dgit.raspbian.org Git - snapd.git/log

Merge snapd (2.62-5) import into refs/heads/workingbranch

tests: enable the snapd socket in autopkgtest

For reasons I don't quite understand, and cannot reproduce when running
autopkgtest locally, when the system is tested on the Debian infrastructure
snapd ends up installed but not enabled.

Enable the socket to at least have a chance to run something.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0022-tests-enable-the-snapd-socket-in-autopkgtest.patch

[PATCH] tests: create test user for autopkgtests

The smoke test suite depends on running things as the unprivilege
user "test" with the specific UID 12345.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0021-PATCH-tests-create-test-user-for-autopkgtests.patch

[PATCH 17/18] packaging: update to compat level 13

Update for compatibility level 9 to 13 [1].

- remove --fail-missing from dh
- remove --with=systemd from dh
- drop autoreconf dependencies (obsolete since level 10)

[1] https://manpages.debian.org/testing/debhelper/debhelper-compat-upgrade-checklist.7.en.html#v13

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0018-PATCH-17-18-packaging-update-to-compat-level-13.patch

[PATCH 16/18] spread.yaml: add autopkgtest entries for Debian

Add entries for Debian unstable "sid" to allow running the integration test
suite while traversing migrations in the Debian archive.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0017-PATCH-16-18-spread.yaml-add-autopkgtest-entries-for-.patch

[PATCH 15/18] packaging: cope with unset ID and VERSION_ID

There is no guarantee that ID and VERSION_ID are set in /etc/os-release.
Provide defaults for ID and VERSION_ID so that spread runs with _some_ system
name. Spread rejects system names with two consecutive dashes, so use a
special-case for unset VERSION_ID since we know it is used in a context of the
Debian archive.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0016-PATCH-15-18-packaging-cope-with-unset-ID-and-VERSION.patch

[PATCH 14/18] packaging: do not hard-code the "ubuntu" username/password

Spread needs to login to an account with a non-empty password. Set the password
of the autopkgtest user account to the same value as the account name.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0015-PATCH-14-18-packaging-do-not-hard-code-the-ubuntu-us.patch

[PATCH 13/18] packaging: use "go install" to install spread

The former go get command is deprecated with current Go, and no longer works
correctly.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0014-PATCH-13-18-packaging-use-go-install-to-install-spre.patch

[PATCH 12/18] packaging: and needs-internet test restriction

Internet is required to pull Go dependencies to build and install spread, as
well as to download snap packages from the store.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0013-PATCH-12-18-packaging-and-needs-internet-test-restri.patch

[PATCH 11/18] packaging,spread.yaml: use needs-sudo to setup sudo

Sudo access is managed by the "needs-sudo" flag. We can drop our custom logic
and associated manipulation. This also ensures the testbed is correctly
selected, and incompatible systems are rejected.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0012-PATCH-11-18-packaging-spread.yaml-use-needs-sudo-to-.patch

[PATCH 10/18] packaging: rewrite lintian overrides

None of the old overrides applied anymore.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0011-PATCH-10-18-packaging-rewrite-lintian-overrides.patch

[PATCH 09/18] packaging: add source lintian overrides for EFI binaries

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0010-PATCH-09-18-packaging-add-source-lintian-overrides-f.patch

[PATCH 08/18] packaging: set LANG=C.utf-8 during tests

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0009-PATCH-08-18-packaging-set-LANG-C.utf-8-during-tests.patch

[PATCH 06/18] tests: explicitly remove the mount point

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0008-PATCH-06-18-tests-explicitly-remove-the-mount-point.patch

[PATCH 05/18] tests: use consistent syntax to call snapctl

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0007-PATCH-05-18-tests-use-consistent-syntax-to-call-snap.patch

[PATCH 04/18] tests: use snapctl umount rather than umount

Snapctl creates systemd mount units that may be activated again, so plain
umount is insufficient to correctly undo all the changes.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0006-PATCH-04-18-tests-use-snapctl-umount-rather-than-umo.patch

[PATCH 03/18] Merge pull request from GHSA-p9v8-q5m4-pf46

* o/hookstate: recognize "--" in snapctl argument parser

When parsing snapctl argument vector recognize the "--" as an option
terminator, so that dash-options are not recognized afterwards.

Fixes: https://bugs.launchpad.net/snapd/+bug/2065077
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
* tests: add regression test for lp-2065077

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
---------

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Gbp-Pq: Name 0005-PATCH-03-18-Merge-pull-request-from-GHSA-p9v8-q5m4-p.patch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.62-5) unstable; urgency=medium

* debian: enable snapd.socket in autopkgtests

[dgit import unpatched snapd 2.62-5]

Import snapd_2.62-5.debian.tar.xz

[dgit import tarball snapd 2.62-5 snapd_2.62-5.debian.tar.xz]

Merge snapd (2.62-2) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.62-2) unstable; urgency=medium

* Build-depend on systemd-dev (closes: #1060611)

[dgit import unpatched snapd 2.62-2]

Import snapd_2.62-2.debian.tar.xz

[dgit import tarball snapd 2.62-2 snapd_2.62-2.debian.tar.xz]

Import snapd_2.62.orig.tar.gz

[dgit import orig snapd_2.62.orig.tar.gz]

Merge snapd (2.62-1) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.62-1) unstable; urgency=medium

  [ Ernest Lotter ]
  * New upstream release, LP: #2058277
    - Aspects based configuration schema support (experimental)
    - Refresh app awareness support for UI (experimental)
    - Support for user daemons by introducing new control switches
      --user/--system/--users for service start/stop/restart
      (experimental)
    - Add AppArmor prompting experimental flag (feature currently
      unsupported)
    - Installation of local snap components of type test
    - Packaging of components with snap pack
    - Expose experimental features supported/enabled in snapd REST API
      endpoint /v2/system-info
    - Support creating and removing recovery systems for use by factory
      reset
    - Enable API route for creating and removing recovery systems using
      /v2/systems with action create and /v2/systems/{label} with action
      remove
    - Lift requirements for fde-setup hook for single boot install
    - Enable single reboot gadget update for UC20+
    - Allow core to be removed on classic systems
    - Support for remodeling on hybrid systems
    - Install desktop files on Ubuntu Core and update after snapd
      upgrade
    - Upgrade sandbox features to account for cgroup v2 device filtering
    - Support snaps to manage their own cgroups
    - Add support for AppArmor 4.0 unconfined profile mode
    - Add AppArmor based read access to /etc/default/keyboard
    - Upgrade to squashfuse 0.5.0
    - Support useradd utility to enable removing Perl dependency for
      UC24+
    - Support for recovery-chooser to use console-conf snap
    - Add support for --uid/--gid using strace-static
    - Add support for notices (from pebble) and expose via the snapd
      REST API endpoints /v2/notices and /v2/notice
    - Add polkit authentication for snapd REST API endpoints
      /v2/snaps/{snap}/conf and /v2/apps
    - Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
    - Add refresh-inhibited select query to REST API endpoint /v2/snaps
    - Take into account validation sets during remodeling
    - Improve offline remodeling to use installed revisions of snaps to
      fulfill the remodel revision requirement
    - Add rpi configuration option sdtv_mode
    - When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
      present on host
    - Fix gadget zero-sized disk mapping caused by not ignoring zero
      sized storage traits
    - Fix gadget install case where size of existing partition was not
      correctly taken into account
    - Fix trying to unmount early kernel mount if it does not exist
    - Fix restarting mount units on snapd start
    - Fix call to udev in preseed mode
    - Fix to ensure always setting up the device cgroup for base bare
      and core24+
    - Fix not copying data from newly set homedirs on revision change
    - Fix leaving behind empty snap home directories after snap is
      removed (resulting in broken symlink)
    - Fix to avoid using libzstd from host by adding to snapd snap
    - Fix autorefresh to correctly handle forever refresh hold
    - Fix username regex allowed for system-user assertion to not allow
      '+'
    - Fix incorrect application icon for notification after autorefresh
      completion
    - Fix to restart mount units when changed
    - Fix to support AppArmor running under incus
    - Fix case of snap-update-ns dropping synthetic mounts due to
      failure to match  desired mount dependencies
    - Fix parsing of base snap version to enable pre-seeding of Ubuntu
      Core Desktop
    - Fix packaging and tests for various distributions
    - Add remoteproc interface to allow developers to interact with
      Remote Processor Framework which enables snaps to load firmware to
      ARM Cortex microcontrollers
    - Add kernel-control interface to enable controlling the kernel
      firmware search path
    - Add nfs-mount interface to allow mounting of NFS shares
    - Add ros-opt-data interface to allow snaps to access the host
      /opt/ros/ paths
    - Add snap-refresh-observe interface that provides refresh-app-
      awareness clients access to relevant snapd API endpoints
    - steam-support interface: generalize Pressure Vessel root paths and
      allow access to driver information, features and container
      versions
    - steam-support interface: make implicit on Ubuntu Core Desktop
    - desktop interface: improved support for Ubuntu Core Desktop and
      limit autoconnection to implicit slots
    - cups-control interface: make autoconnect depend on presence of
      cupsd on host to ensure it works on classic systems
    - opengl interface: allow read access to /usr/share/nvidia
    - personal-files interface: extend to support automatic creation of
      missing parent directories in write paths
    - network-control interface: allow creating /run/resolveconf
    - network-setup-control and network-setup-observe interfaces: allow
      busctl bind as required for systemd 254+
    - libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
      ro and read access to /var/lib/libvirt/dnsmasq/**
    - fwupd interface: allow access to IMPI devices (including locking
      of device nodes), sysfs attributes needed by amdgpu and the COD
      capsule update directory
    - uio interface: allow configuring UIO drivers from userspace
      libraries
    - serial-port interface: add support for NXP Layerscape SoC
    - lxd-support interface: add attribute enable-unconfined-mode to
      require LXD to opt-in to run unconfined
    - block-devices interface: add support for ZFS volumes
    - system-packages-doc interface: add support for reading jquery and
      sphinx documentation
    - system-packages-doc interface: workaround to prevent autoconnect
      failure for snaps using base bare
    - microceph-support interface: allow more types of block devices to
      be added as an OSD
    - mount-observe interface: allow read access to
      /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
    - polkit interface: changed to not be implicit on core because
      installing policy files is not possible
    - upower-observe interface: allow stats refresh
    - gpg-public-keys interface: allow creating lock file for certain
      gpg operations
    - shutdown interface: allow access to SetRebootParameter method
    - media-control interface: allow device file locking
    - u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
      Kensington VeriMark Guard, RSA DS100, Google Titan v2

[dgit import unpatched snapd 2.62-1]

Import snapd_2.62-1.debian.tar.xz

[dgit import tarball snapd 2.62-1 snapd_2.62-1.debian.tar.xz]

Merge snapd (2.61.2-2) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.61.2-2) unstable; urgency=medium

* Build without bolt support to avoid bolt not supporting riscv64

[dgit import unpatched snapd 2.61.2-2]

Import snapd_2.61.2-2.debian.tar.xz

[dgit import tarball snapd 2.61.2-2 snapd_2.61.2-2.debian.tar.xz]

Import snapd_2.61.2.orig.tar.gz

[dgit import orig snapd_2.61.2.orig.tar.gz]

Merge snapd (2.61.1-1) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.61.1-1) unstable; urgency=medium

  [ Ernest Lotter ]
  * New upstream release, LP: #2024007
    - Stop requiring default provider snaps on image building and first
      boot if alternative providers are included and available
    - Fix auth.json access for login as non-root group ID
    - Fix incorrect remodelling conflict when changing track to older
      snapd version
    - Improved check-rerefresh message
    - Fix UC16/18 kernel/gadget update failure due volume mismatch with
      installed disk
    - Stop auto-import of assertions during install modes
    - Desktop interface exposes GetIdletime
    - Polkit interface support for new polkit versions
    - Fix not applying snapd snap changes in tracked channel when remodelling

  [ Zygmunt Krynicki ]
  * Set SNAPD_SKIP_SLOW_TESTS=true avoid hitting firstboot test that are
    time-sensitive and mostly check Ubuntu Core functionality that does not
    affect classic distributions. Similar "workaround" is done on openSUSE.

[dgit import unpatched snapd 2.61.1-1]

Import snapd_2.61.1.orig.tar.gz

[dgit import orig snapd_2.61.1.orig.tar.gz]

Import snapd_2.61.1-1.debian.tar.xz

[dgit import tarball snapd 2.61.1-1 snapd_2.61.1-1.debian.tar.xz]

Merge snapd (2.60.2-1) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

snapd (2.60.2-1) unstable; urgency=medium

  * New upstream release, LP: #2024007
    - i/builtin: allow directories in private /dev/shm
    - i/builtin: add read access to /proc/task/schedstat in system-
      observe
    - snap-bootstrap: print version information at startup
    - go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
    - snap, store: filter out invalid snap edited links from store info
      and persisted state
    - o/configcore: write netplan defaults to 00-snapd-config on seeding
    - snapcraft.yaml: pull in apparmor_parser optimization patches from
      https://gitlab.com/apparmor/apparmor/-/merge_requests/711
    - snap-confine: fix missing \0 after readlink
    - cmd/snap: hide append-integrity-data
    - interfaces/opengl: add support for ARM Mali
  * debian/{control,rules}:
    - sync packaging changes from upstream

[dgit import unpatched snapd 2.60.2-1]

Import snapd_2.60.2.orig.tar.gz

[dgit import orig snapd_2.60.2.orig.tar.gz]

Import snapd_2.60.2-1.debian.tar.xz

[dgit import tarball snapd 2.60.2-1 snapd_2.60.2-1.debian.tar.xz]

Merge snapd (2.57.6-1) import into refs/heads/workingbranch

skip-TestPopulateFromSeedWithConnectHook

Gbp-Pq: Name 0016-skip-TestPopulateFromSeedWithConnectHook.patch

fix-build-5bd97b39a03

commit 5bd97b39a0321f279f521ee6c8c043778cb3d7d8
Author: Sergio Cazzolato <sergio.cazzolato@canonical.com>
Date:   Tue Aug 23 12:01:00 2022 -0300

    tests: fix sbuild test on debian sid (#12043)

    * Fix sbuild test on debian sid

    The test was failing because of 2 problems:
    1. not enough space in the disk to run the test
    2. it was failing to find package "github.com/canonical/go-tpm2" in the
    file
    src/github.com/snapcore/snapd/tests/nested/manual/core20-da-lockout/getdalockout.go

    The solution for the second point is to add the dummy file so debian
    does not pick it up when building

    * tests: rename getdalockout_dummy.go->getdalockout_nosecboot.go

Co-authored-by: Michael Vogt <mvo@ubuntu.com>
Gbp-Pq: Name 0015-fix-build-5bd97b39a03.patch

Fix test with godbus 5.0.5

Due to https://github.com/godbus/dbus/pull/265, godbus only sends
auth name.

Forwarded: no

Gbp-Pq: Name 0011-Fix-test-with-godbus-5.0.5.patch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19

It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch

snapd (2.57.6-1) unstable; urgency=high

  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Fix race condition in snap-confine when preparing a
      private tmp mount namespace for a snap
    - CVE-2022-3328
  * sync packaging changes from upstream
  * d/p/0015-fix-build-5bd97b39a03.patch:
    - cherry-pick 5bd97b39a03 to build FTBFS
  * d/p/0016-skip-TestPopulateFromSeedWithConnectHook.patch:
    - skip TestPopulateFromSeedWithConnectHook as it does not
      converge

[dgit import unpatched snapd 2.57.6-1]

Import snapd_2.57.6.orig.tar.gz

[dgit import orig snapd_2.57.6.orig.tar.gz]

Import snapd_2.57.6-1.debian.tar.xz

[dgit import tarball snapd 2.57.6-1 snapd_2.57.6-1.debian.tar.xz]

Merge snapd (2.54.3-1.1) import into refs/heads/workingbranch

Fix test with godbus 5.0.5

Due to https://github.com/godbus/dbus/pull/265, godbus only sends
auth name.

Forwarded: no

Gbp-Pq: Name 0011-Fix-test-with-godbus-5.0.5.patch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19

It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch

snapd (2.54.3-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Remove unused Build-Depends and replace transitional packages
    (Closes: #1014184)
  * Add patch for failed test with godbus 5.0.5 (Closes: #1008450)

[dgit import unpatched snapd 2.54.3-1.1]

Import snapd_2.54.3-1.1.debian.tar.xz

[dgit import tarball snapd 2.54.3-1.1 snapd_2.54.3-1.1.debian.tar.xz]

Merge snapd (2.54.3-1) import into refs/heads/workingbranch

Import snapd_2.54.3.orig.tar.gz

[dgit import orig snapd_2.54.3.orig.tar.gz]

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch

[PATCH 7/9] i18n: use dummy localizations to avoid dependencies

Upstream snapd uses the github.com/ojii/gettext.go package for access to
translation catalogs. This package is currently not available in Debian
and prevents building the package. As such, replace the real
implementation with a simple dummy one that always uses the English
input strings.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Gbp-Pq: Name 0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch

[PATCH 5/9] advisor,errtracker: use upstream bolt package

Upstream snapd uses a fork of the bolt package that carries additional
patches for bugs that were discovered by snapd developers. Bolt itself
appears to be an abandoned project and is not accepting any new patches.

In various distributions the upstream bolt package may or may not have
been patched but the forked version was definitely not packaged. As
such, to build snapd in Debian the upstream bolt package name must be
used.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0005-advisor-errtracker-use-upstream-bolt-package.patch

[PATCH 4/9] cmd/snap: skip tests depending on text wrapping

Upstream snapd contains tests that check the output of various commands
along with the --help command-line argument. The output is wrapped to
match terminal width and for readability. The algorithm for wrapping
has apparently changed across versions of github.com/jessevdk/go-flags.

Since this test is not critical for anything it can be disabled to let
the package build.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch

[PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32

Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
binaries. The compilation error is:

multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
cannot build multi-lib syscall runner: exit status 1
In file included from /usr/include/errno.h:25,
from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
# include <sys/cdefs.h>
^~~~~~~~~~~~~
compilation terminated.
OK: 2 passed, 11 skipped

I was unable to resolve this issue, let's disable this test until we can get to
the bottom of it.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch

[PATCH 2/9] cmd/snap-seccomp: skip tests that fail on 4.19

It seems that the Debian 4.19.0-1 kernel contains a regression in
seccomp execution. While this issue is investigated in parallel along
with the security team, the release of updated snapd package should not
be held by this issue.

Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Gbp-Pq: Name 0002-cmd-snap-seccomp-skip-tests-that-fail-on-4.19.patch

snapd (2.54.3-1) unstable; urgency=high

  * SECURITY UPDATE: Local privilege escalation
    - snap-confine: Add validations of the location of the snap-confine
      binary within snapd.
    - snap-confine: Fix race condition in snap-confine when preparing a
      private mount namespace for a snap.
    - CVE-2021-44730
    - CVE-2021-44731
  * SECURITY UPDATE: Data injection from malicious snaps
    - interfaces: Add validations of snap content interface and layout
      paths in snapd.
    - CVE-2021-4120
    - LP: #1949368

[dgit import unpatched snapd 2.54.3-1]

Import snapd_2.54.3-1.debian.tar.xz

[dgit import tarball snapd 2.54.3-1 snapd_2.54.3-1.debian.tar.xz]

Merge snapd (2.54.1-1) import into refs/heads/workingbranch

man-page-sections

Gbp-Pq: Name 0010-man-page-sections.patch