Michael Vogt [Wed, 1 Sep 2021 11:32:06 +0000 (12:32 +0100)]
Merge snapd (2.51.7-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Wed, 1 Sep 2021 11:32:06 +0000 (12:32 +0100)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
[PATCH 7/9] i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
[PATCH 6/9] systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
[PATCH 5/9] advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
[PATCH 4/9] cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
[PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Vogt [Wed, 1 Sep 2021 11:32:06 +0000 (12:32 +0100)]
snapd (2.51.7-1) unstable; urgency=medium
* New upstream release, LP: #
1929842
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix `
bd730fd4`
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
[dgit import unpatched snapd 2.51.7-1]
Michael Vogt [Wed, 1 Sep 2021 11:32:06 +0000 (12:32 +0100)]
Import snapd_2.51.7.orig.tar.gz
[dgit import orig snapd_2.51.7.orig.tar.gz]
Michael Vogt [Wed, 1 Sep 2021 11:32:06 +0000 (12:32 +0100)]
Import snapd_2.51.7-1.debian.tar.xz
[dgit import tarball snapd 2.51.7-1 snapd_2.51.7-1.debian.tar.xz]
Michael Vogt [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
Merge snapd (2.49-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
cherry-pick-pr9936
commit
5c7c00e13285487a472e615d0e483e64b2cfad78
Author: Zygmunt Krynicki <me@zygoon.pl>
Date: Mon Feb 15 17:14:41 2021 +0000
Remove apparmor downgrade feature
Apparmor downgrade was automatically enabled when the running kernel
supported some, but not all of the features. Since the complete set was
never upstreamed, this effectively meant that users had less features
than they otherwise would have.
Since apparmor is still reported as "partial", nothing changes from the
point of view of not sending any misleading messages. For certain
classes of snap packages, this improves the effective confinement on
systems such as Debian or openSUSE Leap.
Perfect confinement is still way off, this doesn't change that.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0013-cherry-pick-pr9936.patch
Michael Hudson-Doyle [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
[PATCH 7/9] i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
[PATCH 6/9] systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
[PATCH 5/9] advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
[PATCH 4/9] cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
[PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Vogt [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
snapd (2.49-1) unstable; urgency=high
* New upstream release with security updates:
* SECURITY UPDATE: sandbox escape vulnerability for containers
(LP: #
1910456)
- many: add Delegate=true to generated systemd units for special
interfaces
- interfaces/greengrass-support: back-port interface changes to
2.48
- CVE-2020-27352
* interfaces/builtin/docker-support: allow /run/containerd/s/...
- This is a new path that docker 19.03.14 (with a new version of
containerd) uses to avoid containerd CVE issues around the unix
socket. See also CVE-2020-15257.
* debian/patches/0013-cherry-pick-pr9936.patch:
- cherry pick PR#9936 to use all apparmor available (closes: 923500)
* d/p/0011-cherry-pick-pr9809, d/p/0012-cherry-pick-pr9844:
- dropped, applied upstream
[dgit import unpatched snapd 2.49-1]
Michael Vogt [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
Import snapd_2.49.orig.tar.gz
[dgit import orig snapd_2.49.orig.tar.gz]
Michael Vogt [Wed, 24 Feb 2021 08:23:51 +0000 (08:23 +0000)]
Import snapd_2.49-1.debian.tar.xz
[dgit import tarball snapd 2.49-1 snapd_2.49-1.debian.tar.xz]
Michael Vogt [Fri, 22 Jan 2021 09:13:11 +0000 (09:13 +0000)]
Merge snapd (2.48.2-3) import into refs/heads/workingbranch
Michael Vogt [Fri, 15 Jan 2021 19:59:53 +0000 (20:59 +0100)]
[PATCH] cmd: make string/error code more robust against errno leaking
The i386 sid sbuild fails because apparently some sbuild code
is calling functions that are not implemented so errno is set
during the tests when it is not expected. This leads to test
failures because the die() code will append errno status if
errno is set. This commit fixes this and makes the nightly
test also run on i386.
Gbp-Pq: Name 0012-cherry-pick-pr9844
Michael Hudson-Doyle [Fri, 22 Jan 2021 09:13:11 +0000 (09:13 +0000)]
cherry-pick-pr9809
===================================================================
Gbp-Pq: Name 0011-cherry-pick-pr9809
Michael Hudson-Doyle [Fri, 22 Jan 2021 09:13:11 +0000 (09:13 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
[PATCH 7/9] i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
[PATCH 6/9] systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
[PATCH 5/9] advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
[PATCH 4/9] cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
[PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Vogt [Fri, 22 Jan 2021 09:13:11 +0000 (09:13 +0000)]
snapd (2.48.2-3) unstable; urgency=medium
* debian/patches/0012-cherry-pick-pr9844:
- cherry pick PR#9844 to avoid leaking of errno in snap-confine
tests that caused i386 to FTBFS
[dgit import unpatched snapd 2.48.2-3]
Michael Vogt [Fri, 22 Jan 2021 09:13:11 +0000 (09:13 +0000)]
Import snapd_2.48.2-3.debian.tar.xz
[dgit import tarball snapd 2.48.2-3 snapd_2.48.2-3.debian.tar.xz]
Michael Vogt [Fri, 15 Jan 2021 08:11:00 +0000 (08:11 +0000)]
Import snapd_2.48.2.orig.tar.gz
[dgit import orig snapd_2.48.2.orig.tar.gz]
Michael Vogt [Fri, 10 Jul 2020 18:06:29 +0000 (19:06 +0100)]
Merge snapd (2.45.2-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Fri, 10 Jul 2020 18:06:29 +0000 (19:06 +0100)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
[PATCH 7/9] i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
[PATCH 6/9] systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
[PATCH 5/9] advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
[PATCH 4/9] cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
[PATCH 1/9] cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Vogt [Fri, 10 Jul 2020 18:06:29 +0000 (19:06 +0100)]
snapd (2.45.2-1) unstable; urgency=high
* SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
* SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
[dgit import unpatched snapd 2.45.2-1]
Michael Vogt [Fri, 10 Jul 2020 18:06:29 +0000 (19:06 +0100)]
Import snapd_2.45.2.orig.tar.gz
[dgit import orig snapd_2.45.2.orig.tar.gz]
Michael Vogt [Fri, 10 Jul 2020 18:06:29 +0000 (19:06 +0100)]
Import snapd_2.45.2-1.debian.tar.xz
[dgit import tarball snapd 2.45.2-1 snapd_2.45.2-1.debian.tar.xz]
Michael Vogt [Wed, 30 Oct 2019 12:17:43 +0000 (12:17 +0000)]
Merge snapd (2.42.1-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Wed, 30 Oct 2019 12:17:43 +0000 (12:17 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Vogt [Wed, 30 Oct 2019 12:17:43 +0000 (12:17 +0000)]
snapd (2.42.1-1) unstable; urgency=medium
* New upstream release, LP: #
1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
[dgit import unpatched snapd 2.42.1-1]
Michael Vogt [Wed, 30 Oct 2019 12:17:43 +0000 (12:17 +0000)]
Import snapd_2.42.1.orig.tar.gz
[dgit import orig snapd_2.42.1.orig.tar.gz]
Michael Vogt [Wed, 30 Oct 2019 12:17:43 +0000 (12:17 +0000)]
Import snapd_2.42.1-1.debian.tar.xz
[dgit import tarball snapd 2.42.1-1 snapd_2.42.1-1.debian.tar.xz]
Zygmunt Krynicki [Thu, 28 Feb 2019 17:21:26 +0000 (17:21 +0000)]
Merge snapd (2.37.4-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Thu, 28 Feb 2019 17:21:26 +0000 (17:21 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Zygmunt Krynicki [Thu, 28 Feb 2019 17:21:26 +0000 (17:21 +0000)]
snapd (2.37.4-1) unstable; urgency=medium
* New upstream release
* d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
fixed upstream
[dgit import unpatched snapd 2.37.4-1]
Zygmunt Krynicki [Thu, 28 Feb 2019 17:21:26 +0000 (17:21 +0000)]
Import snapd_2.37.4.orig.tar.xz
[dgit import orig snapd_2.37.4.orig.tar.xz]
Zygmunt Krynicki [Thu, 28 Feb 2019 17:21:26 +0000 (17:21 +0000)]
Import snapd_2.37.4-1.debian.tar.xz
[dgit import tarball snapd 2.37.4-1 snapd_2.37.4-1.debian.tar.xz]
Michael Hudson-Doyle [Thu, 7 Feb 2019 08:26:34 +0000 (08:26 +0000)]
Merge snapd (2.37.2-1) import into refs/heads/workingbranch
Michael Hudson-Doyle [Thu, 7 Feb 2019 08:26:34 +0000 (08:26 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Mon, 21 Jan 2019 15:54:44 +0000 (16:54 +0100)]
snap/squashsh: skip TestBuildDate on Debian
On Debian the reported build date of a squashfs file is about two days
back from what the test expected.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Hudson-Doyle [Thu, 7 Feb 2019 08:26:34 +0000 (08:26 +0000)]
snapd (2.37.2-1) unstable; urgency=medium
* New upstream releease.
[dgit import unpatched snapd 2.37.2-1]
Michael Hudson-Doyle [Thu, 7 Feb 2019 08:26:34 +0000 (08:26 +0000)]
Import snapd_2.37.2.orig.tar.xz
[dgit import orig snapd_2.37.2.orig.tar.xz]
Michael Hudson-Doyle [Thu, 7 Feb 2019 08:26:34 +0000 (08:26 +0000)]
Import snapd_2.37.2-1.debian.tar.xz
[dgit import tarball snapd 2.37.2-1 snapd_2.37.2-1.debian.tar.xz]
Michael Hudson-Doyle [Thu, 24 Jan 2019 03:11:17 +0000 (03:11 +0000)]
Merge snapd (2.37-3) import into refs/heads/workingbranch
Michael Hudson-Doyle [Thu, 24 Jan 2019 03:11:17 +0000 (03:11 +0000)]
man-page-sections
Gbp-Pq: Name 0010-man-page-sections.patch
Zygmunt Krynicki [Mon, 21 Jan 2019 17:55:12 +0000 (18:55 +0100)]
interfaces/apparmor: mock presence of overlayfs root
During the release of the snapd 2.37 we noticed that the Debian
builds performed in sbuild are failing on several unit tests. The same
source package would build file in pbuilder.
Investigation uncovered that sbuild is using overlayfs root internally.
This is picked up by the apparmor overlayfs detector and causes snapd to
generate an additional configuration file for snap-confine.
For reference, the offending entry from /proc/self/mountinfo:
228 23 0:40 / / rw,relatime shared:119 - overlay sid-amd64-sbuild rw,lowerdir=/var/lib/schroot/union/underlay/sid-amd64-sbuild-
85592074-da40-4faa-8b25-
a354b207cdf2,upperdir=/var/lib/schroot/union/overlay/sid-amd64-sbuild-
85592074-da40-4faa-8b25-
a354b207cdf2/upper,workdir=/var/lib/schroot/union/overlay/sid-amd64-sbuild-
85592074-da40-4faa-8b25-
a354b207cdf2/work
The extra generated file was upsetting tests that looked at
/var/lib/snapd/apparmor/snap-confine.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch
Zygmunt Krynicki [Mon, 21 Jan 2019 15:54:44 +0000 (16:54 +0100)]
snap/squashsh: skip TestBuildDate on Debian
On Debian the reported build date of a squashfs file is about two days
back from what the test expected.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 14:42:35 +0000 (16:42 +0200)]
i18n: use dummy localizations to avoid dependencies
Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:51:14 +0000 (15:51 +0200)]
systemd: disable snapfuse system
Upstream snapd uses an elaborate hack to bundle squashfuse under the
name snapfuse, and built as a fake go package. This component is not
available in Debian where bundling elements is not allowed.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0006-systemd-disable-snapfuse-system.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:46:00 +0000 (15:46 +0200)]
advisor,errtracker: use upstream bolt package
Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.
In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:38:41 +0000 (17:38 +0200)]
cmd/snap: skip tests depending on text wrapping
Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.
Since this test is not critical for anything it can be disabled to let
the package build.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:21:22 +0000 (17:21 +0200)]
cmd/snap-seccomp: skip tests that use -m32
Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:
multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-
3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped
I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 15:11:12 +0000 (17:11 +0200)]
cmd/snap-seccomp: skip tests that fail on 4.19
It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch
Zygmunt Krynicki [Thu, 17 Jan 2019 13:48:46 +0000 (15:48 +0200)]
cmd/snap-seccomp: use upstream seccomp package
Upstream snapd uses a fork that carries additional compatibility patch
required to build snapd for Ubuntu 14.04. This patch is not required with
the latest snapshot of the upstream seccomp golang bindings but they are
neither released upstream nor backported (in their entirety) to Ubuntu
14.04.
The forked seccomp library is not packaged in Debian. As such, to build
snapd, we need to switch to the regular, non-forked package name.
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0001-cmd-snap-seccomp-use-upstream-seccomp-package.patch
Michael Hudson-Doyle [Thu, 24 Jan 2019 03:11:17 +0000 (03:11 +0000)]
snapd (2.37-3) unstable; urgency=medium
* Fix --no-arch-any build.
[dgit import unpatched snapd 2.37-3]
projects / snapd.git / log