layout for tests - part 1 ++ - tests: remove the snap profiler from the test suite ++ - boot: drop gadget snap yaml which is already defined elsewhere in ++ the tests ++ - boot: set extra kernel command line arguments when making a ++ recovery system bootable ++ - boot: pass gadget path to command line helpers, load gadget from ++ seed ++ - tests: new os.paths tool ++ - daemon: make ucrednetGet() return a *ucrednet structure ++ - boot: derive boot variables for kernel command lines ++ - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from ++ initramfs ++ ++ -- Ian Johnson Thu, 27 May 2021 11:15:20 -0500 ++ ++snapd (2.50.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1926005 ++ - interfaces: update permitted /lib/.. paths to be compatible with ++ UC20 ++ - interfaces: builtin: update permitted paths to be compatible with ++ UC20 ++ - interfaces/greengrass-support: delete white spaces at the end of ++ lines ++ - snap-seccomp: update syscalls.go list ++ - many: backport kernel command line for 2.50 ++ - interfaces/dbus: allow claiming 'well-known' D-Bus names with a ++ wildcard suffix ++ - interfaces/camera: allow devices in /sys/devices/platform/**/usb* ++ - interfaces/builtin: introduce dsp interface ++ ++ -- Ian Johnson Wed, 19 May 2021 10:46:02 -0500 ++ ++snapd (2.50-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1926005 ++ - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu ++ Core system ++ - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug ++ - o/servicestate/servicemgr.go: add ensure loop for snap service ++ units ++ - wrappers/services.go: introduce EnsureSnapServices() ++ - snapstate: add "kernel-assets" to featureSet ++ - systemd: wait for zfs mounts ++ - overlord: make servicestate responsible to compute ++ SnapServiceOptions ++ - boot,tests: move where we write boot-flags one level up ++ - o/configstate: don't pass --root=/ when ++ masking/unmasking/enabling/disabling services ++ - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to ++ /run ++ - gadget: be more flexible with kernel content resolving ++ - boot, cmd/snap: include extra cmdline args in debug boot-vars ++ output ++ - boot: support read/writing boot-flags from userspace/initramfs ++ - interfaces/pwm: add PWM interface ++ - tests/lib/prepare-restore.sh: clean out snapd changes and snaps ++ before purging ++ - systemd: enrich UnitStatus returned by systemd.Status() with ++ Installed flag ++ - tests: updated restore phase of spread tests - part 1 ++ - gadget: add support for kernel command line provided by the gadget ++ - tests: Using GO111MODULE: "off" in spread.yaml ++ - features: add gate-auto-refresh-hook feature flag ++ - spread: ignore linux kernel upgrade in early stages for arch ++ preparation ++ - tests: use snaps-state commands and remove them from the snaps ++ helper ++ - o/configstate: fix panic with a sequence of config unset ops over ++ same path ++ - api: provide meaningful error message on connect/disconnect for ++ non-installed snap ++ - interfaces/u2f-devices: add HyperFIDO Pro ++ - tests: add simple sanity check for systemctl show ++ --property=UnitFileState for unknown service ++ - tests: use tests.session tool on interfaces-desktop-document- ++ portal test ++ - wrappers: install D-Bus service activation files for snapd session ++ tools on core ++ - many: add x-gvfs-hide option to mount units ++ - interfaces/builtin/gpio_test.go: actually test the generated gpio ++ apparmor ++ - spread: tentative workaround for arch failure caused by libc ++ upgrade and cgroups v2 ++ - tests: add spread test for snap validate against store assertions ++ - tests: remove snaps which are not used in any test ++ - ci: set the accept-existing-contributors parameter for the cla- ++ check action ++ - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and ++ some apiBaseSuite cosmetics) ++ - o/devicestate/devicemgr: register install-device hook, run if ++ present in install ++ - o/configstate/configcore: simple refactors in preparation for new ++ function ++ - tests: unifying the core20 nested suite with the core nested suite ++ - tests: uboot-unpacked-assets updated to reflect the real path used ++ to find the kernel ++ - daemon: switch api_test.go to daemon_test and various other ++ cleanups ++ - o/configstate/configcore/picfg.go: add hdmi_cvt support ++ - interfaces/apparmor: followup cleanups, comments and tweaks ++ - boot: cmd/snap-bootstrap: handle a candidate recovery system v2 ++ - overlord/snapstate: skip catalog refresh when snappy testing is ++ enabled ++ - overlord/snapstate, overlord/ifacestate: move late security ++ profile removal to ifacestate ++ - snap-seccomp: fix seccomp test on ppc64el ++ - interfaces, interfaces/apparmor, overlord/snapstate: late removal ++ of snap-confine apparmor profiles ++ - cmd/snap-bootstrap/initramfs-mounts: move time forward using ++ assertion times ++ - tests: reset the system while preparing the test suite ++ - tests: fix snap-advise-command check for 429 ++ - gadget: policy for gadget/kernel refreshes ++ - o/configstate: deal with no longer valid refresh.timer=managed ++ - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 ++ - cla-check: Use has-signed-canonical-cla GitHub Action ++ - tests: validation sets spread test ++ - tests: simplify the reset.sh logic by removing not needed command ++ - overlord/snapstate: make sure that snapd current symlink is not ++ removed during refresh ++ - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20 ++ - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data ++ is base64 ++ - o/devicestate: split off ensuring next boot goes to run mode into ++ new task ++ - tests: fix cgroup-tracking test ++ - boot: export helper for clearing tried system state, add tests ++ - cmd/snap: use less aggressive client timeouts in unit tests ++ - daemon: fix signing key validity timestamp in unit tests ++ - o/{device,hook}state: encode fde-setup-request key as base64 ++ string ++ - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ ++ - cmd/snap/pack: unhide the compression option ++ - boot: extend set try recovery system unit tests ++ - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use ++ secboot's implicit fallback ++ - o/configstate/configcore: add hdmi_timings to pi-config ++ - snapstate: reduce reRefreshRetryTimeout to 1/2 second ++ - interfaces/tee: add TEE/OPTEE interface ++ - o/snapstate: update validation sets assertions with auto-refresh ++ - vendor: update go-tpm2/secboot to latest version ++ - seed: ReadSystemEssentialAndBetterEarliestTime ++ - tests: replace while commands with the retry tool ++ - interfaces/builtin: update unit tests to use proper distro's ++ libexecdir ++ - tests: run the reset.sh helper and check test invariants while the ++ test is restored ++ - daemon: switch preexisting daemon_test tests to apiBaseSuite and ++ .req ++ - boot, o/devicestate: split makeBootable20 into two parts ++ - interfaces/docker-support: add autobind unix rules to docker- ++ support ++ - interfaces/apparmor: allow reading ++ /proc/sys/kernel/random/entropy_avail ++ - tests: use retry tool instead a loops ++ - tests/main/uc20-create-partitions: fix tests cleanup ++ - asserts: mode where Database only assumes cur time >= earliest ++ time ++ - daemon: validation sets/api tests cleanup ++ - tests: improve tests self documentation for nested test suite ++ - api: local assertion fallback when it's not in the store ++ - api: validation sets monitor mode ++ - tests: use fs-state tool in interfaces tests ++ - daemon: move out /v2/login|logout and errToResponse tests from ++ api_test.go ++ - boot: helper for inspecting the outcome of a recovery system try ++ - o/configstate, o/snapshotstate: fix handling of nil snap config on ++ snapshot restore ++ - tests: update documentation and checks for interfaces tests ++ - snap-seccomp: add new `close_range` syscall ++ - boot: revert #10009 ++ - gadget: remove `device-tree{,-origin}` from gadget tests ++ - boot: simplify systems test setup ++ - image: write resolved-content from snap prepare-image ++ - boot: reseal the run key for all recovery systems, but recovery ++ keys only for the good ones ++ - interfaces/builtin/network-setup-{control,observe}: allow using ++ netplan directly ++ - tests: improve sections prepare and restore - part 1 ++ - tests: update details on task.yaml files ++ - tests: revert os.query usage in spread.yaml ++ - boot: export bootAssetsMap as AssetsMap ++ - tests/lib/prepare: fix repacking of the UC20 kernel snap for with ++ ubuntu-core-initramfs 40 ++ - client: protect against reading too much data from stdin ++ - tests: improve tests documentation - part 2 ++ - boot: helper for setting up a try recover system ++ - tests: improve tests documentation - part 1 ++ - tests/unit/go: use tests.session wrapper for running tests as a ++ user ++ - tests: improvements for snap-seccomp-syscalls ++ - gadget: simplify filterUpdate (thanks to Maciej) ++ - tests/lib/prepare.sh: use /etc/group and friends from the core20 ++ snap ++ - tests: fix tumbleweed spread tests part 2 ++ - tests: use new commands of os.query tool on tests ++ - o/snapshotstate: create snapshots directory on import ++ - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list ++ - packaging: drop 99-snapd.conf via dpkg-maintscript-helper ++ - osutil: add SetTime() w/ 32-bit and 64-bit implementations ++ - interfaces/wayland: rm Xwayland Xauth file access from wayland ++ slot ++ - packaging/ubuntu-16.04/rules: turn modules off explicitly ++ - gadget,devicestate: perform kernel asset update for $kernel: style ++ refs ++ - cmd/recovery: small fix for `snap recovery` tab output ++ - bootloader/lkenv: add recovery systems related variables ++ - tests: fix new tumbleweed image ++ - boot: fix typo, should be systems ++ - o/devicestate: test that users.create.automatic is configured ++ early ++ - asserts: use Fetcher in AddSequenceToUpdate ++ - daemon,o/c/configcore: introduce users.create.automatic ++ - client, o/servicestate: expose enabled state of user daemons ++ - boot: helper for checking and marking tried recovery system status ++ from initramfs ++ - asserts: pool changes for validation-sets (#9930) ++ - daemon: move the last api_foo_test.go to daemon_test ++ - asserts: include the assertion timestamp in error message when ++ outside of signing key validity range ++ - ovelord/snapshotstate: keep a few of the last line tar prints ++ before failing ++ - gadget/many: rm, delay sector size + structure size checks to ++ runtime ++ - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors ++ - interfaces: add allegro-vcu and media-control interfaces ++ - interfaces: opengl: add Xilinx zocl bits ++ - mkversion: check that version from changelog is set before ++ overriding the output version ++ - many: fix new ineffassign warnings ++ - .github/workflows/labeler.yaml: try work-around to not sync ++ labels ++ - cmd/snap, boot: add debug set-boot-vars ++ - interfaces: allow reading the Xauthority file KDE Plasma writes ++ for Wayland sessions ++ - tests/main/snap-repair: test running repair assertion w/ fakestore ++ - tests: disable lxd tests for 21.04 until the lxd images are ++ published for the system ++ - tests/regression/lp-1910456: cleanup the /snap symlink when done ++ - daemon: move single snap querying and ops to api_snaps.go ++ - tests: fix for preseed and dbus tests on 21.04 ++ - overlord/snapshotstate: include the last message printed by tar in ++ the error ++ - interfaces/system-observe: Allow reading /proc/zoneinfo ++ - interfaces: remove apparmor downgrade feature ++ - snap: fix unit tests on Go 1.16 ++ - spread: disable Go modules support in environment ++ - tests: use new path to find kernel.img in uc20 for arm devices ++ - tests: find files before using cat command when checking broadcom- ++ asic-control interface ++ - boot: introduce good recovery systems, provide compatibility ++ handling ++ - overlord: add manager gadget refresh test ++ - tests/lib/fakestore: support repair assertions too ++ - github: temporarily disable action labeler due to issues with ++ labels being removed ++ - o/devicestate,many: introduce DeviceManager.preloadGadget for ++ EarlyConfig ++ - tests: enable ubuntu 21.04 for spread tests ++ - snap: provide a useful error message if gdbserver is not installed ++ - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 ++ - tests/lib/prepare.sh: split reflash.sh into two parts ++ - packaging/opensuse: sync with openSUSE packaging ++ - packaging: disable Go modules in snapd.mk ++ - snap: add deprecation noticed to "snap run --gdb" ++ - daemon: add API for checking and installing available theme snaps ++ - tests: using labeler action to add automatically a label to run ++ nested tests ++ - gadget: improve error handling around resolving content sources ++ - asserts: repeat the authority cross-check in CheckSignature as ++ well ++ - interfaces/seccomp/template.go: allow copy_file_range ++ - o/snapstate/check_snap.go: add support for many subversions in ++ assumes snapdX.. ++ - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go ++ - wrappers: use proper paths for mocked mount units in tests ++ - snap: rename gdbserver option to `snap run --gdbserver` ++ - store: support validation sets with fetch-assertions action ++ - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky ++ - packaging/fedora: sync with downstream packaging in Fedora ++ - many: add Delegate=true to generated systemd units for special ++ interfaces (master) ++ - boot: use a common helper for mocking boot assets in cache ++ - api: validate snaps against validation set assert from the store ++ - wrappers: don't generate an [Install] section for timer or dbus ++ activated services ++ - tests/nested/core20/boot-config-update: skip when snapd was not ++ built with test features ++ - o/configstate,o/devicestate: introduce devicestate.EarlyConfig ++ implemented by configstate.EarlyConfig ++ - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name ++ - interfaces/builtin: mock distribution in fontconfig cache unit ++ tests ++ - tests/lib/prepare.sh: add another console= to the reflash magic ++ grub entry ++ - overlord/servicestate: expose dbus activators of a service ++ - desktop/notification: test against a real session bus and ++ notification server implementation ++ - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for ++ recover+install ++ - HACKING.md: explain how to run UC20 spread tests with QEMU ++ - asserts: introduce AtSequence ++ - overlord/devicestate: task for updating boot configs, spread test ++ - gadget: fix documentation/typos ++ - gadget: cleanup MountedFilesystem{Writer,Updater} ++ - gadget: use ResolvedSource in MountedFilesystemWriter ++ - snap/info.go: add doc-comment for SortServices ++ - interfaces: add an optional mount-host-font-cache plug attribute ++ to the desktop interface ++ - osutil: skip TestReadBuildGo inside sbuild ++ - o/hookstate/ctlcmd: add optional --pid and --apparmor-label ++ arguments to "snapctl is-connected" ++ - data/env/snapd: use quoting in case PATH contains spaces ++ - boot: do not observe successful boot assets if not in run mode ++ - tests: fix umount for snapd snap on fsck-on-boot testumount: ++ /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount ++ - misc: little tweaks ++ - snap/info.go: ignore unknown daemons in SortSnapServices ++ - devicestate: keep log from install-mode on installed system ++ - seed: add LoadEssentialMeta to seed16 and allow all of its ++ implementations to be called multiple times ++ - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in ++ seeds ++ - tests/core/uc20-recovery: move recover mode helpers to generic ++ testslib script ++ - interfaces/fwupd: allow any distros to access fw files via fwupd ++ - store: method for fetching validation set assertion ++ - store: switch to v2/assertions api ++ - gadget: add new ResolvedContent and populate from LayoutVolume() ++ - spread: use full format when listing processes ++ - osutil/many: make all test pkgs osutil_test instead of "osutil" ++ - tests/unit/go: drop unused environment variables, skip coverage ++ - OpenGL interface: Support more Tegra libs ++ - gadget,overlord: pass kernelRoot to install.Run() ++ - tests: run unit tests in Focal instead of Xenial ++ - interfaces/browser-support: allow sched_setaffinity with browser- ++ sandbox: true ++ - daemon: move query /snaps/ tests to api_snaps_test.go ++ - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair ++ runner ++ - systemd/systemd.go: support journald JSON messages with arrays for ++ values ++ - cmd: make string/error code more robust against errno leaking ++ - github, run-checks: do not collect coverage data on subsequent ++ test runs ++ - boot: boot config update & reseal ++ - o/snapshotstate: handle conflicts between snapshot forget, export ++ and import ++ - osutil/stat.go: add RegularFileExists ++ - cmd/snapd-generator: don't create mount overrides for snap-try ++ snaps inside lxc ++ - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment ++ - tests: use 6 spread workers for centos8 ++ - bootloader/assets: support injecting bootloader assets in testing ++ builds of snapd ++ - gadget: enable multi-volume uc20 gadgets in ++ LaidOutSystemVolumeFromGadget; rename too ++ - overlord/devicestate, sysconfig: do nothing when cloud-init is not ++ present ++ - cmd/snap-repair: filter repair assertions based on bases + modes ++ - snap-confine: make host /etc/ssl available for snaps on classic ++ ++ -- Michael Vogt Sat, 24 Apr 2021 12:17:45 +0200 ++ ++snapd (2.49.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - interfaces/tee: add TEE/OPTEE interface ++ - o/configstate/configcore: add hdmi_timings to pi-config ++ - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4 ++ - snap-seccomp: fix seccomp test on ppc64el ++ - interfaces{,/apparmor}, overlord/snapstate: ++ late removal of snap-confine apparmor profiles ++ - overlord/snapstate, wrappers: add dependency on usr-lib- ++ snapd.mount for services on core with snapd snap ++ - o/configstate: deal with no longer valid refresh.timer=managed ++ - overlord/snapstate: make sure that snapd current symlink is not ++ removed during refresh ++ - packaging: drop dh-systemd from build-depends on ubuntu-16.04+ ++ - o/{device,hook}state: encode fde-setup-request key as base64 ++ - snapstate: reduce reRefreshRetryTimeout to 1/2 second ++ - tests/main/uc20-create-partitions: fix tests cleanup ++ - o/configstate, o/snapshotstate: fix handling of nil snap config on ++ snapshot restore ++ - snap-seccomp: add new `close_range` syscall ++ ++ -- Michael Vogt Fri, 26 Mar 2021 16:49:46 +0100 ++ ++snapd (2.49.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - tests: turn modules off explicitly in spread go unti test ++ - o/snapshotstate: create snapshots directory on import ++ - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors ++ - interfaces: add allegro-vcu and media-control interfaces ++ - interfaces: opengl: add Xilinx zocl bits ++ - many: fix new ineffassign warnings ++ - interfaces/seccomp/template.go: allow copy_file_range ++ - interfaces: allow reading the Xauthority file KDE Plasma writes ++ for Wayland sessions ++ - data/selinux: allow system dbus to watch ++ /var/lib/snapd/dbus-1 ++ - Remove apparmor downgrade feature ++ - Support tmp and log dirs on Yocto/Poky ++ ++ -- Michael Vogt Mon, 08 Mar 2021 10:47:05 +0100 ++ ++snapd (2.49-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1915248 ++ - many: add Delegate=true to generated systemd units for special ++ interfaces ++ - cmd/snap-bootstrap: rename ModeenvFromModel to ++ EphemeralModeenvForModel ++ - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for ++ recover+install ++ - osutil: skip TestReadBuildGo inside sbuild ++ - tests: fix umount for snapd snap on fsck-on-boot test ++ - snap/info_test.go: add unit test cases for bug ++ - tests/main/services-after-before: add regression spread test ++ - snap/info.go: ignore unknown daemons in SortSnapServices ++ - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in ++ seeds ++ - OpenGL interface: Support more Tegra libs ++ - interfaces/browser-support: allow sched_setaffinity with browser- ++ sandbox: true ++ - cmd: make string/error code more robust against errno leaking ++ - o/snapshotstate: handle conflicts between snapshot forget, export ++ and import ++ - cmd/snapd-generator: don't create mount overrides for snap-try ++ snaps inside lxc ++ - tests: update test pkg for fedora and centos ++ - gadget: pass sector size in to mkfs family of functions, use to ++ select block sz ++ - o/snapshotstate: fix returning of snap names when duplicated ++ snapshot is detected ++ - tests/main/snap-network-errors: skip flushing dns cache on ++ centos-7 ++ - interfaces/builtin: Allow DBus property access on ++ org.freedesktop.Notifications ++ - cgroup-support.c: fix link to CGROUP DELEGATION ++ - osutil: update go-udev package ++ - packaging: fix arch-indep build on debian-sid ++ - {,sec}boot: pass "key-name" to the FDE hooks ++ - asserts: sort by revision with Sort interface ++ - gadget: add gadget.ResolveContentPaths() ++ - cmd/snap-repair: save base snap and mode in device info; other ++ misc cleanups ++ - tests: cleanup the run-checks script ++ - asserts: snapasserts method to validate installed snaps against ++ validation sets ++ - tests: normalize test tools - part 1 ++ - snapshotstate: detect duplicated snapshot imports ++ - interfaces/builtin: fix unit test expecting snap-device-helper at ++ /usr/lib/snapd ++ - tests: apply workaround done for snap-advise-command to apt-hooks ++ test ++ - tests: skip main part of snap-advise test if 429 error is ++ encountered ++ - many: clarify gadget role-usage consistency checks for UC16/18 vs ++ UC20 ++ - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable ++ broken tests on sid ++ - interfaces/builtin: more drive by fixes, import ordering, removing ++ dead code ++ - tests: skip interfaces-openvswitch spread test on debian sid ++ - interfaces/apparmor: drive by comment fix ++ - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree ++ usage ++ - cmd/libsnap-confine-private: make unit tests execute happily in a ++ container ++ - interfaces, wrappers: misc comment fixes, etc. ++ - asserts/repair.go: add "bases" and "modes" support to the repair ++ assertion ++ - interfaces/opengl: allow RPi MMAL video decoding ++ - snap: skip help output tests for go-flags v1.4.0 ++ - gadget: add validation for "$kernel:ref" style content ++ - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside ++ containers ++ - spdx: update to SPDX license list version: 3.11 2020-11-25 ++ - tests: improve hotplug test setup on classic ++ - tests: update check to verify is the current system is arm ++ - tests: use os-query tool to check debian, trusty and tumbleweed ++ - daemon: start moving implementation to api_snaps.go ++ - tests/main/snap-validate-basic: disable test on Fedora due to go- ++ flags panics ++ - tests: fix library path used for tests.pkgs ++ - tests/main/cohorts: replace yq with a Python snippet ++ - run-checks: update to match new argument syntax of ineffassign ++ - tests: use apiBaseSuite for snapshots tests, fix import endpoint ++ path ++ - many: separate consistency/content validation into ++ gadget.Validate|Content ++ - o/{device,snap}state: enable devmode snaps with dangerous model ++ assertions ++ secboot: add test for when systemd-run does not honor ++ RuntimeMaxSec ++ - secboot: add workaround for snapcore/core-initrd issue #13 ++ - devicestate: log checkEncryption errors via logger.Noticef ++ - o/daemon: validation sets api and basic spread test ++ - gadget: move BuildPartitionList to install and make it unexported ++ - tests: add nested spread end-to-end test for fde-hooks ++ - devicestate: implement checkFDEFeatures() ++ - boot: tweak resealing with fde-setup hooks ++ - tests: add os query commands for subsystems and architectures ++ - o/snapshotstate: don't set auto flag in the snapshot file ++ - tests: use os.query tool instead of comparing the system var ++ - testutil: use the original environment when calling shellcheck ++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- ++ init restrict file ++ - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and ++ instead set the implicit labels when loading the yaml ++ - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal- ++ key ++ - gadget/quantity: introduce Offset, start using it for offset ++ related fields in the gadget ++ - gadget: use "sealed-keys" to determine what method to use for ++ reseal ++ - tests/main/fake-netplan-apply: disable test on xenial for now ++ - daemon: start splitting snaps op tests out of api_test.go ++ - testutil: make DBusTest use a custom bus configuration file ++ - tests: replace pkgdb.sh (library) with tests.pkgs (program) ++ - gadget: prepare gadget kernel refs (0/N) ++ - interfaces/builtin/docker-support: allow /run/containerd/s/... ++ - cmd/snap-preseed: reset run inhibit locks on --reset. ++ - boot: add sealKeyToModeenvUsingFdeSetupHook() ++ - daemon: reorg snap.go and split out sections and icons support ++ from api.go ++ - sandbox/seccomp: use snap-seccomp's stdout for getting version ++ info ++ - daemon: split find support to its own api_*.go files and move some ++ helpers ++ - tests: move snapstate config defaults tests to a separate file. ++ - bootloader/{lk,lkenv}: followups from #9695 ++ - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite ++ - gadget,o/devicestate: set implicit values for schema and role ++ directly instead of relying on Effective* accessors ++ - daemon: split aliases support to its own api_*.go files ++ - gadget: start separating rule/convention validation from basic ++ soundness ++ - cmd/snap-update-ns: add better unit test for overname sorting ++ - secboot: use `fde-reveal-key` if available to unseal key ++ - tests: fix lp-1899664 test when snapd_x1 is not installed in the ++ system ++ - tests: fix the scenario when the "$SRC".orig file does not exist ++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt ++ other entries ++ - devicestate: add runFDESetupHook() helper ++ - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv ++ structs ++ - daemon: split unsupported buy implementation to its own api_*.go ++ files ++ - tests: download timeout spread test ++ - gadget,o/devicestate: hybrid 18->20 ready volume setups should be ++ valid ++ - o/devicestate: save model with serial in the device save db ++ - bootloader: add check for prepare-image time and more tests ++ validating options ++ - interfaces/builtin/log_observe.go: allow controlling apparmor ++ audit levels ++ - hookstate: refactor around EphemeralRunHook ++ - cmd/snap: implement 'snap validate' command ++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support ++ - boot: observe successful command line update, provide a default ++ - tests: New queries for the os tools ++ - bootloader/lkenv: specify backup file as arg to NewEnv(), use "" ++ as path+"bak" ++ - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk ++ iface ++ - daemon: split out snapctl support and snap configuration support ++ to their own api_*.go files ++ - snapshotstate: improve handling of multiple errors ++ - tests: sign new nested-18|20* models to allow for generic serials ++ - bootloader: remove installableBootloader interface and methods ++ - seed: cleanup/drop some no longer valid TODOS, clarify some other ++ points ++ - boot: set kernel command line in modeenv during install ++ - many: rename disks.FindMatching... to FindMatching...WithFsLabel ++ and err type ++ - cmd/snap: suppress a case of spurious stdout logging from tests ++ - hookstate: add new HookManager.EphemeralRunHook() ++ - daemon: move some more api tests from daemon to daemon_test ++ - daemon: split apps and logs endpoints to api_apps.go and tests ++ - interfaces/utf: Add Ledger to U2F devices ++ - seed/seedwriter: consider modes when checking for deps ++ availability ++ - o/devicestate,daemon: fix reboot system action to not require a ++ system label ++ - cmd/snap-repair,store: increase initial retry time intervals, ++ stalling TODOs ++ - daemon: split interfacesCmd to api_interfaces.go ++ - github: run nested suite when commit is pushed to release branch ++ - client: reduce again the /v2/system-info timeout ++ - tests: reset fakestore unit status ++ - update-pot: fix typo in plural keyword spec ++ - tests: remove workarounds that add "ubuntu-save" if missing ++ - tests: add unit test for auto-refresh with validate-snap failure ++ - osutil: add helper for getting the kernel command line ++ - tests/main/uc20-create-partitions: verify ubuntu-save encryption ++ keys, tweak not MATCH ++ - boot: add kernel command lines to the modeenv file ++ - spread: bump delta ref, tweak repacking to make smaller delta ++ archives ++ - bootloader/lkenv: add v2 struct + support using it ++ - snapshotstate: add cleanup of abandonded snapshot imports ++ - tests: fix uc20-create-parition-* tests for updated gadget ++ - daemon: split out /v2/interfaces tests to api_interfaces_test.go ++ - hookstate: implement snapctl fde-setup-{request,result} ++ - wrappers, o/devicestate: remove EnableSnapServices ++ - tests: enable nested on 20.10 ++ - daemon: simplify test helpers Get|PostReq into Req ++ - daemon: move general api to api_general*.go ++ - devicestate: make checkEncryption fde-setup hook aware ++ - client/snapctl, store: fix typos ++ - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files ++ before doing apt ops ++ - cmd/snap-bootstrap: update model cross-check considerations ++ - client,snapctl: add naive support for "stdin" ++ - many: add new "install-mode: disable" option ++ - osutil/disks: allow building on mac os ++ - data/selinux: update the policy to allow operations on non-tmpfs ++ /tmp ++ - boot: add helper for generating candidate kernel lines for ++ recovery system ++ - wrappers: generate D-Bus service activation files ++ - bootloader/many: rm ConfigFile, add Present for indicating ++ presence of bloader ++ - osutil/disks: allow mocking DiskFromDeviceName ++ - daemon: start cleaning up api tests ++ - packaging/arch: sync with AUR packaging ++ - bootloader: indicate when boot config was updated ++ - tests: Fix snap-debug-bootvars test to make it work on arm devices ++ and core18 ++ - tests/nested/manual/core20-save: verify handling of ubuntu-save ++ with different system variants ++ - snap: use the boot-base for kernel hooks ++ - devicestate: support "storage-safety" defaults during install ++ - bootloader/lkenv: mv v1 to separate file, ++ include/lk/snappy_boot_v1.h: little fixups ++ - interfaces/fpga: add fpga interface ++ - store: download timeout ++ - vendor: update secboot repo to avoid including secboot.test binary ++ - osutil: add KernelCommandLineKeyValue ++ - gadget/gadget.go: allow system-recovery-{image,select} as roles in ++ gadget.yaml ++ - devicestate: implement boot.HasFDESetupHook ++ - osutil/disks: add DiskFromName to get a disk using a udev name ++ - usersession/agent: have session agent connect to the D-Bus session ++ bus ++ - o/servicestate: preserve order of services on snap restart ++ - o/servicestate: unlock state before calling wrappers in ++ doServiceControl ++ - spread: disable unattended-upgrades on ubuntu ++ - tests: testing new fedora 33 image ++ - tests: fix fsck on boot on arm devices ++ - tests: skip boot state test on arm devices ++ - tests: updated the systems to run prepare-image-grub test ++ - interfaces/raw_usb: allow read access to /proc/tty/drivers ++ - tests: unmount /boot/efi in fsck-on-boot test ++ - strutil/shlex,osutil/udev/netlink: minimally import go-check ++ - tests: fix basic20 test on arm devices ++ - seed: make a shared seed system label validation helper ++ - tests/many: enable some uc20 tests, delete old unneeded tests or ++ TODOs ++ - boot/makebootable.go: set snapd_recovery_mode=install at image- ++ build time ++ - tests: migrate test from boot.sh helper to boot-state tool ++ - asserts: implement "storage-safety" in uc20 model assertion ++ - bootloader: use ForGadget when installing boot config ++ - spread: UC20 no longer needs 2GB of mem ++ - cmd/snap-confine: implement snap-device-helper internally ++ - bootloader/grub: replace old reference to Managed...Blr... with ++ Trusted...Blr... ++ - cmd/snap-bootstrap: add readme for snap-bootstrap + real state ++ diagram ++ - interfaces: fix greengrass attr namingThe flavor attribute names ++ are now as follows: ++ - tests/lib/nested: poke the API to get the snap revisions ++ - tests: compare options of mount units created by snapd and snapd- ++ generator ++ - o/snapstate,servicestate: use service-control task for service ++ actions ++ - sandbox: track applications unconditionally ++ - interfaces/greengrass-support: add additional "process" flavor for ++ 1.11 update ++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test ++ ++ -- Michael Vogt Wed, 10 Feb 2021 10:47:17 +0100 ++ ++snapd (2.48.2-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1906690 ++ - tests: sign new nested-18|20* models to allow for generic serials ++ - secboot: add extra paranoia when waiting for that fde-reveal-key ++ - tests: backport netplan workarounds from #9785 ++ - secboot: add workaround for snapcore/core-initrd issue #13 ++ - devicestate: log checkEncryption errors via logger.Noticef ++ - tests: add nested spread end-to-end test for fde-hooks ++ - devicestate: implement checkFDEFeatures() ++ - boot: tweak resealing with fde-setup hooks ++ - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- ++ init restrict file ++ - secboot: add new LockSealedKeys() that uses either TPM or ++ fde-reveal-key ++ - gadget: use "sealed-keys" to determine what method to use for ++ reseal ++ - boot: add sealKeyToModeenvUsingFdeSetupHook() ++ - secboot: use `fde-reveal-key` if available to unseal key ++ - cmd/snap-update-ns: fix sorting of overname mount entries wrt ++ other entries ++ - o/devicestate: save model with serial in the device save db ++ - devicestate: add runFDESetupHook() helper ++ - secboot,devicestate: add scaffoling for "fde-reveal-key" support ++ - hookstate: add new HookManager.EphemeralRunHook() ++ - update-pot: fix typo in plural keyword spec ++ - store,cmd/snap-repair: increase initial expontential time ++ intervals ++ - o/devicestate,daemon: fix reboot system action to not require a ++ system label ++ - github: run nested suite when commit is pushed to release branch ++ - tests: reset fakestore unit status ++ - tests: fix uc20-create-parition-* tests for updated gadget ++ - hookstate: implement snapctl fde-setup-{request,result} ++ - devicestate: make checkEncryption fde-setup hook aware ++ - client,snapctl: add naive support for "stdin" ++ - devicestate: support "storage-safety" defaults during install ++ - snap: use the boot-base for kernel hooks ++ - vendor: update secboot repo to avoid including secboot.test binary ++ ++ -- Michael Vogt Tue, 15 Dec 2020 20:21:44 +0100 ++ ++snapd (2.48.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1906690 ++ - gadget: disable ubuntu-boot role validation check ++ ++ -- Michael Vogt Thu, 03 Dec 2020 17:43:30 +0100 ++ ++snapd (2.48-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1904098 ++ - osutil: add KernelCommandLineKeyValue ++ - devicestate: implement boot.HasFDESetupHook ++ - boot/makebootable.go: set snapd_recovery_mode=install at image- ++ build time ++ - bootloader: use ForGadget when installing boot config ++ - interfaces/raw_usb: allow read access to /proc/tty/drivers ++ - boot: add scaffolding for "fde-setup" hook support for sealing ++ - tests: fix basic20 test on arm devices ++ - seed: make a shared seed system label validation helper ++ - snap: add new "fde-setup" hooktype ++ - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test ++ - secboot,cmd/snap-bootstrap: fix degraded mode cases with better ++ device handling ++ - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some ++ messiness ++ - tests/nested/manual/refresh-revert-fundamentals: temporarily ++ disable secure boot ++ - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all ++ boot modes ++ - many: address degraded recover mode feedback, cleanups ++ - tests: Use systemd-run on tests part2 ++ - tests: set the opensuse tumbleweed system as manual in spread.yaml ++ - secboot: call BlockPCRProtectionPolicies even if the TPM is ++ disabled ++ - vendor: update to current secboot ++ - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and ++ save ++ - spread.yaml: increase number of workers on 20.10 ++ - snap: add new `snap recovery --show-keys` option ++ - tests: minor test tweaks suggested in the review of 9607 ++ - snapd-generator: set standard snapfuse options when generating ++ units for containers ++ - tests: enable lxd test on ubuntu-core-20 and 16.04-32 ++ - interfaces: share /tmp/.X11-unix/ from host or provider ++ - tests: enable main lxd test on 20.10 ++ - cmd/s-b/initramfs-mounts: refactor recover mode to implement ++ degraded mode ++ - gadget/install: add progress logging ++ - packaging: keep secboot/encrypt_dummy.go in debian ++ - interfaces/udev: use distro specific path to snap-device-helper ++ - o/devistate: fix chaining of tasks related to regular snaps when ++ preseeding ++ - gadget, overlord/devicestate: validate that system supports ++ encrypted data before install ++ - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ++ ESP layout ++ - many: add /v2/system-recovery-keys API and client ++ - secboot, many: return UnlockMethod from Unlock* methods for future ++ usage ++ - many: mv keys to ubuntu-boot, move model file, rename keyring ++ prefix for secboot ++ - tests: using systemd-run instead of manually create a systemd unit ++ - part 1 ++ - secboot, cmd/snap-bootstrap: enable or disable activation with ++ recovery key ++ - secboot: refactor Unlock...IfEncrypted to take keyfile + check ++ disks first ++ - secboot: add LockTPMSealedKeys() to lock access to keys ++ independently ++ - gadget: correct sfdisk arguments ++ - bootloader/assets/grub: adjust fwsetup menuentry label ++ - tests: new boot state tool ++ - spread: use the official image for Ubuntu 20.10, no longer an ++ unstable system ++ - tests/lib/nested: enable snapd logging to console for core18 ++ - osutil/disks: re-implement partition searching for disk w/ non- ++ adjacent parts ++ - tests: using the nested-state tool in nested tests ++ - many: seal a fallback object to the recovery boot chain ++ - gadget, gadget/install: move helpers to install package, refactor ++ unit tests ++ - dirs: add "gentoo" to altDirDistros ++ - update-pot: include file locations in translation template, and ++ extract strings from desktop files ++ - gadget/many: drop usage of gpt attr 59 for indicating creation of ++ partitions ++ - gadget/quantity: tweak test name ++ - snap: fix failing unittest for quantity.FormatDuration() ++ - gadget/quantity: introduce a new package that captures quantities ++ - o/devicestate,a/sysdb: make a backup of the device serial to save ++ - tests: fix rare interaction of tests.session and specific tests ++ - features: enable classic-preserves-xdg-runtime-dir ++ - tests/nested/core20/save: check the bind mount and size bump ++ - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 ++ - tests: rename hasHooks to hasInterfaceHooks in the ifacestate ++ tests ++ - o/devicestate: unit test tweaks ++ - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save ++ - testutil, cmd/snap/version: fix misc little errors ++ - overlord/devicestate: bind mount ubuntu-save under ++ /var/lib/snapd/save on startup ++ - gadget/internal: tune ext4 setting for smaller filesystems ++ - tests/nested/core20/save: a test that verifies ubuntu-save is ++ present and set up ++ - tests: update google sru backend to support groovy ++ - o/ifacestate: handle interface hooks when preseeding ++ - tests: re-enable the apt hooks test ++ - interfaces,snap: use correct type: {os,snapd} for test data ++ - secboot: set metadata and keyslots sizes when formatting LUKS2 ++ volumes ++ - tests: improve uc20-create-partitions-reinstall test ++ - client, daemon, cmd/snap: cleanups from #9489 + more unit tests ++ - cmd/snap-bootstrap: mount ubuntu-save during boot if present ++ - secboot: fix doc comment on helper for unlocking volume with key ++ - tests: add spread test for refreshing from an old snapd and core18 ++ - o/snapstate: generate snapd snap wrappers again after restart on ++ refresh ++ - secboot: version bump, unlock volume with key ++ - tests/snap-advise-command: re-enable test ++ - cmd/snap, snapmgr, tests: cleanups after #9418 ++ - interfaces: deny connected x11 plugs access to ICE ++ - daemon,client: write and read a maintenance.json file for when ++ snapd is shut down ++ - many: update to secboot v1 (part 1) ++ - osutil/disks/mockdisk: panic if same mountpoint shows up again ++ with diff opts ++ - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the ++ reseal tests ++ - many: implement snap routine console-conf-start for synchronizing ++ auto-refreshes ++ - dirs, boot: add ubuntu-save directories and related locations ++ - usersession: fix typo in test name ++ - overlord/snapstate: refactor ihibitRefresh ++ - overlord/snapstate: stop warning about inhibited refreshes ++ - cmd/snap: do not hardcode snapshot age value ++ - overlord,usersession: initial notifications of pending refreshes ++ - tests: add a unit test for UpdateMany where a single snap fails ++ - o/snapstate/catalogrefresh.go: don't refresh catalog in install ++ mode uc20 ++ - tests: also check snapst.Current in undo-unlink tests ++ - tests: new nested tool ++ - o/snapstate: implement undo handler for unlink-snap ++ - tests: clean systems.sh helper and migrate last set of tests ++ - tests: moving the lib section from systems.sh helper to os.query ++ tool ++ - tests/uc20-create-partitions: don't check for grub.cfg ++ - packaging: make sure that static binaries are indeed static, fix ++ openSUSE ++ - many: have install return encryption keys for data and save, ++ improve tests ++ - overlord: add link participant for linkage transitions ++ - tests: lxd smoke test ++ - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- ++ seed too ++ - tests: moving main suite from systems.sh to os.query tool ++ - tests: moving the core test suite from systems.sh to os.query tool ++ - cmd/snap-confine: mask host's apparmor config ++ - o/snapstate: move setting updated SnapState after error paths ++ - tests: add value to INSTANCE_KEY/regular ++ - spread, tests: tweaks for openSUSE ++ - cmd/snap-confine: update path to snap-device-helper in AppArmor ++ profile ++ - tests: new os.query tool ++ - overlord/snapshotstate/backend: specify tar format for snapshots ++ - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested ++ UC20 ++ - client,daemon,snap: auto-import does not error on managed devices ++ - interfaces: PTP hardware clock interface ++ - tests: use tests.backup tool ++ - many: verify that unit tests work with nosecboot tag and without ++ secboot package ++ - wrappers: do not error out on read-only /etc/dbus-1/session.d ++ filesystem on core18 ++ - snapshots: import of a snapshot set ++ - tests: more output for sbuild test ++ - o/snapstate: re-order remove tasks for individual snap revisions ++ to remove current last ++ - boot: skip some unit tests when running as root ++ - o/assertstate: introduce ++ ValidationTrackingKey/ValidationSetTracking and basic methods ++ - many: allow ignoring running apps for specific request ++ - tests: allow the searching test to fail under load ++ - overlord/snapstate: inhibit startup while unlinked ++ - seed/seedwriter/writer.go: check DevModeConfinement for dangerous ++ features ++ - tests/main/sudo-env: snap bin is available on Fedora ++ - boot, overlord/devicestate: list trusted and managed assets ++ upfront ++ - gadget, gadget/install: support for ubuntu-save, create one during ++ install if needed ++ - spread-shellcheck: temporary workaround for deadlock, drop ++ unnecessary test ++ - snap: support different exit-code in the snap command ++ - logger: use strutil.KernelCommandLineSplit in ++ debugEnabledOnKernelCmdline ++ - logger: fix snapd.debug=1 parsing ++ - overlord: increase refresh postpone limit to 14 days ++ - spread-shellcheck: use single thread pool executor ++ - gadget/install,secboot: add debug messages ++ - spread-shellcheck: speed up spread-shellcheck even more ++ - spread-shellcheck: process paths from arguments in parallel ++ - tests: tweak error from tests.cleanup ++ - spread: remove workaround for openSUSE go issue ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - tests: new tests.backup tool ++ - tests: add tests.cleanup pop sub-command ++ - tests: migration of the main suite to snaps-state tool part 6 ++ - tests: fix journal-state test ++ - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc ++ recover files ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - boot, gadget, bootloader: observer preserves managed bootloader ++ configs ++ - tests/nested/manual: add uc20 grade signed cloud-init test ++ - o/snapstate/autorefresh.go: eliminate race when launching ++ autorefresh ++ - daemon,snapshotstate: do not return "size" from Import() ++ - daemon: limit reading from snapshot import to Content-Length ++ - many: set/expect Content-Length header when importing snapshots ++ - github: switch from ::set-env command to environment file ++ - tests: migration of the main suite to snaps-state tool part 5 ++ - client: cleanup the Client.raw* and Client.do* method families ++ - tests: moving main suite to snaps-state tool part 4 ++ - client,daemon,snap: use constant for snapshot content-type ++ - many: fix typos and repeated "the" ++ - secboot: fix tpm connection leak when it's not enabled ++ - many: scaffolding for snapshots import API ++ - run-checks: run spread-shellcheck too ++ - interfaces: update network-manager interface to allow ++ ObjectManager access from unconfined clients ++ - tests: move core and regression suites to snaps-state tool ++ - tests: moving interfaces tests to snaps-state tool ++ - gadget: preserve files when indicated by content change observer ++ - tests: moving smoke test suite and some tests from main suite to ++ snaps-state tool ++ - o/snapshotstate: pass set id to backend.Open, update tests ++ - asserts/snapasserts: introduce ValidationSets ++ - o/snapshotstate: improve allocation of new set IDs ++ - boot: look at the gadget for run mode bootloader when making the ++ system bootable ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - usersession/userd: separate bus name ownership from defining ++ interfaces ++ - o/snapshotstate: set snapshot set id from its filename ++ - o/snapstate: move remove-related tests to snapstate_remove_test.go ++ - desktop/notification: switch ExpireTimeout to time.Duration ++ - desktop/notification: add unit tests ++ - snap: snap help output refresh ++ - tests/nested/manual/preseed: include a system-usernames snap when ++ preseeding ++ - tests: fix sudo-env test ++ - tests: fix nested core20 shellcheck bug ++ - tests/lib: move to new directory when restoring PWD, cleanup ++ unpacked unpacked snap directories ++ - desktop/notification: add bindings for FDO notifications ++ - dbustest: fix stale comment references ++ - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, ++ drop former ++ - snap-repair: add uc20 support ++ - tests: print all the serial logs for the nested test ++ - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid ++ bug in test ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} ++ as Unknown* ++ - asserts: deserialize grouping only once in Pool.AddBatch if needed ++ - gadget: allow content observer to have opinions about a change ++ - tests: new snaps-state command - part1 ++ - o/assertstate: support refreshing any number of snap-declarations ++ - boot: use test helpers ++ - tests/core/snap-debug-bootvars: also check snap_mode ++ - many/apparmor: adjust rules for reading profile/ execing new ++ profiles for new kernel ++ - tests/core/snap-debug-bootvars: spread test for snap debug boot- ++ vars ++ - tests/lib/nested.sh: more little tweaks ++ - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - overlord: explicitly set refresh-app-awareness in tests ++ - kernel: remove "edition" from kernel.yaml and add "update" ++ - spread: drop vendor from the packed project archive ++ - boot: fix debug bootloader variables dump on UC20 systems ++ - wrappers, systemd: allow empty root dir and conditionally do not ++ pass --root to systemctl ++ - tests/nested/manual: add test for grades above signed booting with ++ testkeys ++ - tests/nested: misc robustness fixes ++ - o/assertstate,asserts: use bulk refresh to refresh snap- ++ declarations ++ - tests/lib/prepare.sh: stop patching the uc20 initrd since it has ++ been updated now ++ - tests/nested/manual/refresh-revert-fundamentals: re-enable test ++ - update-pot: ignore .go files inside .git when running xgettext-go ++ - tests: disable part of the lxd test completely on 16.04. ++ - o/snapshotstate: tweak comment regarding snapshot filename ++ - o/snapstate: improve snapshot iteration ++ - bootloader: lk cleanups ++ - tests: update to support nested kvm without reboots on UC20 ++ - tests/nested/manual/preseed: disable system-key check for 20.04 ++ image ++ - spread.yaml: add ubuntu-20.10-64 to qemu ++ - store: handle v2 error when fetching assertions ++ - gadget: resolve device mapper devices for fallback device lookup ++ - tests/nested/cloud-init-many: simplify tests and unify ++ helpers/seed inputs ++ - tests: copy /usr/lib/snapd/info to correct directory ++ - check-pr-title.py * : allow "*" in the first part of the title ++ - many: typos and small test tweak ++ - tests/main/lxd: disable cgroup combination for 16.04 that is ++ failing a lot ++ - tests: make nested signing helpers less confusing ++ - tests: misc nested changes ++ - tests/nested/manual/refresh-revert-fundamentals: disable ++ temporarily ++ - tests/lib/cla_check: default to Python 3, tweaks, formatting ++ - tests/lib/cl_check.py: use python3 compatible code ++ ++ -- Michael Vogt Thu, 19 Nov 2020 17:51:02 +0100 ++ ++snapd (2.47.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - o/configstate: create /etc/sysctl.d when applying early config ++ defaults ++ - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for ++ same IP addr ++ - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for ++ building snapd ++ - cmd/snap: allow snap help vs --all to diverge purposefully ++ - snap: snap help output refresh ++ ++ -- Michael Vogt Thu, 08 Oct 2020 09:30:44 +0200 ++ ++snapd (2.47-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1895929 ++ - tests: fix nested core20 shellcheck bug ++ - many/apparmor: adjust rule for reading apparmor profile for new ++ kernel ++ - snap-repair: add uc20 support ++ - cmd/snap/auto-import: stop importing system user assertions from ++ initramfs mnts ++ - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, ++ recover modes ++ - gadget: resolve device mapper devices for fallback device lookup ++ - secboot: add boot manager profile to pcr protection profile ++ - sysconfig,o/devicestate: mv DisableNoCloud to ++ DisableAfterLocalDatasourcesRun ++ - tests: make gadget-reseal more robust ++ - tests: skip nested images pre-configuration by default ++ - tests: fix for basic20 test running on external backend and rpi ++ - tests: improve kernel reseal test ++ - boot: adjust comments, naming, log success around reseal ++ - tests/nested, fakestore: changes necessary to run nested uc20 ++ signed/secured tests ++ - tests: add nested core20 gadget reseal test ++ - boot/modeenv: track unknown keys in Read and put back into modeenv ++ during Write ++ - interfaces/process-control: add sched_setattr to seccomp ++ - boot: with unasserted kernels reseal if there's a hint modeenv ++ changed ++ - client: bump the default request timeout to 120s ++ - configcore: do not error in console-conf.disable for install mode ++ - boot: streamline bootstate20.go reseal and tests changes ++ - boot: reseal when changing kernel ++ - cmd/snap/model: specify grade in the model command output ++ - tests: simplify ++ repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks ++ - test: improve logging in nested tests ++ - nested: add support to telnet to serial port in nested VM ++ - secboot: use the snapcore/secboot native recovery key type ++ - tests/lib/nested.sh: use more focused cloud-init config for uc20 ++ - tests/lib/nested.sh: wait for the tpm socket to exist ++ - spread.yaml, tests/nested: misc changes ++ - tests: add more checks to disk space awareness spread test ++ - tests: disk space awareness spread test ++ - boot: make MockUC20Device use a model and MockDevice more ++ realistic ++ - boot,many: reseal only when meaningful and necessary ++ - tests/nested/core20/kernel-failover: add test for failed refresh ++ of uc20 kernel ++ - tests: fix nested to work with qemu and kvm ++ - boot: reseal when updating boot assets ++ - tests: fix snap-routime-portal-info test ++ - boot: verify boot chain file in seal and reseal tests ++ - tests: use full path to test-snapd-refresh.version binary ++ - boot: store boot chains during install, helper for checking ++ whether reseal is needed ++ - boot: add call to reseal an existing key ++ - boot: consider boot chains with unrevisioned kernels incomparable ++ - overlord: assorted typos and miscellaneous changes ++ - boot: group SealKeyModelParams by model, improve testing ++ - secboot: adjust parameters to buildPCRProtectionProfile ++ - strutil: add SortedListsUniqueMergefrom the doc comment: ++ - snap/naming: upgrade TODO to TODO:UC20 ++ - secboot: add call to reseal an existing key ++ - boot: in seal.go adjust error message and function names ++ - o/snapstate: check available disk space in RemoveMany ++ - boot: build bootchains data for sealing ++ - tests: remove "set -e" from function only shell libs ++ - o/snapstate: disk space check on UpdateMany ++ - o/snapstate: disk space check with snap update ++ - snap: implement new `snap reboot` command ++ - boot: do not reorder boot assets when generating predictable boot ++ chains and other small tweaks ++ - tests: some fixes and improvements for nested execution ++ - tests/core/uc20-recovery: fix check for at least specific calls to ++ mock-shutdown ++ - boot: be consistent using bootloader.Role* consts instead of ++ strings ++ - boot: helper for generating secboot load chains from a given boot ++ asset sequence ++ - boot: tweak boot chains to support a list of kernel command lines, ++ keep track of model and kernel boot file ++ - boot,secboot: switch to expose and use snapcore/secboot load event ++ trees ++ - tests: use `nested_exec` in core{20,}-early-config test ++ - devicestate: enable cloud-init on uc20 for grade signed and ++ secured ++ - boot: add "rootdir" to baseBootenvSuite and use in tests ++ - tests/lib/cla_check.py: don't allow users.noreply.github.com ++ commits to pass CLA ++ - boot: represent boot chains, helpers for marshalling and ++ equivalence checks ++ - boot: mark successful with boot assets ++ - client, api: handle insufficient space error ++ - o/snapstate: disk space check with single snap install ++ - configcore: "service.console-conf.disable" is gadget defaults only ++ - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode ++ AppArmor profile path ++ - tests: skip udp protocol in nfs-support test on ubuntu-20.10 ++ - packaging/debian-sid: tweak code preparing _build tree ++ - many: move seal code from gadget/install to boot ++ - tests: remove workaround for cups on ubuntu-20.10 ++ - client: implement RebootToSystem ++ - many: seed.Model panics now if called before LoadAssertions ++ - daemon: add /v2/systems "reboot" action API ++ - github: run tests also on push to release branches ++ - interfaces/bluez: let slot access audio streams ++ - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with ++ new seed.ReadSystemEssential ++ - interfaces: allow snap-update-ns to read /proc/cmdline ++ - tests: new organization for nested tests ++ - o/snapstate, features: add feature flags for disk space awareness ++ - tests: workaround for cups issue on 20.10 where default printer is ++ not configured. ++ - interfaces: update cups-control and add cups for providing snaps ++ - boot: keep track of the original asset when observing updates ++ - tests: simplify and fix tests for disk space checks on snap remove ++ - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for ++ cloud.conf ++ - tests/main: mv core specific tests to core suite ++ - tests/lib/nested.sh: reset the TPM when we create the uc20 vm ++ - devicestate: rename "mockLogger" to "logbuf" ++ - many: introduce ContentChange for tracking gadget content in ++ observers ++ - many: fix partion vs partition typo ++ - bootloader: retrieve boot chains from bootloader ++ - devicestate: add tests around logging in RequestSystemAction ++ - boot: handle canceled update ++ - bootloader: tweak doc comments (thanks Samuele) ++ - seed/seedwriter: test local asserted snaps with UC20 grade signed ++ - sysconfig/cloudinit.go: add DisableNoCloud to ++ CloudInitRestrictOptions ++ - many: use BootFile type in load sequences ++ - boot,bootloader: clarifications after the changes to introduce ++ bootloader.Options.Role ++ - boot,bootloader,gadget: apply new bootloader.Options.Role ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - testutil: add checkers for symbolic link target ++ - many: refactor tpm seal parameter setting ++ - boot/bootstate20: reboot to rollback to previous kernel ++ - boot: add unit test helpers ++ - boot: observe update & rollback of trusted assets ++ - interfaces/utf: Add MIRKey to u2f devices ++ - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 ++ cloud-init tests ++ - many: check that users of BaseTest don't forget to consume ++ cleanups ++ - tests/nested/core20/tpm: verify trusted boot assets tracking ++ - github: run macOS job with Go 1.14 ++ - many: misc doc-comment changes and typo fixes ++ - o/snapstate: disk space check with InstallMany ++ - many: cloud-init cleanups from previous PR's ++ - tests: running tests on opensuse leap 15.2 ++ - run-checks: check for dirty build tree too ++ - vendor: run ./get-deps.sh to update the secboot hash ++ - tests: update listing test for "-dirty" versions ++ - overlord/devicestate: do not release the state lock when updating ++ gadget assets ++ - secboot: read kernel efi image from snap file ++ - snap: add size to the random access file return interface ++ - daemon: correctly parse Content-Type HTTP header. ++ - tests: account for apt-get on core18 ++ - cmd/snap-bootstrap/initramfs-mounts: compute string outside of ++ loop ++ - mkversion.sh: simple hack to include dirty in version if the tree ++ is dirty ++ - cgroup,snap: track hooks on system bus only ++ - interfaces/systemd: compare dereferenced Service ++ - run-checks: only check files in git for misspelling ++ - osutil: add a package doc comment (via doc.go) ++ - boot: complain about reused asset name during initial install ++ - snapstate: installSize helper that calculates total size of snaps ++ and their prerequisites ++ - snapshots: export of snapshots ++ - boot/initramfs_test.go: reset boot vars on the bootloader for each ++ iteration ++ ++ -- Michael Vogt Tue, 29 Sep 2020 17:19:13 +0200 ++ ++snapd (2.46.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - interfaces: allow snap-update-ns to read ++ /proc/cmdline ++ - github: run macOS job with Go 1.14 ++ - o/snapstate, features: add feature flag for disk space check on ++ remove ++ - tests: account for apt-get on core18 ++ - mkversion.sh: include dirty in version if the tree ++ is dirty ++ - interfaces/systemd: compare dereferenced Service ++ - vendor.json: update mysterious secboot SHA again ++ ++ -- Michael Vogt Fri, 04 Sep 2020 17:42:54 +0200 ++ ++snapd (2.46-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1891134 ++ - logger: add support for setting snapd.debug=1 on kernel cmdline ++ - o/snapstate: check disk space before creating automatic snapshot ++ on remove ++ - boot, o/devicestate: observe existing recovery bootloader trusted ++ boot assets ++ - many: use transient scope for tracking apps and hooks ++ - features: add HiddenSnapFolder feature flag ++ - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 ++ too ++ - runinhibit: open the lock file in read-only mode in IsLocked ++ - cmd/s-b/initramfs-mounts: make recover -> run mode transition ++ automatic ++ - tests: update spread test for unknown plug/slot with snapctl is- ++ connected ++ - osutil: add OpenExistingLockForReading ++ - kernel: add kernel.Validate() ++ - interfaces: add vcio interface ++ - interfaces/{docker,kubernetes}-support: load overlay and support ++ systemd cgroup driver ++ - tests/lib/nested.sh: use more robust code for finding what loop ++ dev we mounted ++ - cmd/snap-update-ns: detach all bind-mounted file ++ - snap/snapenv: set SNAP_REAL_HOME ++ - packaging: umount /snap on purge in containers ++ - interfaces: misc policy updates xlvi ++ - secboot,cmd/snap-bootstrap: cross-check partitions before ++ unlocking, mounting ++ - boot: copy boot assets cache to new root ++ - gadget,kernel: add new kernel.{Info,Asset} struct and helpers ++ - o/hookstate/ctlcmd: make is-connected check whether the plug or ++ slot exists ++ - tests: find -ignore_readdir_race when scanning cgroups ++ - interfaces/many: deny arbitrary desktop files and misc from ++ /usr/share ++ - tests: use "set -ex" in prep-snapd-in-lxd.sh ++ - tests: re-enable udisks test on debian-sid ++ - cmd/snapd-generator: use PATH fallback if PATH is not set ++ - tests: disable udisks2 test on arch linux ++ - github: use latest/stable go, not latest/edge ++ - tests: remove support for ubuntu 19.10 from spread tests ++ - tests: fix lxd test wrongly tracking 'latest' ++ - secboot: document exported functions ++ - cmd: compile snap gdbserver shim correctly ++ - many: correctly calculate the desktop file prefix everywhere ++ - interfaces: add kernel-crypto-api interface ++ - corecfg: add "system.timezone" setting to the system settings ++ - cmd/snapd-generator: generate drop-in to use fuse in container ++ - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments ++ from previous PR ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - secboot,cmd/snap-bootstrap: don't import boot package from secboot ++ - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of ++ the-tool ++ - tests: work around broken update of systemd-networkd ++ - tests/main/install-fontconfig-cache-gen: enhance test by ++ verifying, add fonts to test ++ - o/devicestate: wrap asset update observer error ++ - boot: refactor such that bootStateUpdate20 mainly carries Modeenv ++ - mkversion.sh: disallow changelog versions that have git in it, if ++ we also have git version ++ - interfaces/many: miscellaneous updates for strict microk8s ++ - snap: fix repeated "cannot list recovery system" and add test ++ - boot: track trusted assets during initial install, assets cache ++ - vendor: update secboot to fix key data validation ++ - tests: unmount FUSE file-systems from XDG runtime dir ++ - overlord/devicestate: workaround non-nil interface with nil struct ++ - sandbox/cgroup: remove temporary workaround for multiple cgroup ++ writers ++ - sandbox/cgroup: detect dangling v2 cgroup ++ - bootloader: add helper for creating a bootloader based on gadget ++ - tests: support different images on nested execution ++ - many: reorg cmd/snapinfo.go into snap and new client/clientutil ++ - packaging/arch: use external linker when building statically ++ - tests: cope with ghost cgroupv2 ++ - tests: fix issues related to restarting systemd-logind.service ++ - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to ++ gadget updates ++ - vendor: update github.com/kr/pretty to fix diffs of values with ++ pointer cycles ++ - boot: move bootloaderKernelState20 impls to separate file ++ - .github/workflows: move snap building to test.yaml as separate ++ cached job ++ - tests/nested/manual/minimal-smoke: run core smoke tests in a VM ++ meeting minimal requirements ++ - osutil: add CommitAs to atomic file ++ - gadget: introduce content update observer ++ - bootloader: introduce TrustedAssetsBootloader, implement for grub ++ - o/snapshotstate: helpers for calculating disk space needed for an ++ automatic snapshot ++ - gadget/install: retrieve command lines from bootloader ++ - boot/bootstate20: unify commit method impls, rm ++ bootState20MarkSuccessful ++ - tests: add system information and image information when debug ++ info is displayed ++ - tests/main/cgroup-tracking: try to collect some information about ++ cgroups ++ - boot: introduce current_boot_assets and ++ current_recovery_boot_assets to modeenv ++ - tests: fix for timing issues on journal-state test ++ - many: remove usage and creation of hijacked pid cgroup ++ - tests: port regression-home-snap-root-owned to tests.session ++ - tests: run as hightest via tests.session ++ - github: run CLA checks on self-hosted workers ++ - github: remove Ubuntu 19.10 from actions workflow ++ - tests: remove End-Of-Life opensuse/fedora releases ++ - tests: remove End-Of-Life releases from spread.yaml ++ - tests: fix debug section of appstream-id test ++ - interfaces: check !b.preseed earlier ++ - tests: work around bug in systemd/debian ++ - boot: add deepEqual, Copy helpers for Modeenv to simplify ++ bootstate20 refactor ++ - cmd: add new "snap recovery" command ++ - interfaces/systemd: use emulation mode when preseeding ++ - interfaces/kmod: don't load kernel modules in kmod backend when ++ preseeding ++ - interfaces/udev: do not reload udevadm rules when preseeding ++ - cmd/snap-preseed: use snapd from the deb if newer than from seeds ++ - boot: fancy marshaller for modeenv values ++ - gadget, osutil: use atomic file copy, adjust tests ++ - overlord: use new tracking cgroup for refresh app awareness ++ - github: do not skip gofmt with Go 1.9/1.10 ++ - many: introduce content write observer, install mode glue, initial ++ seal stubs ++ - daemon,many: switch to use client.ErrorKind and drop the local ++ errorKind... ++ - tests: new parameters for nested execution ++ - client: move all error kinds into errors.go and add doc strings ++ - cmd/snap: display the error in snap debug seeding if seeding is in ++ error ++ - cmd/snap/debug/seeding: use unicode for proper yaml ++ - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty ++ recovery_mode ++ - osutil/disks: add mock disk and tests for happy path of mock disks ++ - tests: refresh/revert snapd in uc20 ++ - osutil/disks: use a dedicated error to indicate a fs label wasn't ++ found ++ - interfaces/system-key: in WriteSystemKey during tests, don't call ++ ParserFeatures ++ - boot: add current recovery systems to modeenv ++ - bootloader: extend managed assets bootloader interface to compose ++ a candidate command line ++ - interfaces: make the unmarshal test match more the comment ++ - daemon/api: use pointers to time.Time for debug seeding aspect ++ - o/ifacestate: update security profiles in connect undo handler ++ - interfaces: add uinput interface ++ - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit ++ tests ++ - o/devicestate: save seeding/preseeding times for use with debug ++ seeding api ++ - cmd/snap/debug: add "snap debug seeding" command for preseeding ++ debugging ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ - bootloader: compose command line with mode and extra arguments ++ - cmd/snap, daemon: detect and bail purge on multi-snap ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - interfaces/builtin/multipass: replace U+00A0 no-break space with ++ simple space ++ - bootloader/assets: generate bootloader assets from files ++ - many/tests/preseed: reset the preseeded images before preseeding ++ them ++ - tests: drop accidental accents from e ++ - secboot: improve key sealing tests ++ - tests: replace _wait_for_file_change with retry ++ - tests: new fs-state which replaces the files.sh helper ++ - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" ++ from path ++ - cmd/snap: track started apps and hooks ++ - tests/main/interfaces-pulseaudio: disable start limit checking for ++ pulseaudio service ++ - api: seeding debug api ++ - .github/workflows/snap-build.yaml: build the snapd snap via GH ++ Actions too ++ - tests: moving journalctl.sh to a new journal-state tool ++ - tests/nested/manual: add spread tests for cloud-init vuln ++ - bootloader/assets: helpers for registering per-edition snippets, ++ register snippets for grub ++ - data,packaging,wrappers: extend D-Bus service activation search ++ path ++ - spread: add opensuse 15.2 and tumbleweed for qemu ++ - overlord,o/devicestate: restrict cloud-init on Ubuntu Core ++ - sysconfig/cloudinit: add RestrictCloudInit ++ - cmd/snap-preseed: check that target path exists and is a directory ++ on --reset ++ - tests: check for pids correctly ++ - gadget,gadget/install: refactor partition table update ++ - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState ++ type ++ - interface/fwupd: add more policies for making fwupd upstream ++ strict ++ - tests: new to-one-line tool which replaces the strings.sh helper ++ - interfaces: new helpers to get and compare system key, for use ++ with seeding debug api ++ - osutil, many: add helper for checking whether the process is a go ++ test binary ++ - cmd/snap-seccomp/syscalls: add faccessat2 ++ - tests: adjust xdg-open after launcher changes ++ - tests: new core config helper ++ - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- ++ open ++ - cmd/snap-preseed: handle relative chroot path ++ - snapshotstate: move sizer to osutil.Sizer() ++ - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref ++ kernel tests ++ - gadget/install,secboot: use snapcore/secboot luks2 api ++ - boot/initramfs_test.go: add Commentf to more Assert()'s ++ - tests/lib: account for changes in arch package file name extension ++ - bootloader/bootloadertest: fix comment typo ++ - bootloader: add helper for getting recovery system environment ++ variables ++ - tests: preinstall shellcheck and run tests on focal ++ - strutil: add a helper for parsing kernel command line ++ - osutil: add CheckFreeSpace helper ++ - secboot: update tpm connection error handling ++ - packaging, cmd/snap-mgmt, tests: remove modules files on purge ++ - tests: add tests.cleanup helper ++ - packaging: add "ca-certificates" to build-depends ++ - tests: more checks in core20 early config spread test ++ - tests: fix some snapstate tests to use pointers for ++ snapmgrTestSuite ++ - boot: better naming of helpers for obtaining kernel command line ++ - many: use more specific check for unit test mocking ++ - systemd/escape: fix issues with "" and "\t" handling ++ - asserts: small improvements and corrections for sequence-forming ++ assertions' support ++ - boot, bootloader: query kernel command line of run mod and ++ recovery mode systems ++ - snap/validate.go: disallow snap layouts with new top-level ++ directories ++ - tests: allow to add a new label to run nested tests as part of PR ++ validation ++ - tests/core/gadget-update-pc: port to UC20 ++ - tests: improve nested tests flexibility ++ - asserts: integer headers: disallow prefix zeros and make parsing ++ more uniform ++ - asserts: implement Database.FindSequence ++ - asserts: introduce SequenceMemberAfter in the asserts backstores ++ - spread.yaml: remove tests/lib/tools from PATH ++ - overlord: refuse to install snaps whose activatable D-Bus services ++ conflict with installed snaps ++ - tests: shorten lxd-state undo-mount-changes ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - tests: fix argument handling of apt-state ++ - tests: rename lxd-tool to lxd-state ++ - tests: rename user-tool to user-state, fix --help ++ - interfaces: add gconf interface ++ - sandbox/cgroup: avoid parsing security tags twice ++ - tests: rename version-tool to version-compare ++ - cmd/snap-update-ns: handle anomalies better ++ - tests: fix call to apt.Package.mark_install(auto_inst=True) ++ - tests: rename mountinfo-tool to mountinfo.query ++ - tests: rename memory-tool to memory-observe-do ++ - tests: rename invariant-tool to tests.invariant ++ - tests: rename apt-tool to apt-state ++ - many: managed boot config during run mode setup ++ - asserts: introduce the concept of sequence-forming assertion types ++ - tests: tweak comments/output in uc20-recovery test ++ - tests/lib/pkgdb: do not use quiet when purging debs ++ - interfaces/apparmor: allow snap-specific /run/lock ++ - interfaces: add system-source-code for access to /usr/src ++ - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data ++ - gadget/install: move udev trigger to gadget/install ++ - many: make nested spread tests more reliable ++ - tests/core/uc20-recovery: apply hack to get gopath in recover mode ++ w/ external backend ++ - tests: enable tests on uc20 which now work with the real model ++ assertion ++ - tests: enable system-snap-refresh test on uc20 ++ - gadget, bootloader: preserve managed boot assets during gadget ++ updates ++ - tests: fix leaked dbus-daemon in selinux-clean ++ - tests: add servicestate.Control tests ++ - tests: fix "restart.service" ++ - wrappers: helper for enabling services - extract and move enabling ++ of services into a helper ++ - tests: new test to validate refresh and revert of kernel and ++ gadget on uc20 ++ - tests/lib/prepare-restore: collect debug info when prepare purge ++ fails ++ - bootloader: allow managed bootloader to update its boot config ++ - tests: Remove unity test from nightly test suite ++ - o/devicestate: set mark-seeded to done in the task itself ++ - tests: add spread test for disconnect undo caused by failing ++ disconnect hook ++ - sandbox/cgroup: allow discovering PIDs of given snap ++ - osutil/disks: support IsDecryptedDevice for mountpoints which are ++ dm devices ++ - osutil: detect autofs mounted in /home ++ - spread.yaml: allow amazon-linux-2-64 qemu with ++ ec2-user/ec2-user ++ - usersession: support additional zoom URL schemes ++ - overlord: mock timings.DurationThreshold in TestNewWithGoodState ++ - sandbox/cgroup: add tracking helpers ++ - tests: detect stray dbus-daemon ++ - overlord: refuse to install snaps providing user daemons on Ubuntu ++ 14.04 ++ - many: move encryption and installer from snap-boostrap to gadget ++ - o/ifacestate: fix connect undo handler ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - bootloader: introduce managed bootloader, implement for grub ++ - tests: fix incorrect check in smoke/remove test ++ - asserts,seed: split handling of essential/not essential model ++ snaps ++ - gadget: fix typo in mounted filesystem updater ++ - gadget: do only one mount point lookup in mounted fs updater ++ - tests/core/snap-auto-mount: try to make the test more robust ++ - tests: adding ubuntu-20.04 to google-sru backend ++ - o/servicestate: add updateSnapstateServices helper ++ - bootloader: pull recovery grub config from internal assets ++ - tests/lib/tools: apply linger workaround when needed ++ - overlord/snapstate: graceful handling of denied "managed" refresh ++ schedule ++ - snapstate: fix autorefresh from classic->strict ++ - overlord/configstate: add system.kernel.printk.console-loglevel ++ option ++ - tests: fix assertion disk handling for nested UC systems ++ - snapstate: use testutil.HostScaledTimeout() in snapstate tests ++ - tests: extra worker for google-nested backend to avoid timeout ++ error on uc20 ++ - snapdtool: helper to check whether the current binary is reexeced ++ from a snap ++ - tests: mock servicestate in api tests to avoid systemctl checks ++ - many: rename back snap.Info.GetType to Type ++ - tests/lib/cla_check: expect explicit commit range ++ - osutil/disks: refactor diskFromMountPointImpl a bit ++ - o/snapstate: service-control task handler ++ - osutil: add disks pkg for associating mountpoints with ++ disks/partitions ++ - gadget,cmd/snap-bootstrap: move partitioning to gadget ++ - seed: fix LoadEssentialMeta when gadget is not loaded ++ - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo ++ secure_path ++ - asserts: introduce new assertion validation-set ++ - asserts,daemon: add support for "serials" field in system-user ++ assertion ++ - data/sudo: drop a failed sudo secure_path workaround ++ - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat ++ - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg ++ - spread.yaml: update secure boot attribute name ++ - interfaces/block_devices: add NVMe subsystem devices, support ++ multipath paths ++ - tests: use the "jq" snap from the edge channel ++ - tests: simplify the tpm test by removing the test-snapd-mokutil ++ snap ++ - boot/bootstate16.go: clean snap_try_* vars when not in Trying ++ status too ++ - tests/main/sudo-env: check snap path under sudo ++ - tests/main/lxd: add test for snaps inside nested lxd containers ++ not working ++ - asserts/internal: expand errors about invalid serialized grouping ++ labels ++ - usersession/userd: add msteams url support ++ - tests/lib/prepare.sh: adjust comment about sgdisk ++ - tests: fix how gadget pc is detected when the snap does not exist ++ and ls fails ++ - tests: move a few more tests to snapstate_update_test.go ++ - tests/main: add spread test for running svc from install hook ++ - tests/lib/prepare: increase the size of the uc16/uc18 partitions ++ - tests/special-home-can-run-classic-snaps: re-enable ++ - workflow: test PR title as part of the static checks again ++ - tests/main/xdg-open-compat: backup and restore original xdg-open ++ - tests: move update-related tests to snapstate_update_test.go ++ - cmd,many: move Version and bits related to snapd tools to ++ snapdtool, merge cmdutil ++ - tests/prepare-restore.sh: reset-failed systemd-journald before ++ restarting ++ - interfaces: misc small interface updates ++ - spread: use find rather than recursive ls, skip mounted snaps ++ - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls ++ /var/lib/snapd ++ - tests: enable snap-auto-mount test on core20 ++ - cmd/snap: do not show $PATH warning when executing under sudo on a ++ known distro ++ - asserts/internal: add some iteration benchmarks ++ - sandbox/cgroup: improve pid parsing code ++ - snap: add new `snap run --experimental-gdbserver` option ++ - asserts/internal: limit Grouping size switching to a bitset ++ representationWe don't always use the bit-set representation ++ because: ++ - snap: add an activates-on property to apps for D-Bus activation ++ - dirs: delete unused Cloud var, fix typo ++ - sysconfig/cloudinit: make callers of DisableCloudInit use ++ WritableDefaultsDir ++ - tests: fix classic ubuntu core transition auth ++ - tests: fail in setup_reflash_magic() if there is snapd state left ++ - tests: port interfaces-many-core-provided to tests.session ++ - tests: wait after creating partitions with sfdisk ++ - bootloader: introduce bootloarder assets, import grub.cfg with an ++ edition marker ++ - riscv64: bump timeouts ++ - gadget: drop dead code, hide exports that are not used externally ++ - tests: port 2 uc20 part1 ++ - tests: fix bug waiting for snap command to be ready ++ - tests: move try-related tests to snapstate_try_test.go ++ - tests: add debug for 20.04 prepare failure ++ - travis.yml: removed, all our checks run in GH actions now ++ - tests: clean up up the use of configcoreSuite in the configcore ++ tests ++ - sandbox/cgroup: remove redundant pathOfProcPidCgroup ++ - sandbox/cgroup: add tests for ParsePids ++ - tests: fix the basic20 test for uc20 on external backend ++ - tests: use configcoreSuite in journalSuite and remove some ++ duplicated code ++ - tests: move a few more tests to snapstate_install_test ++ - tests: assorted small patches ++ - dbusutil/dbustest: separate license from package ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ - tests: check that host settings like hostname are settable on core ++ - tests: port xdg-settings test to tests.session ++ - tests: port snap-handle-link test to tests.session ++ - arch: add riscv64 ++ - tests: core20 early defaults spread test ++ - tests: move install tests from snapstate_test.go to ++ snapstate_install_test.go ++ - github: port macOS sanity checks from travis ++ - data/selinux: allow checking /var/cache/app-info ++ - o/devicestate: core20 early config from gadget defaults ++ - tests: autoremove after removing lxd in preseed-lxd test ++ - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot ++ - sandbox/cgroup: move FreezerCgroupDir from dirs.go ++ - tests: update the file used to detect the boot path on uc20 ++ - spread.yaml: show /var/lib/snapd in debug ++ - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + ++ netplan files ++ - snap/naming: add helpers to parse app and hook security tags ++ - tests: modernize retry tool ++ - tests: fix and trim debug section in xdg-open-portal ++ - tests: modernize and use snapd.tool ++ - vendor: update to latest github.com/snapcore/bolt for riscv64 ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - interfaces/system-packages-doc: fix typo in variable names ++ - tests: port interfaces-calendar-service to tests.session ++ - tests: install/run the lzo test snap too ++ - snap: (small) refactor of `snap download` code for ++ testing/extending ++ - data: fix shellcheck warnings in snapd.sh.in ++ - packaging: disable buildmode=pie for riscv64 ++ - tests: install test-snapd-rsync snap from edge channel ++ - tests: modernize tests.session and port everything using it ++ - tests: add ubuntu 20.10 to spread tests ++ - cmd/snap/remove: mention snap restore/automatic snapshots ++ - dbusutil: move all D-Bus helpers and D-Bus test helpers ++ - wrappers: pass 'disable' flag to StopServices wrapper ++ - osutil: enable riscv64 build ++ - snap/naming: add ParseSecurityTag and friends ++ - tests: port document-portal-activation to session-tool ++ - bootloader: rename test helpers to reflect we are mocking EFI boot ++ locations ++ - tests: disable test of nfs v3 with udp proto on debian-sid ++ - tests: plan to improve the naming and uniformity of utilities ++ - tests: move *-tool tests to their own suite ++ - snap-bootstrap: remove sealed key file on reinstall ++ - bootloader/ubootenv: don't panic with an empty uboot env ++ - systemd: rename actualFsTypeAndMountOptions to ++ hostFsTypeAndMountOptions ++ - daemon: fix filtering of service-control changes for snap.app ++ - tests: spread test for preseeding in lxd container ++ - tests: fix broken snapd.session agent.socket ++ - wrappers: add RestartServices function and ReloadOrRestart to ++ systemd ++ - o/cmdstate: handle ignore flag on exec-command tasks ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - tests: update statx test to run on all LTS releases ++ - configcore: show better error when disabling services ++ - interfaces: add hugepages-control ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases ++ - tests: skip interfaces-openvswitch for centos 8 in nightly suite ++ - tests: reload systemd --user for root, if present ++ - tests: reload systemd after editing /etc/fstab ++ - tests: add missing dependencies needed for sbuild test on debian ++ - tests: reload systemd after removing pulseaudio ++ - image, tests: core18 early config. ++ - interfaces: add system-packages-doc interface ++ - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when ++ preseeding ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: improve oom-vitality tests ++ - tests: add fedora 32 to spread.yaml ++ - config: apply vitality-hint immediately when the config changes ++ - tests: port snap-routine-portal-info to session-tool ++ - configcore: add "service.console-conf.disable" config option ++ - tests: port xdg-open to session-tool ++ - tests: port xdg-open-compat to session-tool ++ - tests: port interfaces-desktop-* to session-tool ++ - spread.yaml: apply yaml formatter/linter ++ - tests: port interfaces-wayland to session-tool ++ - o/devicestate: refactor current system handling ++ - snap-mgmt: perform cleanup of user services ++ - snap/snapfile,squashfs: followups from 8729 ++ - boot, many: require mode in modeenv ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests: log stderr from dbus-monitor ++ - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers ++ tag ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - data/selinux: allow snapd to remove/create the its socket ++ - testutil/exec.go: set PATH after running shellcheck ++ - tests: silence stderr from dbus-monitor ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - github: remove workaround for bug 133 in actions/cache ++ - tests: remove dbus.sh ++ - cmd/snap-preseed: improve mountpoint checks of the preseeded ++ chroot ++ - spread.yaml: add ps aux to debug section ++ - github: run all spread systems in a single go with cached results ++ - test: session-tool cli tweaks ++ - asserts: rest of the Pool API ++ - tests: port interfaces-network-status-classic to session-tool ++ - packaging: remove obsolete 16.10,17.04 symlinks ++ - tests: setup portals before starting user session ++ - o/devicestate: typo fix ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - cmd/snap/model: support store, system-user-authority keys in ++ --verbose ++ - o/devicestate: raise conflict when requesting system action while ++ seeding ++ - tests: detect signs of crashed snap-confine ++ - tests: sign kernel and gadget to run nested tests using current ++ snapd code ++ - tests: remove gnome-online-accounts we install ++ - tests: fix the issue where all the tests were executed on secboot ++ system ++ - tests: port interfaces-accounts-service to session-tool ++ - interfaces/network-control: bring /var/lib/dhcp from host ++ - image,cmd/snap,tests: add support for store-wide cohort keys ++ - configcore: add nomanagers buildtag for conditional build ++ - tests: port interfaces-password-manager-service to session-tool ++ - o/devicestate: cleanup system actions supported by recover mode ++ - snap-bootstrap: remove create-partitions and update tests ++ - tests: fix nested tests ++ - packaging/arch: update PKGBUILD to match one in AUR ++ - tests: port interfaces-location-control to session-tool ++ - tests: port interfaces-contacts-service to session-tool ++ - state: log task errors in the journal too ++ - o/devicestate: change how current system is reported for different ++ modes ++ - devicestate: do not report "ErrNoState" for seeded up ++ - tests: add a note about broken test sequence ++ - tests: port interfaces-autopilot-introspection to session-tool ++ - tests: port interfaces-dbus to session-tool ++ - packaging: update sid packaging to match 16.04+ ++ - tests: enable degraded test on uc20 ++ - c/snaplock/runinhibit: add run inhibition operations ++ - tests: detect and report root-owned files in /home ++ - tests: reload root's systemd --user after snapd tests ++ - tests: test registration with serial-authority: [generic] ++ - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- ++ key in recover ++ - tests/mount-ns: stop binfmt_misc mount unit ++ - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition ++ uuid if available ++ - daemon, tests: indicate system mode, test switching to recovery ++ and back to run ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - tests/mount-ns: update to reflect new UEFI boot mode ++ - usersession,tests: clean ups for userd/settings.go and move ++ xdgopenproxy under usersession ++ - tests: disable mount-ns test ++ - tests: test user belongs to systemd-journald, on core20 ++ - tests: run core/snap-set-core-config on uc20 too ++ - tests: remove generated session-agent units ++ - sysconfig: use new _writable_defaults dir to create cloud config ++ - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for ++ future work ++ - asserts: make clearer that with label we mean a serialized label ++ - cmd/snap-bootstrap: tweak recovery trigger log messages ++ - asserts: introduce PoolTo ++ - userd: allow setting default-url-scheme-handler ++ - secboot: append uuid to ubuntu-data when decrypting ++ - o/configcore: pass extra options to FileSystemOnlyApply ++ - tests: add dbus-user-session to bionic and reorder package names ++ - boot, bootloader: adjust comments, expand tests ++ - tests: improve debugging of user session agent tests ++ - packaging: add the inhibit directory ++ - many: add core.resiliance.vitality-hint config setting ++ - tests: test adjustments and fixes for recently published images ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to ++ secboot ++ - tests: not fail when boot dir cannot be determined ++ - tests: new directory used to store the cloud images on gce ++ - tests: inject snapd from edge into seeds of the image in manual ++ preseed test ++ - usersession/agent,wrappers: fix races between Shutdown and Serve ++ - tests: add dependency needed for next upgrade of bionic ++ - tests: new test user is used for external backend ++ - cmd/snap: fix the order of positional parameters in help output ++ - tests: don't create root-owned things in ~test ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - progress: tweak multibyte label unit test data ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data ++ - wrappers: allow user mode systemd daemons ++ - progress: fix progress bar with multibyte duration units ++ - tests: fix raciness in pulseaudio test ++ - asserts/internal: introduce Grouping and Groupings ++ - tests: remove user.sh ++ - tests: pair of follow-ups from earlier reviews ++ - overlord/snapstate: warn of refresh/postpone events ++ - configcore,tests: use daemon-reexec to apply watchdog config ++ - c/snap-bootstrap: check mount states via initramfsMountStates ++ - store: implement DownloadAssertions ++ - tests: run smoke test with different bases ++ - tests: port user-mounts test to session-tool ++ - store: handle error-list in fetch-assertions results ++ - tests: port interfaces-audio-playback-record to session-tool ++ - data/completion: add `snap` command completion for zsh ++ - tests/degraded: ignore failure in systemd-vconsole-setup.service ++ - image: stub implementation of image.Prepare for darwin ++ - tests: session-tool --restore -u stops user-$UID.slice ++ - o/ifacestate/handlers.go: fix typo ++ - tests: port pulseaudio test to session-tool ++ - tests: port user-session-env to session-tool ++ - tests: work around journald bug in core16 ++ - tests: add debug to core-persistent-journal test ++ - tests: port selinux-clean to session-tool ++ - tests: port portals test to session-tool, fix portal tests on sid ++ - tests: adding option --no-install-recommends option also when ++ install all the deps ++ - tests: add session-tool --has-systemd-and-dbus ++ - packaging/debian-sid: add gcc-multilib to build deps ++ - osutil: expand FileLock to support shared locks and more ++ - packaging: stop depending on python-docutils ++ - store,asserts,many: support the new action fetch-assertions ++ - tests: port snap-session-agent-* to session-tool ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - tests: fix for preseeding failures ++ ++ -- Michael Vogt Tue, 25 Aug 2020 17:26:21 +0200 ++ ++snapd (2.45.3.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/ifacestate: fix bug in snapsWithSecurityProfiles ++ - tests/main/selinux-clean: workaround SELinux denials triggered by ++ linger setup on Centos8 ++ ++ -- Samuele Pedroni Tue, 28 Jul 2020 21:43:38 +0200 ++ ++snapd (2.45.3-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - many: backport _writable_defaults dir changes ++ - tests: fix incorrect check in smoke/remove test ++ - cmd/snap-bootstrap,seed: backport of uc20 PRs ++ - tests: avoid exit when nested type var is not defined ++ - cmd/snap-preseed: backport fixes ++ - interfaces: optimize rules of multiple connected iio/i2c/spi plugs ++ - many: cherry-picks for 2.45, gh-action, test fixes ++ - tests/lib: account for changes in arch package file name extension ++ - postrm, snap-mgmt: cleanup modules and other cherry-picks ++ - snap-confine: don't die if a device from sysfs path cannot be ++ found by udev ++ - data/selinux: update policy to allow forked processes to call ++ getpw*() ++ - tests/main/interfaces-time-control: exercise setting time via date ++ - interfaces/builtin/time-control: allow POSIX clock API ++ - usersession/userd: add "slack" to the white list of URL schemes ++ handled by xdg-open ++ ++ -- Zygmunt Krynicki Mon, 27 Jul 2020 12:01:14 +0200 ++ ++snapd (2.45.2-1) unstable; urgency=high ++ ++ * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open ++ implementation ++ - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment ++ variable modification when calling the system xdg-open. Patch ++ thanks to James Henstridge ++ - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is ++ restarted. Patch thanks to Michael Vogt ++ - CVE-2020-11934 ++ * SECURITY UPDATE: arbitrary code execution vulnerability on core ++ devices with access to physical removable media ++ - devicestate: Disable/restrict cloud-init after seeding. ++ - CVE-2020-11933 ++ ++ -- Michael Vogt Fri, 10 Jul 2020 20:06:29 +0200 ++ ++snapd (2.45.1-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - data/selinux: allow checking /var/cache/app-info ++ - cmd/snap-confine: add support for libc6-lse ++ - interfaces: miscellaneous policy updates xlv ++ - snap-bootstrap: remove sealed key file on reinstall ++ - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ ++ - gadget: make ext4 filesystems with or without metadata checksum ++ - interfaces/fwupd: allow bind mount to /boot on core ++ - tests: cherry-pick test fixes from master ++ - snap/squashfs: also symlink snap Install with uc20 seed snap dir ++ layout ++ - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed ++ devices ++ - snap,many: mv Open to snapfile pkg to support add'l options to ++ Container methods ++ - interfaces/builtin/desktop: do not mount fonts cache on distros ++ with quirks ++ - devicestate, sysconfig: revert support for cloud.cfg.d/ in the ++ gadget ++ - data/completion, packaging: cherry-pick zsh completion ++ - state: log task errors in the journal too ++ - devicestate: do not report "ErrNoState" for seeded up ++ - interfaces/desktop: silence more /var/lib/snapd/desktop/icons ++ denials ++ - packaging/fedora: disable FIPS compliant crypto for static ++ binaries ++ - packaging: stop depending on python-docutils ++ ++ -- Michael Vogt Fri, 05 Jun 2020 15:13:49 +0200 ++ ++snapd (2.45-1) unstable; urgency=medium ++ ++ * New upstream release, LP: #1875071 ++ - o/devicestate: support doing system action reboots from recover ++ mode ++ - vendor: update to latest secboot ++ - tests: not fail when boot dir cannot be determined ++ - configcore: only reload journald if systemd is new enough ++ - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data ++ when decrypting ++ - tests/lib/prepare.sh: delete patching of the initrd ++ - cmd/snap: coldplug auto-import assertions from all removable ++ devices ++ - cmd/snap: fix the order of positional parameters in help output ++ - c/snap-bootstrap: port mount state mocking to the new style on ++ master ++ - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy ++ as well ++ - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, ++ unlock in recover mode initramfs ++ - progress: tweak multibyte label unit test data ++ - gadget: fix fallback device lookup for 'mbr' type structures ++ - progress: fix progress bar with multibyte duration units ++ - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 ++ - many: put the sealed keys in a directory on seed for tidiness ++ - cmd/snap-bootstrap: measure epoch and model before unlocking ++ encrypted data ++ - o/configstate: core config handler for persistent journal ++ - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 ++ - packaging: add "$TAGS" to dh_auto_test for debian packaging ++ - tests: ensure $cache_dir is actually available ++ - secboot,cmd/snap-bootstrap: add model to pcr protection profile ++ - devicestate: do not use snap-boostrap in devicestate to install ++ - tests: fix a typo in nested.sh helper ++ - devicestate: add support for cloud.cfg.d config from the gadget ++ - cmd/snap-bootstrap: cleanups, naming tweaks ++ - testutil: add NewDBusTestConn ++ - snap-bootstrap: lock access to sealed keys ++ - overlord/devicestate: preserve the current model inside ubuntu- ++ boot ++ - interfaces/apparmor: use differently templated policy for non-core ++ bases ++ - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing ++ syscalls ++ - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, ++ other misc changes ++ - o/snapstate: tweak "waiting for restart" message ++ - boot: store model model and grade information in modeenv ++ - interfaces/firewall-control: allow -legacy and -nft for core20 ++ - boot: enable makeBootable20RunMode for EnvRefExtractedKernel ++ bootloaders ++ - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 ++ implementation ++ - daemon: fix error message from `snap remove-user foo` on classic ++ - overlord: have a variant of Mock that can take a state.State ++ - tests: 16.04 and 18.04 now have mediating pulseaudio (again) ++ - seed: clearer errors for missing essential snapd or core snap ++ - cmd/snap-bootstrap/initramfs-mounts: support ++ EnvRefExtractedKernelBootloader's ++ - gadget, cmd/snap-bootstrap: MBR schema support ++ - image: improve/adjust DownloadSnap doc comment ++ - asserts: introduce ModelGrade.Code ++ - tests: ignore user-12345 slice and service ++ - image,seed/seedwriter: support redirect channel aka default ++ tracks ++ - bootloader: use binary.Read/Write ++ - tests: uc20 nested suite part II ++ - tests/boot: refactor to make it easier for new ++ bootloaderKernelState20 impl ++ - interfaces/openvswitch: support use of ovs-appctl ++ - snap-bootstrap: copy auth data from real ubuntu-data in recovery ++ mode ++ - snap-bootstrap: seal and unseal encryption key using tpm ++ - tests: disable special-home-can-run-classic-snaps due to jenkins ++ repo issue ++ - packaging: fix build on Centos8 to support BUILDTAGS ++ - boot/bootstate20: small changes to bootloaderKernelState20 ++ - cmd/snap: Implement a "snap routine file-access" command ++ - spread.yaml: switch back to latest/candidate for lxd snap ++ - boot/bootstate20: re-factor kernel methods to use new interface ++ for state ++ - spread.yaml,tests/many: use global env var for lxd channel ++ - boot/bootstate20: fix bug in try-kernel cleanup ++ - config: add system.store-certs.[a-zA-Z0-9] support ++ - secboot: key sealing also depends on secure boot enabled ++ - httputil: fix client timeout retry tests ++ - cmd/snap-update-ns: handle EBUSY when unlinking files ++ - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 ++ vars ++ - secboot: add tpm support helpers ++ - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for ++ kernel and gadget ++ - cmd/snap-bootstrap: switch to a 64-byte key for unlocking ++ - tests: preserve size for centos images on spread.yaml ++ - github: partition the github action workflows ++ - run-checks: use consistent "Checking ..." style messages ++ - bootloader: add efi pkg for reading efi variables ++ - data/systemd: do not run snapd.system-shutdown if finalrd is ++ available ++ - overlord: update tests to work with latest go ++ - cmd/snap: do not hide debug boot-vars on core ++ - cmd/snap-bootstrap: no error when not input devices are found ++ - snap-bootstrap: fix partition numbering in create-partitions ++ - httputil/client_test.go: add two TLS version tests ++ - tests: ignore user@12345.service hierarchy ++ - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things ++ - tests: rewrite timeserver-control test ++ - tests: fix racy pulseaudio tests ++ - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS ++ - tests: update snap-preseed --reset logic to accommodate for 2.44 ++ change ++ - cmd/snap: don't wait for system key when stopping ++ - sandbox/cgroup: avoid making arrays we don't use ++ - osutil: mock proc/self/mountinfo properly everywhere ++ - selinux: export MockIsEnforcing; systemd: use in tests ++ - tests: add 32 bit machine to GH actions ++ - tests/session-tool: kill cron session, if any ++ - asserts: it should be possible to omit many snap-ids if allowed, ++ fix ++ - boot: cleanup more things, simplify code ++ - github: skip spread jobs when corresponding label is set ++ - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor ++ pkg ++ - tests/session-tool: add session-tool --dump ++ - github: allow cached debian downloads to restore ++ - tests/session-tool: session ordering is non-deterministic ++ - tests: enable unit tests on debian-sid again ++ - github: move spread to self-hosted workers ++ - secboot: import secboot on ubuntu, provide dummy on !ubuntu ++ - overlord/devicestate: support for recover and run modes ++ - snap/naming: add validator for snap security tag ++ - interfaces: add case for rootWritableOverlay + NFS ++ - tests/main/uc20-create-partitions: tweaks, renames, switch to ++ 20.04 ++ - github: port CLA check to Github Actions ++ - interfaces/many: miscellaneous policy updates xliv ++ - configcore,tests: fix setting watchdog options on UC18/20 ++ - tests/session-tool: collect information about services on startup ++ - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- ++ partitions ++ - state: add state.CopyState() helper ++ - tests/session-tool: stop anacron.service in prepare ++ - interfaces: don't use the owner modifier for files shared via ++ document portal ++ - systemd: move the doc comments to the interface so they are ++ visible ++ - cmd/snap-recovery-chooser: tweaks ++ - interfaces/docker-support: add overlayfs file access ++ - packaging: use debian/not-installed to ignore snap-preseed ++ - travis.yml: disable unit tests on travis ++ - store: start splitting store.go and store_test.go into subtopic ++ files ++ - tests/session-tool: stop cron/anacron from meddling ++ - github: disable fail-fast as spread cannot be interrupted ++ - github: move static checks and spread over ++ - tests: skip "/etc/machine-id" in "writablepaths" test ++ - snap-bootstrap: store encrypted partition recovery key ++ - httputil: increase testRetryStrategy max timelimit to 5s ++ - tests/session-tool: kill leaking closing session ++ - interfaces: allow raw access to USB printers ++ - tests/session-tool: reset failed session-tool units ++ - httputil: increase httpclient timeout in ++ TestRetryRequestTimeoutHandling ++ - usersession: extend timerange in TestExitOnIdle ++ - client: increase timeout in client tests to 100ms ++ - many: disentagle release and snapdenv from sandbox/* ++ - boot: simplify modeenv mocking to always write a modeenv ++ - snap-bootstrap: expand data partition on install ++ - o/configstate: add backlight option for core config ++ - cmd/snap-recovery-chooser: add recovery chooser ++ - features: enable robust mount ns updates ++ - snap: improve TestWaitRecovers test ++ - sandbox/cgroup: add ProcessPathInTrackingCgroup ++ - interfaces/policy: fix comment in recent new test ++ - tests: make session tool way more robust ++ - interfaces/seccomp: allow passing an address to setgroups ++ - o/configcore: introduce core config handlers (3/N) ++ - interfaces: updates to login-session-observe, network-manager and ++ modem-manager interfaces ++ - interfaces/policy/policy_test.go: add more tests'allow- ++ installation: false' and we grant based on interface attributes ++ - packaging: detect/disable broken seed in the postinst ++ - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia ++ library ++ - tests: remove google-tpm backend from spread.yaml ++ - tests: install dependencies with apt using --no-install-recommends ++ - usersession/userd: add zoommtg url support ++ - snap-bootstrap: fix disk layout sanity check ++ - snap: add `snap debug state --is-seeded` helper ++ - devicestate: generate warning if seeding fails ++ - config, features: move and rename config.GetFeatureFlag helper to ++ features.Flag ++ - boot, overlord/devicestate, daemon: implement requesting boot ++ into a given recovery system ++ - xdgopenproxy: forward requests to the desktop portal ++ - many: support immediate reboot ++ - store: search v2 tweaks ++ - tests: fix cross build tests when installing dependencies ++ - daemon: make POST /v2/systems/