From: Michael Vogt Date: Fri, 22 Jan 2021 09:13:11 +0000 (+0000) Subject: Import snapd_2.48.2-3.debian.tar.xz X-Git-Tag: archive/raspbian/2.48.2-3+rpi1^2~11^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f58b28c2c8856207b323b25fa9a7a1f83116f078;p=snapd.git Import snapd_2.48.2-3.debian.tar.xz [dgit import tarball snapd 2.48.2-3 snapd_2.48.2-3.debian.tar.xz] --- f58b28c2c8856207b323b25fa9a7a1f83116f078 diff --git a/README.Source b/README.Source new file mode 100644 index 00000000..2a4c1231 --- /dev/null +++ b/README.Source @@ -0,0 +1,35 @@ +# Overview + +The packaging is maintained in the upstream git repo at + +github.com/snapcore/snapd in the packaging/debian-sid dir + +Please push any debian changes back there to make packaging +easier. + +## Release a new version + +To release a new upstream version the following steps are +recommended: + + # one time setup + $ git clone git@salsa.debian.org:debian/snapd + $ cd snapd + $ git remote add upstream https://github.com/snapcore/snapd + + # releasing a new version + $ git fetch upstream + $ git merge upstream/ # e.g. upstream/2.44 + $ cp -ar packaging/debian-sid/* debian/ + # ensure to git add any new files + # set debian/changelog to UNRELEASED + $ git commit -a -m 'debian: sync packaging changes from upstream' + # update changelog + $ debcommit -ar + $ gbp buildpackage -S -d + # testbuild + $ pbuilder-dist sid update + $ pbuilder-dist sid build ../build-area/snapd_.dsc + $ dput ftp-master ../build-area/snapd__source.changes + + -- Michael Vogt , Wed, 18 Mar 2020 13:11:03 +0100 diff --git a/changelog b/changelog new file mode 100644 index 00000000..efa96ea4 --- /dev/null +++ b/changelog @@ -0,0 +1,6281 @@ +snapd (2.48.2-3) unstable; urgency=medium + + * debian/patches/0012-cherry-pick-pr9844: + - cherry pick PR#9844 to avoid leaking of errno in snap-confine + tests that caused i386 to FTBFS + + -- Michael Vogt Fri, 22 Jan 2021 10:13:11 +0100 + +snapd (2.48.2-2) unstable; urgency=medium + + * debian/rules: + - ignore usr/bin/genasse during arch-indep build too + + -- Michael Vogt Fri, 15 Jan 2021 18:32:45 +0100 + +snapd (2.48.2-1) unstable; urgency=medium + + * debian/patch/0011-cherry-pick-pr9809 + - Cherry-pick https://github.com/snapcore/snapd/pull/9809. + This skips the --help output unit tests for older go-flags + versions. + * New upstream release, LP: #1906690 + - tests: sign new nested-18|20* models to allow for generic serials + - secboot: add extra paranoia when waiting for that fde-reveal-key + - tests: backport netplan workarounds from #9785 + - secboot: add workaround for snapcore/core-initrd issue #13 + - devicestate: log checkEncryption errors via logger.Noticef + - tests: add nested spread end-to-end test for fde-hooks + - devicestate: implement checkFDEFeatures() + - boot: tweak resealing with fde-setup hooks + - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud- + init restrict file + - secboot: add new LockSealedKeys() that uses either TPM or + fde-reveal-key + - gadget: use "sealed-keys" to determine what method to use for + reseal + - boot: add sealKeyToModeenvUsingFdeSetupHook() + - secboot: use `fde-reveal-key` if available to unseal key + - cmd/snap-update-ns: fix sorting of overname mount entries wrt + other entries + - o/devicestate: save model with serial in the device save db + - devicestate: add runFDESetupHook() helper + - secboot,devicestate: add scaffoling for "fde-reveal-key" support + - hookstate: add new HookManager.EphemeralRunHook() + - update-pot: fix typo in plural keyword spec + - store,cmd/snap-repair: increase initial expontential time + intervals + - o/devicestate,daemon: fix reboot system action to not require a + system label + - github: run nested suite when commit is pushed to release branch + - tests: reset fakestore unit status + - tests: fix uc20-create-parition-* tests for updated gadget + - hookstate: implement snapctl fde-setup-{request,result} + - devicestate: make checkEncryption fde-setup hook aware + - client,snapctl: add naive support for "stdin" + - devicestate: support "storage-safety" defaults during install + - snap: use the boot-base for kernel hooks + - vendor: update secboot repo to avoid including secboot.test binary + + -- Michael Vogt Fri, 15 Jan 2021 09:11:00 +0100 + +snapd (2.48.1-1) unstable; urgency=medium + + * New upstream release, LP: #1906690 + - gadget: disable ubuntu-boot role validation check + + -- Michael Vogt Thu, 03 Dec 2020 17:43:30 +0100 + +snapd (2.48-1) unstable; urgency=medium + + * New upstream release, LP: #1904098 + - osutil: add KernelCommandLineKeyValue + - devicestate: implement boot.HasFDESetupHook + - boot/makebootable.go: set snapd_recovery_mode=install at image- + build time + - bootloader: use ForGadget when installing boot config + - interfaces/raw_usb: allow read access to /proc/tty/drivers + - boot: add scaffolding for "fde-setup" hook support for sealing + - tests: fix basic20 test on arm devices + - seed: make a shared seed system label validation helper + - snap: add new "fde-setup" hooktype + - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test + - secboot,cmd/snap-bootstrap: fix degraded mode cases with better + device handling + - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some + messiness + - tests/nested/manual/refresh-revert-fundamentals: temporarily + disable secure boot + - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all + boot modes + - many: address degraded recover mode feedback, cleanups + - tests: Use systemd-run on tests part2 + - tests: set the opensuse tumbleweed system as manual in spread.yaml + - secboot: call BlockPCRProtectionPolicies even if the TPM is + disabled + - vendor: update to current secboot + - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and + save + - spread.yaml: increase number of workers on 20.10 + - snap: add new `snap recovery --show-keys` option + - tests: minor test tweaks suggested in the review of 9607 + - snapd-generator: set standard snapfuse options when generating + units for containers + - tests: enable lxd test on ubuntu-core-20 and 16.04-32 + - interfaces: share /tmp/.X11-unix/ from host or provider + - tests: enable main lxd test on 20.10 + - cmd/s-b/initramfs-mounts: refactor recover mode to implement + degraded mode + - gadget/install: add progress logging + - packaging: keep secboot/encrypt_dummy.go in debian + - interfaces/udev: use distro specific path to snap-device-helper + - o/devistate: fix chaining of tasks related to regular snaps when + preseeding + - gadget, overlord/devicestate: validate that system supports + encrypted data before install + - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core + ESP layout + - many: add /v2/system-recovery-keys API and client + - secboot, many: return UnlockMethod from Unlock* methods for future + usage + - many: mv keys to ubuntu-boot, move model file, rename keyring + prefix for secboot + - tests: using systemd-run instead of manually create a systemd unit + - part 1 + - secboot, cmd/snap-bootstrap: enable or disable activation with + recovery key + - secboot: refactor Unlock...IfEncrypted to take keyfile + check + disks first + - secboot: add LockTPMSealedKeys() to lock access to keys + independently + - gadget: correct sfdisk arguments + - bootloader/assets/grub: adjust fwsetup menuentry label + - tests: new boot state tool + - spread: use the official image for Ubuntu 20.10, no longer an + unstable system + - tests/lib/nested: enable snapd logging to console for core18 + - osutil/disks: re-implement partition searching for disk w/ non- + adjacent parts + - tests: using the nested-state tool in nested tests + - many: seal a fallback object to the recovery boot chain + - gadget, gadget/install: move helpers to install package, refactor + unit tests + - dirs: add "gentoo" to altDirDistros + - update-pot: include file locations in translation template, and + extract strings from desktop files + - gadget/many: drop usage of gpt attr 59 for indicating creation of + partitions + - gadget/quantity: tweak test name + - snap: fix failing unittest for quantity.FormatDuration() + - gadget/quantity: introduce a new package that captures quantities + - o/devicestate,a/sysdb: make a backup of the device serial to save + - tests: fix rare interaction of tests.session and specific tests + - features: enable classic-preserves-xdg-runtime-dir + - tests/nested/core20/save: check the bind mount and size bump + - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 + - tests: rename hasHooks to hasInterfaceHooks in the ifacestate + tests + - o/devicestate: unit test tweaks + - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save + - testutil, cmd/snap/version: fix misc little errors + - overlord/devicestate: bind mount ubuntu-save under + /var/lib/snapd/save on startup + - gadget/internal: tune ext4 setting for smaller filesystems + - tests/nested/core20/save: a test that verifies ubuntu-save is + present and set up + - tests: update google sru backend to support groovy + - o/ifacestate: handle interface hooks when preseeding + - tests: re-enable the apt hooks test + - interfaces,snap: use correct type: {os,snapd} for test data + - secboot: set metadata and keyslots sizes when formatting LUKS2 + volumes + - tests: improve uc20-create-partitions-reinstall test + - client, daemon, cmd/snap: cleanups from #9489 + more unit tests + - cmd/snap-bootstrap: mount ubuntu-save during boot if present + - secboot: fix doc comment on helper for unlocking volume with key + - tests: add spread test for refreshing from an old snapd and core18 + - o/snapstate: generate snapd snap wrappers again after restart on + refresh + - secboot: version bump, unlock volume with key + - tests/snap-advise-command: re-enable test + - cmd/snap, snapmgr, tests: cleanups after #9418 + - interfaces: deny connected x11 plugs access to ICE + - daemon,client: write and read a maintenance.json file for when + snapd is shut down + - many: update to secboot v1 (part 1) + - osutil/disks/mockdisk: panic if same mountpoint shows up again + with diff opts + - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the + reseal tests + - many: implement snap routine console-conf-start for synchronizing + auto-refreshes + - dirs, boot: add ubuntu-save directories and related locations + - usersession: fix typo in test name + - overlord/snapstate: refactor ihibitRefresh + - overlord/snapstate: stop warning about inhibited refreshes + - cmd/snap: do not hardcode snapshot age value + - overlord,usersession: initial notifications of pending refreshes + - tests: add a unit test for UpdateMany where a single snap fails + - o/snapstate/catalogrefresh.go: don't refresh catalog in install + mode uc20 + - tests: also check snapst.Current in undo-unlink tests + - tests: new nested tool + - o/snapstate: implement undo handler for unlink-snap + - tests: clean systems.sh helper and migrate last set of tests + - tests: moving the lib section from systems.sh helper to os.query + tool + - tests/uc20-create-partitions: don't check for grub.cfg + - packaging: make sure that static binaries are indeed static, fix + openSUSE + - many: have install return encryption keys for data and save, + improve tests + - overlord: add link participant for linkage transitions + - tests: lxd smoke test + - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu- + seed too + - tests: moving main suite from systems.sh to os.query tool + - tests: moving the core test suite from systems.sh to os.query tool + - cmd/snap-confine: mask host's apparmor config + - o/snapstate: move setting updated SnapState after error paths + - tests: add value to INSTANCE_KEY/regular + - spread, tests: tweaks for openSUSE + - cmd/snap-confine: update path to snap-device-helper in AppArmor + profile + - tests: new os.query tool + - overlord/snapshotstate/backend: specify tar format for snapshots + - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested + UC20 + - client,daemon,snap: auto-import does not error on managed devices + - interfaces: PTP hardware clock interface + - tests: use tests.backup tool + - many: verify that unit tests work with nosecboot tag and without + secboot package + - wrappers: do not error out on read-only /etc/dbus-1/session.d + filesystem on core18 + - snapshots: import of a snapshot set + - tests: more output for sbuild test + - o/snapstate: re-order remove tasks for individual snap revisions + to remove current last + - boot: skip some unit tests when running as root + - o/assertstate: introduce + ValidationTrackingKey/ValidationSetTracking and basic methods + - many: allow ignoring running apps for specific request + - tests: allow the searching test to fail under load + - overlord/snapstate: inhibit startup while unlinked + - seed/seedwriter/writer.go: check DevModeConfinement for dangerous + features + - tests/main/sudo-env: snap bin is available on Fedora + - boot, overlord/devicestate: list trusted and managed assets + upfront + - gadget, gadget/install: support for ubuntu-save, create one during + install if needed + - spread-shellcheck: temporary workaround for deadlock, drop + unnecessary test + - snap: support different exit-code in the snap command + - logger: use strutil.KernelCommandLineSplit in + debugEnabledOnKernelCmdline + - logger: fix snapd.debug=1 parsing + - overlord: increase refresh postpone limit to 14 days + - spread-shellcheck: use single thread pool executor + - gadget/install,secboot: add debug messages + - spread-shellcheck: speed up spread-shellcheck even more + - spread-shellcheck: process paths from arguments in parallel + - tests: tweak error from tests.cleanup + - spread: remove workaround for openSUSE go issue + - o/configstate: create /etc/sysctl.d when applying early config + defaults + - tests: new tests.backup tool + - tests: add tests.cleanup pop sub-command + - tests: migration of the main suite to snaps-state tool part 6 + - tests: fix journal-state test + - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc + recover files + - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for + same IP addr + - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for + building snapd + - boot, gadget, bootloader: observer preserves managed bootloader + configs + - tests/nested/manual: add uc20 grade signed cloud-init test + - o/snapstate/autorefresh.go: eliminate race when launching + autorefresh + - daemon,snapshotstate: do not return "size" from Import() + - daemon: limit reading from snapshot import to Content-Length + - many: set/expect Content-Length header when importing snapshots + - github: switch from ::set-env command to environment file + - tests: migration of the main suite to snaps-state tool part 5 + - client: cleanup the Client.raw* and Client.do* method families + - tests: moving main suite to snaps-state tool part 4 + - client,daemon,snap: use constant for snapshot content-type + - many: fix typos and repeated "the" + - secboot: fix tpm connection leak when it's not enabled + - many: scaffolding for snapshots import API + - run-checks: run spread-shellcheck too + - interfaces: update network-manager interface to allow + ObjectManager access from unconfined clients + - tests: move core and regression suites to snaps-state tool + - tests: moving interfaces tests to snaps-state tool + - gadget: preserve files when indicated by content change observer + - tests: moving smoke test suite and some tests from main suite to + snaps-state tool + - o/snapshotstate: pass set id to backend.Open, update tests + - asserts/snapasserts: introduce ValidationSets + - o/snapshotstate: improve allocation of new set IDs + - boot: look at the gadget for run mode bootloader when making the + system bootable + - cmd/snap: allow snap help vs --all to diverge purposefully + - usersession/userd: separate bus name ownership from defining + interfaces + - o/snapshotstate: set snapshot set id from its filename + - o/snapstate: move remove-related tests to snapstate_remove_test.go + - desktop/notification: switch ExpireTimeout to time.Duration + - desktop/notification: add unit tests + - snap: snap help output refresh + - tests/nested/manual/preseed: include a system-usernames snap when + preseeding + - tests: fix sudo-env test + - tests: fix nested core20 shellcheck bug + - tests/lib: move to new directory when restoring PWD, cleanup + unpacked unpacked snap directories + - desktop/notification: add bindings for FDO notifications + - dbustest: fix stale comment references + - many: move ManagedAssetsBootloader into TrustedAssetsBootloader, + drop former + - snap-repair: add uc20 support + - tests: print all the serial logs for the nested test + - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid + bug in test + - cmd/snap/auto-import: stop importing system user assertions from + initramfs mnts + - osutil/group.go: treat all non-nil errs from user.Lookup{Group,} + as Unknown* + - asserts: deserialize grouping only once in Pool.AddBatch if needed + - gadget: allow content observer to have opinions about a change + - tests: new snaps-state command - part1 + - o/assertstate: support refreshing any number of snap-declarations + - boot: use test helpers + - tests/core/snap-debug-bootvars: also check snap_mode + - many/apparmor: adjust rules for reading profile/ execing new + profiles for new kernel + - tests/core/snap-debug-bootvars: spread test for snap debug boot- + vars + - tests/lib/nested.sh: more little tweaks + - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm + - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, + recover modes + - overlord: explicitly set refresh-app-awareness in tests + - kernel: remove "edition" from kernel.yaml and add "update" + - spread: drop vendor from the packed project archive + - boot: fix debug bootloader variables dump on UC20 systems + - wrappers, systemd: allow empty root dir and conditionally do not + pass --root to systemctl + - tests/nested/manual: add test for grades above signed booting with + testkeys + - tests/nested: misc robustness fixes + - o/assertstate,asserts: use bulk refresh to refresh snap- + declarations + - tests/lib/prepare.sh: stop patching the uc20 initrd since it has + been updated now + - tests/nested/manual/refresh-revert-fundamentals: re-enable test + - update-pot: ignore .go files inside .git when running xgettext-go + - tests: disable part of the lxd test completely on 16.04. + - o/snapshotstate: tweak comment regarding snapshot filename + - o/snapstate: improve snapshot iteration + - bootloader: lk cleanups + - tests: update to support nested kvm without reboots on UC20 + - tests/nested/manual/preseed: disable system-key check for 20.04 + image + - spread.yaml: add ubuntu-20.10-64 to qemu + - store: handle v2 error when fetching assertions + - gadget: resolve device mapper devices for fallback device lookup + - tests/nested/cloud-init-many: simplify tests and unify + helpers/seed inputs + - tests: copy /usr/lib/snapd/info to correct directory + - check-pr-title.py * : allow "*" in the first part of the title + - many: typos and small test tweak + - tests/main/lxd: disable cgroup combination for 16.04 that is + failing a lot + - tests: make nested signing helpers less confusing + - tests: misc nested changes + - tests/nested/manual/refresh-revert-fundamentals: disable + temporarily + - tests/lib/cla_check: default to Python 3, tweaks, formatting + - tests/lib/cl_check.py: use python3 compatible code + + -- Michael Vogt Thu, 19 Nov 2020 17:51:02 +0100 + +snapd (2.47.1-1) unstable; urgency=medium + + * New upstream release, LP: #1895929 + - o/configstate: create /etc/sysctl.d when applying early config + defaults + - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for + same IP addr + - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for + building snapd + - cmd/snap: allow snap help vs --all to diverge purposefully + - snap: snap help output refresh + + -- Michael Vogt Thu, 08 Oct 2020 09:30:44 +0200 + +snapd (2.47-1) unstable; urgency=medium + + * New upstream release, LP: #1895929 + - tests: fix nested core20 shellcheck bug + - many/apparmor: adjust rule for reading apparmor profile for new + kernel + - snap-repair: add uc20 support + - cmd/snap/auto-import: stop importing system user assertions from + initramfs mnts + - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install, + recover modes + - gadget: resolve device mapper devices for fallback device lookup + - secboot: add boot manager profile to pcr protection profile + - sysconfig,o/devicestate: mv DisableNoCloud to + DisableAfterLocalDatasourcesRun + - tests: make gadget-reseal more robust + - tests: skip nested images pre-configuration by default + - tests: fix for basic20 test running on external backend and rpi + - tests: improve kernel reseal test + - boot: adjust comments, naming, log success around reseal + - tests/nested, fakestore: changes necessary to run nested uc20 + signed/secured tests + - tests: add nested core20 gadget reseal test + - boot/modeenv: track unknown keys in Read and put back into modeenv + during Write + - interfaces/process-control: add sched_setattr to seccomp + - boot: with unasserted kernels reseal if there's a hint modeenv + changed + - client: bump the default request timeout to 120s + - configcore: do not error in console-conf.disable for install mode + - boot: streamline bootstate20.go reseal and tests changes + - boot: reseal when changing kernel + - cmd/snap/model: specify grade in the model command output + - tests: simplify + repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks + - test: improve logging in nested tests + - nested: add support to telnet to serial port in nested VM + - secboot: use the snapcore/secboot native recovery key type + - tests/lib/nested.sh: use more focused cloud-init config for uc20 + - tests/lib/nested.sh: wait for the tpm socket to exist + - spread.yaml, tests/nested: misc changes + - tests: add more checks to disk space awareness spread test + - tests: disk space awareness spread test + - boot: make MockUC20Device use a model and MockDevice more + realistic + - boot,many: reseal only when meaningful and necessary + - tests/nested/core20/kernel-failover: add test for failed refresh + of uc20 kernel + - tests: fix nested to work with qemu and kvm + - boot: reseal when updating boot assets + - tests: fix snap-routime-portal-info test + - boot: verify boot chain file in seal and reseal tests + - tests: use full path to test-snapd-refresh.version binary + - boot: store boot chains during install, helper for checking + whether reseal is needed + - boot: add call to reseal an existing key + - boot: consider boot chains with unrevisioned kernels incomparable + - overlord: assorted typos and miscellaneous changes + - boot: group SealKeyModelParams by model, improve testing + - secboot: adjust parameters to buildPCRProtectionProfile + - strutil: add SortedListsUniqueMergefrom the doc comment: + - snap/naming: upgrade TODO to TODO:UC20 + - secboot: add call to reseal an existing key + - boot: in seal.go adjust error message and function names + - o/snapstate: check available disk space in RemoveMany + - boot: build bootchains data for sealing + - tests: remove "set -e" from function only shell libs + - o/snapstate: disk space check on UpdateMany + - o/snapstate: disk space check with snap update + - snap: implement new `snap reboot` command + - boot: do not reorder boot assets when generating predictable boot + chains and other small tweaks + - tests: some fixes and improvements for nested execution + - tests/core/uc20-recovery: fix check for at least specific calls to + mock-shutdown + - boot: be consistent using bootloader.Role* consts instead of + strings + - boot: helper for generating secboot load chains from a given boot + asset sequence + - boot: tweak boot chains to support a list of kernel command lines, + keep track of model and kernel boot file + - boot,secboot: switch to expose and use snapcore/secboot load event + trees + - tests: use `nested_exec` in core{20,}-early-config test + - devicestate: enable cloud-init on uc20 for grade signed and + secured + - boot: add "rootdir" to baseBootenvSuite and use in tests + - tests/lib/cla_check.py: don't allow users.noreply.github.com + commits to pass CLA + - boot: represent boot chains, helpers for marshalling and + equivalence checks + - boot: mark successful with boot assets + - client, api: handle insufficient space error + - o/snapstate: disk space check with single snap install + - configcore: "service.console-conf.disable" is gadget defaults only + - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode + AppArmor profile path + - tests: skip udp protocol in nfs-support test on ubuntu-20.10 + - packaging/debian-sid: tweak code preparing _build tree + - many: move seal code from gadget/install to boot + - tests: remove workaround for cups on ubuntu-20.10 + - client: implement RebootToSystem + - many: seed.Model panics now if called before LoadAssertions + - daemon: add /v2/systems "reboot" action API + - github: run tests also on push to release branches + - interfaces/bluez: let slot access audio streams + - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with + new seed.ReadSystemEssential + - interfaces: allow snap-update-ns to read /proc/cmdline + - tests: new organization for nested tests + - o/snapstate, features: add feature flags for disk space awareness + - tests: workaround for cups issue on 20.10 where default printer is + not configured. + - interfaces: update cups-control and add cups for providing snaps + - boot: keep track of the original asset when observing updates + - tests: simplify and fix tests for disk space checks on snap remove + - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for + cloud.conf + - tests/main: mv core specific tests to core suite + - tests/lib/nested.sh: reset the TPM when we create the uc20 vm + - devicestate: rename "mockLogger" to "logbuf" + - many: introduce ContentChange for tracking gadget content in + observers + - many: fix partion vs partition typo + - bootloader: retrieve boot chains from bootloader + - devicestate: add tests around logging in RequestSystemAction + - boot: handle canceled update + - bootloader: tweak doc comments (thanks Samuele) + - seed/seedwriter: test local asserted snaps with UC20 grade signed + - sysconfig/cloudinit.go: add DisableNoCloud to + CloudInitRestrictOptions + - many: use BootFile type in load sequences + - boot,bootloader: clarifications after the changes to introduce + bootloader.Options.Role + - boot,bootloader,gadget: apply new bootloader.Options.Role + - o/snapstate, features: add feature flag for disk space check on + remove + - testutil: add checkers for symbolic link target + - many: refactor tpm seal parameter setting + - boot/bootstate20: reboot to rollback to previous kernel + - boot: add unit test helpers + - boot: observe update & rollback of trusted assets + - interfaces/utf: Add MIRKey to u2f devices + - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20 + cloud-init tests + - many: check that users of BaseTest don't forget to consume + cleanups + - tests/nested/core20/tpm: verify trusted boot assets tracking + - github: run macOS job with Go 1.14 + - many: misc doc-comment changes and typo fixes + - o/snapstate: disk space check with InstallMany + - many: cloud-init cleanups from previous PR's + - tests: running tests on opensuse leap 15.2 + - run-checks: check for dirty build tree too + - vendor: run ./get-deps.sh to update the secboot hash + - tests: update listing test for "-dirty" versions + - overlord/devicestate: do not release the state lock when updating + gadget assets + - secboot: read kernel efi image from snap file + - snap: add size to the random access file return interface + - daemon: correctly parse Content-Type HTTP header. + - tests: account for apt-get on core18 + - cmd/snap-bootstrap/initramfs-mounts: compute string outside of + loop + - mkversion.sh: simple hack to include dirty in version if the tree + is dirty + - cgroup,snap: track hooks on system bus only + - interfaces/systemd: compare dereferenced Service + - run-checks: only check files in git for misspelling + - osutil: add a package doc comment (via doc.go) + - boot: complain about reused asset name during initial install + - snapstate: installSize helper that calculates total size of snaps + and their prerequisites + - snapshots: export of snapshots + - boot/initramfs_test.go: reset boot vars on the bootloader for each + iteration + + -- Michael Vogt Tue, 29 Sep 2020 17:19:13 +0200 + +snapd (2.46.1-1) unstable; urgency=medium + + * New upstream release, LP: #1891134 + - interfaces: allow snap-update-ns to read + /proc/cmdline + - github: run macOS job with Go 1.14 + - o/snapstate, features: add feature flag for disk space check on + remove + - tests: account for apt-get on core18 + - mkversion.sh: include dirty in version if the tree + is dirty + - interfaces/systemd: compare dereferenced Service + - vendor.json: update mysterious secboot SHA again + + -- Michael Vogt Fri, 04 Sep 2020 17:42:54 +0200 + +snapd (2.46-1) unstable; urgency=medium + + * New upstream release, LP: #1891134 + - logger: add support for setting snapd.debug=1 on kernel cmdline + - o/snapstate: check disk space before creating automatic snapshot + on remove + - boot, o/devicestate: observe existing recovery bootloader trusted + boot assets + - many: use transient scope for tracking apps and hooks + - features: add HiddenSnapFolder feature flag + - tests/lib/nested.sh: fix partition typo, unmount the image on uc20 + too + - runinhibit: open the lock file in read-only mode in IsLocked + - cmd/s-b/initramfs-mounts: make recover -> run mode transition + automatic + - tests: update spread test for unknown plug/slot with snapctl is- + connected + - osutil: add OpenExistingLockForReading + - kernel: add kernel.Validate() + - interfaces: add vcio interface + - interfaces/{docker,kubernetes}-support: load overlay and support + systemd cgroup driver + - tests/lib/nested.sh: use more robust code for finding what loop + dev we mounted + - cmd/snap-update-ns: detach all bind-mounted file + - snap/snapenv: set SNAP_REAL_HOME + - packaging: umount /snap on purge in containers + - interfaces: misc policy updates xlvi + - secboot,cmd/snap-bootstrap: cross-check partitions before + unlocking, mounting + - boot: copy boot assets cache to new root + - gadget,kernel: add new kernel.{Info,Asset} struct and helpers + - o/hookstate/ctlcmd: make is-connected check whether the plug or + slot exists + - tests: find -ignore_readdir_race when scanning cgroups + - interfaces/many: deny arbitrary desktop files and misc from + /usr/share + - tests: use "set -ex" in prep-snapd-in-lxd.sh + - tests: re-enable udisks test on debian-sid + - cmd/snapd-generator: use PATH fallback if PATH is not set + - tests: disable udisks2 test on arch linux + - github: use latest/stable go, not latest/edge + - tests: remove support for ubuntu 19.10 from spread tests + - tests: fix lxd test wrongly tracking 'latest' + - secboot: document exported functions + - cmd: compile snap gdbserver shim correctly + - many: correctly calculate the desktop file prefix everywhere + - interfaces: add kernel-crypto-api interface + - corecfg: add "system.timezone" setting to the system settings + - cmd/snapd-generator: generate drop-in to use fuse in container + - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments + from previous PR + - interfaces/many: miscellaneous updates for strict microk8s + - secboot,cmd/snap-bootstrap: don't import boot package from secboot + - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of + the-tool + - tests: work around broken update of systemd-networkd + - tests/main/install-fontconfig-cache-gen: enhance test by + verifying, add fonts to test + - o/devicestate: wrap asset update observer error + - boot: refactor such that bootStateUpdate20 mainly carries Modeenv + - mkversion.sh: disallow changelog versions that have git in it, if + we also have git version + - interfaces/many: miscellaneous updates for strict microk8s + - snap: fix repeated "cannot list recovery system" and add test + - boot: track trusted assets during initial install, assets cache + - vendor: update secboot to fix key data validation + - tests: unmount FUSE file-systems from XDG runtime dir + - overlord/devicestate: workaround non-nil interface with nil struct + - sandbox/cgroup: remove temporary workaround for multiple cgroup + writers + - sandbox/cgroup: detect dangling v2 cgroup + - bootloader: add helper for creating a bootloader based on gadget + - tests: support different images on nested execution + - many: reorg cmd/snapinfo.go into snap and new client/clientutil + - packaging/arch: use external linker when building statically + - tests: cope with ghost cgroupv2 + - tests: fix issues related to restarting systemd-logind.service + - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to + gadget updates + - vendor: update github.com/kr/pretty to fix diffs of values with + pointer cycles + - boot: move bootloaderKernelState20 impls to separate file + - .github/workflows: move snap building to test.yaml as separate + cached job + - tests/nested/manual/minimal-smoke: run core smoke tests in a VM + meeting minimal requirements + - osutil: add CommitAs to atomic file + - gadget: introduce content update observer + - bootloader: introduce TrustedAssetsBootloader, implement for grub + - o/snapshotstate: helpers for calculating disk space needed for an + automatic snapshot + - gadget/install: retrieve command lines from bootloader + - boot/bootstate20: unify commit method impls, rm + bootState20MarkSuccessful + - tests: add system information and image information when debug + info is displayed + - tests/main/cgroup-tracking: try to collect some information about + cgroups + - boot: introduce current_boot_assets and + current_recovery_boot_assets to modeenv + - tests: fix for timing issues on journal-state test + - many: remove usage and creation of hijacked pid cgroup + - tests: port regression-home-snap-root-owned to tests.session + - tests: run as hightest via tests.session + - github: run CLA checks on self-hosted workers + - github: remove Ubuntu 19.10 from actions workflow + - tests: remove End-Of-Life opensuse/fedora releases + - tests: remove End-Of-Life releases from spread.yaml + - tests: fix debug section of appstream-id test + - interfaces: check !b.preseed earlier + - tests: work around bug in systemd/debian + - boot: add deepEqual, Copy helpers for Modeenv to simplify + bootstate20 refactor + - cmd: add new "snap recovery" command + - interfaces/systemd: use emulation mode when preseeding + - interfaces/kmod: don't load kernel modules in kmod backend when + preseeding + - interfaces/udev: do not reload udevadm rules when preseeding + - cmd/snap-preseed: use snapd from the deb if newer than from seeds + - boot: fancy marshaller for modeenv values + - gadget, osutil: use atomic file copy, adjust tests + - overlord: use new tracking cgroup for refresh app awareness + - github: do not skip gofmt with Go 1.9/1.10 + - many: introduce content write observer, install mode glue, initial + seal stubs + - daemon,many: switch to use client.ErrorKind and drop the local + errorKind... + - tests: new parameters for nested execution + - client: move all error kinds into errors.go and add doc strings + - cmd/snap: display the error in snap debug seeding if seeding is in + error + - cmd/snap/debug/seeding: use unicode for proper yaml + - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty + recovery_mode + - osutil/disks: add mock disk and tests for happy path of mock disks + - tests: refresh/revert snapd in uc20 + - osutil/disks: use a dedicated error to indicate a fs label wasn't + found + - interfaces/system-key: in WriteSystemKey during tests, don't call + ParserFeatures + - boot: add current recovery systems to modeenv + - bootloader: extend managed assets bootloader interface to compose + a candidate command line + - interfaces: make the unmarshal test match more the comment + - daemon/api: use pointers to time.Time for debug seeding aspect + - o/ifacestate: update security profiles in connect undo handler + - interfaces: add uinput interface + - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit + tests + - o/devicestate: save seeding/preseeding times for use with debug + seeding api + - cmd/snap/debug: add "snap debug seeding" command for preseeding + debugging + - tests/main/selinux-clean: workaround SELinux denials triggered by + linger setup on Centos8 + - bootloader: compose command line with mode and extra arguments + - cmd/snap, daemon: detect and bail purge on multi-snap + - o/ifacestate: fix bug in snapsWithSecurityProfiles + - interfaces/builtin/multipass: replace U+00A0 no-break space with + simple space + - bootloader/assets: generate bootloader assets from files + - many/tests/preseed: reset the preseeded images before preseeding + them + - tests: drop accidental accents from e + - secboot: improve key sealing tests + - tests: replace _wait_for_file_change with retry + - tests: new fs-state which replaces the files.sh helper + - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/" + from path + - cmd/snap: track started apps and hooks + - tests/main/interfaces-pulseaudio: disable start limit checking for + pulseaudio service + - api: seeding debug api + - .github/workflows/snap-build.yaml: build the snapd snap via GH + Actions too + - tests: moving journalctl.sh to a new journal-state tool + - tests/nested/manual: add spread tests for cloud-init vuln + - bootloader/assets: helpers for registering per-edition snippets, + register snippets for grub + - data,packaging,wrappers: extend D-Bus service activation search + path + - spread: add opensuse 15.2 and tumbleweed for qemu + - overlord,o/devicestate: restrict cloud-init on Ubuntu Core + - sysconfig/cloudinit: add RestrictCloudInit + - cmd/snap-preseed: check that target path exists and is a directory + on --reset + - tests: check for pids correctly + - gadget,gadget/install: refactor partition table update + - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState + type + - interface/fwupd: add more policies for making fwupd upstream + strict + - tests: new to-one-line tool which replaces the strings.sh helper + - interfaces: new helpers to get and compare system key, for use + with seeding debug api + - osutil, many: add helper for checking whether the process is a go + test binary + - cmd/snap-seccomp/syscalls: add faccessat2 + - tests: adjust xdg-open after launcher changes + - tests: new core config helper + - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg- + open + - cmd/snap-preseed: handle relative chroot path + - snapshotstate: move sizer to osutil.Sizer() + - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref + kernel tests + - gadget/install,secboot: use snapcore/secboot luks2 api + - boot/initramfs_test.go: add Commentf to more Assert()'s + - tests/lib: account for changes in arch package file name extension + - bootloader/bootloadertest: fix comment typo + - bootloader: add helper for getting recovery system environment + variables + - tests: preinstall shellcheck and run tests on focal + - strutil: add a helper for parsing kernel command line + - osutil: add CheckFreeSpace helper + - secboot: update tpm connection error handling + - packaging, cmd/snap-mgmt, tests: remove modules files on purge + - tests: add tests.cleanup helper + - packaging: add "ca-certificates" to build-depends + - tests: more checks in core20 early config spread test + - tests: fix some snapstate tests to use pointers for + snapmgrTestSuite + - boot: better naming of helpers for obtaining kernel command line + - many: use more specific check for unit test mocking + - systemd/escape: fix issues with "" and "\t" handling + - asserts: small improvements and corrections for sequence-forming + assertions' support + - boot, bootloader: query kernel command line of run mod and + recovery mode systems + - snap/validate.go: disallow snap layouts with new top-level + directories + - tests: allow to add a new label to run nested tests as part of PR + validation + - tests/core/gadget-update-pc: port to UC20 + - tests: improve nested tests flexibility + - asserts: integer headers: disallow prefix zeros and make parsing + more uniform + - asserts: implement Database.FindSequence + - asserts: introduce SequenceMemberAfter in the asserts backstores + - spread.yaml: remove tests/lib/tools from PATH + - overlord: refuse to install snaps whose activatable D-Bus services + conflict with installed snaps + - tests: shorten lxd-state undo-mount-changes + - snap-confine: don't die if a device from sysfs path cannot be + found by udev + - tests: fix argument handling of apt-state + - tests: rename lxd-tool to lxd-state + - tests: rename user-tool to user-state, fix --help + - interfaces: add gconf interface + - sandbox/cgroup: avoid parsing security tags twice + - tests: rename version-tool to version-compare + - cmd/snap-update-ns: handle anomalies better + - tests: fix call to apt.Package.mark_install(auto_inst=True) + - tests: rename mountinfo-tool to mountinfo.query + - tests: rename memory-tool to memory-observe-do + - tests: rename invariant-tool to tests.invariant + - tests: rename apt-tool to apt-state + - many: managed boot config during run mode setup + - asserts: introduce the concept of sequence-forming assertion types + - tests: tweak comments/output in uc20-recovery test + - tests/lib/pkgdb: do not use quiet when purging debs + - interfaces/apparmor: allow snap-specific /run/lock + - interfaces: add system-source-code for access to /usr/src + - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data + - gadget/install: move udev trigger to gadget/install + - many: make nested spread tests more reliable + - tests/core/uc20-recovery: apply hack to get gopath in recover mode + w/ external backend + - tests: enable tests on uc20 which now work with the real model + assertion + - tests: enable system-snap-refresh test on uc20 + - gadget, bootloader: preserve managed boot assets during gadget + updates + - tests: fix leaked dbus-daemon in selinux-clean + - tests: add servicestate.Control tests + - tests: fix "restart.service" + - wrappers: helper for enabling services - extract and move enabling + of services into a helper + - tests: new test to validate refresh and revert of kernel and + gadget on uc20 + - tests/lib/prepare-restore: collect debug info when prepare purge + fails + - bootloader: allow managed bootloader to update its boot config + - tests: Remove unity test from nightly test suite + - o/devicestate: set mark-seeded to done in the task itself + - tests: add spread test for disconnect undo caused by failing + disconnect hook + - sandbox/cgroup: allow discovering PIDs of given snap + - osutil/disks: support IsDecryptedDevice for mountpoints which are + dm devices + - osutil: detect autofs mounted in /home + - spread.yaml: allow amazon-linux-2-64 qemu with + ec2-user/ec2-user + - usersession: support additional zoom URL schemes + - overlord: mock timings.DurationThreshold in TestNewWithGoodState + - sandbox/cgroup: add tracking helpers + - tests: detect stray dbus-daemon + - overlord: refuse to install snaps providing user daemons on Ubuntu + 14.04 + - many: move encryption and installer from snap-boostrap to gadget + - o/ifacestate: fix connect undo handler + - interfaces: optimize rules of multiple connected iio/i2c/spi plugs + - bootloader: introduce managed bootloader, implement for grub + - tests: fix incorrect check in smoke/remove test + - asserts,seed: split handling of essential/not essential model + snaps + - gadget: fix typo in mounted filesystem updater + - gadget: do only one mount point lookup in mounted fs updater + - tests/core/snap-auto-mount: try to make the test more robust + - tests: adding ubuntu-20.04 to google-sru backend + - o/servicestate: add updateSnapstateServices helper + - bootloader: pull recovery grub config from internal assets + - tests/lib/tools: apply linger workaround when needed + - overlord/snapstate: graceful handling of denied "managed" refresh + schedule + - snapstate: fix autorefresh from classic->strict + - overlord/configstate: add system.kernel.printk.console-loglevel + option + - tests: fix assertion disk handling for nested UC systems + - snapstate: use testutil.HostScaledTimeout() in snapstate tests + - tests: extra worker for google-nested backend to avoid timeout + error on uc20 + - snapdtool: helper to check whether the current binary is reexeced + from a snap + - tests: mock servicestate in api tests to avoid systemctl checks + - many: rename back snap.Info.GetType to Type + - tests/lib/cla_check: expect explicit commit range + - osutil/disks: refactor diskFromMountPointImpl a bit + - o/snapstate: service-control task handler + - osutil: add disks pkg for associating mountpoints with + disks/partitions + - gadget,cmd/snap-bootstrap: move partitioning to gadget + - seed: fix LoadEssentialMeta when gadget is not loaded + - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo + secure_path + - asserts: introduce new assertion validation-set + - asserts,daemon: add support for "serials" field in system-user + assertion + - data/sudo: drop a failed sudo secure_path workaround + - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat + - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg + - spread.yaml: update secure boot attribute name + - interfaces/block_devices: add NVMe subsystem devices, support + multipath paths + - tests: use the "jq" snap from the edge channel + - tests: simplify the tpm test by removing the test-snapd-mokutil + snap + - boot/bootstate16.go: clean snap_try_* vars when not in Trying + status too + - tests/main/sudo-env: check snap path under sudo + - tests/main/lxd: add test for snaps inside nested lxd containers + not working + - asserts/internal: expand errors about invalid serialized grouping + labels + - usersession/userd: add msteams url support + - tests/lib/prepare.sh: adjust comment about sgdisk + - tests: fix how gadget pc is detected when the snap does not exist + and ls fails + - tests: move a few more tests to snapstate_update_test.go + - tests/main: add spread test for running svc from install hook + - tests/lib/prepare: increase the size of the uc16/uc18 partitions + - tests/special-home-can-run-classic-snaps: re-enable + - workflow: test PR title as part of the static checks again + - tests/main/xdg-open-compat: backup and restore original xdg-open + - tests: move update-related tests to snapstate_update_test.go + - cmd,many: move Version and bits related to snapd tools to + snapdtool, merge cmdutil + - tests/prepare-restore.sh: reset-failed systemd-journald before + restarting + - interfaces: misc small interface updates + - spread: use find rather than recursive ls, skip mounted snaps + - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls + /var/lib/snapd + - tests: enable snap-auto-mount test on core20 + - cmd/snap: do not show $PATH warning when executing under sudo on a + known distro + - asserts/internal: add some iteration benchmarks + - sandbox/cgroup: improve pid parsing code + - snap: add new `snap run --experimental-gdbserver` option + - asserts/internal: limit Grouping size switching to a bitset + representationWe don't always use the bit-set representation + because: + - snap: add an activates-on property to apps for D-Bus activation + - dirs: delete unused Cloud var, fix typo + - sysconfig/cloudinit: make callers of DisableCloudInit use + WritableDefaultsDir + - tests: fix classic ubuntu core transition auth + - tests: fail in setup_reflash_magic() if there is snapd state left + - tests: port interfaces-many-core-provided to tests.session + - tests: wait after creating partitions with sfdisk + - bootloader: introduce bootloarder assets, import grub.cfg with an + edition marker + - riscv64: bump timeouts + - gadget: drop dead code, hide exports that are not used externally + - tests: port 2 uc20 part1 + - tests: fix bug waiting for snap command to be ready + - tests: move try-related tests to snapstate_try_test.go + - tests: add debug for 20.04 prepare failure + - travis.yml: removed, all our checks run in GH actions now + - tests: clean up up the use of configcoreSuite in the configcore + tests + - sandbox/cgroup: remove redundant pathOfProcPidCgroup + - sandbox/cgroup: add tests for ParsePids + - tests: fix the basic20 test for uc20 on external backend + - tests: use configcoreSuite in journalSuite and remove some + duplicated code + - tests: move a few more tests to snapstate_install_test + - tests: assorted small patches + - dbusutil/dbustest: separate license from package + - interfaces/builtin/time-control: allow POSIX clock API + - usersession/userd: add "slack" to the white list of URL schemes + handled by xdg-open + - tests: check that host settings like hostname are settable on core + - tests: port xdg-settings test to tests.session + - tests: port snap-handle-link test to tests.session + - arch: add riscv64 + - tests: core20 early defaults spread test + - tests: move install tests from snapstate_test.go to + snapstate_install_test.go + - github: port macOS sanity checks from travis + - data/selinux: allow checking /var/cache/app-info + - o/devicestate: core20 early config from gadget defaults + - tests: autoremove after removing lxd in preseed-lxd test + - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot + - sandbox/cgroup: move FreezerCgroupDir from dirs.go + - tests: update the file used to detect the boot path on uc20 + - spread.yaml: show /var/lib/snapd in debug + - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock + + netplan files + - snap/naming: add helpers to parse app and hook security tags + - tests: modernize retry tool + - tests: fix and trim debug section in xdg-open-portal + - tests: modernize and use snapd.tool + - vendor: update to latest github.com/snapcore/bolt for riscv64 + - cmd/snap-confine: add support for libc6-lse + - interfaces: miscellaneous policy updates xlv + - interfaces/system-packages-doc: fix typo in variable names + - tests: port interfaces-calendar-service to tests.session + - tests: install/run the lzo test snap too + - snap: (small) refactor of `snap download` code for + testing/extending + - data: fix shellcheck warnings in snapd.sh.in + - packaging: disable buildmode=pie for riscv64 + - tests: install test-snapd-rsync snap from edge channel + - tests: modernize tests.session and port everything using it + - tests: add ubuntu 20.10 to spread tests + - cmd/snap/remove: mention snap restore/automatic snapshots + - dbusutil: move all D-Bus helpers and D-Bus test helpers + - wrappers: pass 'disable' flag to StopServices wrapper + - osutil: enable riscv64 build + - snap/naming: add ParseSecurityTag and friends + - tests: port document-portal-activation to session-tool + - bootloader: rename test helpers to reflect we are mocking EFI boot + locations + - tests: disable test of nfs v3 with udp proto on debian-sid + - tests: plan to improve the naming and uniformity of utilities + - tests: move *-tool tests to their own suite + - snap-bootstrap: remove sealed key file on reinstall + - bootloader/ubootenv: don't panic with an empty uboot env + - systemd: rename actualFsTypeAndMountOptions to + hostFsTypeAndMountOptions + - daemon: fix filtering of service-control changes for snap.app + - tests: spread test for preseeding in lxd container + - tests: fix broken snapd.session agent.socket + - wrappers: add RestartServices function and ReloadOrRestart to + systemd + - o/cmdstate: handle ignore flag on exec-command tasks + - gadget: make ext4 filesystems with or without metadata checksum + - tests: update statx test to run on all LTS releases + - configcore: show better error when disabling services + - interfaces: add hugepages-control + - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ + - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases + - tests: skip interfaces-openvswitch for centos 8 in nightly suite + - tests: reload systemd --user for root, if present + - tests: reload systemd after editing /etc/fstab + - tests: add missing dependencies needed for sbuild test on debian + - tests: reload systemd after removing pulseaudio + - image, tests: core18 early config. + - interfaces: add system-packages-doc interface + - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when + preseeding + - interfaces/fwupd: allow bind mount to /boot on core + - tests: improve oom-vitality tests + - tests: add fedora 32 to spread.yaml + - config: apply vitality-hint immediately when the config changes + - tests: port snap-routine-portal-info to session-tool + - configcore: add "service.console-conf.disable" config option + - tests: port xdg-open to session-tool + - tests: port xdg-open-compat to session-tool + - tests: port interfaces-desktop-* to session-tool + - spread.yaml: apply yaml formatter/linter + - tests: port interfaces-wayland to session-tool + - o/devicestate: refactor current system handling + - snap-mgmt: perform cleanup of user services + - snap/snapfile,squashfs: followups from 8729 + - boot, many: require mode in modeenv + - data/selinux: update policy to allow forked processes to call + getpw*() + - tests: log stderr from dbus-monitor + - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers + tag + - snap/squashfs: also symlink snap Install with uc20 seed snap dir + layout + - interfaces/builtin/desktop: do not mount fonts cache on distros + with quirks + - data/selinux: allow snapd to remove/create the its socket + - testutil/exec.go: set PATH after running shellcheck + - tests: silence stderr from dbus-monitor + - snap,many: mv Open to snapfile pkg to support add'l options to + Container methods + - devicestate, sysconfig: revert support for cloud.cfg.d/ in the + gadget + - github: remove workaround for bug 133 in actions/cache + - tests: remove dbus.sh + - cmd/snap-preseed: improve mountpoint checks of the preseeded + chroot + - spread.yaml: add ps aux to debug section + - github: run all spread systems in a single go with cached results + - test: session-tool cli tweaks + - asserts: rest of the Pool API + - tests: port interfaces-network-status-classic to session-tool + - packaging: remove obsolete 16.10,17.04 symlinks + - tests: setup portals before starting user session + - o/devicestate: typo fix + - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed + devices + - cmd/snap/model: support store, system-user-authority keys in + --verbose + - o/devicestate: raise conflict when requesting system action while + seeding + - tests: detect signs of crashed snap-confine + - tests: sign kernel and gadget to run nested tests using current + snapd code + - tests: remove gnome-online-accounts we install + - tests: fix the issue where all the tests were executed on secboot + system + - tests: port interfaces-accounts-service to session-tool + - interfaces/network-control: bring /var/lib/dhcp from host + - image,cmd/snap,tests: add support for store-wide cohort keys + - configcore: add nomanagers buildtag for conditional build + - tests: port interfaces-password-manager-service to session-tool + - o/devicestate: cleanup system actions supported by recover mode + - snap-bootstrap: remove create-partitions and update tests + - tests: fix nested tests + - packaging/arch: update PKGBUILD to match one in AUR + - tests: port interfaces-location-control to session-tool + - tests: port interfaces-contacts-service to session-tool + - state: log task errors in the journal too + - o/devicestate: change how current system is reported for different + modes + - devicestate: do not report "ErrNoState" for seeded up + - tests: add a note about broken test sequence + - tests: port interfaces-autopilot-introspection to session-tool + - tests: port interfaces-dbus to session-tool + - packaging: update sid packaging to match 16.04+ + - tests: enable degraded test on uc20 + - c/snaplock/runinhibit: add run inhibition operations + - tests: detect and report root-owned files in /home + - tests: reload root's systemd --user after snapd tests + - tests: test registration with serial-authority: [generic] + - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon- + key in recover + - tests/mount-ns: stop binfmt_misc mount unit + - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition + uuid if available + - daemon, tests: indicate system mode, test switching to recovery + and back to run + - interfaces/desktop: silence more /var/lib/snapd/desktop/icons + denials + - tests/mount-ns: update to reflect new UEFI boot mode + - usersession,tests: clean ups for userd/settings.go and move + xdgopenproxy under usersession + - tests: disable mount-ns test + - tests: test user belongs to systemd-journald, on core20 + - tests: run core/snap-set-core-config on uc20 too + - tests: remove generated session-agent units + - sysconfig: use new _writable_defaults dir to create cloud config + - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for + future work + - asserts: make clearer that with label we mean a serialized label + - cmd/snap-bootstrap: tweak recovery trigger log messages + - asserts: introduce PoolTo + - userd: allow setting default-url-scheme-handler + - secboot: append uuid to ubuntu-data when decrypting + - o/configcore: pass extra options to FileSystemOnlyApply + - tests: add dbus-user-session to bionic and reorder package names + - boot, bootloader: adjust comments, expand tests + - tests: improve debugging of user session agent tests + - packaging: add the inhibit directory + - many: add core.resiliance.vitality-hint config setting + - tests: test adjustments and fixes for recently published images + - cmd/snap: coldplug auto-import assertions from all removable + devices + - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to + secboot + - tests: not fail when boot dir cannot be determined + - tests: new directory used to store the cloud images on gce + - tests: inject snapd from edge into seeds of the image in manual + preseed test + - usersession/agent,wrappers: fix races between Shutdown and Serve + - tests: add dependency needed for next upgrade of bionic + - tests: new test user is used for external backend + - cmd/snap: fix the order of positional parameters in help output + - tests: don't create root-owned things in ~test + - tests/lib/prepare.sh: delete patching of the initrd + - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy + as well + - progress: tweak multibyte label unit test data + - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline + - gadget: fix fallback device lookup for 'mbr' type structures + - configcore: only reload journald if systemd is new enough + - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data + - wrappers: allow user mode systemd daemons + - progress: fix progress bar with multibyte duration units + - tests: fix raciness in pulseaudio test + - asserts/internal: introduce Grouping and Groupings + - tests: remove user.sh + - tests: pair of follow-ups from earlier reviews + - overlord/snapstate: warn of refresh/postpone events + - configcore,tests: use daemon-reexec to apply watchdog config + - c/snap-bootstrap: check mount states via initramfsMountStates + - store: implement DownloadAssertions + - tests: run smoke test with different bases + - tests: port user-mounts test to session-tool + - store: handle error-list in fetch-assertions results + - tests: port interfaces-audio-playback-record to session-tool + - data/completion: add `snap` command completion for zsh + - tests/degraded: ignore failure in systemd-vconsole-setup.service + - image: stub implementation of image.Prepare for darwin + - tests: session-tool --restore -u stops user-$UID.slice + - o/ifacestate/handlers.go: fix typo + - tests: port pulseaudio test to session-tool + - tests: port user-session-env to session-tool + - tests: work around journald bug in core16 + - tests: add debug to core-persistent-journal test + - tests: port selinux-clean to session-tool + - tests: port portals test to session-tool, fix portal tests on sid + - tests: adding option --no-install-recommends option also when + install all the deps + - tests: add session-tool --has-systemd-and-dbus + - packaging/debian-sid: add gcc-multilib to build deps + - osutil: expand FileLock to support shared locks and more + - packaging: stop depending on python-docutils + - store,asserts,many: support the new action fetch-assertions + - tests: port snap-session-agent-* to session-tool + - packaging/fedora: disable FIPS compliant crypto for static + binaries + - tests: fix for preseeding failures + + -- Michael Vogt Tue, 25 Aug 2020 17:26:21 +0200 + +snapd (2.45.3.1-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - o/ifacestate: fix bug in snapsWithSecurityProfiles + - tests/main/selinux-clean: workaround SELinux denials triggered by + linger setup on Centos8 + + -- Samuele Pedroni Tue, 28 Jul 2020 21:43:38 +0200 + +snapd (2.45.3-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - many: backport _writable_defaults dir changes + - tests: fix incorrect check in smoke/remove test + - cmd/snap-bootstrap,seed: backport of uc20 PRs + - tests: avoid exit when nested type var is not defined + - cmd/snap-preseed: backport fixes + - interfaces: optimize rules of multiple connected iio/i2c/spi plugs + - many: cherry-picks for 2.45, gh-action, test fixes + - tests/lib: account for changes in arch package file name extension + - postrm, snap-mgmt: cleanup modules and other cherry-picks + - snap-confine: don't die if a device from sysfs path cannot be + found by udev + - data/selinux: update policy to allow forked processes to call + getpw*() + - tests/main/interfaces-time-control: exercise setting time via date + - interfaces/builtin/time-control: allow POSIX clock API + - usersession/userd: add "slack" to the white list of URL schemes + handled by xdg-open + + -- Zygmunt Krynicki Mon, 27 Jul 2020 12:01:14 +0200 + +snapd (2.45.2-1) unstable; urgency=high + + * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open + implementation + - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment + variable modification when calling the system xdg-open. Patch + thanks to James Henstridge + - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is + restarted. Patch thanks to Michael Vogt + - CVE-2020-11934 + * SECURITY UPDATE: arbitrary code execution vulnerability on core + devices with access to physical removable media + - devicestate: Disable/restrict cloud-init after seeding. + - CVE-2020-11933 + + -- Michael Vogt Fri, 10 Jul 2020 20:06:29 +0200 + +snapd (2.45.1-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - data/selinux: allow checking /var/cache/app-info + - cmd/snap-confine: add support for libc6-lse + - interfaces: miscellaneous policy updates xlv + - snap-bootstrap: remove sealed key file on reinstall + - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ + - gadget: make ext4 filesystems with or without metadata checksum + - interfaces/fwupd: allow bind mount to /boot on core + - tests: cherry-pick test fixes from master + - snap/squashfs: also symlink snap Install with uc20 seed snap dir + layout + - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed + devices + - snap,many: mv Open to snapfile pkg to support add'l options to + Container methods + - interfaces/builtin/desktop: do not mount fonts cache on distros + with quirks + - devicestate, sysconfig: revert support for cloud.cfg.d/ in the + gadget + - data/completion, packaging: cherry-pick zsh completion + - state: log task errors in the journal too + - devicestate: do not report "ErrNoState" for seeded up + - interfaces/desktop: silence more /var/lib/snapd/desktop/icons + denials + - packaging/fedora: disable FIPS compliant crypto for static + binaries + - packaging: stop depending on python-docutils + + -- Michael Vogt Fri, 05 Jun 2020 15:13:49 +0200 + +snapd (2.45-1) unstable; urgency=medium + + * New upstream release, LP: #1875071 + - o/devicestate: support doing system action reboots from recover + mode + - vendor: update to latest secboot + - tests: not fail when boot dir cannot be determined + - configcore: only reload journald if systemd is new enough + - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data + when decrypting + - tests/lib/prepare.sh: delete patching of the initrd + - cmd/snap: coldplug auto-import assertions from all removable + devices + - cmd/snap: fix the order of positional parameters in help output + - c/snap-bootstrap: port mount state mocking to the new style on + master + - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy + as well + - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline, + unlock in recover mode initramfs + - progress: tweak multibyte label unit test data + - gadget: fix fallback device lookup for 'mbr' type structures + - progress: fix progress bar with multibyte duration units + - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20 + - many: put the sealed keys in a directory on seed for tidiness + - cmd/snap-bootstrap: measure epoch and model before unlocking + encrypted data + - o/configstate: core config handler for persistent journal + - bootloader/uboot: use secondary ubootenv file boot.sel for uc20 + - packaging: add "$TAGS" to dh_auto_test for debian packaging + - tests: ensure $cache_dir is actually available + - secboot,cmd/snap-bootstrap: add model to pcr protection profile + - devicestate: do not use snap-boostrap in devicestate to install + - tests: fix a typo in nested.sh helper + - devicestate: add support for cloud.cfg.d config from the gadget + - cmd/snap-bootstrap: cleanups, naming tweaks + - testutil: add NewDBusTestConn + - snap-bootstrap: lock access to sealed keys + - overlord/devicestate: preserve the current model inside ubuntu- + boot + - interfaces/apparmor: use differently templated policy for non-core + bases + - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing + syscalls + - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first, + other misc changes + - o/snapstate: tweak "waiting for restart" message + - boot: store model model and grade information in modeenv + - interfaces/firewall-control: allow -legacy and -nft for core20 + - boot: enable makeBootable20RunMode for EnvRefExtractedKernel + bootloaders + - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20 + implementation + - daemon: fix error message from `snap remove-user foo` on classic + - overlord: have a variant of Mock that can take a state.State + - tests: 16.04 and 18.04 now have mediating pulseaudio (again) + - seed: clearer errors for missing essential snapd or core snap + - cmd/snap-bootstrap/initramfs-mounts: support + EnvRefExtractedKernelBootloader's + - gadget, cmd/snap-bootstrap: MBR schema support + - image: improve/adjust DownloadSnap doc comment + - asserts: introduce ModelGrade.Code + - tests: ignore user-12345 slice and service + - image,seed/seedwriter: support redirect channel aka default + tracks + - bootloader: use binary.Read/Write + - tests: uc20 nested suite part II + - tests/boot: refactor to make it easier for new + bootloaderKernelState20 impl + - interfaces/openvswitch: support use of ovs-appctl + - snap-bootstrap: copy auth data from real ubuntu-data in recovery + mode + - snap-bootstrap: seal and unseal encryption key using tpm + - tests: disable special-home-can-run-classic-snaps due to jenkins + repo issue + - packaging: fix build on Centos8 to support BUILDTAGS + - boot/bootstate20: small changes to bootloaderKernelState20 + - cmd/snap: Implement a "snap routine file-access" command + - spread.yaml: switch back to latest/candidate for lxd snap + - boot/bootstate20: re-factor kernel methods to use new interface + for state + - spread.yaml,tests/many: use global env var for lxd channel + - boot/bootstate20: fix bug in try-kernel cleanup + - config: add system.store-certs.[a-zA-Z0-9] support + - secboot: key sealing also depends on secure boot enabled + - httputil: fix client timeout retry tests + - cmd/snap-update-ns: handle EBUSY when unlinking files + - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20 + vars + - secboot: add tpm support helpers + - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for + kernel and gadget + - cmd/snap-bootstrap: switch to a 64-byte key for unlocking + - tests: preserve size for centos images on spread.yaml + - github: partition the github action workflows + - run-checks: use consistent "Checking ..." style messages + - bootloader: add efi pkg for reading efi variables + - data/systemd: do not run snapd.system-shutdown if finalrd is + available + - overlord: update tests to work with latest go + - cmd/snap: do not hide debug boot-vars on core + - cmd/snap-bootstrap: no error when not input devices are found + - snap-bootstrap: fix partition numbering in create-partitions + - httputil/client_test.go: add two TLS version tests + - tests: ignore user@12345.service hierarchy + - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things + - tests: rewrite timeserver-control test + - tests: fix racy pulseaudio tests + - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS + - tests: update snap-preseed --reset logic to accommodate for 2.44 + change + - cmd/snap: don't wait for system key when stopping + - sandbox/cgroup: avoid making arrays we don't use + - osutil: mock proc/self/mountinfo properly everywhere + - selinux: export MockIsEnforcing; systemd: use in tests + - tests: add 32 bit machine to GH actions + - tests/session-tool: kill cron session, if any + - asserts: it should be possible to omit many snap-ids if allowed, + fix + - boot: cleanup more things, simplify code + - github: skip spread jobs when corresponding label is set + - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor + pkg + - tests/session-tool: add session-tool --dump + - github: allow cached debian downloads to restore + - tests/session-tool: session ordering is non-deterministic + - tests: enable unit tests on debian-sid again + - github: move spread to self-hosted workers + - secboot: import secboot on ubuntu, provide dummy on !ubuntu + - overlord/devicestate: support for recover and run modes + - snap/naming: add validator for snap security tag + - interfaces: add case for rootWritableOverlay + NFS + - tests/main/uc20-create-partitions: tweaks, renames, switch to + 20.04 + - github: port CLA check to Github Actions + - interfaces/many: miscellaneous policy updates xliv + - configcore,tests: fix setting watchdog options on UC18/20 + - tests/session-tool: collect information about services on startup + - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create- + partitions + - state: add state.CopyState() helper + - tests/session-tool: stop anacron.service in prepare + - interfaces: don't use the owner modifier for files shared via + document portal + - systemd: move the doc comments to the interface so they are + visible + - cmd/snap-recovery-chooser: tweaks + - interfaces/docker-support: add overlayfs file access + - packaging: use debian/not-installed to ignore snap-preseed + - travis.yml: disable unit tests on travis + - store: start splitting store.go and store_test.go into subtopic + files + - tests/session-tool: stop cron/anacron from meddling + - github: disable fail-fast as spread cannot be interrupted + - github: move static checks and spread over + - tests: skip "/etc/machine-id" in "writablepaths" test + - snap-bootstrap: store encrypted partition recovery key + - httputil: increase testRetryStrategy max timelimit to 5s + - tests/session-tool: kill leaking closing session + - interfaces: allow raw access to USB printers + - tests/session-tool: reset failed session-tool units + - httputil: increase httpclient timeout in + TestRetryRequestTimeoutHandling + - usersession: extend timerange in TestExitOnIdle + - client: increase timeout in client tests to 100ms + - many: disentagle release and snapdenv from sandbox/* + - boot: simplify modeenv mocking to always write a modeenv + - snap-bootstrap: expand data partition on install + - o/configstate: add backlight option for core config + - cmd/snap-recovery-chooser: add recovery chooser + - features: enable robust mount ns updates + - snap: improve TestWaitRecovers test + - sandbox/cgroup: add ProcessPathInTrackingCgroup + - interfaces/policy: fix comment in recent new test + - tests: make session tool way more robust + - interfaces/seccomp: allow passing an address to setgroups + - o/configcore: introduce core config handlers (3/N) + - interfaces: updates to login-session-observe, network-manager and + modem-manager interfaces + - interfaces/policy/policy_test.go: add more tests'allow- + installation: false' and we grant based on interface attributes + - packaging: detect/disable broken seed in the postinst + - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia + library + - tests: remove google-tpm backend from spread.yaml + - tests: install dependencies with apt using --no-install-recommends + - usersession/userd: add zoommtg url support + - snap-bootstrap: fix disk layout sanity check + - snap: add `snap debug state --is-seeded` helper + - devicestate: generate warning if seeding fails + - config, features: move and rename config.GetFeatureFlag helper to + features.Flag + - boot, overlord/devicestate, daemon: implement requesting boot + into a given recovery system + - xdgopenproxy: forward requests to the desktop portal + - many: support immediate reboot + - store: search v2 tweaks + - tests: fix cross build tests when installing dependencies + - daemon: make POST /v2/systems/