From 12af4209fb7e648f070a9ce191ea9b0bcb730a1b Mon Sep 17 00:00:00 2001
From: Zygmunt Krynicki <me@zygoon.pl>
Date: Fri, 8 Mar 2024 15:28:00 +0100
Subject: [PATCH] Import snapd_2.61.2-2.debian.tar.xz

[dgit import tarball snapd 2.61.2-2 snapd_2.61.2-2.debian.tar.xz]
---
 README.Source                                 |    35 +
 changelog                                     | 10271 ++++++++++++++++
 compat                                        |     1 +
 control                                       |   126 +
 copyright                                     |    22 +
 gbp.conf                                      |     4 +
 golang-github-snapcore-snapd-dev.install      |     1 +
 not-installed                                 |     7 +
 ...snap-seccomp-skip-tests-that-use-m32.patch |    45 +
 ...kip-tests-depending-on-text-wrapping.patch |   129 +
 ...errtracker-use-upstream-bolt-package.patch |    33 +
 ...-localizations-to-avoid-dependencies.patch |   291 +
 patches/0010-man-page-sections.patch          |    22 +
 patches/series                                |     5 +
 rules                                         |   286 +
 snap-confine.maintscript                      |     1 +
 snapd.autoimport.udev                         |     3 +
 snapd.dirs                                    |    15 +
 snapd.install                                 |    35 +
 snapd.links                                   |     5 +
 snapd.lintian-overrides                       |    13 +
 snapd.maintscript                             |     6 +
 snapd.manpages                                |     1 +
 snapd.postinst                                |    41 +
 snapd.postrm                                  |   149 +
 snapd.prerm                                   |    37 +
 source/format                                 |     1 +
 source/options                                |     1 +
 tests/README.md                               |    10 +
 tests/control                                 |    12 +
 tests/integrationtests                        |    51 +
 tests/testconfig.json                         |     3 +
 watch                                         |     4 +
 33 files changed, 11666 insertions(+)
 create mode 100644 README.Source
 create mode 100644 changelog
 create mode 100644 compat
 create mode 100644 control
 create mode 100644 copyright
 create mode 100644 gbp.conf
 create mode 100644 golang-github-snapcore-snapd-dev.install
 create mode 100644 not-installed
 create mode 100644 patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
 create mode 100644 patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
 create mode 100644 patches/0005-advisor-errtracker-use-upstream-bolt-package.patch
 create mode 100644 patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
 create mode 100644 patches/0010-man-page-sections.patch
 create mode 100644 patches/series
 create mode 100755 rules
 create mode 100644 snap-confine.maintscript
 create mode 100644 snapd.autoimport.udev
 create mode 100644 snapd.dirs
 create mode 100644 snapd.install
 create mode 100644 snapd.links
 create mode 100644 snapd.lintian-overrides
 create mode 100644 snapd.maintscript
 create mode 100644 snapd.manpages
 create mode 100644 snapd.postinst
 create mode 100644 snapd.postrm
 create mode 100755 snapd.prerm
 create mode 100644 source/format
 create mode 100644 source/options
 create mode 100644 tests/README.md
 create mode 100644 tests/control
 create mode 100644 tests/integrationtests
 create mode 100644 tests/testconfig.json
 create mode 100644 watch

diff --git a/README.Source b/README.Source
new file mode 100644
index 00000000..2a4c1231
--- /dev/null
+++ b/README.Source
@@ -0,0 +1,35 @@
+# Overview
+
+The packaging is maintained in the upstream git repo at
+
+github.com/snapcore/snapd in the packaging/debian-sid dir
+
+Please push any debian changes back there to make packaging
+easier.
+
+## Release a new version
+
+To release a new upstream version the following steps are
+recommended:
+
+    # one time setup
+    $ git clone git@salsa.debian.org:debian/snapd
+    $ cd snapd
+    $ git remote add upstream https://github.com/snapcore/snapd
+
+    # releasing a new version
+    $ git fetch upstream
+    $ git merge upstream/<tag> # e.g. upstream/2.44
+    $ cp -ar packaging/debian-sid/* debian/
+    # ensure to git add any new files
+    # set debian/changelog to UNRELEASED
+    $ git commit -a -m 'debian: sync packaging changes from upstream'
+    # update changelog
+    $ debcommit -ar
+    $ gbp buildpackage -S -d
+    # testbuild
+    $ pbuilder-dist sid update
+    $ pbuilder-dist sid build  ../build-area/snapd_<version>.dsc
+    $ dput ftp-master ../build-area/snapd_<version>_source.changes
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>, Wed, 18 Mar 2020 13:11:03 +0100
diff --git a/changelog b/changelog
new file mode 100644
index 00000000..4692c025
--- /dev/null
+++ b/changelog
@@ -0,0 +1,10271 @@
+snapd (2.61.2-2) unstable; urgency=medium
+
+  * Build without bolt support to avoid bolt not supporting riscv64
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Fri, 08 Mar 2024 15:28:00 +0100
+
+snapd (2.61.2-1) unstable; urgency=medium
+
+  [ Ernest Lotter ]
+  * New upstream release, LP: #2039017
+    - Fix to enable plug/slot sanitization for prepare-image
+    - Fix panic when device-service.access=offline
+    - Support offline remodeling
+    - Allow offline update only remodels without serial
+    - Fail early when remodeling to old model revision
+    - Fix to enable plug/slot sanitization for validate-seed
+    - Allow removal of core snap on classic systems
+    - Fix network-control interface denial for file lock on /run/netns
+    - Add well-known core24 snap-id
+    - Fix remodel snap installation order
+    - Prevent remodeling from UC18+ to UC16
+    - Fix cups auto-connect on classic with cups snap installed
+    - u2f-devices interface support for GoTrust Idem Key with USB-C
+    - Fix to restore services after unlink failure
+    - Add libcudnn.so to Nvidia libraries
+    - Fix skipping base snap download due to false snapd downgrade
+      conflict
+
+  [ Zygmunt Krynicki ]
+  * Wrap-and-sort debian/
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 29 Feb 2024 14:27:52 +0100
+
+snapd (2.61.1-1) unstable; urgency=medium
+
+  [ Ernest Lotter ]
+  * New upstream release, LP: #2024007
+    - Stop requiring default provider snaps on image building and first
+      boot if alternative providers are included and available
+    - Fix auth.json access for login as non-root group ID
+    - Fix incorrect remodelling conflict when changing track to older
+      snapd version
+    - Improved check-rerefresh message
+    - Fix UC16/18 kernel/gadget update failure due volume mismatch with
+      installed disk
+    - Stop auto-import of assertions during install modes
+    - Desktop interface exposes GetIdletime
+    - Polkit interface support for new polkit versions
+    - Fix not applying snapd snap changes in tracked channel when remodelling
+
+  [ Zygmunt Krynicki ]
+  * Set SNAPD_SKIP_SLOW_TESTS=true avoid hitting firstboot test that are
+    time-sensitive and mostly check Ubuntu Core functionality that does not
+    affect classic distributions. Similar "workaround" is done on openSUSE.
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Mon, 29 Jan 2024 10:56:42 +0100
+
+snapd (2.61-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2039017
+    - Fix control of activated services in 'snap start' and 'snap stop'
+    - Correctly reflect activated services in 'snap services'
+    - Disabled services are no longer enabled again when snap is
+      refreshed
+    - interfaces/builtin: added support for Token2 U2F keys
+    - interfaces/u2f-devices: add Swissbit iShield Key
+    - interfaces/builtin: update gpio apparmor to match pattern that
+      contains multiple subdirectories under /sys/devices/platform
+    - interfaces: add a polkit-agent interface
+    - interfaces: add pcscd interface
+    - Kernel command-line can now be edited in the gadget.yaml
+    - Only track validation-sets in run-mode, fixes validation-set
+      issues on first boot.
+    - Added support for using store.access to disable access to snap
+      store
+    - Support for fat16 partition in gadget
+    - Pre-seed authority delegation is now possible
+    - Support new system-user name  daemon
+    - Several bug fixes and improvements around remodelling
+    - Offline remodelling support
+
+ -- Philip Meulengracht <philip.meulengracht@canonical.com>  Fri, 13 Oct 2023 13:06:02 +0200
+
+snapd (2.60.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2024007
+    - i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
+      permission
+    - interfaces/builtin: fix custom-device udev KERNEL values
+    - overlord: allow the firmware-updater snap to install user daemons
+    - interfaces: allow loopback as a block-device
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 15 Sep 2023 20:46:59 +0200
+
+snapd (2.60.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2024007
+    - i/b/shared-memory: handle "private" plug attribute in shared-
+      memory interface correctly
+    - i/apparmor: support for home.d tunables from /etc/
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 25 Aug 2023 18:36:50 +0200
+
+snapd (2.60.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2024007
+    - i/builtin: allow directories in private /dev/shm
+    - i/builtin: add read access to /proc/task/schedstat in system-
+      observe
+    - snap-bootstrap: print version information at startup
+    - go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
+    - snap, store: filter out invalid snap edited links from store info
+      and persisted state
+    - o/configcore: write netplan defaults to 00-snapd-config on seeding
+    - snapcraft.yaml: pull in apparmor_parser optimization patches from
+      https://gitlab.com/apparmor/apparmor/-/merge_requests/711
+    - snap-confine: fix missing \0 after readlink
+    - cmd/snap: hide append-integrity-data
+    - interfaces/opengl: add support for ARM Mali
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Aug 2023 12:14:04 +0200
+
+snapd (2.60.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2024007
+    - install: fallback to lazy unmount() in writeFilesystemContent
+    - data: include "modprobe.d" and "modules-load.d" in preseeded blob
+    - gadget: fix install test on armhf
+    - interfaces: fix typo in network_manager_observe
+    - sandbox/apparmor: don't let vendored apparmor conflict with system
+    - gadget/update: set parts in laid out data from the ones matched
+    - many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
+    - many: stop using `-O no-expr-simplify` in apparmor_parser
+    - go.mod: update secboot to latest uc22 branch
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 04 Jul 2023 21:21:48 +0200
+
+snapd (2.60-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2024007
+    - Support for dynamic snapshot data exclusions
+    - Apparmor userspace is vendored inside the snapd snap
+    - Added a default-configure hook that exposes gadget default
+      configuration options to snaps during first install before
+      services are started
+    - Allow install from initrd to speed up the initial installation
+      for systems that do not have a install-device hook
+    - New `snap sign --chain` flag that appends the account and
+      account-key assertions
+    - Support validation-sets in the model assertion
+    - Support new "min-size" field in gadget.yaml
+    - New interface: "userns"
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Jun 2023 17:14:31 +0200
+
+snapd (2.59.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Explicitly disallow the use of ioctl + TIOCLINUX
+      This fixes CVE-2023-1523.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 27 May 2023 09:44:43 +0200
+
+snapd (2.59.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Retry when looking for disk label on non-UEFI systems
+      (LP: #2018977)
+    - Fix remodel from UC20 to UC22
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 12 May 2023 10:15:57 +0200
+
+snapd (2.59.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Fix quiet boot
+    - i/b/physical_memory_observe: allow reading virt-phys page mappings
+    - gadget: warn instead of returning error if overlapping with GPT
+      header
+    - overlord,wrappers: restart always enabled units
+    - go.mod: update github.com/snapcore/secboot to latest uc22
+    - boot: make sure we update assets for the system-seed-null role
+    - many: ignore case for vfat partitions when validating
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 03 May 2023 12:31:00 +0200
+
+snapd (2.59.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Notify users when a user triggered auto refresh finished
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 18 Apr 2023 19:46:10 +0200
+
+snapd (2.59.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Add udev rules from steam-devices to steam-support interface
+    - Bugfixes for layout path checking, dm_crypt permissions,
+      mount-control interface parameter checking, kernel commandline
+      parsing, docker-support, refresh-app-awareness
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 28 Mar 2023 20:58:44 +0200
+
+snapd (2.59-1) unstable; urgency=medium
+
+  * New upstream release, LP: #2009946
+    - Support setting extra kernel command line parameters via snap
+      configuration and under a gadget allow-list
+    - Support for Full-Disk-Encryption using ICE
+    - Support for arbitrary home dir locations via snap configuration
+    - New nvidia-drivers-support interface
+    - Support for udisks2 snap
+    - Pre-download of snaps ready for refresh and automatic refresh of
+      the snap when all apps are closed
+    - New microovn interface
+    - Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`
+    - Make "snap-preseed --reset" re-exec when needed
+    - Update the fwupd interface to support fully confined fwupd
+    - The memory,cpu,thread quota options are no longer experimental
+    - Support debugging snap client requests via the
+      `SNAPD_CLIENT_DEBUG_HTTP` environment variable
+    - Support ssh listen-address via snap configuration
+    - Support for quotas on single services
+    - prepare-image now takes into account snapd versions going into
+      the image, including in the kernel initrd, to fetch supported
+      assertion formats
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 10 Mar 2023 12:51:26 +0100
+
+snapd (2.58.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1998462
+    - interfaces/screen-inhibit-control: Add support for xfce-power-
+      manager
+    - interfaces/network-manager: do not show ptrace read
+      denials
+    - interfaces: relax rules for mount-control `what` for functionfs
+    - cmd/snap-bootstrap: add support for snapd_system_disk
+    - interfaces/modem-manager: add net_admin capability
+    - interfaces/network-manager: add permission for OpenVPN
+    - httputil: fix checking x509 certification error on go 1.20
+    - i/b/fwupd: allow reading host os-release
+    - boot: on classic+modes `MarkBootSuccessfull` does not need a base
+    - boot: do not include `base=` in modeenv for classic+modes installs
+    - tests: add spread test that validates revert on boot for core does
+      not happen on classic+modes
+    - snapstate: only take boot participants into account in
+      UpdateBootRevisions
+    - snapstate: refactor UpdateBootRevisions() to make it easier to
+      check for boot.SnapTypeParticipatesInBoot()
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 21 Feb 2023 17:14:50 +0100
+
+snapd (2.58.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1998462
+    - bootloader: fix dirty build by hardcoding copyright year
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 25 Jan 2023 20:02:08 +0100
+
+snapd (2.58.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1998462
+    - secboot: detect lockout mode in CheckTPMKeySealingSupported
+    - cmd/snap-update-ns: prevent keeping unneeded mountpoints
+    - o/snapstate: do not infinitely retry when an update fails during
+      seeding
+    - interfaces/modem-manager: add permissions for NETLINK_ROUTE
+    - systemd/emulation.go: use `systemctl --root` to enable/disable
+    - snap: provide more error context in `NotSnapError`
+    - interfaces: add read access to /run for cryptsetup
+    - boot: avoid reboot loop if there is a bad try kernel
+    - devicestate: retry serial acquire on time based certificate
+      errors
+    - o/devicestate: run systemctl daemon-reload after install-device
+      hook
+    - cmd/snap,daemon: add 'held' to notes in 'snap list'
+    - o/snapshotstate: check snapshots are self-contained on import
+    - cmd/snap: show user+gating hold info in 'snap info'
+    - daemon: expose user and gating holds at /v2/snaps/{name}
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 23 Jan 2023 18:03:40 +0100
+
+snapd (2.58-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1998462
+    - snap-confine: Fix race condition in snap-confine when preparing a
+      private tmp mount namespace for a snap (CVE-2022-3328)
+    - many: Use /tmp/snap-private-tmp for per-snap private tmps
+    - data: Add systemd-tmpfiles configuration to create private tmp dir
+    - cmd/snap: test allowed and forbidden refresh hold values
+    - cmd/snap: be more consistent in --hold help and err messages
+    - cmd/snap: error on refresh holds that are negative or too short
+    - o/homedirs: make sure we do not write to /var on build time
+    - image: make sure file customizations happen also when we have
+      defaultscause
+    - tests/fde-on-classic: set ubuntu-seed label in seed partitions
+    - gadget: system-seed-null should also have fs label ubuntu-seed
+    - many: gadget.HasRole, ubuntu-seed can come also from system-seed-
+      null
+    - o/devicestate: fix paths for retrieving recovery key on classic
+    - cmd/snap-confine: do not discard const qualifier
+    - interfaces: allow python3.10+ in the default template
+    - o/restart: fix PendingForSystemRestart
+    - interfaces: allow wayland slot snaps to access shm files created
+      by Firefox
+    - o/assertstate: add Sequence() to val set tracking
+    - o/assertstate: set val set 'Current' to pinned sequence
+    - tests: tweak the libvirt interface test to work on 22.10
+    - tests: use system-seed-null role on classic with modes tests
+    - boot: add directory for data on install
+    - o/devicestate: change some names from esp to seed/seed-null
+    - gadget: add system-seed-null role
+    - o/devicestate: really add error to new error message
+    - restart,snapstate: implement reboot-required notifications on
+      classic
+    - many: avoid automatic system restarts on classic through new
+      overlord/restart logic
+    - release: Fix WSL detection in LXD
+    - o/state: introduce WaitStatus
+    - interfaces: Fix desktop interface rules for document portal
+    - client: remove classic check for `snap recovery --show-
+      keys`
+    - many: create snapd.mounts targets to schedule mount units
+    - image: enable sysfs overlay for UC preseeding
+    - i/b/network-control: add permissions for using AF_XDP
+    - i/apparmor: move mocking of home and overlay conditions to osutil
+    - tests/main/degraded: ignore man-db update failures in CentOS
+    - cmd/snap: fix panic when running snap w/ flag but w/o subcommand
+    - tests: save snaps generated during image preaparation
+    - tests: skip building snapd based on new env var
+    - client: remove misleading comments in ValidateApplyOptions
+    - boot/seal: add debug traces for bootchains
+    - bootloader/assets: fix grub.cfg when there are no labels
+    - cmd/snap: improve refresh hold's output
+    - packaging: enable BPF in RHEL9
+    - packaging: do not traverse filesystems in postrm script
+    - tests: get microk8s from another branch
+    - bootloader: do not specify Core version in grub entry
+    - many: refresh --hold follow-up
+    - many: support refresh hold/unhold to API and CLI
+    - many: expand fully handling links mapping in all components, in
+      the API and in snap info
+    - snap/system_usernames,tests: Azure IoT Edge system usernames
+    - interface: Allow access to
+      org.freedesktop.DBus.ListActivatableNames via system-observe
+      interface
+    - o/devicestate,daemon: use the expiration date from the assertion
+      in user-state and REST api (user-removal 4/n)
+    - gadget: add unit tests for new install functions for FDE on
+      classic
+    - cmd/snap-seccomp: fix typo in AF_XDP value
+    - tests/connected-after-reboot-revert: run also on UC16
+    - kvm: allow read of AMD-SEV parameters
+    - data: tweak apt integration config var
+    - o/c/configcore: add faillock configuration
+    - tests: use dbus-daemon instead of dbus-launch
+    - packaging: remove unclean debian-sid patch
+    - asserts: add keyword 'user-presence' keyword in system-user
+      assertion (auto-removal 3/n)
+    - interfaces: steam-support allow pivot /run/media and /etc/nvidia
+      mount
+    - aspects: initial code
+    - overlord: process auto-import assertion at first boot
+    - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
+    - tests: fix lxd-mount-units in ubuntu kinetic
+    - tests: new variable used to configure the kernel command line in
+      nested tests
+    - go.mod: update to newer secboot/uc22 branch
+    - autopkgtests: fix running autopkgtest on kinetic
+    - tests: remove squashfs leftovers in fakeinstaller
+    - tests: create partition table in fakeinstaller
+    - o/ifacestate: introduce DebugAutoConnectCheck hook
+    - tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested
+      helper
+    - interfaces/polkit: do not require polkit directory if no file is
+      needed
+    - o/snapstate: be consistent not creating per-snap save dirs for
+      classic models
+    - inhibit: use hintFile()
+    - tests: use `snap prepare-image` in fde-on-classic mk-image.sh
+    - interfaces: add microceph interface
+    - seccomp: allow opening XDP sockets
+    - interfaces: allow access to icon subdirectories
+    - tests: add minimal-smoke test for UC22 and increase minimal RAM
+    - overlord: introduce hold levels in the snapstate.Hold* API
+    - o/devicestate: support mounting ubuntu-save also on classic with
+      modes
+    - interfaces: steam-support allow additional mounts
+    - fakeinstaller: format SystemDetails result with %+v
+    - cmd/libsnap-confine-private: do not panic on chmod failure
+    - tests: ensure that fakeinstaller put the seed into the right place
+    - many: add stub services for prompting
+    - tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies
+    - o/snapstate: fix snaps-hold pruning/reset in the presence of
+      system holding
+    - many: add support for setting up encryption from installer
+    - many: support classic snaps in the context of classic and extended
+      models
+    - cmd/snap,daemon: allow zero values from client to daemon for
+      journal rate limit
+    - boot,o/devicestate: extend HasFDESetupHook to consider unrelated
+      kernels
+    - cmd/snap: validation set refresh-enforce CLI support + spread test
+    - many: fix filenames written in modeenv for base/gadget plus drive-
+      by TODO
+    - seed: fix seed test to use a pseudo-random byte sequence
+    - cmd/snap-confine: remove setuid calls from cgroup init code
+    - boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem
+    - devicestate,boot,tests: make `fakeinstaller` test work
+    - store: send Snap-Device-Location header with cloud information
+    - overlord: fix unit tests after merging master in
+    - o/auth: move HasUserExpired into UserState and name it HasExpired,
+      and add unit tests for this
+    - o/auth: rename NewUserData to NewUserParams
+    - many: implementation of finish install step handlers
+    - overlord: auto-resolve validation set enforcement constraints
+    - i/backends,o/ifacestate: cleanup backends.All
+    - cmd/snap-confine: move bind-mount setup into separate function
+    - tests/main/mount-ns: update namespace for 18.04
+    - o/state: Hold pseudo-error for explicit holding, concept of
+      pending changes in prune logic
+    - many: support extended classic models that omit kernel/gadget
+    - data/selinux: allow snapd to detect WSL
+    - overlord: add code to remove users that has an expiration date set
+    - wrappers,snap/quota: clear LogsDirectory= in the service unit for
+      journal namespaces
+    - daemon: move user add, remove operations to overlord device state
+    - gadget: implement write content from gadget information
+    - {device,snap}state: fix ineffectual assignments
+    - daemon: support validation set refresh+enforce in API
+    - many: rename AddAffected* to RegisterAffected*, add
+      Change|State.Has, fix a comment
+    - many: reset store session when setting proxy.store
+    - overlord/ifacestate: fix conflict detection of auto-connection
+    - interfaces: added read/write access to /proc/self/coredump_filter
+      for process-control
+    - interfaces: add read access to /proc/cgroups and
+      /proc/sys/vm/swappiness to system-observe
+    - fde: run fde-reveal-key with `DefaultDependencies=no`
+    - many: don't concatenate non-constant format strings
+    - o/devicestate: fix non-compiling test
+    - release, snapd-apparmor: fixed outdated WSL detection
+    - many: add todos discussed in the review in
+      tests/nested/manual/fde-on-classic, snapstate cleanups
+    - overlord: run install-device hook during factory reset
+    - i/b/mount-control: add optional `/` to umount rules
+    - gadget/install: split Run in several functions
+    - o/devicestate: refactor some methods as preparation for install
+      steps implementation
+    - tests: fix how snaps are cached in uc22
+    - tests/main/cgroup-tracking-failure: fix rare failure in Xenial and
+      Bionic
+    - many: make {Install,Initramfs}{{,Host},Writable}Dir a  function
+    - tests/nested/manual/core20: fix manual test after changes to
+      'tests.nested exec'
+    - tests: move the unit tests system to 22.04 in github actions
+      workflow
+    - tests: fix nested errors uc20
+    - boot: rewrite switch in SnapTypeParticipatesInBoot()
+    - gadget: refactor to allow usage from the installer
+    - overlord/devicestate: support for mounting ubuntu-save before the
+      install-device hook
+    - many: allow to install/update kernels/gadgets on classic with
+      modes
+    - tests: fix issues related to dbus session and localtime in uc18
+    - many: support home dirs located deeper under /home
+    - many: refactor tests to use explicit strings instead of
+      boot.Install{Initramfs,Host}{Writable,FDEData}Dir
+    - boot: add factory-reset cases for boot-flags
+    - tests: disable quota tests on arm devices using ubuntu core
+    - tests: fix unbound SPREAD_PATH variable on nested debug session
+    - overlord: start turning restart into a full state manager
+    - boot: apply boot logic also for classic with modes boot snaps
+    - tests: fix snap-env test on debug section when no var files were
+      created
+    - overlord,daemon: allow returning errors when requesting a restart
+    - interfaces: login-session-control: add further D-Bus interfaces
+    - snapdenv: added wsl to userAgent
+    - o/snapstate: support running multiple ops transactionally
+    - store: use typed valset keys in store package
+    - daemon: add `ensureStateSoon()` when calling systems POST api
+    - gadget: add rules for validating classic with modes gadget.yaml
+      files
+    - wrappers: journal namespaces did not honor journal.persistent
+    - many: stub devicestate.Install{Finish,SetupStorageEncryption}()
+    - sandbox/cgroup: don't check V1 cgroup if V2 is active
+    - seed: add support to load auto import assertion
+    - tests: fix preseed tests for arm systems
+    - include/lk: update LK recovery environment definition to include
+      device lock state used by bootloader
+    - daemon: return `storage-encryption` in /systems/<label> reply
+    - tests: start using remote tools from snapd-testing-tools project
+      in nested tests
+    - tests: fix non mountable filesystem error in interfaces-udisks2
+    - client: clarify what InstallStep{SetupStorageEncryption,Finish} do
+    - client: prepare InstallSystemOptions for real use
+    - usersession: Remove duplicated struct
+    - o/snapstate: support specific revisions in UpdateMany/InstallMany
+    - i/b/system_packages_doc: restore access to Libreoffice
+      documentation
+    - snap/quota,wrappers: allow using 0 values for the journal rate
+      limit
+    - tests: add kinetic images to the gce bucket for preseed test
+    - multiple: clear up naming convention for thread quota
+    - daemon: implement stub `"action": "install"`
+    - tests/main/snap-quota-{install/journal}: fix unstable spread tests
+    - tests: remove code for old systems not supported anymore
+    - tests: third part of the nested helper cleanup
+    - image: clean snapd mount after preseeding
+    - tests: use the new ubuntu kinetic image
+    - i/b/system_observe: honour root dir when checking for
+      /boot/config-*
+    - tests: restore microk8s test on 16.04
+    - tests: run spread tests on arm64 instances in google cloud
+    - tests: skip interfaces-udisks2 in fedora
+    - asserts,boot,secboot: switch to a secboot version measuring
+      classic
+    - client: add API for GET /systems/<label>
+    - overlord: frontend for --quota-group support (2/2)
+    - daemon: add GET support for `/systems/<seed-label>`
+    - i/b/system-observe: allow reading processes security label
+    - many: support '--purge' when removing multiple snaps
+    - snap-confine: remove obsolete code
+    - interfaces: rework logic of unclashMountEntries
+    - data/systemd/Makefile: add comment warning about "snapd." prefix
+    - interfaces: grant access to speech-dispatcher socket (bug 1787245)
+    - overlord/servicestate: disallow removal of quota group with any
+      limits set
+    - data: include snapd/mounts in preseeded blob
+    - many: Set SNAPD_APPARMOR_REEXEC=1
+    - store/tooling,tests: support UBUNTU_STORE_URL override env var
+    - multiple: clear up naming convention for cpu-set quota
+    - tests: improve and standardize debug section on tests
+    - device: add new DeviceManager.encryptionSupportInfo()
+    - tests: check snap download with snapcraft v7+ export-login auth
+      data
+    - cmd/snap-bootstrap: changes to be able to boot classic rootfs
+    - tests: fix debug section for test uc20-create-partitions
+    - overlord: --quota-group support (1/2)
+    - asserts,cmd/snap-repair: drop not pursued
+      AuthorityDelegation/signatory-id
+    - snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode
+    - interfaces: make polkit implicit on core if /usr/libexec/polkitd
+      exists
+    - multiple: move arguments for auth.NewUser into a struct (auto-
+      removal 1/n)
+    - overlord: track security profiles for non-active snaps
+    - tests: remove NESTED_IMAGE_ID from nested manual tests
+    - tests: add extra space to ubuntu bionic
+    - store/tooling: support using snapcraft v7+ base64-encoded auth
+      data
+    - overlord: allow seeding in the case of classic with modes system
+    - packaging/*/tests/integrationtests: reload ssh.service, not
+      sshd.service
+    - tests: rework snap-logs-journal test and add missing cleanup
+    - tests: add spread test for journal quotas
+    - tests: run spread tests in ubuntu kinetic
+    - o/snapstate: extend support for holding refreshes
+    - devicestate: return an error in checkEncryption() if KernelInfo
+      fails
+    - tests: fix sbuild test on debian sid
+    - o/devicestate: do not run tests in this folder twice
+    - sandbox/apparmor: remove duplicate hook into testing package
+    - many: refactor store code to be able to use simpler form of auth
+      creds
+    - snap,store: drop support/consideration for anonymous download urls
+    - data/selinux: allow snaps to read certificates
+    - many: add Is{Core,Classic}Boot() to DeviceContext
+    - o/assertstate: don't refresh enforced validation sets during check
+    - go.mod: replace maze.io/x/crypto with local repo
+    - many: fix unnecessary use of fmt.Sprintf
+    - bootloader,systemd: fix `don't use Yoda conditions (ST1017)`
+    - HACKING.md: extend guidelines with common review comments
+    - many: progress bars should use the overridable stdouts
+    - tests: remove ubuntu 21.10 from sru validation
+    - tests: import remote tools
+    - daemon,usersession: switch from HeaderMap to Header in tests
+    - asserts: add some missing `c.Check()` in the asserts test
+    - strutil: fix VersionCompare() to allow multiple `-` in the version
+    - testutil: remove unneeded `fmt.Sprintf`
+    - boot: remove some unneeded `fmt.Sprintf()` calls
+    - tests: implement prepare_gadget and prepare_base and unify all the
+      version
+    - o/snapstate: refactor managed refresh schedule logic
+    - o/assertstate, snapasserts: implementation of
+      assertstate.TryEnforceValidationSets function
+    - interfaces: add kconfig paths to system-observe
+    - dbusutil: move debian patch into dbustest
+    - many: change name and input of CheckProvenance to clarify usage
+    - tests: Fix a missing parameter in command to wait for device
+    - tests: Work-around non-functional --wait on systemctl
+    - tests: unify the way the snapd/core and kernel are repacked in
+      nested helper
+    - tests: skip interfaces-ufisks2 on centos-9
+    - i/b/mount-control: allow custom filesystem types
+    - interfaces,metautil: make error handling in getPaths() more
+      targeted
+    - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
+    - tests: fix pc-kernel repacking
+    - systemd: add `WantedBy=default.target` to snap mount units
+    - tests: disable microk8s test on 16.04
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 01 Dec 2022 09:52:23 +0100
+
+snapd (2.57.6-1) unstable; urgency=high
+
+  * SECURITY UPDATE: Local privilege escalation
+    - snap-confine: Fix race condition in snap-confine when preparing a
+      private tmp mount namespace for a snap
+    - CVE-2022-3328
+  * sync packaging changes from upstream
+  * d/p/0015-fix-build-5bd97b39a03.patch:
+    - cherry-pick 5bd97b39a03 to build FTBFS
+  * d/p/0016-skip-TestPopulateFromSeedWithConnectHook.patch:
+    - skip TestPopulateFromSeedWithConnectHook as it does not
+      converge
+
+ -- Michael Vogt <mvo@debian.org>  Thu, 01 Dec 2022 17:35:36 +0100
+
+snapd (2.57.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - image: clean snapd mount after preseeding
+    - wrappers,snap/quota: clear LogsDirectory= in the service unit
+      for journal namespaces
+    - cmd/snap,daemon: allow zero values from client to daemon for
+      journal rate-limit
+    - interfaces: steam-support allow pivot /run/media and /etc/nvidia
+      mount
+    - o/ifacestate: introduce DebugAutoConnectCheck hook
+    - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
+    - autopkgtests: fix running autopkgtest on kinetic
+    - interfaces: add microceph interface
+    - interfaces: steam-support allow additional mounts
+    - many: add stub services
+    - interfaces: add kconfig paths to system-observe
+    - i/b/system_observe: honour root dir when checking for
+      /boot/config-*
+    - interfaces: grant access to speech-dispatcher socket
+    - interfaces: rework logic of unclashMountEntries
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 17 Oct 2022 18:25:18 +0200
+
+snapd (2.57.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - release, snapd-apparmor: fixed outdated WSL detection
+    - overlord/ifacestate: fix conflict detection of auto-connection
+    - overlord: run install-device hook during factory reset
+    - image/preseed/preseed_linux: add missing new line
+    - boot: add factory-reset cases for boot-flags.
+    - interfaces: added read/write access to /proc/self/coredump_filter
+      for process-control
+    - interfaces: add read access to /proc/cgroups and
+      /proc/sys/vm/swappiness to system-observe
+    - fde: run fde-reveal-key with `DefaultDependencies=no`
+    - snapdenv: added wsl to userAgent
+    - tests: fix restore section for persistent-journal-namespace
+    - i/b/mount-control: add optional `/` to umount rules
+    - cmd/snap-bootstrap: changes to be able to boot classic rootfs
+    - cmd/snap-bootstrap: add CVM mode
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 29 Sep 2022 09:54:21 +0200
+
+snapd (2.57.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - wrappers: journal namespaces did not honor journal.persistent
+    - snap/quota,wrappers: allow using 0 values for the journal rate to
+      override the system default values
+    - multiple: clear up naming convention for cpu-set quota
+    - i/b/mount-control: allow custom filesystem types
+    - i/b/system-observe: allow reading processes security label
+    - sandbox/cgroup: don't check V1 cgroup if V2 is active
+    - asserts,boot,secboot: switch to a secboot version measuring
+      classic
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Sep 2022 12:37:30 +0200
+
+snapd (2.57.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - store/tooling,tests: support UBUNTU_STORE_URL override env var
+    - packaging/*/tests/integrationtests: reload ssh.service, not
+      sshd.service
+    - tests: check snap download with snapcraft v7+ export-login auth
+      data
+    - store/tooling: support using snapcraft v7+ base64-encoded auth
+      data
+    - many: progress bars should use the overridable stdouts
+    - many: refactor store code to be able to use simpler form of auth
+      creds
+    - snap,store: drop support/consideration for anonymous download urls
+    - data: include snapd/mounts in preseeded blob
+    - many: Set SNAPD_APPARMOR_REEXEC=1
+    - overlord: track security profiles for non-active snaps
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 02 Sep 2022 17:56:46 +0200
+
+snapd (2.57.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
+    - cmd/snap-update-ns: print current mount entries
+    - cmd/snap-update-ns: check the unused mounts with a cleaned path
+    - snap-confine: disable -Werror=array-bounds in __overflow tests to
+      fix build error on Ubuntu 22.10
+    - systemd: add `WantedBy=default.target` to snap mount units
+      (LP: #1983528)
+
+ -- Alberto Mardegan <alberto.mardegan@canonical.com>  Wed, 10 Aug 2022 09:30:50 +0300
+
+snapd (2.57-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1983035
+    - tests: Fix calls to systemctl is-system-running
+    - osutil/disks: handle GPT for 4k disk and too small tables
+    - packaging: import change from the 2.54.3-1.1 upload
+    - many: revert "features: disable refresh-app-awarness by default
+      again"
+    - tests: improve robustness of preparation for regression/lp-1803542
+    - tests: get the ubuntu-image binary built with test keys
+    - tests: remove commented code from lxd test
+    - interfaces/builtin: add more permissions for steam-support
+    - tests: skip interfaces-network-control on i386
+    - tests: tweak the "tests/nested/manual/connections" test
+    - interfaces: posix-mq: allow specifying message queue paths as an
+      array
+    - bootloader/assets: add ttyS0,115200n8 to grub.cfg
+    - i/b/desktop,unity7: remove name= specification on D-Bus signals
+    - tests: ensure that microk8s does not produce DENIED messages
+    - many: support non-default provenance snap-revisions in
+      DeriveSideInfo
+    - tests: fix `core20-new-snapd-does-not-break-old-initrd` test
+    - many: device and provenance revision authority cross checks
+    - tests: fix nested save-data test on 22.04
+    - sandbox/cgroup: ignore container slices when tracking snaps
+    - tests: improve 'ignore-running' spread test
+    - tests: add `debug:` section to `tests/nested/manual/connections`
+    - tests: remove leaking `pc-kernel.snap` in `repack_kernel_snap`
+    - many: preparations for revision authority cross checks including
+      device scope
+    - daemon,overlord/servicestate: followup changes from PR #11960 to
+      snap logs
+    - cmd/snap: fix visual representation of 'AxB%' cpu quota modifier.
+    - many: expose and support provenance from snap.yaml metadata
+    - overlord,snap: add support for per-snap storage on ubuntu-save
+    - nested: fix core-early-config nested test
+    - tests: revert lxd change to support nested lxd launch
+    - tests: add invariant check for leftover cgroup scopes
+    - daemon,systemd: introduce support for namespaces in 'snap logs'
+    - cmd/snap: do not track apps that wish to stay outside of the life-
+      cycle system
+    - asserts: allow classic + snaps models and add distribution to
+      model
+    - cmd/snap: add snap debug connections/connection commands
+    - data: start snapd after time-set.target
+    - tests: remove ubuntu 21.10 from spread tests due to end of life
+    - tests: Update the whitebox word to avoid inclusive naming issues
+    - many: mount gadget in run folder
+    - interfaces/hardware-observe: clean up reading access to sysfs
+    - tests: use overlayfs for interfaces-opengl-nvidia test
+    - tests: update fake-netplan-apply test for 22.04
+    - tests: add executions for ubuntu 22.04
+    - tests: enable centos-9
+    - tests: make more robust the files check in preseed-core20 test
+    - bootloader/assets: add fallback entry to grub.cfg
+    - interfaces/apparmor: add permissions for per-snap directory on
+      ubuntu-save partition
+    - devicestate: add more path to `fixupWritableDefaultDirs()`
+    - boot,secboot: reset DA lockout counter after successful boot
+    - many: Revert "overlord,snap: add support for per-snap storage on
+      ubuntu-save"
+    - overlord,snap: add support for per-snap storage on ubuntu-save
+    - tests: exclude centos-7 from kernel-module-load test
+    - dirs: remove unused SnapAppArmorAdditionalDir
+    - boot,device: extract SealedKey helpers from boot to device
+    - boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it
+    - interfaces/display-control: allow changing brightness value
+    - asserts: add more context to key expiry error
+    - many: introduce IsUndo flag in LinkContext
+    - i/apparmor: allow calling which.debianutils
+    - tests: new profile id for apparmor in test preseed-core20
+    - tests: detect 403 in apt-hooks and skip test in this case
+    - overlord/servicestate: restart the relevant journald service when
+      a journal quota group is modified
+    - client,cmd/snap: add journal quota frontend (5/n)
+    - gadget/device: introduce package which provides helpers for
+      locations of things
+    - features: disable refresh-app-awarness by default again
+    - many: install bash completion files in writable directory
+    - image: fix handling of var/lib/extrausers when preseeding
+      uc20
+    - tests: force version 2.48.3 on xenial ESM
+    - tests: fix snap-network-erros on uc16
+    - cmd/snap-confine: be compatible with a snap rootfs built as a
+      tmpfs
+    - o/snapstate: allow install of unasserted gadget/kernel on
+      dangerous models
+    - interfaces: dynamic loading of kernel modules
+    - many: add optional primary key provenance to snap-revision, allow
+      delegating via snap-declaration revision-authority
+    - tests: fix boringcripto errors in centos7
+    - tests: fix snap-validate-enforce in opensuse-tumbleweed
+    - test: print User-Agent on failed checks
+    - interfaces: add memory stats to system_observe
+    - interfaces/pwm: Remove implicitOnCore/implicitOnClassic
+    - spread: add openSUSE Leap 15.4
+    - tests: disable core20-to-core22 nested test
+    - tests: fix nested/manual/connections test
+    - tests: add spread test for migrate-home command
+    - overlord/servicestate: refresh security profiles when services are
+      affected by quotas
+    - interfaces/apparmor: add missing apparmor rules for journal
+      namespaces
+    - tests: add nested test variant that adds 4k sector size
+    - cmd/snap: fix test failing due to timezone differences
+    - build-aux/snap: build against the snappy-dev/image PPA
+    - daemon: implement api handler for refresh with enforced validation
+      sets
+    - preseed: suggest to install "qemu-user-static"
+    - many: add migrate-home debug command
+    - o/snapstate: support passing validation sets to storehelpers via
+      RevisionOptions
+    - cmd/snapd-apparmor: fix unit tests on distros which do not support
+      reexec
+    - o/devicestate: post factory reset ensure, spread test update
+    - tests/core/basic20: Enable on uc22
+    - packaging/arch: install snapd-apparmor
+    - o/snapstate: support migrating snap home as change
+    - tests: enable snapd.apparmor service in all the opensuse systems
+    - snapd-apparmor: add more integration-ish tests
+    - asserts: store required revisions for missing snaps in
+      CheckInstalledSnaps
+    - overlord/ifacestate: fix path for journal redirect
+    - o/devicestate: factory reset with encryption
+    - cmd/snapd-apparmor: reimplement snapd-apparmor in Go
+    - squashfs: improve error reporting when `unsquashfs` fails
+    - o/assertstate: support multiple extra validation sets in
+      EnforcedValidationSets
+    - tests: enable mount-order-regression test for arm devices
+    - tests: fix interfaces network control
+    - interfaces: update AppArmor template to allow read the memory …
+    - cmd/snap-update-ns: add /run/systemd to unrestricted paths
+    - wrappers: fix LogNamespace being written to the wrong file
+    - boot: release the new PCR handles when sealing for factory reset
+    - tests: add support fof uc22 in test uboot-unpacked-assets
+    - boot: post factory reset cleanup
+    - tests: add support for uc22 in listing test
+    - spread.yaml: add ubuntu-22.04-06 to qemu-nested
+    - gadget: check also mbr type when testing for implicit data
+      partition
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/
+    - tests/nested/manual/core20-early-config: revert changes that
+      disable netplan checks
+    - o/ifacestate: warn if the snapd.apparmor service is disabled
+    - tests: add spread execution for fedora 36
+    - overlord/hookstate/ctlcmd: fix timestamp coming out of sync in
+      unit tests
+    - gadget/install: do not assume dm device has same block size as
+      disk
+    - interfaces: update network-control interface with permissions
+      required by resolvectl
+    - secboot: stage and transition encryption keys
+    - secboot, boot: support and use alternative PCR handles during
+      factory reset
+    - overlord/ifacestate: add journal bind-mount snap layout when snap
+      is in a journal quota group (4/n)
+    - secboot/keymgr, cmd/snap-fde-keymgr: two step encryption key
+      change
+    - cmd/snap: cleanup and make the code a bit easier to read/maintain
+      for quota options
+    - overlord/hookstate/ctlcmd: add 'snapctl model' command (3/3)
+    - cmd/snap-repair: fix snap-repair tests silently failing
+    - spread: drop openSUSE Leap 15.2
+    - interfaces/builtin: remove the name=org.freedesktop.DBus
+      restriction in cups-control AppArmor rules
+    - wrappers: write journald config files for quota groups with
+      journal quotas (3/n)
+    - o/assertstate: auto aliases for apps that exist
+    - o/state: use more detailed NoStateError in state
+    - tests/main/interfaces-browser-support: verify jupyter notebooks
+      access
+    - o/snapstate: exclude services from refresh app awareness hard
+      running check
+    - tests/main/nfs-support: be robust against umount failures
+    - tests: update centos images and add new centos 9 image
+    - many: print valid/invalid status on snap validate --monitor
+    - secboot, boot: TPM provisioning mode enum, introduce
+      reprovisioning
+    - tests: allow to re-execute aborted tests
+    - cmd/snapd-apparmor: add explicit WSL detection to
+      is_container_with_internal_policy
+    - tests: avoid launching lxd inside lxd on cloud images
+    - interfaces: extra htop apparmor rules
+    - gadget/install: encrypted system factory reset support
+    - secboot: helpers for dealing with PCR handles and TPM resources
+    - systemd: improve error handling for systemd-sysctl command
+    - boot, secboot: separate the TPM provisioning and key sealing
+    - o/snapstate: fix validation sets restoring and snap revert on
+      failed refresh
+    - interfaces/builtin/system-observe: extend access for htop
+    - cmd/snap: support custom apparmor features dir with snap prepare-
+      image
+    - interfaces/mount-observe: Allow read access to /run/mount/utab
+    - cmd/snap: add help strings for set-quota options
+    - interfaces/builtin: add README file
+    - cmd/snap-confine: mount support cleanups
+    - overlord: execute snapshot cleanup in task
+    - i/b/accounts_service: fix path of introspectable objects
+    - interfaces/opengl: update allowed PCI accesses for RPi
+    - configcore: add core.system.ctrl-alt-del-action config option
+    - many: structured startup timings
+    - spread: switch back to building ubuntu-image from source
+    - many: optional recovery keys
+    - tests/lib/nested: fix unbound variable
+    - run-checks: fail on equality checks w/ ErrNoState
+    - snap-bootstrap: Mount as private
+    - tests: Test for gadget connections
+    - tests: set `br54.dhcp4=false` in the netplan-cfg test
+    - tests: core20 preseed/nested spread test
+    - systemd: remove the systemctl stop timeout handling
+    - interfaces/shared-memory: Update AppArmor permissions for
+      mmap+link
+    - many: replace ErrNoState equality checks w/ errors.Is()
+    - cmd/snap: exit w/ non-zero code on missing snap
+    - systemd: fix snapd systemd-unit stop progress notifications
+    - .github: Trigger daily riscv64 snapd edge builds
+    - interfaces/serial-port: add ttyGS to serial port allow list
+    - interfaces/modem-manager: Don't generate DBus plug policy
+    - tests: add spread test to test upgrade from release snapd to
+      current
+    - wrappers: refactor EnsureSnapServices
+    - testutil: add ErrorIs test checker
+    - tests: import spread shellcheck changes
+    - cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key
+    - interfaces/udev: refactor handling of udevadm triggers for input
+    - secboot: support for changing encryption keys via keymgr
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 28 Jul 2022 16:59:39 +0200
+
+snapd (2.56.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1974147
+    - devicestate: add more path to `fixupWritableDefaultDirs()`
+    - many: introduce IsUndo flag in LinkContext
+    - i/apparmor: allow calling which.debianutils
+    - interfaces: update AppArmor template to allow reading snap's
+      memory statistics
+    - interfaces: add memory stats to system_observe
+    - i/b/{mount,system}-observe: extend access for htop
+    - features: disable refresh-app-awarness by default again
+    - image: fix handling of var/lib/extrausers when preseeding
+      uc20
+    - interfaces/modem-manager: Don't generate DBus policy for plugs
+    - interfaces/modem-manager: Only generate DBus plug policy on
+      Core
+    - interfaces/serial_port_test: fix static-checks errors
+    - interfaces/serial-port: add USB gadget serial devices (ttyGSX) to
+      allowed list
+    - interface/serial_port_test: adjust variable IDs
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Jul 2022 09:26:57 +0200
+
+snapd (2.56.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1974147
+    - o/snapstate: exclude services from refresh app awareness hard
+      running check
+    - cmd/snap: support custom apparmor features dir with snap
+      prepare-image
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 15 Jun 2022 14:22:31 +0200
+
+snapd (2.56.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1974147
+    - gadget/install: do not assume dm device has same block size as
+      disk
+    - gadget: check also mbr type when testing for implicit data
+      partition
+    - interfaces: update network-control interface with permissions
+      required by resolvectl
+    - interfaces/builtin: remove the name=org.freedesktop.DBus
+      restriction in cups-control AppArmor rules
+    - many: print valid/invalid status on snap validate --monitor ...
+    - o/snapstate: fix validation sets restoring and snap revert on
+      failed refresh
+    - interfaces/opengl: update allowed PCI accesses for RPi
+    - interfaces/shared-memory: Update AppArmor permissions for
+      mmap+linkpaths
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 15 Jun 2022 09:57:54 +0200
+
+snapd (2.56-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1974147
+    - portal-info: Add CommonID Field
+    - asserts/info,mkversion.sh: capture max assertion formats in
+      snapd/info
+    - tests: improve the unit testing workflow to run in parallel
+    - interfaces: allow map and execute permissions for files on
+      removable media
+    - tests: add spread test to verify that connections are preserved if
+      snap refresh fails
+    - tests: Apparmor sandbox profile mocking
+    - cmd/snap-fde-keymgr: support for multiple devices and
+      authorizations for add/remove recovery key
+    - cmd/snap-bootstrap: Listen to keyboard added after start and
+      handle switch root
+    - interfaces,overlord: add support for adding extra mount layouts
+    - cmd/snap: replace existing code for 'snap model' to use shared
+      code in clientutil (2/3)
+    - interfaces: fix opengl interface on RISC-V
+    - interfaces: allow access to the file locking for cryptosetup in
+      the dm-crypt interface
+    - interfaces: network-manager: add AppArmor rule for configuring
+      bridges
+    - i/b/hardware-observe.go: add access to the thermal sysfs
+    - interfaces: opengl: add rules for NXP i.MX GPU drivers
+    - i/b/mount_control: add an optional "/" to the mount target rule
+    - snap/quota: add values for journal quotas (journal quota 2/n)
+    - tests: spread test for uc20 preseeding covering snap prepare-image
+    - o/snapstate: remove deadcode breaking static checks
+    - secboot/keymgr: extend unit tests, add helper for identify keyslot
+      used error
+    - tests: use new snaps.name and snaps.cleanup tools
+    - interfaces: tweak getPath() slightly and add some more tests
+    - tests: update snapd testing tools
+    - client/clientutil: add shared code for printing model assertions
+      as yaml or json (1/3)
+    - debug-tools: list all snaps
+    - cmd/snap: join search terms passed in the command line
+    - osutil/disks: partition UUID lookup
+    - o/snapshotstate: refactor snapshot read/write logic
+    - interfaces: Allow locking in block-devices
+    - daemon: /v2/system-recovery-keys remove API
+    - snapstate: do not auto-migrate to ~/Snap for core22 just yet
+    - tests: run failed tests by default
+    - o/snapshotstate: check installed snaps before running 'save' tasks
+    - secboot/keymgr: remove recovery key, authorize with existing key
+    - deps: bump libseccomp to include build fixes, run unit tests using
+      CC=clang
+    - cmd/snap-seccomp: only compare the bottom 32-bits of the flags arg
+      of copy_file_range
+    - osutil/disks: helper for obtaining the UUID of a partition which
+      is a mount point source
+    - image/preseed: umount the base snap last after writable paths
+    - tests: new set of nested tests for uc22
+    - tests: run failed tests on nested suite
+    - interfaces: posix-mq: add new interface
+    - tests/main/user-session-env: remove openSUSE-specific tweaks
+    - tests: skip external backend in mem-cgroup-disabled test
+    - snap/quota: change the journal quota period to be a time.Duration
+    - interfaces/apparmor: allow executing /usr/bin/numfmt in the base
+      template
+    - tests: add lz4 dependency for jammy to avoid issues repacking
+      kernel
+    - snap-bootstrap, o/devicestate: use seed parallelism
+    - cmd/snap-update-ns: correctly set sticky bit on created
+      directories where applicable
+    - tests: install snapd while restoring in snap-mgmt
+    - .github: skip misspell and ineffassign on go 1.13
+    - many: use UC20+/pre-UC20 in user messages as needed
+    - o/devicestate: use snap handler for copying and checksuming
+      preseeded snaps
+    - image, cmd/snap-preseed: allow passing custom apparmor features
+      path
+    - o/assertstate: fix handling of validation set tracking update in
+      enforcing mode
+    - packaging: restart our units only after the upgrade
+    - interfaces: add a steam-support interface
+    - gadget/install, o/devicestate: do not create recovery and
+      reinstall keys during installation
+    - many: move recovery key responsibility to devicestate/secboot,
+      prepare for a future with just optional recovery key
+    - tests: do not run mem-cgroup-disabled on external backends
+    - snap: implement "star" developers
+    - o/devicestate: fix install tests on systems with
+      /var/lib/snapd/snap
+    - cmd/snap-fde-keymgr, secboot: followup cleanups
+    - seed: let SnapHandler provided a different final path for snaps
+    - o/devicestate: implement maybeApplyPreseededData function to apply
+      preseed artifact
+    - tests/lib/tools: add piboot to boot_path()
+    - interfaces/builtin: shared-memory drop plugs allow-installation:
+      true
+    - tests/main/user-session-env: for for opensuse
+    - cmd/snap-fde-keymgr, secboot: add a tiny FDE key manager
+    - tests: re-execute the failed tests when "Run failed" label is set
+      in the PR
+    - interfaces/builtin/custom-device: fix unit tests on hosts with
+      different libexecdir
+    - sandbox: move profile load/unload to sandbox/apparmor
+    - cmd/snap: handler call verifications for cmd_quota_tests
+    - secboot/keys: introduce a package for secboot key types, use the
+      package throughout the code base
+    - snap/quota: add journal quotas to resources.go
+    - many: let provide a SnapHandler to Seed.Load*Meta*
+    - osutil: allow setting desired mtime on the AtomicFile, preserve
+      mtime on copy
+    - systemd: add systemd.Run() wrapper for systemd-run
+    - tests: test fresh install of core22-based snap (#11696)
+    - tests: initial set of tests to uc22 nested execution
+    - o/snapstate: migration overwrites existing snap dir
+    - tests: fix interfaces-location-control tests leaking provider.py
+      process
+    - tests/nested: fix custom-device test
+    - tests: test migration w/ revert, refresh and XDG dir creation
+    - asserts,store: complete support for optional primary key headers
+      for assertions
+    - seed: support parallelism when loading/verifying snap metadata
+    - image/preseed, cmd/snap-preseed: create and sign preseed assertion
+    - tests: Initial changes to run nested tests on uc22
+    - o/snapstate: fix TestSnapdRefreshTasks test after two r-a-a PRs
+    - interfaces: add ACRN hypervisor support
+    - o/snapstate: exclude TypeSnapd and TypeOS snaps from refresh-app-
+      awareness
+    - features: enable refresh-app-awareness by default
+    - libsnap-confine-private: show proper error when aa_change_onexec()
+      fails
+    - i/apparmor: remove leftover comment
+    - gadget: drop unused code in unit tests
+    - image, store: move ToolingStore to store/tooling package
+    - HACKING: update info for snapcraft remote build
+    - seed: return all essential snaps found if no types are given to
+      LoadEssentialMeta
+    - i/b/custom_device: fix generation of udev rules
+    - tests/nested/manual/core20-early-config: disable netplan checks
+    - bootloader/assets, tests: add factory-reset mode, test non-
+      encrypted factory-reset
+    - interfaces/modem-manager: add support for Cinterion modules
+    - gadget: fully support multi-volume gadget asset updates in
+      Update() on UC20+
+    - i/b/content: use slot.Lookup() as suggested by TODO comment
+    - tests: install linux-tools-gcp on jammy to avoid bpftool
+      dependency error
+    - tests/main: add spread tests for new cpu and thread quotas
+    - snap-debug-info: print validation sets and validation set
+      assertions
+    - many: renaming related to inclusive language part 2
+    - c/snap-seccomp: update syscalls to match libseccomp 2657109
+    - github: cancel workflows when pushing to pull request branches
+    - .github: use reviewdog action from woke tool
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/gtk-doc
+    - interfaces: add max_map_count to system-observe
+    - o/snapstate: print pids of running processes on BusySnapError
+    - .github: run woke tool on PR's
+    - snapshots: follow-up on exclusions PR
+    - cmd/snap: add check switch for snap debug state
+    - tests: do not run mount-order-regression test on i386
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/xubuntu-docs
+    - interfaces/hardware_observe: add read access for various devices
+    - packaging: use latest go to build spread
+    - tests: Enable more tests for UC22
+    - interfaces/builtin/network-control: also allow for mstp and bchat
+      devices too
+    - interfaces/builtin: update apparmor profile to allow creating
+      mimic over /usr/share*
+    - data/selinux: allow snap-update-ns to mount on top of /var/snap
+      inside the mount ns
+    - interfaces/cpu-control: fix apparmor rules of paths with CPU ID
+    - tests: remove the file that configures nm as default
+    - tests: fix the change done for netplan-cfg test
+    - tests: disable netplan-cfg test
+    - cmd/snap-update-ns: apply content mounts before layouts
+    - overlord/state: add a helper to detect cyclic dependencies between
+      tasks in change
+    - packaging/ubuntu-16.04/control: recommend `fuse3 | fuse`
+    - many: change "transactional" flag to a "transaction" option
+    - b/piboot.go: check EEPROM version for RPi4
+    - snap/quota,spread: raise lower memory quota limit to 640kb
+    - boot,bootloader: add missing grub.cfg assets mocks in some tests
+    - many: support --ignore-running with refresh many
+    - tests: skip the test interfaces-many-snap-provided in
+      trusty
+    - o/snapstate: rename XDG dirs during HOME migration
+    - cmd/snap,wrappers: fix wrong implementation of zero count cpu
+      quota
+    - i/b/kernel_module_load: expand $SNAP_COMMON in module options
+    - interfaces/u2f-devices: add Solo V2
+    - overlord: add missing grub.cfg assets mocks in manager_tests.go
+    - asserts: extend optional primary keys support to the in-memory
+      backend
+    - tests: update the lxd-no-fuse test
+    - many: fix failing golangci checks
+    - seed,many: allow to limit LoadMeta to snaps of a precise mode
+    - tests: allow ubuntu-image to be built with a compatible snapd tree
+    - o/snapstate: account for repeat migration in ~/Snap undo
+    - asserts: start supporting optional primary keys in fs backend,
+      assemble and signing
+    - b/a: do not set console in kernel command line for arm64
+    - tests/main/snap-quota-groups: fix spread test
+    - sandbox,quota: ensure cgroup is available when creating mem
+      quotas
+    - tests: add debug output what keeps `/home` busy
+    - sanity: rename "sanity.Check" to "syscheck.CheckSystem"
+    - interfaces: add pkcs11 interface
+    - o/snapstate: undo migration on 'snap revert'
+    - overlord: snapshot exclusions
+    - interfaces: add private /dev/shm support to shared-memory
+      interface
+    - gadget/install: implement factory reset for unencrypted system
+    - packaging: install Go snap from 1.17 channel in the integration
+      tests
+    - snap-exec: fix detection if `cups` interface is connected
+    - tests: extend gadget-config-defaults test with refresh.retain
+    - cmd/snap,strutil: move lineWrap to WordWrapPadded
+    - bootloader/piboot: add support for armhf
+    - snap,wrappers: add `sigint{,-all}` to supported stop-modes
+    - packaging/ubuntu-16.04/control: depend on fuse3 | fuse
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/libreoffice/help
+    - daemon: add a /v2/accessories/changes/{ID} endpoint
+    - interfaces/appstream-metadata: Re-create app-info links to
+      swcatalog
+    - debug-tools: add script to help debugging GCE instances which fail
+      to boot
+    - gadget/install, kernel: more ICE helpers/support
+    - asserts: exclude empty snap id from duplicates lookup with preseed
+      assert
+    - cmd/snap, signtool: move key-manager related helpers to signtool
+      package
+    - tests/main/snap-quota-groups: add 219 as possible exit code
+    - store: set validation-sets on actions when refreshing
+    - github/workflows: update golangci-lint version
+    - run-check: use go install instead of go get
+    - tests: set as manual the interfaces-cups-control test
+    - interfaces/appstream-metadata: Support new swcatalog directory
+      names
+    - image/preseed: migrate tests from cmd/snap-preseed
+    - tests/main/uc20-create-partitions: update the test for new Go
+      versions
+    - strutil: move wrapGeneric function to strutil as WordWrap
+    - many: small inconsequential tweaks
+    - quota: detect/error if cpu-set is used with cgroup v1
+    - tests: moving ubuntu-image to candidate to fix uc16 tests
+    - image: integrate UC20 preseeding with image.Prepare
+    - cmd/snap,client: frontend for cpu/thread quotas
+    - quota: add test for `Resource.clone()`
+    - many: replace use of "sanity" with more inclusive naming (part 2)
+    - tests: switch to "test-snapd-swtpm"
+    - i/b/network-manager: split rule with more than one peers
+    - tests: fix restore of the BUILD_DIR in failover test on uc18
+    - cmd/snap/debug: sort changes by their spawn times
+    - asserts,interfaces/policy: slot-snap-id allow-installation
+      constraints
+    - o/devicestate: factory reset mode, no encryption
+    - debug-tools/snap-debug-info.sh: print message if no gadget snap
+      found
+    - overlord/devicestate: install system cleanups
+    - cmd/snap-bootstrap: support booting into factory-reset mode
+    - o/snapstate, ifacestate: pass preseeding flag to
+      AddSnapdSnapServices
+    - o/devicestate: restore device key and serial when assertion is
+      found
+    - data: add static preseed.json file
+    - sandbox: improve error message from `ProbeCgroupVersion()`
+    - tests: fix the nested remodel tests
+    - quota: add some more unit tests around Resource.Change()
+    - debug-tools/snap-debug-info.sh: add debug script
+    - tests: workaround lxd issue lp:10079 (function not implemented) on
+      prep-snapd-in-lxd
+    - osutil/disks: blockdev need not be available in the PATH
+    - cmd/snap-preseed: address deadcode linter
+    - tests/lib/fakestore/store: return snap base in details
+    - tests/lib/nested.sh: rm core18 snap after download
+    - systemd: do not reload system when enabling/disabling services
+    - i/b/kubernetes_support: add access to Java certificates
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 May 2022 09:57:33 +0200
+
+snapd (2.55.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - snapstate: do not auto-migrate to ~/Snap for core22 just yet
+    - cmd/snap-seccomp: add copy_file_range to
+      syscallsWithNegArgsMaskHi32
+    - cmd/snap-update-ns: correctly set sticky bit on created
+      directories where applicable
+    - .github: Skip misspell and ineffassign on go 1.13
+    - tests: add lz4 dependency for jammy to avoid issues repacking
+      kernel
+    - interfaces: posix-mq: add new interface
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 11 May 2022 06:38:24 +0200
+
+snapd (2.55.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - tests: do not run mount-order-regression test on i386
+    - c/snap-seccomp: update syscalls
+    - o/snapstate: overwrite ~/.snap subdir when migrating
+    - o/assertstate: fix handling of validation set tracking update in
+      enforcing mode
+    - packaging: restart our units only after the upgrade
+    - interfaces: add a steam-support interface
+    - features: enable refresh-app-awareness by default
+    - i/b/custom_device: fix generation of udev rules
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/gtk-doc
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/xubuntu-docs
+    - interfaces/builtin/network-control: also allow for mstp and bchat
+      devices too
+    - interfaces/builtin: update apparmor profile to allow creating
+      mimic over /usr/share
+    - data/selinux: allow snap-update-ns to mount on top of /var/snap
+      inside the mount ns
+    - interfaces/cpu-control: fix apparmor rules of paths with CPU ID
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 30 Apr 2022 10:04:39 +0200
+
+snapd (2.55.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - cmd/snap-update-ns: apply content mounts before layouts
+    - many: change "transactional" flag to a "transaction" option
+    - b/piboot.go: check EEPROM version for RPi4
+    - snap/quota,spread: raise lower memory quota limit to 640kb
+    - boot,bootloader: add missing grub.cfg assets mocks in some
+      tests
+    - many: support --ignore-running with refresh many
+    - cmd/snap,wrappers: fix wrong implementation of zero count cpu
+      quota
+    - quota: add some more unit tests around Resource.Change()
+    - quota: detect/error if cpu-set is used with cgroup v1
+    - quota: add test for `Resource.clone()
+    - cmd/snap,client: frontend for cpu/thread quotas
+    - tests: update spread test to check right XDG dirs
+    - snap: set XDG env vars to new dirs
+    - o/snapstate: initialize XDG dirs in HOME migration
+    - i/b/kernel_module_load: expand $SNAP_COMMON in module options
+    - overlord: add missing grub.cfg assets mocks in manager_tests.go
+    - o/snapstate: account for repeat migration in ~/Snap undo
+    - b/a: do not set console in kernel command line for arm64
+    - sandbox: improve error message from `ProbeCgroupVersion()`
+    - tests/main/snap-quota-groups: fix spread test
+    - interfaces: add pkcs11 interface
+    - o/snapstate: undo migration on 'snap revert'
+    - overlord: snapshot exclusions
+    - interfaces: add private /dev/shm support to shared-memory
+      interface
+    - packaging: install Go snap from 1.17 channel in the integration
+      tests
+    - snap-exec: fix detection if `cups` interface is connected
+    - bootloader/piboot: add support for armhf
+    - interfaces/system-packages-doc: allow read-only access to
+      /usr/share/libreoffice/help
+    - daemon: add a /v2/accessories/changes/{ID} endpoint
+    - interfaces/appstream-metadata: Re-create app-info links to
+      swcatalog
+    - tests/main/snap-quota-groups: add 219 as possible exit code
+    - store: set validation-sets on actions when refreshing
+    - interfaces/appstream-metadata: Support new swcatalog directory
+      names
+    - asserts,interfaces/policy: slot-snap-id allow-installation
+      constraints
+    - i/b/network-manager: change rule for ResolveAddress to check only
+      label
+    - cmd/snap-bootstrap: support booting into factory-reset mode
+    - systemd: do not reload system when enabling/disabling services
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 08 Apr 2022 16:48:35 +0200
+
+snapd (2.55.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - cmd/snap-update-ns: actually use entirely non-existent dirs
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 21 Mar 2022 22:16:54 -0500
+
+snapd (2.55.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime
+      instead
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 21 Mar 2022 20:45:56 -0500
+
+snapd (2.55-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1965808
+    - kernel/fde: add PartitionName to various structs
+    - osutil/disks: calculate the last usable LBA instead of reading it
+    - snap/quota: additional validation in resources.go
+    - o/snapstate: avoid setting up single reboot when update includes
+      base, kernel and gadget
+    - overlord/state: add helper for aborting unready lanes
+    - snap-bootstrap: Partially revert simplifications of mount
+      dependencies
+    - cmd/snap-update-ns/change.go: sort needed, desired and not reused
+      mount entries
+    - cmd/snap-preseed, image: move preseeding code to image/preseed
+    - interfaces/docker-support: make generic rules not conflict with
+      snap-confine
+    - i/b/modem-manager: provide access to ObjectManager
+    - i/b/network_{control,manager}.go: add more access to resolved
+    - overlord/state: drop unused lanes field
+    - cmd/snap: make 1.18 vet happy
+    - o/snapstate: allow installing the snapd-desktop-integration snap
+      even if the user-daemons feature is otherwise disabled
+    - snap/quota: fix bug in quota group tree validation code
+    - o/snapstate: make sure that snapd is a prerequisite for updating
+      base snaps
+    - bootloader: add support for piboot
+    - i/seccomp/template.go: add close_range to the allowed syscalls
+    - snap: add new cpu quotas
+    - boot: support factory-reset when sealing and resealing
+    - tests: fix test to avoid editing the test-snapd-tools snap.yaml
+      file
+    - dirs: remove unused SnapMetaDir variable
+    - overlord: extend single reboot test to include a non-base, non-
+      kernel snap
+    - github: replace "sanity check" with "quick check" in workflow
+    - fde: add new DeviceUnlock() call
+    - many: replace use of "sanity" with more inclusive naming in
+      comments
+    - asserts: minimal changes to disable authority-delegation before
+      full revert
+    - tests: updating the test-snapd-cups-control-consumer snap to
+      core20 based
+    - many: replace use of "sanity" for interface implementation checks
+    - cmd/snap-preseed: support for core20 preseeding
+    - cmd: set core22 migration related env vars and update spread test
+    - interface/opengl: allow read on
+      /proc/sys/dev/i915/perf_stream_paranoid
+    - tests/lib/tools/report-mongodb: fix typo in help text
+    - tests: Include the source github url as part of the mongo db
+      issues
+    - o/devicestate: split mocks to separate calls for creating a model
+      and a gadget
+    - snap: Add missing zlib
+    - cmd/snap: add support for rebooting to factory-reset
+    - interfaces/apparmor: Update base template for systemd-machined
+    - i/a/template.go: add ld path for jammy
+    - o/devicestate, daemon: introduce factory-reset mode, allow
+      switching
+    - o/state: fix undo with independent tasks in same change and lane
+    - tests: validate tests tools just on google and qemu backends
+    - tests/lib/external/snapd-testing-tools: update from upstream
+    - tests: skip interfaces-cups-control from debian-sid
+    - Increase the times in snapd-sigterm for arm devices
+    - interfaces/browser-support: allow RealtimeKit's
+      MakeThreadRealtimeWithPID
+    - cmd: misc analyzer fixes
+    - interfaces/builtin/account-control: allow to execute pam_tally2
+    - tests/main/user-session-env: special case bash profile on
+      Tumbleweed
+    - o/snapstate: implement transactional lanes for prereqs
+    - o/snapstate: add core22 migration logic
+    - tests/main/mount-ns: unmount /run/qemu
+    - release: 2.54.4 changelog to master
+    - gadget: add buildVolumeStructureToLocation,
+      volumeStructureToLocationMap
+    - interfaces/apparmor: add missing unit tests for special devmode
+      rules/behavior
+    - cmd/snap-confine: coverity fixes
+    - interfaces/systemd: use batch systemd operations
+    - tests: small adjustments to fix vuln spread tests
+    - osutil/disks: trigger udev on the partition device node
+    - interfaces/network-control: add D-Bus rules for resolved too
+    - interfaces/cpu-control: add extra idleruntime data/reset files to
+      cpu-control
+    - packaging/ubuntu-16.04/rules: don't run unit tests on riscv64
+    - data/selinux: allow the snap command to run systemctl
+    - boot: mock amd64 arch for mabootable 20 suite
+    - testutil: add Backup helper to save/restore values, usually for
+      mocking
+    - tests/nested/core/core20-reinstall-partitions: update test summary
+    - asserts: return an explicit error when key cannot be found
+    - interfaces: custom-device
+    - Fix snap-run-gdbserver test by retrying the check
+    - overlord, boot: fix unit tests on arches other than amd64
+    - Get lxd snap from candidate channel
+    - bootloader: allow different names for the grub binary in different
+      archs
+    - cmd/snap-mgmt, packaging: trigger daemon reload after purging unit
+      files
+    - tests: add test to ensure consecutive refreshes do garbage
+      collection of old revs
+    - o/snapstate: deal with potentially invalid type of refresh.retain
+      value due to lax validation
+    - seed,image: changes necessary for ubuntu-image to support
+      preseeding extra snaps in classic images
+    - tests: add debugging to snap-confine-tmp-mount
+    - o/snapstate: add ~/Snap init related to backend
+    - data/env: cosmetic tweak for fish
+    - tests: include new testing tools and utils
+    - wrappers: do not reload the deamon or restart snapd services when
+      preseeding on core
+    - Fix smoke/install test for other architectures than pc
+    - tests: skip boot loader check during testing preparation on s390x
+    - t/m/interfaces-network-manager: use different channel depending on
+      system
+    - o/devicestate: pick system from seed systems/ for preseeding (1/N)
+    - asserts: add preseed assertion type
+    - data/env: more workarounds for even older fish shells, provide
+      reasonable defaults
+    - tests/main/snap-run-devmode-classic: reinstall snapcraft to clean
+      up
+    - gadget/update.go: add buildNewVolumeToDeviceMapping for existing
+      devices
+    - tests: allow run spread tests using a private ppaTo validate it
+    - interfaces/{cpu,power}-control: add more accesses for commercial
+      device tuning
+    - gadget: add searchForVolumeWithTraits + tests
+    - gadget/install: measure and save disk volume traits during
+      install.Run()
+    - tests: fix "undo purging" step in snap-run-devmode-classic
+    - many: move call to shutdown to the boot package
+    - spread.yaml: add core22 version of rsync to skip
+    - overlord, o/snapstate: fix mocking on systems without /snap
+    - many: move boot.Device to snap.Device
+    - tests: smoke test support for core22
+    - tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer
+      snaps
+    - snapstate: make "remove vulnerable version" message more
+      friendly
+    - o/devicestate/firstboot_preseed_test.go: remove deadcode
+    - o/devicestate: preseeding test cleanup
+    - gadget: refactor StructureEncryption to have a concrete type
+      instead of map
+    - tests: add created_at timestamp to mongo issues
+    - tests: fix security-udev-input-subsystem test
+    - o/devicestate/handlers_install.go: use --all to get binary data
+      too for logs
+    - o/snapstate: rename "corecore" -> "core"
+    - o/snapstate: implement transactional flag
+    - tests: skip ~/.snap migration test on openSUSE
+    - asserts,interfaces/policy: move and prepare DeviceScopeConstraint
+      for reuse
+    - asserts: fetching code should fetch authority-delegation
+      assertions with signing keys as needed
+    - tests: prepare and restore nested tests
+    - asserts: first-class support for formatting/encoding signatory-id
+    - asserts: remove unused function, fix for linter
+    - gadget: identify/match encryption parts, include in traits info
+    - asserts,cmd/snap-repair: support delegation when validating
+      signatures
+    - many: fix leftover empty snap dirs
+    - libsnap-confine-private: string functions simplification
+    - tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add
+      gadget variant
+    - interfaces/u2f-devices: add U2F-TOKEN
+    - tests/core/mem-cgroup-disabled: minor fixups
+    - data/env: fix fish env for all versions of fish, unexport local
+      vars, export XDG_DATA_DIRS
+    - tests: reboot test running remodel
+    - Add extra disk space to nested images to "avoid No space left on
+      device" error
+    - tests: add regression tests for disabled memory cgroup operation
+    - many: fix issues flagged by golangci and configure it to fail
+      build
+    - docs: fix incorrect link
+    - cmd/snap: rename the verbose logging flag in snap run
+    - docs: cosmetic cleanups
+    - cmd/snap-confine: build const data structures at compile-
+      time
+    - o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing
+      notification
+    - snap-bootstrap: Cleanup dependencies in systemd mounts
+    - interfaces/seccomp: Add rseq to base seccomp template
+    - cmd/snap-confine: remove mention of "legacy mode" from comment
+    - gadget/gadget_test.go: fix variable type
+    - gadget/gadget.go: add AllDiskVolumeDeviceTraits
+    - spread: non-functional cleanup of go1.6 legacy
+    - cmd/snap-confine: update ambiguous comment
+    - o/snapstate: revert migration on refresh if flag is disabled
+    - packaging/fedora: sync with downstream, packaging improvements
+    - tests: updated the documentation to run spread tests using
+      external backend
+    - osutil/mkfs: Expose more fakeroot flags
+    - interfaces/cups: add cups-socket-directory attr, use to specify
+      mount rules in backend
+    - tests/main/snap-system-key: reset-failed snapd and snapd.socket
+    - gadget/install: add unit tests for install.Run()
+    - tests/nested/manual/remodel-cross-store,remodel-simple: wait for
+      serial
+    - vscode: added integrated support for MS VSCODE
+    - cmd/snap/auto-import: use osutil.LoadMountInfo impl instead
+    - gadget/install: add unit tests for makeFilesystem, allow mocking
+      mkfs.Make()
+    - systemd: batched operations
+    - gadget/install/partition.go: include DiskIndex in synthesized
+      OnDiskStructure
+    - gadget/install: rm unused support for writing non-filesystem
+      structures
+    - cmd/snap: close refresh notifications after trying to run a snap
+      while inhibited
+    - o/servicestate: revert #11003 checking for memory cgroup being
+      disabled
+    - tests/core/failover: verify failover handling with the kernel snap
+    - snap-confine: allow numbers in hook security tag
+    - cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed
+    - spread: switch to CentOS 8 Stream image
+    - overlord/servicestate: disallow mixing snaps and subgroups.
+    - cmd/snap: add --debug to snap run
+    - gadget: mv modelCharateristics to gadgettest.ModelCharacteristics
+    - cmd/snap: remove use of zenity, use notifications for snap run
+      inhibition
+    - o/devicestate: verify that the new model is self contained before
+      remodeling
+    - usersession/userd: query xdg-mime to check for fallback handlers
+      of a given scheme
+    - gadget, gadgettest: reimplement tests to use new gadgettest
+      examples.go file
+    - asserts: start implementing authority-delegationTODO in later PRs:
+    - overlord: skip manager tests on riscv for now
+    - o/servicestate: quota group error should be more explanative when
+      memory cgroup is disabled
+    - i/builtin: allow modem-manager interface to access some files in
+      sysfs
+    - tests: ensure that interface hook works with hotplug plug
+    - tests: fix repair test failure when run in a loop
+    - o/snapstate: re-write state after undo migration
+    - interfaces/opengl: add support for ARM Mali
+    - tests: enable snap-userd-reexec on ubuntu and debian
+    - tests: skip bind mount in snapd-snap test when the core snap in
+      not repacked
+    - many: add transactional flag to snapd API
+    - tests: new Jammy image for testing
+    - asserts: start generalizing attrMatcherGeneralization is along
+    - tests: ensure the ca-certificates package is installed
+    - devicestate: ensure permissions of /var/lib/snapd/void are
+      correct
+    - many: add altlinux support
+    - cmd/snap-update-ns: convert some unexpected decimal file mode
+      constants to octal.
+    - tests: use system ubuntu-21.10-64 in nested tests
+    - tests: skip version check on lp-1871652 for sru validation
+    - snap/quota: add positive tests for the quota.Resources logic
+    - asserts: start splitting out attrMatcher for reuse to
+      constraint.go
+    - systemd: actually test the function passed as a parameter
+    - tests: fix snaps-state test for sru validation
+    - many: add Transactional to snapstate.Flags
+    - gadget: rename DiskVolume...Opts to DiskVolume...Options
+    - tests: Handle PPAs being served from ppa.launchpadcontent.net
+    - tests/main/cgroup-tracking-failure: Make it pass when run alone
+    - tests: skip migration test on centOS
+    - tests: add back systemd-timesyncd to newer debian distros
+    - many: add conversion for interface attribute values
+    - many: unit test fix when SNAPD_DEBUG=1 is set
+    - gadget/install/partition.go: use device rescan trick only when
+      gadget says to
+    - osutil: refactoring the code exporting mocking APIs to other
+      packages
+    - mkversion: check that snapd is a git source tree before guessing
+      the version
+    - overlord: small refactoring of group quota implementation in
+      preparation of multiple quota values
+    - tests: drop 21.04 tests (it's EOL)
+    - osutil/mkfs: Expose option for --lib flag in fakeroot call
+    - cmd/snapd-apparmor: fix bad variable initialization
+    - packaging, systemd: fix socket (re-)start race
+    - tests: fix running tests.invariant on testflinger systems
+    - tests: spread test snap dir migration
+    - interfaces/shared-memory: support single wild-cards in the
+      read/write paths
+    - tests: cross store remodel
+    - packaging,tests: fix running autopkgtest
+    - spread-shellcheck: add a caching layer
+    - tests: add jammy to spread executions
+    - osutils: deal with ENOENT in UserMaybeSudoUser()
+    - packaging/ubuntu-16.04/control: adjust libfuse3 dependency as
+      suggested
+    - gadget/update.go: add DiskTraitsFromDeviceAndValidate
+    - tests/lib/prepare.sh: add debug kernel command line params via
+      gadget on UC20
+    - check-commit-email: do not fail when current dir is not under git
+    - configcore: implement netplan write support via dbus
+    - run-checks, check-commit-email.py: check commit email addresses
+      for validity
+    - tests: setup snapd remodel testing bits
+    - cmd/snap: adjust /cmd to migration changes
+    - systemd: enable batched calls for systemd calls operation on units
+    - o/ifacestate: add convenience Active() method to ConnectionState
+      struct
+    - o/snapstate: migrate to hidden dir on refresh/install
+    - store: fix flaky test
+    - i/builtin/xilinx-dma: add interface for Xilinx DMA driver
+    - go.mod: tidy up
+    - overlord/h/c/umount: remove handling of required parameter
+    - systemd: add NeedDaemonReload to the unit state
+    - mount-control: step 3
+    - tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted
+      case too
+    - gadget: fix typo with filesystem message
+    - gadget: misc helper fixes for implicit system-data role handling
+    - tests: fix uses of fakestore new-snap-declaration
+    - spread-shellcheck: use safe_load rather than load with a loder
+    - interfaces: allow access to new at-spi socket location in desktop-
+      legacy
+    - cmd/snap: setup tracking cgroup when invoking a service directly
+      as a user
+    - tests/main/snap-info: use yaml.safe_load rather than yaml.load
+    - cmd/snap: rm unnecessary validation
+    - tests: fix `tests/core/create-user` on testflinger pi3
+    - tests: fix parallel-install-basic on external UC16 devices
+    - tests: ubuntu-image 2.0 compatibility fixes
+    - tests/lib/prepare-restore: use go install rather than go get
+    - cmd/snap, daemon: add debug command for getting OnDiskVolume
+      dump
+    - gadget: resolve index ambiguity between OnDiskStructure and
+      LaidOutStructuretype: bare structures).
+    - tests: workaround missing bluez snap
+    - HACKING.md: add dbus-x11 to packages needed to run unit tests
+    - spread.yaml: add debian-{10,11}, drop debian-9
+    - cmd/snap/quota: fix typo in the help message
+    - gadget: allow gadget struct with unspecified filesystem to match
+      part with fs
+    - tests: re-enable kernel-module-load tests on arm
+    - tests/lib/uc20-create-partitions/main.go: setup a logger for
+      messages
+    - cmd: support installing multiple local snaps
+    - usersession: implement method to close notifications via
+      usersession REST API
+    - data/env: treat XDG_DATA_DIRS like PATH for fish
+    - cmd/snap, cmd/snap-confine: extend manpage, update links
+    - tests: fix fwupd interface test in debian sid
+    - tests: do not run k8s smoke test on 32 bit systems
+    - tests: fix testing in trusty qemu
+    - packaging: merge 2.54.2 changelog back to master
+    - overlord: fix issue with concurrent execution of two snapd
+      processes
+    - interfaces: add a polkit interface
+    - gadget/install/partition.go: wait for udev settle when creating
+      partitions too
+    - tests: exclude interfaces-kernel-module load on arm
+    - tests: ensure that test-snapd-kernel-module-load is
+      removed
+    - tests: do not test microk8s-smoke on arm
+    - packaging, bloader, github: restore cleanliness of snapd info
+      file; check in GA workflow
+    - tests/lib/tools/tests.invariant: simplify check
+    - tests/nested/manual/core20-to-core22: wait for device to be
+      initialized before starting a remodel
+    - build-aux/snap/snapcraft.yaml: use build-packages, don't fail
+      dirty builds
+    - tests/lib/tools/tests.invariant: add invariant for detecting
+      broken snaps
+    - tests/core/failover: replace boot-state with snap debug boot-vars
+    - tests: fix remodel-kernel test when running on external devices
+    - data/selinux: allow poking /proc/xen
+    - gadget: do not crash if gadget.yaml has an empty Volumes section
+    - i/b/mount-control: support creating tmpfs mounts
+    - packaging: Update openSUSE spec file with apparmor-parser and
+      datadir for fish
+    - cmd/snap-device-helper: fix variable name typo in the unit tests
+    - tests: fixed an issue with retrieval of the squashfuse repo
+    - release: 2.54.1
+    - tests: tidy up the top-level of ubuntu-seed during tests
+    - build-aux: detect/fix dirty git revisions while snapcraft
+      building
+    - release: 2.54
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 21 Mar 2022 15:55:16 -0500
+
+snapd (2.54.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1955137
+    - t/m/interfaces-network-manager: use different channel depending on
+      system
+    - many: backport attrer interface changes to 2.54
+    - tests: skip version check on lp-1871652 for sru validation
+    - i/builtin: allow modem-manager interface to access some files in
+      sysfs
+    - snapstate: make "remove vulnerable version" message more
+      friendly
+    - tests: fix "undo purging" step in snap-run-devmode-classic
+    - o/snapstate: deal with potentially invalid type of refresh.retain
+      value due to lax validation
+    - interfaces: custom-device
+    - packaging/ubuntu-16.04/control: adjust libfuse3 dependency
+    - data/env: fix fish env for all versions of fish
+    - packaging/ubuntu-16.04/snapd.postinst: start socket and service
+      first
+    - interfaces/u2f-devices: add U2F-TOKEN
+    - interfaces/seccomp: Add rseq to base seccomp template
+    - tests: remove disabled snaps before calling save_snapd_state
+    - overlord: skip manager tests on riscv for now
+    - interfaces/opengl: add support for ARM Mali
+    - devicestate: ensure permissions of /var/lib/snapd/void are
+      correct
+    - cmd/snap-update-ns: convert some unexpected decimal file mode
+      constants to octal.
+    - interfaces/shared-memory: support single wild-cards in the
+      read/write paths
+    - packaging: fix running autopkgtest
+    - i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver
+    - tests: fix `tests/core/create-user` on testflinger pi3
+    - tests: fix parallel-install-basic on external UC16 devices
+    - tests: re-enable kernel-module-load tests on arm
+    - tests: do not run k8s smoke test on 32 bit systems
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2022 09:44:21 +0100
+
+snapd (2.54.3-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove unused Build-Depends and replace transitional packages
+    (Closes: #1014184)
+  * Add patch for failed test with godbus 5.0.5 (Closes: #1008450)
+
+ -- Shengjing Zhu <zhsj@debian.org>  Sun, 17 Jul 2022 20:18:10 +0800
+
+snapd (2.54.3-1) unstable; urgency=high
+
+  * SECURITY UPDATE: Local privilege escalation
+    - snap-confine: Add validations of the location of the snap-confine
+      binary within snapd.
+    - snap-confine: Fix race condition in snap-confine when preparing a
+      private mount namespace for a snap.
+    - CVE-2021-44730
+    - CVE-2021-44731
+  * SECURITY UPDATE: Data injection from malicious snaps
+    - interfaces: Add validations of snap content interface and layout
+      paths in snapd.
+    - CVE-2021-4120
+    - LP: #1949368
+
+ -- Michael Vogt <mvo@debian.org>  Wed, 23 Feb 2022 10:04:21 +0100
+
+snapd (2.54.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1955137
+    - tests: exclude interfaces-kernel-module load on arm
+    - tests: ensure that test-snapd-kernel-module-load is
+      removed
+    - tests: do not test microk8s-smoke on arm
+    - tests/core/failover: replace boot-state with snap debug boot-vars
+    - tests: use snap info|awk to extract tracking channel
+    - tests: fix remodel-kernel test when running on external devices
+    - .github/workflows/test.yaml: also check internal snapd version for
+      cleanliness
+    - packaging/ubuntu-16.04/rules: eliminate seccomp modification
+    - bootloader/assets/grub_*cfg_asset.go: update Copyright
+    - build-aux/snap/snapcraft.yaml: adjust comment about get-version
+    - .github/workflows/test.yaml: add check in github actions for dirty
+      snapd snaps
+    - build-aux/snap/snapcraft.yaml: use build-packages, don't fail
+      dirty builds
+    - data/selinux: allow poking /proc/xen
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 06 Jan 2022 15:25:16 -0600
+
+snapd (2.54.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1955137
+    - buid-aux: set version before calling ./generate-packaging-dir
+      This fixes the "dirty" suffix in the auto-generated version
+
+  * Upstream fixes for Debian bugs:
+    - cgroups v2 are now supported (closes: #934372)
+    - transitional package golang-github-ubuntu-core-snappy-dev
+      dropped (closes: #940782)
+    - support squashfs-tools 4.5 properly (closes: #993233)
+    - fix FTBFS (closes: #997257)
+
+  * Updated the debian packaging:
+    - add myself to the uploaders (partly addresses 1001999)
+    - remove npn-default series patches)
+    - bump standards-version to 4.6.0 (required removal of
+      non-default series files)
+
+ -- Michael Vogt <mvo@debian.org>  Mon, 20 Dec 2021 15:15:32 +0100
+
+snapd (2.54-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1955137
+    - interfaces/builtin/opengl.go: add boot_vga sys/devices file
+    - o/configstate/configcore: add tmpfs.size option
+    - tests: moving to manual opensuse 15.2
+    - cmd/snap-device-helper: bring back the device type identification
+      behavior, but for remove action fallback only
+    - cmd/snap-failure: use snapd from the snapd snap if core is not
+      present
+    - tests/core/failover: enable the test on core18
+    - o/devicestate: ensure proper order when remodel does a simple
+      switch-snap-channel
+    - builtin/interfaces: add shared memory interface
+    - overlord: extend kernel/base success and failover with bootenv
+      checks
+    - o/snapstate: check disk space w/o store if possible
+    - snap-bootstrap: Mount snaps read only
+    - gadget/install: do not re-create partitions using OnDiskVolume
+      after deletion
+    - many: fix formatting w/ latest go version
+    - devicestate,timeutil: improve logging of NTP sync
+    - tests/main/security-device-cgroups-helper: more debugs
+    - cmd/snap: print a placeholder for version of broken snaps
+    - o/snapstate: mock system with classic confinement support
+    - cmd: Fixup .clangd to use correct syntax
+    - tests: run spread tests in fedora-35
+    - data/selinux: allow snapd to access /etc/modprobe.d
+    - mount-control: step 2
+    - daemon: add multiple snap sideload to API
+    - tests/lib/pkgdb: install dbus-user-session during prepare, drop
+      dbus-x11
+    - systemd: provide more detailed errors for unimplemented method in
+      emulation mode
+    - tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base
+      test
+    - tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot
+      test
+    - o/snapstate: add hide/expose snap data to backend
+    - interfaces: kernel-module-load
+    - snap: add support for `snap watch
+      --last={revert,enable,disable,switch}`
+    - tests/main/security-udev-input-subsystem: drop info from udev
+    - tests/core/kernel-and-base-single-reboot-failover,
+      tests/lib/fakestore: verify failover scenario
+    - tests/main/security-device-cgroups-helper: collect some debug info
+      when the test fails
+    - tests/nested/manual/core20-remodel: wait for device to have a
+      serial before starting a remodel
+    - tests/main/generic-unregister: test re-registration if not blocked
+    - o/snapstate, assertsate: validation sets/undo on partial failure
+    - tests: ensure snapd can be downloaded as a module
+    - snapdtool, many: support additional key/value flags in info file
+    - data/env: improve fish shell env setup
+    - usersession/client: provide a way for client to send messages to a
+      subset of users
+    - tests: verify that simultaneous refresh of kernel and base
+      triggers a single reboot only
+    - devicestate: Unregister deletes the device key pair as well
+    - daemon,tests: support forgetting device serial via API
+    - asserts: change behavior of alternative attribute matcher
+    - configcore: relax validation rules for hostname
+    - cmd/snap-confine: do not include libglvnd libraries from the host
+      system
+    - overlord, tests: add managers and a spread test for UC20 to UC22
+      remodel
+    - HACKING.md: adjust again for building the snapd snap
+    - systemd: add support for systemd unit alias names
+    - o/snapstate: add InstallPathMany
+    - gadget: allow EnsureLayoutCompatibility to ensure disk has all
+      laid out structsnow reject/fail:
+    - packaging/ubuntu, packaging/debian: depend on dbus-session-bus
+      provider (#11111)
+    - interfaces/interfaces/scsi_generic: add interface for scsi generic
+      de… (#10936)
+    - osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping
+    - interfaces/microstack-support: set controlsDeviceCgroup to true
+    - network-setup-control: add netplan generate D-Bus rules
+    - interface/builtin/log_observe: allow to access /dev/kmsg
+    - .github/workflows/test.yaml: restore failing of spread tests on
+      errors (nested)
+    - gadget: tweaks to DiskStructureDeviceTraits + expand test cases
+    - tests/lib/nested.sh: allow tests to use their own core18 in extra-
+      snaps-path
+    - interfaces/browser-support: Update rules for Edge
+    - o/devicestate: during remodel first check pending download tasks
+      for snaps
+    - polkit: add a package to validate polkit policy files
+    - HACKING.md: document building the snapd snap and splicing it into
+      the core snap
+    - interfaces/udev: fix installing snaps inside lxd in 21.10
+    - o/snapstate: refactor disk space checks
+    - tests: add (strict) microk8s smoke test
+    - osutil/strace: try to enable strace on more arches
+    - cmd/libsnap-confine-private: fix snap-device-helper device allow
+      list modification on cgroup v2
+    - tests/main/snapd-reexec-snapd-snap: improve debugging
+    - daemon: write formdata file parts to snaps dir
+    - systemd: add support for .target units
+    - tests: run snap-disconnect on uc16
+    - many: add experimental setting to allow using ~/.snap/data instead
+      of ~/snap
+    - overlord/snapstate: perform a single reboot when updating boot
+      base and kernel
+    - kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver,
+      use w/ disks pkg
+    - o/devicestate: introduce DeviceManager.Unregister
+    - interfaces: allow receiving PropertiesChanged on the mpris plug
+    - tests: new tool used to retrieve data from mongo db
+    - daemon: amend ssh keys coming from the store
+    - tests: Include the tools from snapd-testing-tools project in
+      "$TESTSTOOLS"
+    - tests: new workflow step used to report spread error to mongodb
+    - interfaces/builtin/dsp: update proc files for ambarella flavor
+    - gadget: replace ondisk implementation with disks package, refactor
+      part calcs
+    - tests: Revert "tests: disable flaky uc18 tests until systemd is
+      fixed"
+    - Revert: "many: Vendor apparmor-3.0.3 into the snapd snap"
+    - asserts: rename "white box" to "clear box" (woke checker)
+    - many: Vendor apparmor-3.0.3 into the snapd snap
+    - tests: reorganize the debug-each on the spread.yaml
+    - packaging: sync with downstream packaging in Fedora and openSUSE
+    - tests: disable flaky uc18 tests until systemd is fixed
+    - data/env: provide profile setup for fish shell
+    - tests: use ubuntu-image 1.11 from stable channel
+    - gadget/gadget.go: include disk schema in the disk device volume
+      traits too
+    - tests/main/security-device-cgroups-strict-enforced: extend the
+      comments
+    - README.md: point at bugs.launchpad.net/snapd instead of snappy
+      project
+    - osutil/disks: introduce RegisterDeviceMapperBackResolver + use for
+      crypt-luks2
+    - packaging: make postrm script robust against `rm` failures
+    - tests: print extra debug on auto-refresh-gating test failure
+    - o/assertstate, api: move enforcing/monitoring from api to
+      assertstate, save history
+    - tests: skip the test-snapd-timedate-control-consumer.date to avoid
+      NTP sync error
+    - gadget/install: use disks functions to implement deviceFromRole,
+      also rename
+    - tests: the `lxd` test is failing right now on 21.10
+    - o/snapstate: account for deleted revs when undoing install
+    - interfaces/builtin/block_devices: allow blkid to print block
+      device attributes
+    - gadget: include size + sector-size in DiskVolumeDeviceTraits
+    - cmd/libsnap-confine-private: do not deny all devices when reusing
+      the device cgroup
+    - interfaces/builtin/time-control: allow pps access
+    - o/snapstate/handlers: propagate read errors on "copy-snap-data"
+    - osutil/disks: add more fields to Partition, populate them during
+      discovery
+    - interfaces/u2f-devices: add Trezor and Trezor v2 keys
+    - interfaces: timezone-control, add permission for ListTimezones
+      DBus call
+    - o/snapstate: remove repeated test assertions
+    - tests: skip `snap advise-command` test if the store is overloaded
+    - cmd: create ~/snap dir with 0700 perms
+    - interfaces/apparmor/template.go: allow udevadm from merged usr
+      systems
+    - github: leave a comment documenting reasons for pipefail
+    - github: enable pipefail when running spread
+    - osutil/disks: add DiskFromPartitionDeviceNode
+    - gadget, many: add model param to Update()
+    - cmd/snap-seccomp: add riscv64 support
+    - o/snapstate: maintain a RevertStatus map in SnapState
+    - tests: enable lxd tests on impish system
+    - tests: (partially) revert the memory limits PR#r10241
+    - o/assertstate: functions for handling validation sets tracking
+      history
+    - tests: some improvements for the spread log parser
+    - interfaces/network-manager-observe: Update for libnm / dart
+      clients
+    - tests: add ntp related debug around "auto-refresh" test
+    - boot: expand on the fact that reseal taking modeenv is very
+      intentional
+    - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
+      abad8a8f4
+    - data/selinux: update the policy to allow snapd to talk to
+      org.freedesktop.timedate1
+    - o/snapstate: keep old revision if install doesn't add new one
+    - overlord/state: add a unit test for a kernel+base refresh like
+      sequence
+    - desktop, usersession: observe notifications
+    - osutil/disks: add AllPhysicalDisks()
+    - timeutil,deviceutil: fix unit tests on systems without dbus or
+      without ntp-sync
+    - cmd/snap-bootstrap/README: explain all the things (well most of
+      them anyways)
+    - docs: add run-checks dependency install instruction
+    - o/snapstate: do not prune refresh-candidates if gate-auto-refresh-
+      hook feature is not enabled
+    - o/snapstate: test relink remodel helpers do a proper subset of
+      doInstall and rework the verify*Tasks helpers
+    - tests/main/mount-ns: make the test run early
+    - tests: add `--debug` to netplan apply
+    - many: wait for up to 10min for NTP synchronization before
+      autorefresh
+    - tests: initialize CHANGE_ID in _wait_autorefresh
+    - sandbox/cgroup: freeze and thaw cgroups related to services and
+      scopes only
+    - tests: add more debug around qemu-nbd
+    - o/hookstate: print cohort with snapctl refresh --pending (#10985)
+    - tests: misc robustness changes
+    - o/snapstate: improve install/update tests (#10850)
+    - tests: clean up test tools
+    - spread.yaml: show `journalctl -e` for all suites on debug
+    - tests: give interfaces-udisks2 more time for the loop device to
+      appear
+    - tests: set memory limit for snapd
+    - tests: increase timeout/add debug around nbd0 mounting (up, see
+      LP:#1949513)
+    - snapstate: add debug message where a snap is mounted
+    - tests: give nbd0 more time to show up in preseed-lxd
+    - interfaces/dsp: add more ambarella things
+    - cmd/snap: improve snap disconnect arg parsing and err msg
+    - tests: disable nested lxd snapd testing
+    - tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32
+    - o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite
+    - sandbox/cgroup: wait for start transient unit job to finish
+    - o/snapstate: fix task order, tweak errors, add unit tests for
+      remodel helpers
+    - osutil/disks: re-org methods for end of usable region, size
+      information
+    - build-aux: ensure that debian packaging matches build-base
+    - docs: update HACKING.md instructions for snapd 2.52 and later
+    - spread: run lxd tests with version from latest/edge
+    - interfaces: suppress denial of sys_module capability
+    - osutil/disks: add methods to replace gadget/ondisk functions
+    - tests: split test tools - part 1
+    - tests: fix nested tests on uc20
+    - data/selinux: allow snap-confine to read udev's database
+    - i/b/common_test: refactor AppArmor features test
+    - tests: run spread tests on debian 11
+    - o/devicestate: copy timesyncd clock timestamp during install
+    - interfaces/builtin: do not probe parser features when apparmor
+      isn't available
+    - interface/modem-manager: allow connecting to the mbim/qmi proxy
+    - tests: fix error message in run-checks
+    - tests: spread test for validation sets enforcing
+    - cmd/snap-confine: lazy set up of device cgroup, only when devices
+      were assigned
+    - o/snapstate: deduplicate snap names in remove/install/update
+    - tests/main/selinux-data-context: use session when performing
+      actions as test user
+    - packaging/opensuse: sync with openSUSE packaging, enable AppArmor
+      on 15.3+
+    - interfaces: skip connection of netlink interface on older
+      systems
+    - asserts, o/snapstate: honor IgnoreValidation flag when checking
+      installed snaps
+    - tests/main/apparmor-batch-reload: fix fake apparmor_parser to
+      handle --preprocess
+    - sandbox/apparmor, interfaces/apparmor: detect bpf capability,
+      generate snippet for s-c
+    - release-tools/repack-debian-tarball.sh: fix c-vendor dir
+    - tests: test for enforcing with prerequisites
+    - tests/main/snapd-sigterm: fix race conditions
+    - spread: run lxd tests with version from latest/stable
+    - run-checks: remove --spread from help message
+    - secboot: use latest secboot with tpm legacy platform and v2 fully
+      optional
+    - tests/lib/pkgdb: install strace on Debian 11 and Sid
+    - tests: ensure systemd-timesyncd is installed on debian
+    - interfaces/u2f-devices: add Nitrokey 3
+    - tests: update the ubuntu-image channel to candidate
+    - osutil/disks/labels: simplify decoding algorithm
+    - tests: not testing lxd snap anymore on i386 architecture
+    - o/snapstate, hookstate: print remaining hold time on snapctl
+      --hold
+    - cmd/snap: support --ignore-validation with snap install client
+      command
+    - tests/snapd-sigterm: be more robust against service restart
+    - tests: simplify mock script for apparmor_parser
+    - o/devicestate, o/servicestate: update gadget assets and cmdline
+      when remodeling
+    - tests/nested/manual/refresh-revert-fundamentals: re-enable
+      encryption
+    - osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel
+    - gadget, osutil/disks: fix some bugs from prior PR'sin the dir.
+    - secboot: revert move to new version (revert #10715)
+    - cmd/snap-confine: die when snap process is outside of snap
+      specific cgroup
+    - many: mv MockDeviceNameDisksToPartitionMapping ->
+      MockDeviceNameToDiskMapping
+    - interfaces/builtin: Add '/com/canonical/dbusmenu' path access to
+      'unity7' interface
+    - interfaces/builtin/hardware-observer: add /proc/bus/input/devices
+      too
+    - osutil/disks, many: switch to defining Partitions directly for
+      MockDiskMapping
+    - tests: remove extra-snaps-assertions test
+    - interface/modem-manager: add accept for MBIM/QMI proxy clients
+    - tests/nested/core/core20-create-recovery: fix passing of data to
+      curl
+    - daemon: allow enabling enforce mode
+    - daemon: use the syscall connection to get the socket credentials
+    - i/builtin/kubernetes_support: add access to Calico lock file
+    - osutil: ensure parent dir is opened and sync'd
+    - tests: using test-snapd-curl snap instead of http snap
+    - overlord: add managers unit test demonstrating cyclic dependency
+      between gadget and kernel updates
+    - gadget/ondisk.go: include the filesystem UUID in the returned
+      OnDiskVolume
+    - packaging: fixes for building on openSUSE
+    - o/configcore: allow hostnames up to 253 characters, with dot-
+      delimited elements
+    - gadget/ondisk.go: add listBlockDevices() to get all block devices
+      on a system
+    - gadget: add mapping trait types + functions to save/load
+    - interfaces: add polkit security backend
+    - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
+      s390x impish
+    - tests: merge coverage results
+    - tests: remove "features" from fde-setup.go example
+    - fde: add new device-setup support to fde-setup
+    - gadget: add `encryptedDevice` and add encryptedDeviceLUKS
+    - spread: use `bios: uefi` for uc20
+    - client: fail fast on non-retryable errors
+    - tests: support running all spread tests with experimental features
+    - tests: check that a snap that doesn't have gate-auto-refresh hook
+      can call --proceed
+    - o/snapstate: support ignore-validation flag when updating to a
+      specific snap revision
+    - o/snapstate: test prereq update if started by old version
+    - tests/main: disable cgroup-devices-v1 and freezer tests on 21.10
+    - tests/main/interfaces-many: run both variants on all possible
+      Ubuntu systems
+    - gadget: mv ensureLayoutCompatibility to gadget proper, add
+      gadgettest pkg
+    - many: replace state.State restart support with overlord/restart
+    - overlord: fix generated snap-revision assertions in remodel unit
+      tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Dec 2021 15:49:18 +0100
+
+snapd (2.53.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to
+      avoid host env leaking into tests
+    - timeutil: return NoTimedate1Error if it can't connect to the
+      system bus
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 02 Dec 2021 17:16:48 -0600
+
+snapd (2.53.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - devicestate: Unregister deletes the device key pair as well
+    - daemon,tests: support forgetting device serial via API
+    - configcore: relax validation rules for hostname
+    - o/devicestate: introduce DeviceManager.Unregister
+    - packaging/ubuntu, packaging/debian: depend on dbus-session-bus
+      provider
+    - many: wait for up to 10min for NTP synchronization before
+      autorefresh
+    - interfaces/interfaces/scsi_generic: add interface for scsi generic
+      devices
+    - interfaces/microstack-support: set controlsDeviceCgroup to true
+    - interface/builtin/log_observe: allow to access /dev/kmsg
+    - daemon: write formdata file parts to snaps dir
+    - spread: run lxd tests with version from latest/edge
+    - cmd/libsnap-confine-private: fix snap-device-helper device allow
+      list modification on cgroup v2
+    - interfaces/builtin/dsp: add proc files for monitoring Ambarella
+      DSP firmware
+    - interfaces/builtin/dsp: update proc file accordingly
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 02 Dec 2021 11:42:15 -0600
+
+snapd (2.53.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1946127
+    - interfaces/builtin/block_devices: allow blkid to print block
+      device attributes/run/udev/data/b{major}:{minor}
+    - cmd/libsnap-confine-private: do not deny all devices when reusing
+      the device cgroup
+    - interfaces/builtin/time-control: allow pps access
+    - interfaces/u2f-devices: add Trezor and Trezor v2 keys
+    - interfaces: timezone-control, add permission for ListTimezones
+      DBus call
+    - interfaces/apparmor/template.go: allow udevadm from merged usr
+      systems
+    - interface/modem-manager: allow connecting to the mbim/qmi proxy
+    - interfaces/network-manager-observe: Update for libnm client
+      library
+    - cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
+      abad8a8f4
+    - sandbox/cgroup: freeze and thaw cgroups related to services and
+      scopes only
+    - o/hookstate: print cohort with snapctl refresh --pending
+    - cmd/snap-confine: lazy set up of device cgroup, only when devices
+      were assigned
+    - tests: ensure systemd-timesyncd is installed on debian
+    - tests/lib/pkgdb: install strace on Debian 11 and Sid
+    - tests/main/snapd-sigterm: flush, use retry
+    - tests/main/snapd-sigterm: fix race conditions
+    - release-tools/repack-debian-tarball.sh: fix c-vendor dir
+    - data/selinux: allow snap-confine to read udev's database
+    - interfaces/dsp: add more ambarella things* interfaces/dsp: add
+      more ambarella things
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 15 Nov 2021 16:09:09 -0600
+
+snapd (2.53.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1946127
+    - spread: run lxd tests with version from latest/stable
+    - secboot: use latest secboot with tpm legacy platform and v2 fully
+      optional (#10946)
+    - cmd/snap-confine: die when snap process is outside of snap
+      specific cgroup (2.53)
+    - interfaces/u2f-devices: add Nitrokey 3
+    - Update the ubuntu-image channel to candidate
+    - Allow hostnames up to 253 characters, with dot-delimited elements 
+      (as suggested by man 7 hostname).
+    - Disable i386 until it is possible to build snapd using lxd
+    - o/snapstate, hookstate: print remaining hold time on snapctl
+      --hold
+    - tests/snapd-sigterm: be more robust against service restart
+    - tests: add a regression test for snapd hanging on SIGTERM
+    - daemon: use the syscall connection to get the socket
+      credentials
+    - interfaces/builtin/hardware-observer: add /proc/bus/input/devices
+      too
+    - cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
+      s390x impish
+    - interface/modem-manager: add accept for MBIM/QMI proxy clients
+    - secboot: revert move to new version
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 21 Oct 2021 11:55:31 -0500
+
+snapd (2.53-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1946127
+    - overlord: fix generated snap-revision assertions in remodel unit
+      tests
+    - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
+    - interfaces/modem-manager: add access to PCIe modems
+    - overlord/devicestate: record recovery capable system on a
+      successful remodel
+    - o/snapstate: use device ctx in prerequisite install/update
+    - osutil/disks: support filtering by mount opts in
+      MountPointsForPartitionRoot
+    - many: support an API flag system-restart-immediate to make snap
+      ops proceed immediately with system restarts
+    - osutil/disks: add RootMountPointsForPartition
+    - overlord/devicestate, tests: enable UC20 remodel, add spread tests
+    - cmd/snap: improve snap run help message
+    - o/snapstate: support ignore validation flag on install/update
+    - osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label
+    - desktop: implement gtk notification backend and provide minimal
+      notification api
+    - tests: use the latest cpu family for nested tests execution
+    - osutil/disks: add Partition struct and Disks.Partitions()
+    - o/snapstate: prevent install hang if prereq install fails
+    - osutil/disks: add Disk.KernelDevice{Node,Path} methods
+    - disks: add `Size(path)` helper
+    - tests: reset some mount units failing on ubuntu impish
+    - osutil/disks: add DiskFromDevicePath, other misc changes
+    - interfaces/apparmor: do not fail during initialization when there
+      is no AppArmor profile for snap-confine
+    - daemon: implement access checkers for themes API
+    - interfaces/seccomp: add clone3 to default template
+    - interfaces/u2f-devices: add GoTrust Idem Key
+    - o/snapstate: validation sets enforcing on update
+    - o/ifacestate: don't fail remove if disconnect hook fails
+    - tests: fix error trying to create the extra-snaps dir which
+      already exists
+    - devicestate: use EncryptionType
+    - cmd/libsnap-confine-private: workaround BPF memory accounting,
+      update apparmor profile
+    - tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is
+      false
+    - interfaces/dsp: add a usb rule to the ambarella flavor
+    - interfaces/apparmor/template.go: allow inspection of dbus
+      mediation level
+    - tests/main/security-device-cgroups: fix when both variants run on
+      the same host
+    - cmd/snap-confine: update s-c apparmor profile to allow versioned
+      ld.so
+    - many: rename systemd.Kind to Backend for a bit more clarity
+    - cmd/libsnap-confine-private: fix set but unused variable in the
+      unit tests
+    - tests: fix netplan test on i386 architecture
+    - tests: fix lxd-mount-units test which is based on core20 in ubuntu
+      focal system
+    - osutil/disks: add new `CreateLinearMapperDevice` helper
+    - cmd/snap: wait while inhibition file is present
+    - tests: cleanup the job workspace as first step of the actions
+      workflow
+    - tests: use our own image for ubuntu impish
+    - o/snapstate: update default provider if missing required content
+    - o/assertstate, api: update validation set assertions only when
+      updating all snaps
+    - fde: add HasDeviceUnlock() helper
+    - secboot: move to new version
+    - o/ifacestate: don't lose connections if snaps are broken
+    - spread: display information about current device cgroup in debug
+      dump
+    - sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp
+    - tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak
+      tests for cgroupv2, update builtin interfaces
+    - sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on
+      grade signed
+    - usersession/client: refactor doMany() method
+    - interfaces/builtin/opengl.go: add libOpenGL.so* too
+    - o/assertstate: check installed snaps when refreshing validation
+      set assertions
+    - osutil: helper for injecting run time faults in snapd
+    - tests: update test nested tool part 2
+    - libsnap-confine: use the pid parameter
+    - gadget/gadget.go: LaidOutSystemVolumeFromGadget ->
+      LaidOutVolumesFromGadget
+    - tests: update the time tolerance to fix the snapd-state test
+    - .github/workflows/test.yaml: revert #10809
+    - tests: rename interfaces-hooks-misbehaving spread test to install-
+      hook-misbehaving
+    - data/selinux: update the policy to allow s-c to manipulate BPF map
+      and programs
+    - overlord/devicestate: make settle wait longer in remodel tests
+    - kernel/fde: mock systemd-run in unit test
+    - o/ifacestate: do not create stray task in batchConnectTasks if
+      there are no connections
+    - gadget: add VolumeName to Volume and VolumeStructure
+    - cmd/libsnap-confine-private: use root when necessary for BPF
+      related operations
+    - .github/workflows/test.yaml: bump action-build to 1.0.9
+    - o/snapstate: enforce validation sets/enforce on InstallMany
+    - asserts, snapstate: return full validation set keys from
+      CheckPresenceRequired and CheckPresenceInvalid
+    - cmd/snap: only log translation warnings in debug/testing
+    - tests/main/preseed: update for new base snap of the lxd snap
+    - tests/nested/manual: use loop for checking for initialize-system
+      task done
+    - tests: add a local snap variant to testing prepare-image gating
+      support
+    - tests/main/security-device-cgroups-strict-enforced: demonstrate
+      device cgroup being enforced
+    - store: one more tweak for the test action timeout
+    - github: do not fail when codecov upload fails
+    - o/devicestate: fix flaky test remodel clash
+    - o/snapstate: add ChangeID to conflict error
+    - tests: fix regex of TestSnapActionTimeout test
+    - tests: fix tests for 21.10
+    - tests: add test for store.SnapAction() request timeout
+    - tests: print user sessions info on debug-each
+    - packaging: backports of golang-go 1.13 are good enough
+    - sysconfig/cloudinit: add cloudDatasourcesInUseForDir
+    - cmd: build gdb shims as static binaries
+    - packaging/ubuntu: pass GO111MODULE to dh_auto_test
+    - cmd/libsnap-confine-private, tests, sandbox: remove warnings about
+      cgroup v2, drop forced devmode
+    - tests: increase memory quota in quota-groups-systemd-accounting
+    - tests: be more robust against a new day stepping in
+    - usersession/xdgopenproxy: move PortalLauncher class to own package
+    - interfaces/builtin: fix microstack unit tests on distros using
+      /usr/libexec
+    - cmd/snap-confine: handle CURRENT_TAGS on systems that support it
+    - cmd/libsnap-confine-private: device cgroup v2 support
+    - o/servicestate: Update task summary for restart action
+    - packaging, tests/lib/prepare-restore: build packages without
+      network access, fix building debs with go modules
+    - systemd: add AtLeast() method, add mocking in systemdtest
+    - systemd: use text.template to generate mount unit
+    - o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command
+    - o/snapstate: optimize conflicts around snaps stored on
+      conditional-auto-refresh task
+    - tests/lib/prepare.sh: download core20 for UC20 runs via
+      BASE_CHANNEL
+    - mount-control: step 1
+    - go: update go.mod dependencies
+    - o/snapstate: enforce validation sets on snap install
+    - tests: revert revert manual lxd removal
+    - tests: pre-cache snaps in classic and core systems
+    - tests/lib/nested.sh: split out additional helper for adding files
+      to VM imgs
+    - tests: update nested tool - part1
+    - image/image_linux.go: add newline
+    - interfaces/block-devices: support to access the state of block
+      devices
+    - o/hookstate: require snap-refresh-control interface for snapctl
+      refresh --proceed
+    - build-aux: stage libgcc1 library into snapd snap
+    - configcore: add read-only netplan support
+    - tests: fix fakedevicesvc service already exists
+    - tests: fix interfaces-libvirt test
+    - tests: remove travis leftovers
+    - spread: bump delta ref to 2.52
+    - packaging: ship the `snapd.apparmor.service` unit in debian
+    - packaging: remove duplicated `golang-go` build-dependency
+    - boot: record recovery capable systems in recovery bootenv
+    - tests: skip overlord tests on riscv64 due to timeouts.
+    - overlord/ifacestate: fix arguments in unit tests
+    - ifacestate: undo repository connection if doConnect fails
+    - many: remove unused parameters
+    - tests: failure of prereqs on content interface doesn't prevent
+      install
+    - tests/nested/manual/refresh-revert-fundamentals: fix variable use
+    - strutil: add Intersection()
+    - o/ifacestate: special-case system-files and force refreshing its
+      static attributes
+    - interface/builtin: add qualcomm-ipc-router interface for
+      AF_QIPCRTR socket protocol
+    - tests:  new snapd-state tool
+    - codecov: fix files pathnames
+    - systemd: add mock systemd helper
+    - tests/nested/core/extra-snaps-assertions: fix the match pattern
+    - image,c/snap,tests: support enforcing validations in prepare-image
+      via --customize JSON validation enforce(|ignore)
+    - o/snapstate: enforce validation sets assertions when removing
+      snaps
+    - many: update deps
+    - interfaces/network-control: additional ethernet rule
+    - tests: use host-scaled settle timeout for hookstate tests
+    - many: move to go modules
+    - interfaces: no need for snapRefreshControlInterface struct
+    - interfaces: introduce snap-refresh-control interface
+    - tests: move interfaces-libvirt test back to 16.04
+    - tests: bump the number of retries when waiting for /dev/nbd0p1
+    - tests: add more space on ubuntu xenial
+    - spread: add 21.10 to qemu, remove 20.10 (EOL)
+    - packaging: add libfuse3-dev build dependency
+    - interfaces: add microstack-support interface
+    - wrappers: fix a bunch of duplicated service definitions in tests
+    - tests: use host-scaled timeout to avoid riscv64 test failure
+    - many: fix run-checks gofmt check
+    - tests: spread test for snapctl refresh --pending/--proceed from
+      the snap
+    - o/assertstate,daemon: refresh validation sets assertions with snap
+      declarations
+    - tests: migrate tests that are only executed on xenial to bionic
+    - tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs
+    - packaging: update master changelog for 2.51.7
+    - sysconfig/cloudinit: fix bug around error state of cloud-init
+    - interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag
+    - interfaces/interfaces/ion-memory-control: add: add interface for
+      ion buf
+    - interfaces/dsp: add /dev/ambad into dsp interface
+    - tests: new spread log parser
+    - tests: check files and dirs are cleaned for each test
+    - o/hookstate/ctlcmd: unify the error message when context is
+      missing
+    - o/hookstate: support snapctl refresh --pending from snap
+    - many: remove unused/dead code
+    - cmd/libsnap-confine-private: add BPF support helpers
+    - interfaces/hardware-observe: add some dmi properties
+    - snapstate: abort kernel refresh if no gadget update can be found
+    - many: shellcheck fixes
+    - cmd/snap: add Size column to refresh --list
+    - packaging: build without dwarf debugging data
+    - snapstate: fix misleading `assumes` error message
+    - tests: fix restore in snapfuse spread tests
+    - o/assertstate: fix missing 'scheduled' header when auto refreshing
+      assertions
+    - o/snapstate: fail remove with invalid snap names
+    - o/hookstate/ctlcmd: correct err message if missing root
+    - .github/workflows/test.yaml: fix logic
+    - o/snapstate: don't hold some snaps if not all snaps can be held by
+      the given gating snap
+    - c-vendor.c: new c-vendor subdir
+    - store: make sure expectedZeroFields in tests gets updated
+    - overlord: add manager test for "assumes" checking
+    - store: deal correctly with "assumes" from the store raw yaml
+    - sysconfig/cloudinit.go: add functions for filtering cloud-init
+      config
+    - cgroup-support: allow to hide cgroupv2 warning via ENV
+    - gadget: Export mkfs functions for use in ubuntu-image
+    - tests: set to 10 minutes the kill timeout for tests failing on
+      slow boards
+    - .github/workflows/test.yaml: test github.events key
+    - i18n/xgettext-go: preserve already escaped quotes
+    - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
+      v2.2.0-428-g5c22d4b
+    - github: do not try to upload coverage when working with cached run
+    - tests/main/services-install-hook-can-run-svcs: shellcheck issue
+      fix
+    - interfaces/u2f-devices: add Nitrokey FIDO2
+    - testutil: add DeepUnsortedMatches Checker
+    - cmd, packaging: import BPF headers from kernel, detect whether
+      host headers are usable
+    - tests: fix services-refresh-mode test
+    - tests: clean snaps.sh helper
+    - tests: fix timing issue on security-dev-input-event-denied test
+    - tests: update systems for sru validation
+    - .github/workflows: add codedov again
+    - secboot: remove duplicate import
+    - tests: stop the service when is active in test interfaces-
+      firewall-control test
+    - packaging: remove TEST_GITHUB_AUTOPKGTEST support
+    - packaging: merge 2.51.6 changelog back to master
+    - secboot: use half the mem for KDF in AddRecoveryKey
+    - secboot: switch main key KDF memory cost to 32KB
+    - tests: remove the test user just when it was installed on create-
+      user-2 test
+    - spread: temporarily fix the ownership of /home/ubuntu/.ssh on
+      21.10
+    - daemon, o/snapstate: handle IgnoreValidation flag on install (2/3)
+    - usersession/agent: refactor common JSON validation into own
+      function
+    - o/hookstate: allow snapctl refresh --proceed from snaps
+    - cmd/libsnap-confine-private: fix issues identified by coverity
+    - cmd/snap: print logs in local timezone
+    - packaging: changelog for 2.51.5 to master
+    - build-aux: build with go-1.13 in the snapcraft build too
+    - config: rename "virtual" config to "external" config
+    - devicestate: add `snap debug timings --ensure=install-system`
+    - interfaces/builtin/raw_usb: fix platform typo, fix access to usb
+      devices accessible through platform
+    - o/snapstate: remove commented out code
+    - cmd/snap-device-helper: reimplement snap-device-helper
+    - cmd/libsnap-confine-private: fix coverity issues in tests, tweak
+      uses of g_assert()
+    - o/devicestate/handlers_install.go: add workaround to create dirs
+      for install
+    - o/assertstate: implement ValidationSetAssertionForEnforce helper
+    - clang-format: stop breaking my includes
+    - o/snapstate: allow auto-refresh limited to snaps affected by a
+      specific gating snap
+    - tests: fix core-early-config test to use tests.nested tool
+    - sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init
+      datasource
+    - c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags
+      to snap/snapctl
+    - corecfg: add "system.hostname" setting to the system settings
+    - wrappers: measure time to enable services in StartServices()
+    - configcore: fix early config timezone handling
+    - tests/nested/manual: enable serial assertions on testkeys nested
+      VM's
+    - configcore: fix a bunch of incorrect error returns
+    - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
+      snap
+    - packaging: merge 2.51.4 changelog back to master
+    - {device,snap}state: skip kernel extraction in seeding
+    - vendor: move to snapshot-4c814e1 branch and set fixed KDF options
+    - tests: use bigger storage on ubuntu 21.10
+    - snap: support links map in snap.yaml (and later from the store
+      API)
+    - o/snapstate: add AffectedByRefreshCandidates helper
+    - configcore: register virtual config for timezone reading
+    - cmd/libsnap-confine-private: move device cgroup files, add helper
+      to deny a device
+    - tests: fix cached-results condition in github actions workflow
+    - interfaces/tee: add support for Qualcomm qseecom device node
+    - packaging: fix build failure on bionic and simplify rules
+    - o/snapstate: affectedByRefresh tweaks
+    - tests: update nested wait for snapd command
+    - interfaces/builtin: allow access to per-user GTK CSS overrides
+    - tests/main/snapd-snap: install 4.x snapcraft to build the snapd
+      snap
+    - snap/squashfs: handle squashfs-tools 4.5+
+    - asserts/snapasserts: CheckPresenceInvalid and
+      CheckPresenceRequired methods
+    - cmd/snap-confine: refactor device cgroup handling to enable easier
+      v2 integration
+    - tests: skip udp protocol on latest ubuntus
+    - cmd/libsnap-confine-private: g_spawn_check_exit_status is
+      deprecated since glib 2.69
+    - interfaces: s/specifc/specific/
+    - github: enable gofmt for Go 1.13 jobs
+    - overlord/devicestate: UC20 specific set-model, managers tests
+    - o/devicestate, sysconfig: refactor cloud-init config permission
+      handling
+    - config: add "virtual" config via config.RegisterVirtualConfig
+    - packaging: switch ubuntu to use golang-1.13
+    - snap: change `snap login --help` to not mention "buy"
+    - tests: removing Ubuntu 20.10, adding 21.04 nested in spread
+    - tests/many: remove lxd systemd unit to prevent unexpected
+      leftovers
+    - tests/main/services-install-hook-can-run-svcs: make variants more
+      obvious
+    - tests: force snapd-session-agent.socket to be re-generated
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 05 Oct 2021 20:29:14 +0200
+
+snapd (2.52.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1942646
+    - snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
+      for the disk (if not present already)
+    - many: support an API flag system-restart-immediate to make snap
+      ops proceed immediately with system restarts
+    - cmd/libsnap-confine-private: g_spawn_check_exit_status is
+      deprecated since glib 2.69
+    - interfaces/seccomp: add clone3 to default template
+    - interfaces/apparmor/template.go: allow inspection of dbus
+      mediation level
+    - interfaces/dsp: add a usb rule to the ambarella flavor
+    - cmd/snap-confine: update s-c apparmor profile to allow versioned
+      ld.so
+    - o/ifacestate: don't lose connections if snaps are broken
+    - interfaces/builtin/opengl.go: add libOpenGL.so* too
+    - interfaces/hardware-observe: add some dmi properties
+    - build-aux: stage libgcc1 library into snapd snap
+    - interfaces/block-devices: support to access the state of block
+      devices
+    - packaging: ship the `snapd.apparmor.service` unit in debian
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 05 Oct 2021 13:29:25 +0200
+
+snapd (2.52-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1942646
+    - interface/builtin: add qualcomm-ipc-router interface for
+      AF_QIPCRTR socket protocol
+    - o/ifacestate: special-case system-files and force refreshing its
+      static attributes
+    - interfaces/network-control: additional ethernet rule
+    - packaging: update 2.52 changelog with 2.51.7
+    - interfaces/interfaces/ion-memory-control: add: add interface for
+      ion buf
+    - packaging: merge 2.51.6 changelog back to 2.52
+    - secboot: use half the mem for KDF in AddRecoveryKey
+    - secboot: switch main key KDF memory cost to 32KB
+    - many: merge release/2.51 change to release/2.52
+    - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
+      snap
+    - o/servicestate: use snap app names for ExplicitServices of
+      ServiceAction
+    - tests/main/services-install-hook-can-run-svcs: add variant w/o
+      --enable
+    - o/servicestate: revert only start enabled services
+    - tests: adding Ubuntu 21.10 to spread test suite
+    - interface/modem-manager: add support for MBIM/QMI proxy clients
+    - cmd/snap/model: support storage-safety and snaps headers too
+    - o/assertstate: Implement EnforcedValidationSets helper
+    - tests: using retry tool for nested tests
+    - gadget: check for system-save with multi volumes if encrypting
+      correctly
+    - interfaces: make the service naming entirely internal to systemd
+      BE
+    - tests/lib/reset.sh: fix removing disabled snaps
+    - store/store_download.go: use system snap provided xdelta3 priority
+      + fallback
+    - packaging: merge changelog from 2.51.3 back to master
+    - overlord: only start enabled services
+    - interfaces/builtin: add sd-control interface
+    - tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests,
+      use 2.45
+    - tests/lib/reset.sh: add workaround from refresh-vs-services tests
+      for all tests
+    - o/assertstate: check for conflicts when refreshing and committing
+      validation set asserts
+    - devicestate: add support to save timings from install mode
+    - tests: new tests.nested commands copy and wait-for
+    - install: add a bunch of nested timings
+    - tests: drop any-python wrapper
+    - store: set ResponseHeaderTimeout on the default transport
+    - tests: fix test-snapd-user-service-sockets test removing snap
+    - tests: moving nested_exec to nested.tests exec
+    - tests: add tests about services vs snapd refreshes
+    - client, cmd/snap, daemon: refactor REST API for quotas to match
+      CLI org
+    - c/snap,asserts: create/delete-key external keypair manager
+      interaction
+    - tests: revert disable of the delta download tests
+    - tests/main/system-usernames-microk8s: disable on centos 7 too
+    - boot: support device change
+    - o/snapstate: remove unused refreshSchedule argument for
+      isRefreshHeld helper
+    - daemon/api_quotas.go: handle conflicts, returning conflict
+      response
+    - tests: test for gate-auto-refresh hook error resulting in hold
+    - release: 2.51.2
+    - snapstate/check_snap: add snap_microk8s to shared system-
+      usernames
+    - snapstate: remove temporary snap file for local revisions early
+    - interface: allows reading sd cards internal info from block-
+      devices interface
+    - tests: Renaming tool nested-state to tests.nested
+    - testutil: fix typo in json checker unit tests
+    - tests: ack assertions by default, add --noack option
+    - overlord/devicestate: try to pick alternative recovery labels
+      during remodel
+    - bootloader/assets: update recovery grub to allow system labels
+      generated by snapd
+    - tests: print serial log just once for nested tests
+    - tests: remove xenial 32 bits
+    - sandbox/cgroup: do not be so eager to fail when paths do not exist
+    - tests: run spread tests in ubuntu bionic 32bits
+    - c/snap,asserts: start supporting ExternalKeypairManager in the
+      snap key-related commands
+    - tests: refresh control spread test
+    - cmd/libsnap-confine-private: do not fail on ENOENT, better getline
+      error handling
+    - tests: disable delta download tests for now until the store is
+      fixed
+    - tests/nested/manual/preseed: fix for cloud images that ship
+      without core18
+    - boot: properly handle tried system model
+    - tests/lib/store.sh: revert #10470
+    - boot, seed/seedtest: tweak test helpers
+    - o/servicestate: TODO and fix preexisting typo
+    - o/servicestate: detect conflicts for quota group operations
+    - cmd/snap/quotas: adjust help texts for quota commands
+    - many/quotas: little adjustments
+    - tests: add spread test for classic snaps content slots
+    - o/snapstate: fix check-rerefresh task summary when refresh control
+      is used
+    - many: use changes + tasks for quota group operations
+    - tests: fix test snap-quota-groups when checking file
+      cgroupProcsFile
+    - asserts: introduce ExternalKeypairManager
+    - o/ifacestate: do not visit same halt tasks in waitChainSearch to
+      avoid cycles
+    - tests/lib/store.sh: fix make_snap_installable_with_id()
+    - overlord/devicestate, overlord/assertstate: use a temporary DB
+      when creating recovery systems
+    - corecfg: allow using `# snapd-edit: no` header to disable pi-
+      config# snapd-edit: no
+    - tests/main/interfaces-ssh-keys: tweak checks for openSUSE
+      Tumbleweed
+    - cmd/snap: prevent cycles in waitChainSearch with snap debug state
+    - o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for
+      marking self as affecting
+    - tests: new parameter used by retry tool to set env vars
+    - tests: support parameters for match-log on journal-state tool
+    - configcore: ignore system.pi-config.* setting on measured kernels
+    - sandbox/cgroup: support freezing groups with unified
+      hierarchy
+    - tests: fix preseed test to used core20 snap on latest systems
+    - testutil: introduce a checker which compares the type after having
+      passed them through a JSON marshaller
+    - store: tweak error message when store.Sections() download fails
+    - o/servicestate: stop setting DoneStatus prematurely for quota-
+      control
+    - cmd/libsnap-confine-private: bump max depth of groups hierarchy to
+      32
+    - many: turn Contact into an accessor
+    - store: make the log with download size a debug one
+    - cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to
+      include search path"
+    - o/devicestate: move SystemMode method before first usage
+    - tests: skip tests when the sections cannot be retrieved
+    - boot: support resealing with a try model
+    - o/hookstate: dedicated handler for gate-auto-refresh hook
+    - tests: make sure the /root/snap dir is backed up on test snap-
+      user-dir-perms-fixed
+    - cmd/snap-confine: make mount ns use check cgroup v2 compatible
+    - snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
+    - cmd/libsnap-confine-private/cgroup-support.c: Fix typo
+    - cmd/snap-confine, cmd/snapd-generator: fix issues identified by
+      sparse
+    - o/snapstate: make conditional-auto-refresh conflict with other
+      tasks via affected snaps
+    - many: pass device/model info to configcore via sysconfig.Device
+      interface
+    - o/hookstate: return bool flag from Error function of hook handler
+      to ignore hook errors
+    - cmd/snap-update-ns: add SRCDIR to include search path
+    - tests: fix for tests/main/lxd-mount-units test and enable
+      ubuntu-21.04
+    - overlord, o/devicestate: use a single test helper for resetting to
+      a post boot state
+    - HACKING.md: update instructions for go1.16+
+    - tests: fix restore for security-dev-input-event-denied test
+    - o/servicestate: move SetStatus to doQuotaControl
+    - tests: fix classic-prepare-image test
+    - o/snapstate: prune gating information and refresh-candidates on
+      snap removal
+    - o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add
+      mock helper
+    - cmd: a bunch of tweaks and updates
+    - o/servicestate: refactor meter handling, eliminate some common
+      parameters
+    - o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed
+      syntax.
+    - o/snapstate: prune refresh candidates in check-rerefresh
+    - osutil: pass --extrausers option to groupdel
+    - o/snapstate: remove refreshed snap from snaps-hold in
+      snapstate.doInstall
+    - tests/nested: add spread test for uc20 cloud.conf from gadgets
+    - boot: drop model from resealing and boostate
+    - o/servicestate, snap/quota: eliminate workaround for buggy
+      systemds, add spread test
+    - o/servicestate: introduce internal and servicestatetest
+    - o/servicestate/quota_control.go: enforce minimum of 4K for quota
+      groups
+    - overlord/servicestate: avoid unnecessary computation of disabled
+      services
+    - o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately
+      from snapctl
+    - o/snapstate: prune hold state during autoRefreshPhase1
+    - wrappers/services.go: do not restart disabled or inactive
+      services
+    - sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed
+      config
+    - spread: switch LXD back to latest/candidate channel
+    - interfaces/opengl: add support for Imagination PowerVR
+    - boot: decouple model from seal/reseal handling via an auxiliary
+      type
+    - spread, tests/main/lxd: no longer manual, switch to latest/stable
+    - github: try out golangci-lint
+    - tests: set lxd test to manual until failures are fixed
+    - tests: connect 30% of the interfaces on test interfaces-many-core-
+      provided
+    - packaging/debian-sid: update snap-seccomp patches for latest
+      master
+    - many: fix imports order (according to gci)
+    - o/snapstate: consider held snaps in autoRefreshPhase2
+    - o/snapstate: unlock the state before calling backend in
+      undoStartSnapServices
+    - tests: replace "not MATCH" by NOMATCH in tests
+    - README.md: refer to new IRC server
+    - cmd/snap-preseed: provide more error info if snap-preseed fails
+      early on mount
+    - daemon: add a Daemon argument to AccessChecker.CheckAccess
+    - c/snap-bootstrap: add bind option with tests
+    - interfaces/builtin/netlink_driver_test.go: add test snippet
+    - overlord/devicestate: set up recovery system tasks when attempting
+      a remodel
+    - osutil,strutil,testutil: fix imports order (according to gci)
+    - release: merge 2.51.1 changelog
+    - cmd: fix imports order (according to gci)
+    - tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control
+      interface
+    - o/servicestate: move handlers tests to quota_handlers_test.go file
+      instead
+    - interfaces: add netlink-driver interface
+    - interfaces: remove leftover debug print
+    - systemd: refactor property parsers for int values in
+      CurrentTasksCount, etc.
+    - tests: fix debug section for postrm-purge test
+    - tests/many: change all cloud-init passwords for ubuntu to use
+      plain_test_passwd
+    - asserts,interfaces,snap: fix imports order (according to gci)
+    - o/servicestate/quota_control_test.go: test the handlers directly
+    - tests: fix issue when checking the udev tag on test security-
+      device-cgroups
+    - many: introduce Store.SnapExists and use it in
+      /v2/accessories/themes
+    - o/snapstate: update LastRefreshTime in doLinkSnap handler
+    - o/hookstate: handle snapctl refresh --proceed and --hold
+    - boot: fix model inconsistency check in modeenv, extend unit tests
+    - overlord/servicestate: improve test robustness with locking
+    - tests: first part of the cleanup
+    - tests: new note in HACKING file to clarify about
+      yamlordereddictloader dependency
+    - daemon: make CheckAccess return an apiError
+    - overlord: fix imports ordering (according to gci)
+    - o/servicestate: add quotastate handlers
+    - boot: track model's sign key ID, prepare infra for tracking
+      candidate model
+    - daemon: have apiBaseSuite.errorReq return *apiError directly
+    - o/servicestate/service_control.go: add comment about
+      ExplicitServices
+    - interfaces: builtin: add dm-crypt interface to support external
+      storage encryption
+    - daemon: split out error response code from response*.go to
+      errors*.go
+    - interfaces/dsp: fix typo in udev rule
+    - daemon,o/devicestate: have DeviceManager.SystemMode take an
+      expectation on the system
+    - o/snapstate: add helpers for setting and querying holding time for
+      snaps
+    - many: fix quota groups for centos 7, amazon linux 2 w/ workaround
+      for buggy systemd
+    - overlord/servicestate: mv ensureSnapServicesForGroup to new file
+    - overlord/snapstate: lock the mutex before returning from stop snap
+      services undo
+    - daemon: drop resp completely in favor of using respJSON
+      consistently
+    - overlord/devicestate: support for snap downloads in recovery
+      system handlers
+    - daemon: introduce a separate findResponse, simplify SyncRespone
+      and drop Meta
+    - overlord/snapstate, overlord/devicestate: exclusive change
+      conflict check
+    - wrappers, packaging, snap-mgmt: handle removing slices on purge
+      too
+    - services: remember if acting on the entire snap
+    - store: extend context and action objects of SnapAction with
+      validation-sets
+    - o/snapstate: refresh control - autorefresh phase2
+    - cmd/snap/quota: refactor quota CLI as per new design
+    - interfaces: opengl: change path for Xilinx zocl driver
+    - tests: update spread images for ubuntu-core-20 and ubuntu-21.04
+    - o/servicestate/quota_control_test.go: change helper escaping
+    - o/configstate/configcore: support snap set system swap.size=...
+    - o/devicestate: require serial assertion before remodeling can be
+      started
+    - systemd: improve systemctl error reporting
+    - tests/core/remodel: use model assertions signed with valid keys
+    - daemon: use apiError for more of the code
+    - store: fix typo in snapActionResult struct json tag
+    - userd: mock `systemd --version` in privilegedDesktopLauncherSuite
+    - packaging/fedora: sync with downstream packaging
+    - daemon/api_quotas.go: include current memory usage information in
+      results
+    - daemon: introduce StructuredResponse and apiError
+    - o/patch: check if we have snapd snap with correct snap type
+      already in snapstate
+    - tests/main/snapd-snap: build the snapd snap on all platforms with
+      lxd
+    - tests: new commands for snaps-state tool
+    - tests/main/snap-quota-groups: add functional spread test for quota
+      groups
+    - interfaces/dsp: add /dev/cavalry into dsp interface
+    - cmd/snap/cmd_info_test.go: make test robust against TZ changes
+    - tests: moving to tests directories snaps built locally - part 2
+    - usersession/userd: fix unit tests on systems using /var/lib/snapd
+    - sandbox/cgroup: wait for pid to be moved to the desired cgroup
+    - tests: fix snap-user-dir-perms-fixed vs format checks
+    - interfaces/desktop-launch: support confined snaps launching other
+      snaps
+    - features: enable dbus-activation by default
+    - usersession/autostart: change ~/snap perms to 0700 on startup
+    - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid
+    - tests: new test static checker
+    - release-tool/changelog.py: misc fixes from real world usage
+    - release-tools/changelog.py: add function to generate github
+      release template
+    - spread, tests: Fedora 32 is EOL, drop it
+    - o/snapstate: bump max postponement from 60 to 95 days
+    - interfaces/apparmor: limit the number of jobs when running with a
+      single CPU
+    - packaging/fedora/snapd.spec: correct date format in changelog
+    - packaging: merge 2.51 changelog back to master
+    - packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs,
+      placeholder for 2.51
+    - interfaces: allow read access to /proc/tty/drivers to modem-
+      manager and ppp/dev/tty
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Fri, 03 Sep 2021 16:06:15 -0500
+
+snapd (2.51.7-2) unstable; urgency=medium
+
+  * debian: cherry-pick PR#10745
+    - cherry pick https://github.com/snapcore/snapd/pull/10745
+      (closes: #993783)
+  * debian/control:
+    - build with go-1.15 for now until snapd-2.52 is released
+      which fully supports go.mod
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 07 Sep 2021 13:53:22 +0200
+
+snapd (2.51.7-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
+      v2.2.0-428-g5c22d4b1
+    - tests: cherry-pick shellcheck fix `bd730fd4`
+    - interfaces/dsp: add /dev/ambad into dsp interface
+    - many: shellcheck fixes
+    - snapstate: abort kernel refresh if no gadget update can be found
+    - overlord: add manager test for "assumes" checking
+    - store: deal correctly with "assumes" from the store raw yaml
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 01 Sep 2021 13:32:06 +0200
+
+snapd (2.51.6-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - secboot: use half the mem for KDF in AddRecoveryKey
+    - secboot: switch main key KDF memory cost to 32KB
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 19 Aug 2021 15:49:47 -0500
+
+snapd (2.51.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - snap/squashfs: handle squashfs-tools 4.5+
+    - tests/core20-install-device-file-install-via-hook-hack: adjust
+      test for 2.51
+    - o/devicestate/handlers_install.go: add workaround to create dirs
+      for install
+    - tests: fix linter warning
+    - tests: update other spread tests for new behaviour
+    - tests: ack assertions by default, add --noack option
+    - release-tools/changelog.py: also fix opensuse changelog date
+      format
+    - release-tools/changelog.py: fix typo in function name
+    - release-tools/changelog.py: fix fedora date format
+    - release-tools/changelog.py: handle case where we don't have a TZ
+    - release-tools/changelog.py: fix line length check
+    - release-tools/changelog.py: specify the LP bug for the release as
+      an arg too
+    - interface/modem-manager: add support for MBIM/QMI proxy
+      clients
+    - .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
+      snap
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 16 Aug 2021 15:02:40 -0500
+
+snapd (2.51.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - {device,snap}state: skip kernel extraction in seeding
+    - vendor: move to snapshot-4c814e1 branch and set fixed KDF options
+    - tests/interfaces/tee: fix HasLen check for udev snippets
+    - interfaces/tee: add support for Qualcomm qseecom device node
+    - gadget: check for system-save with multi volumes if encrypting
+      correctly
+    - gadget: drive-by: drop unnecessary/supported passthrough in test
+      gadget.yaml
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Mon, 09 Aug 2021 18:56:18 -0500
+
+snapd (2.51.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - interfaces/builtin: add sd-control interface
+    - store: set ResponseHeaderTimeout on the default transport
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Wed, 14 Jul 2021 15:26:54 -0500
+
+snapd (2.51.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - snapstate: remove temporary snap file for local revisions early
+    - interface: allows reading sd cards internal info from block-
+      devices interface
+    - o/ifacestate: do not visit same halt tasks in waitChainSearch to
+      avoid slow convergence (or unlikely cycles)
+    - corecfg: allow using `# snapd-edit: no` header to disable pi-
+      config
+    - configcore: ignore system.pi-config.* setting on measured kernels
+    - many: pass device/model info to configcore via sysconfig.Device
+      interface
+    - o/configstate/configcore: support snap set system swap.size=...
+    - store: make the log with download size a debug one
+    - interfaces/opengl: add support for Imagination PowerVR
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 07 Jul 2021 15:35:46 +0200
+
+snapd (2.51.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - interfaces: add netlink-driver interface
+    - interfaces: builtin: add dm-crypt interface to support external
+      storage encryption
+    - interfaces/dsp: fix typo in udev rule
+    - overlord/snapstate: lock the mutex before returning from stop
+      snap services undo
+    - interfaces: opengl: change path for Xilinx zocl driver
+    - interfaces/dsp: add /dev/cavalry into dsp interface
+    - packaging/fedora/snapd.spec: correct date format in changelog
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 15 Jun 2021 12:45:08 +0200
+
+snapd (2.51-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1929842
+    - cmd/snap: stacktraces debug endpoint
+    - secboot: deactivate volume again when model checker fails
+    - store: extra log message, a few minor cleanups
+    - packaging/debian-sid: update systemd patch
+    - snapstate: adjust update-gadget-assets user visible message
+    - tests/nested/core/core20-create-recovery: verify that recovery
+      system can be created at runtime
+    - gadget: support creating vfat partitions during bootstrap
+    - daemon/api_quotas.go: support updating quotas with ensure action
+    - daemon: tighten access to a couple of POST endpoints that should
+      be really be root-only
+    - seed/seedtest, overlord/devicestate: move seed validation helper
+      to seedtest
+    - overlord/hookstate/ctlcmd: remove unneeded parameter
+    - snap/quota: add CurrentMemoryUsage for current memory usage of a
+      quota group
+    - systemd: add CurrentMemoryUsage to get current memory usage for a
+      unit
+    - o/snapstate: introduce minimalInstallInfo interface
+    - o/hookstate: print pending info (ready, inhibited or none)
+    - osutil: a helper to find out the total amount of memory in the
+      system
+    - overlord, overlord/devicestate: allow for reloading modeenv in
+      devicemgr when testing
+    - daemon: refine access testing
+    - spread: disable unattended-upgrades on debian
+    - tests/lib/reset: make nc exit after a while when connection is
+      idle
+    - daemon: replace access control flags on commands with access
+      checkers
+    - release-tools/changelog.py: refactor regexp + file reading/writing
+    - packaging/debian-sid: update locale patch for the latest master
+    - overlord/devicestate: tasks for creating recovery systems at
+      runtime
+    - release-tools/changelog.py: implement script to update all the
+      changelog files
+    - tests: change machine type used for nested testsPrices:
+    - cmd/snap: include locale when linting description being lower case
+    - o/servicestate: add RemoveSnapFromQuota
+    - interfaces/serial-port: add Qualcomm serial port devices to
+      allowed list
+    - packaging: merge 2.50.1 changelog back
+    - interfaces/builtin: introduce raw-input interface
+    - tests: remove tests.cleanup prepare from nested test
+    - cmd/snap-update-ns: fix linter errors
+    - asserts: fix errors reported by linter
+    - o/hookstate/ctlcmd: allow system-mode for non-root
+    - overlord/devicestate: comment why explicit system mode check is
+      needed in ensuring tried recovery systems (#10275)
+    - overlord/devicesate: observe snap writes when creating recovery
+      systems
+    - packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
+    - tests: moving to tests directories snaps built locally - part 1
+    - seed/seedwriter: fail early when system seed directory exists
+    - o/snapstate: autorefresh phase1 for refresh-control
+    - c/snap: more precise message for ErrorKindSystemRestart op !=
+      reboot
+    - tests: simplify the tests.cleanup tool
+    - boot: helpers for manipulating current and good recovery systems
+      list
+    - o/hookstate, o/snapstate: print revision, version, channel with
+      snapctl --pending
+    - overlord:  unit test tweaks, use well known snap IDs, setup snap
+      declarations for most common snaps
+    - tests/nested/manual: add test for install-device + snapctl reboot
+    - o/servicestate: restart slices + services on modifications
+    - tests: update mount-ns test to support changes in the distro
+    - interfaces: fix linter issues
+    - overlord: mock logger in managers unit tests
+    - tests: adding support for fedora-34
+    - tests: adding support for debian 10 on gce
+    - boot: reseal given keys when the respective boot chain has changed
+    - secboot: switch encryption key size to 32 byte (thanks to Chris)
+    - interfaces/dbus: allow claiming 'well-known' D-Bus names with a
+      wildcard suffix
+    - spread: bump delta reference version
+    - interfaces: builtin: update permitted paths to be compatible with
+      UC20
+    - overlord: fix errors reported by linter
+    - tests: remove old fedora systems from tests
+    - tests: update spread url
+    - interfaces/camera: allow devices in /sys/devices/platform/**/usb*
+    - interfaces/udisks2: Allow access to the login manager via dbus
+    - cmd/snap: exit normally if "snap changes" has no changes
+      (LP #1823974)
+    - tests: more fixes for spread suite on openSUSE
+    - tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
+    - daemon: fix linter errors
+    - spread: add Fedora 34, leave a TODO about dropping Fedora 32
+    - interfaces: fix linter errors
+    - tests: use op.paths tools instead of dirs.sh helper - part 2
+    - client: Fix linter errors
+    - cmd/snap: Fix errors reported by linter
+    - cmd/snap-repair: fix linter issues
+    - cmd/snap-bootstrap: Fix linter errors
+    - tests: update permission denied message for test-snapd-event on
+      ubuntu 2104
+    - cmd/snap: small tweaks based on previous reviews
+    - snap/snaptest: helper that mocks both the squashfs file and a snap
+      directory
+    - overlord/devicestate: tweak comment about creating recovery
+      systems, formatting tweaks
+    - overlord/devicestate: move devicemgr base suite helpers closer to
+      test suite struct
+    - overlord/devicestate: keep track of tried recovery system
+    - seed/seedwriter: clarify in the diagram when SetInfo is called
+    - overlord/devicestate: add helper for creating recovery systems at
+      runtime
+    - snap-seccomp: update syscalls.go list
+    - boot,image: support image.Customizations.BootFlags
+    - overlord: support snapctl --halt|--poweroff in gadget install-
+      device
+    - features,servicestate: add experimental.quota-groups flag
+    - o/servicestate: address comments from previous PR
+    - tests: basic spread test for snap quota commands
+    - tests: moving the snaps which are not locally built to the store
+      directory
+    - image,c/snap: implement prepare-image --customize
+    - daemon: implement REST API for quota groups (create / list / get)
+    - cmd/snap, client: snap quotas command
+    - o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
+      and snapctl system-mode
+    - o/servicestate/quota_control.go: introduce (very) basic group
+      manipulation methods
+    - cmd/snap, client: snap remove-quota command
+    - wrappers, quota: implement quota groups slice generation
+    - snap/quotas: followups from previous PR
+    - cmd/snap: introduce 'snap quota' command
+    - o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
+      uc20 run mode
+    - o/servicestate: test has internal ordering issues, consider both
+      cases
+    - o/servicestate/quotas: add functions for getting and setting
+      quotas in state
+    - tests: new buckets for snapd-spread project on gce
+    - spread.yaml: update the gce project to start using snapd-spread
+    - quota: new package for managing resource groups
+    - many: bind and check keys against models when using FDE hooks v2
+    - many: move responsibilities down seboot -> kernel/fde and boot ->
+      secboot
+    - packaging: add placeholder changelog
+    - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
+      bug
+    - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
+      Core system
+    - many: hide EncryptionKey size and refactors for fde hook v2 next
+      steps
+    - tests: adding debug info for create user tests
+    - o/hookstate: add "refresh" command to snapctl (hidden, not
+      complete yet)
+    - systemd: wait for zfs mounts (LP #1922293)
+    - testutil: support referencing files in FileEquals checker
+    - many: refactor to kernel/fde and allow `fde-setup initial-setup`
+      to return json
+    - o/snapstate: store refresh-candidates in the state
+    - o/snapstate: helper for creating gate-auto-refresh hooks
+    - bootloader/bootloadertest: provide interface implementation as
+      mixins, provide a mock for recovery-aware-trusted-asses bootloader
+    - tests/lib/nested: do not compress images, return early when
+      restored from pristine image
+    - boot: split out a helper for making recovery system bootable
+    - tests: update os.query check to match new bullseye codename used
+      on sid images
+    - o/snapstate: helper for getting snaps affected by refresh, define
+      new hook
+    - wrappers: support in EnsureSnapServices a callback to observe
+      changes (#10176)
+    - gadget: multi line support in gadget's cmdline file
+    - daemon: test that requesting restart from (early) Ensure works
+    - tests: use op.paths tools instead of dirs.sh helper - part 1
+    - tests: add new command to snaps-state to get current core, kernel
+      and gadget
+    - boot, gadget: move opening the snap container into the gadget
+      helper
+    - tests, overlord: extend unit tests, extend spread tests to cover
+      full command line support
+    - interfaces/builtin: introduce dsp interface
+    - boot, bootloader, bootloader/assets: support for full command line
+      override from gadget
+    - overlord/devicestate, overlord/snapstate: add task for updating
+      kernel command lines from gadget
+    - o/snapstate: remove unused DeviceCtx argument of
+      ensureInstallPreconditions
+    - tests/lib/nested: proper status return for tpm/secure boot checks
+    - cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
+    - wrappers/services.go: refactor helper lambda function to separate
+      function
+    - boot/flags.go: add HostUbuntuDataForMode
+    - boot: handle updating of components that contribute to kernel
+      command line
+    - tests: add 20.04 to systems for nested/core
+    - daemon: add new accessChecker implementations
+    - boot, overlord/devicestate: consider gadget command lines when
+      updating boot config
+    - tests: fix prepare-image-grub-core18 for arm devices
+    - tests: fix gadget-kernel-refs-update-pc test on arm and when
+      $TRUST_TEST_KEY is false
+    - tests: enable help test for all the systems
+    - boot: set extra command line arguments when preparing run mode
+    - boot: load bits of kernel command line from gadget snaps
+    - tests: update layout for tests - part 2
+    - tests: update layout for tests - part 1
+    - tests: remove the snap profiler from the test suite
+    - boot: drop gadget snap yaml which is already defined elsewhere in
+      the tests
+    - boot: set extra kernel command line arguments when making a
+      recovery system bootable
+    - boot: pass gadget path to command line helpers, load gadget from
+      seed
+    - tests: new os.paths tool
+    - daemon: make ucrednetGet() return a *ucrednet structure
+    - boot: derive boot variables for kernel command lines
+    - cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
+      initramfs
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Thu, 27 May 2021 11:15:20 -0500
+
+snapd (2.50.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1926005
+    - interfaces: update permitted /lib/.. paths to be compatible with 
+      UC20
+    - interfaces: builtin: update permitted paths to be compatible with
+      UC20
+    - interfaces/greengrass-support: delete white spaces at the end of
+      lines
+    - snap-seccomp: update syscalls.go list
+    - many: backport kernel command line for 2.50
+    - interfaces/dbus: allow claiming 'well-known' D-Bus names with a
+      wildcard suffix
+    - interfaces/camera: allow devices in /sys/devices/platform/**/usb*
+    - interfaces/builtin: introduce dsp interface
+
+ -- Ian Johnson <ian.johnson@canonical.com>  Wed, 19 May 2021 10:46:02 -0500
+
+snapd (2.50-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1926005
+    - overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
+      Core system
+    - o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
+    - o/servicestate/servicemgr.go: add ensure loop for snap service
+      units
+    - wrappers/services.go: introduce EnsureSnapServices()
+    - snapstate: add "kernel-assets" to featureSet
+    - systemd: wait for zfs mounts
+    - overlord: make servicestate responsible to compute
+      SnapServiceOptions
+    - boot,tests: move where we write boot-flags one level up
+    - o/configstate: don't pass --root=/ when
+      masking/unmasking/enabling/disabling services
+    - cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
+      /run
+    - gadget: be more flexible with kernel content resolving
+    - boot, cmd/snap: include extra cmdline args in debug boot-vars
+      output
+    - boot: support read/writing boot-flags from userspace/initramfs
+    - interfaces/pwm: add PWM interface
+    - tests/lib/prepare-restore.sh: clean out snapd changes and snaps
+      before purging
+    - systemd: enrich UnitStatus returned by systemd.Status() with
+      Installed flag
+    - tests: updated restore phase of spread tests - part 1
+    - gadget: add support for kernel command line provided by the gadget
+    - tests: Using GO111MODULE: "off" in spread.yaml
+    - features: add gate-auto-refresh-hook feature flag
+    - spread: ignore linux kernel upgrade in early stages for arch
+      preparation
+    - tests: use snaps-state commands and remove them from the snaps
+      helper
+    - o/configstate: fix panic with a sequence of config unset ops over
+      same path
+    - api: provide meaningful error message on connect/disconnect for
+      non-installed snap
+    - interfaces/u2f-devices: add HyperFIDO Pro
+    - tests: add simple sanity check for systemctl show
+      --property=UnitFileState for unknown service
+    - tests: use tests.session tool on interfaces-desktop-document-
+      portal test
+    - wrappers: install D-Bus service activation files for snapd session
+      tools on core
+    - many: add x-gvfs-hide option to mount units
+    - interfaces/builtin/gpio_test.go: actually test the generated gpio
+      apparmor
+    - spread: tentative workaround for arch failure caused by libc
+      upgrade and cgroups v2
+    - tests: add spread test for snap validate against store assertions
+    - tests: remove snaps which are not used in any test
+    - ci: set the accept-existing-contributors parameter for the cla-
+      check action
+    - daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
+      some apiBaseSuite cosmetics)
+    - o/devicestate/devicemgr: register install-device hook, run if
+      present in install
+    - o/configstate/configcore: simple refactors in preparation for new
+      function
+    - tests: unifying the core20 nested suite with the core nested suite
+    - tests: uboot-unpacked-assets updated to reflect the real path used
+      to find the kernel
+    - daemon: switch api_test.go to daemon_test and various other
+      cleanups
+    - o/configstate/configcore/picfg.go: add hdmi_cvt support
+    - interfaces/apparmor: followup cleanups, comments and tweaks
+    - boot: cmd/snap-bootstrap: handle a candidate recovery system v2
+    - overlord/snapstate: skip catalog refresh when snappy testing is
+      enabled
+    - overlord/snapstate, overlord/ifacestate: move late security
+      profile removal to ifacestate
+    - snap-seccomp: fix seccomp test on ppc64el
+    - interfaces, interfaces/apparmor, overlord/snapstate: late removal
+      of snap-confine apparmor profiles
+    - cmd/snap-bootstrap/initramfs-mounts: move time forward using
+      assertion times
+    - tests: reset the system while preparing the test suite
+    - tests: fix snap-advise-command check for 429
+    - gadget: policy for gadget/kernel refreshes
+    - o/configstate: deal with no longer valid refresh.timer=managed
+    - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
+    - cla-check: Use has-signed-canonical-cla GitHub Action
+    - tests: validation sets spread test
+    - tests: simplify the reset.sh logic by removing not needed command
+    - overlord/snapstate: make sure that snapd current symlink is not
+      removed during refresh
+    - tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
+    - tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
+      is base64
+    - o/devicestate: split off ensuring next boot goes to run mode into
+      new task
+    - tests: fix cgroup-tracking test
+    - boot: export helper for clearing tried system state, add tests
+    - cmd/snap: use less aggressive client timeouts in unit tests
+    - daemon: fix signing key validity timestamp in unit tests
+    - o/{device,hook}state: encode fde-setup-request key as base64
+      string
+    - packaging: drop dh-systemd from build-depends on ubuntu-16.04+
+    - cmd/snap/pack: unhide the compression option
+    - boot: extend set try recovery system unit tests
+    - cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
+      secboot's implicit fallback
+    - o/configstate/configcore: add hdmi_timings to pi-config
+    - snapstate: reduce reRefreshRetryTimeout to 1/2 second
+    - interfaces/tee: add TEE/OPTEE interface
+    - o/snapstate: update validation sets assertions with auto-refresh
+    - vendor: update go-tpm2/secboot to latest version
+    - seed: ReadSystemEssentialAndBetterEarliestTime
+    - tests: replace while commands with the retry tool
+    - interfaces/builtin: update unit tests to use proper distro's
+      libexecdir
+    - tests: run the reset.sh helper and check test invariants while the
+      test is restored
+    - daemon: switch preexisting daemon_test tests to apiBaseSuite and
+      .req
+    - boot, o/devicestate: split makeBootable20 into two parts
+    - interfaces/docker-support: add autobind unix rules to docker-
+      support
+    - interfaces/apparmor: allow reading
+      /proc/sys/kernel/random/entropy_avail
+    - tests: use retry tool instead a loops
+    - tests/main/uc20-create-partitions: fix tests cleanup
+    - asserts: mode where Database only assumes cur time >= earliest
+      time
+    - daemon: validation sets/api tests cleanup
+    - tests: improve tests self documentation for nested test suite
+    - api: local assertion fallback when it's not in the store
+    - api: validation sets monitor mode
+    - tests: use fs-state tool in interfaces tests
+    - daemon:  move out /v2/login|logout and errToResponse tests from
+      api_test.go
+    - boot: helper for inspecting the outcome of a recovery system try
+    - o/configstate, o/snapshotstate: fix handling of nil snap config on
+      snapshot restore
+    - tests: update documentation and checks for interfaces tests
+    - snap-seccomp: add new `close_range` syscall
+    - boot: revert #10009
+    - gadget: remove `device-tree{,-origin}` from gadget tests
+    - boot: simplify systems test setup
+    - image: write resolved-content from snap prepare-image
+    - boot: reseal the run key for all recovery systems, but recovery
+      keys only for the good ones
+    - interfaces/builtin/network-setup-{control,observe}: allow using
+      netplan directly
+    - tests: improve sections prepare and restore - part 1
+    - tests: update details on task.yaml files
+    - tests: revert os.query usage in spread.yaml
+    - boot: export bootAssetsMap as AssetsMap
+    - tests/lib/prepare: fix repacking of the UC20 kernel snap for with
+      ubuntu-core-initramfs 40
+    - client: protect against reading too much data from stdin
+    - tests: improve tests documentation - part 2
+    - boot: helper for setting up a try recover system
+    - tests: improve tests documentation - part 1
+    - tests/unit/go: use tests.session wrapper for running tests as a
+      user
+    - tests: improvements for snap-seccomp-syscalls
+    - gadget: simplify filterUpdate (thanks to Maciej)
+    - tests/lib/prepare.sh: use /etc/group and friends from the core20
+      snap
+    - tests: fix tumbleweed spread tests part 2
+    - tests: use new commands of os.query tool on tests
+    - o/snapshotstate: create snapshots directory on import
+    - tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
+    - packaging: drop 99-snapd.conf via dpkg-maintscript-helper
+    - osutil: add SetTime() w/ 32-bit and 64-bit implementations
+    - interfaces/wayland: rm Xwayland Xauth file access from wayland
+      slot
+    - packaging/ubuntu-16.04/rules: turn modules off explicitly
+    - gadget,devicestate: perform kernel asset update for $kernel: style
+      refs
+    - cmd/recovery: small fix for `snap recovery` tab output
+    - bootloader/lkenv: add recovery systems related variables
+    - tests: fix new tumbleweed image
+    - boot: fix typo, should be systems
+    - o/devicestate: test that users.create.automatic is configured
+      early
+    - asserts: use Fetcher in AddSequenceToUpdate
+    - daemon,o/c/configcore: introduce users.create.automatic
+    - client, o/servicestate: expose enabled state of user daemons
+    - boot: helper for checking and marking tried recovery system status
+      from initramfs
+    - asserts: pool changes for validation-sets (#9930)
+    - daemon: move the last api_foo_test.go to daemon_test
+    - asserts: include the assertion timestamp in error message when
+      outside of signing key validity range
+    - ovelord/snapshotstate: keep a few of the last line tar prints
+      before failing
+    - gadget/many: rm, delay sector size + structure size checks to
+      runtime
+    - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
+    - interfaces: add allegro-vcu and media-control interfaces
+    - interfaces: opengl: add Xilinx zocl bits
+    - mkversion: check that version from changelog is set before
+      overriding the output version
+    - many: fix new ineffassign warnings
+    - .github/workflows/labeler.yaml: try work-around to not sync
+      labels
+    - cmd/snap, boot: add debug set-boot-vars
+    - interfaces: allow reading the Xauthority file KDE Plasma writes
+      for Wayland sessions
+    - tests/main/snap-repair: test running repair assertion w/ fakestore
+    - tests: disable lxd tests for 21.04 until the lxd images are
+      published for the system
+    - tests/regression/lp-1910456: cleanup the /snap symlink when done
+    - daemon: move single snap querying and ops to api_snaps.go
+    - tests: fix for preseed and dbus tests on 21.04
+    - overlord/snapshotstate: include the last message printed by tar in
+      the error
+    - interfaces/system-observe: Allow reading /proc/zoneinfo
+    - interfaces: remove apparmor downgrade feature
+    - snap: fix unit tests on Go 1.16
+    - spread: disable Go modules support in environment
+    - tests: use new path to find kernel.img in uc20 for arm devices
+    - tests: find files before using cat command when checking broadcom-
+      asic-control interface
+    - boot: introduce good recovery systems, provide compatibility
+      handling
+    - overlord: add manager gadget refresh test
+    - tests/lib/fakestore: support repair assertions too
+    - github: temporarily disable action labeler due to issues with
+      labels being removed
+    - o/devicestate,many: introduce DeviceManager.preloadGadget for
+      EarlyConfig
+    - tests: enable ubuntu 21.04 for spread tests
+    - snap: provide a useful error message if gdbserver is not installed
+    - data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
+    - tests/lib/prepare.sh: split reflash.sh into two parts
+    - packaging/opensuse: sync with openSUSE packaging
+    - packaging: disable Go modules in snapd.mk
+    - snap: add deprecation noticed to "snap run --gdb"
+    - daemon: add API for checking and installing available theme snaps
+    - tests: using labeler action to add automatically a label to run
+      nested tests
+    - gadget: improve error handling around resolving content sources
+    - asserts: repeat the authority cross-check in CheckSignature as
+      well
+    - interfaces/seccomp/template.go: allow copy_file_range
+    - o/snapstate/check_snap.go: add support for many subversions in
+      assumes snapdX..
+    - daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
+    - wrappers: use proper paths for mocked mount units in tests
+    - snap: rename gdbserver option to `snap run --gdbserver`
+    - store: support validation sets with fetch-assertions action
+    - snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
+    - packaging/fedora: sync with downstream packaging in Fedora
+    - many: add Delegate=true to generated systemd units for special
+      interfaces (master)
+    - boot: use a common helper for mocking boot assets in cache
+    - api: validate snaps against validation set assert from the store
+    - wrappers: don't generate an [Install] section for timer or dbus
+      activated services
+    - tests/nested/core20/boot-config-update: skip when snapd was not
+      built with test features
+    - o/configstate,o/devicestate: introduce devicestate.EarlyConfig
+      implemented by configstate.EarlyConfig
+    - cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
+    - interfaces/builtin: mock distribution in fontconfig cache unit
+      tests
+    - tests/lib/prepare.sh: add another console= to the reflash magic
+      grub entry
+    - overlord/servicestate: expose dbus activators of a service
+    - desktop/notification: test against a real session bus and
+      notification server implementation
+    - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
+      recover+install
+    - HACKING.md: explain how to run UC20 spread tests with QEMU
+    - asserts: introduce AtSequence
+    - overlord/devicestate: task for updating boot configs, spread test
+    - gadget: fix documentation/typos
+    - gadget: cleanup MountedFilesystem{Writer,Updater}
+    - gadget: use ResolvedSource in MountedFilesystemWriter
+    - snap/info.go: add doc-comment for SortServices
+    - interfaces: add an optional mount-host-font-cache plug attribute
+      to the desktop interface
+    - osutil: skip TestReadBuildGo inside sbuild
+    - o/hookstate/ctlcmd: add optional --pid and --apparmor-label
+      arguments to "snapctl is-connected"
+    - data/env/snapd: use quoting in case PATH contains spaces
+    - boot: do not observe successful boot assets if not in run mode
+    - tests: fix umount for snapd snap on fsck-on-boot testumount:
+      /run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
+    - misc: little tweaks
+    - snap/info.go: ignore unknown daemons in SortSnapServices
+    - devicestate: keep log from install-mode on installed system
+    - seed: add LoadEssentialMeta to seed16 and allow all of its
+      implementations to be called multiple times
+    - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
+      seeds
+    - tests/core/uc20-recovery: move recover mode helpers to generic
+      testslib script
+    - interfaces/fwupd: allow any distros to access fw files via fwupd
+    - store: method for fetching validation set assertion
+    - store: switch to v2/assertions api
+    - gadget: add new ResolvedContent and populate from LayoutVolume()
+    - spread: use full format when listing processes
+    - osutil/many: make all test pkgs osutil_test instead of "osutil"
+    - tests/unit/go: drop unused environment variables, skip coverage
+    - OpenGL interface: Support more Tegra libs
+    - gadget,overlord: pass kernelRoot to install.Run()
+    - tests: run unit tests in Focal instead of Xenial
+    - interfaces/browser-support: allow sched_setaffinity with browser-
+      sandbox: true
+    - daemon: move query /snaps/<name> tests to api_snaps_test.go
+    - cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
+      runner
+    - systemd/systemd.go: support journald JSON messages with arrays for
+      values
+    - cmd: make string/error code more robust against errno leaking
+    - github, run-checks: do not collect coverage data on subsequent
+      test runs
+    - boot: boot config update & reseal
+    - o/snapshotstate: handle conflicts between snapshot forget, export
+      and import
+    - osutil/stat.go: add RegularFileExists
+    - cmd/snapd-generator: don't create mount overrides for snap-try
+      snaps inside lxc
+    - gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
+    - tests: use 6 spread workers for centos8
+    - bootloader/assets: support injecting bootloader assets in testing
+      builds of snapd
+    - gadget: enable multi-volume uc20 gadgets in
+      LaidOutSystemVolumeFromGadget; rename too
+    - overlord/devicestate, sysconfig: do nothing when cloud-init is not
+      present
+    - cmd/snap-repair: filter repair assertions based on bases + modes
+    - snap-confine: make host /etc/ssl available for snaps on classic
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 24 Apr 2021 12:17:45 +0200
+
+snapd (2.49.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1915248
+    - interfaces/tee: add TEE/OPTEE interface
+    - o/configstate/configcore: add hdmi_timings to pi-config
+    - interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
+    - snap-seccomp: fix seccomp test on ppc64el
+    - interfaces{,/apparmor}, overlord/snapstate:
+      late removal of snap-confine apparmor profiles
+    - overlord/snapstate, wrappers: add dependency on usr-lib-
+      snapd.mount for services on core with snapd snap
+    - o/configstate: deal with no longer valid refresh.timer=managed
+    - overlord/snapstate: make sure that snapd current symlink is not
+      removed during refresh
+    - packaging: drop dh-systemd from build-depends on ubuntu-16.04+
+    - o/{device,hook}state: encode fde-setup-request key as base64
+    - snapstate: reduce reRefreshRetryTimeout to 1/2 second
+    - tests/main/uc20-create-partitions: fix tests cleanup
+    - o/configstate, o/snapshotstate: fix handling of nil snap config on
+      snapshot restore
+    - snap-seccomp: add new `close_range` syscall
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 26 Mar 2021 16:49:46 +0100
+
+snapd (2.49.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1915248
+    - tests: turn modules off explicitly in spread go unti test
+    - o/snapshotstate: create snapshots directory on import
+    - cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
+    - interfaces: add allegro-vcu and media-control interfaces
+    - interfaces: opengl: add Xilinx zocl bits
+    - many: fix new ineffassign warnings
+    - interfaces/seccomp/template.go: allow copy_file_range
+    - interfaces: allow reading the Xauthority file KDE Plasma writes
+      for Wayland sessions
+    - data/selinux: allow system dbus to watch
+      /var/lib/snapd/dbus-1
+    - Remove apparmor downgrade feature
+    - Support tmp and log dirs on Yocto/Poky
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 08 Mar 2021 10:47:05 +0100
+
+snapd (2.49-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1915248
+    - many: add Delegate=true to generated systemd units for special
+      interfaces
+    - cmd/snap-bootstrap: rename ModeenvFromModel to
+      EphemeralModeenvForModel
+    - cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
+      recover+install
+    - osutil: skip TestReadBuildGo inside sbuild
+    - tests: fix umount for snapd snap on fsck-on-boot test
+    - snap/info_test.go: add unit test cases for bug
+    - tests/main/services-after-before: add regression spread test
+    - snap/info.go: ignore unknown daemons in SortSnapServices
+    - cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
+      seeds
+    - OpenGL interface: Support more Tegra libs
+    - interfaces/browser-support: allow sched_setaffinity with browser-
+      sandbox: true
+    - cmd: make string/error code more robust against errno leaking
+    - o/snapshotstate: handle conflicts between snapshot forget, export
+      and import
+    - cmd/snapd-generator: don't create mount overrides for snap-try
+      snaps inside lxc
+    - tests: update test pkg for fedora and centos
+    - gadget: pass sector size in to mkfs family of functions, use to
+      select block sz
+    - o/snapshotstate: fix returning of snap names when duplicated
+      snapshot is detected
+    - tests/main/snap-network-errors: skip flushing dns cache on
+      centos-7
+    - interfaces/builtin: Allow DBus property access on
+      org.freedesktop.Notifications
+    - cgroup-support.c: fix link to CGROUP DELEGATION
+    - osutil: update go-udev package
+    - packaging: fix arch-indep build on debian-sid
+    - {,sec}boot: pass "key-name" to the FDE hooks
+    - asserts: sort by revision with Sort interface
+    - gadget: add gadget.ResolveContentPaths()
+    - cmd/snap-repair: save base snap and mode in device info; other
+      misc cleanups
+    - tests: cleanup the run-checks script
+    - asserts: snapasserts method to validate installed snaps against
+      validation sets
+    - tests: normalize test tools - part 1
+    - snapshotstate: detect duplicated snapshot imports
+    - interfaces/builtin: fix unit test expecting snap-device-helper at
+      /usr/lib/snapd
+    - tests: apply workaround done for snap-advise-command to apt-hooks
+      test
+    - tests: skip main part of snap-advise test if 429 error is
+      encountered
+    - many: clarify gadget role-usage consistency checks for UC16/18 vs
+      UC20
+    - sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
+      broken tests on sid
+    - interfaces/builtin: more drive by fixes, import ordering, removing
+      dead code
+    - tests: skip interfaces-openvswitch spread test on debian sid
+    - interfaces/apparmor: drive by comment fix
+    - cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
+      usage
+    - cmd/libsnap-confine-private: make unit tests execute happily in a
+      container
+    - interfaces, wrappers: misc comment fixes, etc.
+    - asserts/repair.go: add "bases" and "modes" support to the repair
+      assertion
+    - interfaces/opengl: allow RPi MMAL video decoding
+    - snap: skip help output tests for go-flags v1.4.0
+    - gadget: add validation for "$kernel:ref" style content
+    - packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
+      containers
+    - spdx: update to SPDX license list version: 3.11 2020-11-25
+    - tests: improve hotplug test setup on classic
+    - tests: update check to verify is the current system is arm
+    - tests: use os-query tool to check debian, trusty and tumbleweed
+    - daemon: start moving implementation to api_snaps.go
+    - tests/main/snap-validate-basic: disable test on Fedora due to go-
+      flags panics
+    - tests: fix library path used for tests.pkgs
+    - tests/main/cohorts: replace yq with a Python snippet
+    - run-checks: update to match new argument syntax of ineffassign
+    - tests: use apiBaseSuite for snapshots tests, fix import endpoint
+      path
+    - many: separate consistency/content validation into
+      gadget.Validate|Content
+    - o/{device,snap}state: enable devmode snaps with dangerous model
+      assertions
+      secboot: add test for when systemd-run does not honor
+      RuntimeMaxSec
+    - secboot: add workaround for snapcore/core-initrd issue #13
+    - devicestate: log checkEncryption errors via logger.Noticef
+    - o/daemon: validation sets api and basic spread test
+    - gadget: move BuildPartitionList to install and make it unexported
+    - tests: add nested spread end-to-end test for fde-hooks
+    - devicestate: implement checkFDEFeatures()
+    - boot: tweak resealing with fde-setup hooks
+    - tests: add os query commands for subsystems and architectures
+    - o/snapshotstate: don't set auto flag in the snapshot file
+    - tests: use os.query tool instead of comparing the system var
+    - testutil: use the original environment when calling shellcheck
+    - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
+      init restrict file
+    - gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
+      instead set the implicit labels when loading the yaml
+    - secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
+      key
+    - gadget/quantity: introduce Offset, start using it for offset
+      related fields in the gadget
+    - gadget: use "sealed-keys" to determine what method to use for
+      reseal
+    - tests/main/fake-netplan-apply: disable test on xenial for now
+    - daemon: start splitting snaps op tests out of api_test.go
+    - testutil: make DBusTest use a custom bus configuration file
+    - tests: replace pkgdb.sh (library) with tests.pkgs (program)
+    - gadget: prepare gadget kernel refs (0/N)
+    - interfaces/builtin/docker-support: allow /run/containerd/s/...
+    - cmd/snap-preseed: reset run inhibit locks on --reset.
+    - boot: add sealKeyToModeenvUsingFdeSetupHook()
+    - daemon: reorg snap.go and split out sections and icons support
+      from api.go
+    - sandbox/seccomp: use snap-seccomp's stdout for getting version
+      info
+    - daemon: split find support to its own api_*.go files and move some
+      helpers
+    - tests: move snapstate config defaults tests to a separate file.
+    - bootloader/{lk,lkenv}: followups from #9695
+    - daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
+    - gadget,o/devicestate: set implicit values for schema and role
+      directly instead of relying on Effective* accessors
+    - daemon: split aliases support to its own api_*.go files
+    - gadget: start separating rule/convention validation from basic
+      soundness
+    - cmd/snap-update-ns: add better unit test for overname sorting
+    - secboot: use `fde-reveal-key` if available to unseal key
+    - tests: fix lp-1899664 test when snapd_x1 is not installed in the
+      system
+    - tests: fix the scenario when the "$SRC".orig file does not exist
+    - cmd/snap-update-ns: fix sorting of overname mount entries wrt
+      other entries
+    - devicestate: add runFDESetupHook() helper
+    - bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
+      structs
+    - daemon: split unsupported buy implementation to its own api_*.go
+      files
+    - tests: download timeout spread test
+    - gadget,o/devicestate: hybrid 18->20 ready volume setups should be
+      valid
+    - o/devicestate: save model with serial in the device save db
+    - bootloader: add check for prepare-image time and more tests
+      validating options
+    - interfaces/builtin/log_observe.go: allow controlling apparmor
+      audit levels
+    - hookstate: refactor around EphemeralRunHook
+    - cmd/snap: implement 'snap validate' command
+    - secboot,devicestate: add scaffoling for "fde-reveal-key" support
+    - boot: observe successful command line update, provide a default
+    - tests: New queries for the os tools
+    - bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
+      as path+"bak"
+    - osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
+      iface
+    - daemon: split out snapctl support and snap configuration support
+      to their own api_*.go files
+    - snapshotstate: improve handling of multiple errors
+    - tests: sign new nested-18|20* models to allow for generic serials
+    - bootloader: remove installableBootloader interface and methods
+    - seed: cleanup/drop some no longer valid TODOS, clarify some other
+      points
+    - boot: set kernel command line in modeenv during install
+    - many: rename disks.FindMatching... to FindMatching...WithFsLabel
+      and err type
+    - cmd/snap: suppress a case of spurious stdout logging from tests
+    - hookstate: add new HookManager.EphemeralRunHook()
+    - daemon: move some more api tests from daemon to daemon_test
+    - daemon: split apps and logs endpoints to api_apps.go and tests
+    - interfaces/utf: Add Ledger to U2F devices
+    - seed/seedwriter: consider modes when checking for deps
+      availability
+    - o/devicestate,daemon: fix reboot system action to not require a
+      system label
+    - cmd/snap-repair,store: increase initial retry time intervals,
+      stalling TODOs
+    - daemon: split interfacesCmd to api_interfaces.go
+    - github: run nested suite when commit is pushed to release branch
+    - client: reduce again the /v2/system-info timeout
+    - tests: reset fakestore unit status
+    - update-pot: fix typo in plural keyword spec
+    - tests: remove workarounds that add "ubuntu-save" if missing
+    - tests: add unit test for auto-refresh with validate-snap failure
+    - osutil: add helper for getting the kernel command line
+    - tests/main/uc20-create-partitions: verify ubuntu-save encryption
+      keys, tweak not MATCH
+    - boot: add kernel command lines to the modeenv file
+    - spread: bump delta ref, tweak repacking to make smaller delta
+      archives
+    - bootloader/lkenv: add v2 struct + support using it
+    - snapshotstate: add cleanup of abandonded snapshot imports
+    - tests: fix uc20-create-parition-* tests for updated gadget
+    - daemon: split out /v2/interfaces tests to api_interfaces_test.go
+    - hookstate: implement snapctl fde-setup-{request,result}
+    - wrappers, o/devicestate: remove EnableSnapServices
+    - tests: enable nested on 20.10
+    - daemon: simplify test helpers Get|PostReq into Req
+    - daemon: move general api to api_general*.go
+    - devicestate: make checkEncryption fde-setup hook aware
+    - client/snapctl, store: fix typos
+    - tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
+      before doing apt ops
+    - cmd/snap-bootstrap: update model cross-check considerations
+    - client,snapctl: add naive support for "stdin"
+    - many: add new "install-mode: disable" option
+    - osutil/disks: allow building on mac os
+    - data/selinux: update the policy to allow operations on non-tmpfs
+      /tmp
+    - boot: add helper for generating candidate kernel lines for
+      recovery system
+    - wrappers: generate D-Bus service activation files
+    - bootloader/many: rm ConfigFile, add Present for indicating
+      presence of bloader
+    - osutil/disks: allow mocking DiskFromDeviceName
+    - daemon: start cleaning up api tests
+    - packaging/arch: sync with AUR packaging
+    - bootloader: indicate when boot config was updated
+    - tests: Fix snap-debug-bootvars test to make it work on arm devices
+      and core18
+    - tests/nested/manual/core20-save: verify handling of ubuntu-save
+      with different system variants
+    - snap: use the boot-base for kernel hooks
+    - devicestate: support "storage-safety" defaults during install
+    - bootloader/lkenv: mv v1 to separate file,
+      include/lk/snappy_boot_v1.h: little fixups
+    - interfaces/fpga: add fpga interface
+    - store: download timeout
+    - vendor: update secboot repo to avoid including secboot.test binary
+    - osutil: add KernelCommandLineKeyValue
+    - gadget/gadget.go: allow system-recovery-{image,select} as roles in
+      gadget.yaml
+    - devicestate: implement boot.HasFDESetupHook
+    - osutil/disks: add DiskFromName to get a disk using a udev name
+    - usersession/agent: have session agent connect to the D-Bus session
+      bus
+    - o/servicestate: preserve order of services on snap restart
+    - o/servicestate: unlock state before calling wrappers in
+      doServiceControl
+    - spread: disable unattended-upgrades on ubuntu
+    - tests: testing new fedora 33 image
+    - tests: fix fsck on boot on arm devices
+    - tests: skip boot state test on arm devices
+    - tests: updated the systems to run prepare-image-grub test
+    - interfaces/raw_usb: allow read access to /proc/tty/drivers
+    - tests: unmount /boot/efi in fsck-on-boot test
+    - strutil/shlex,osutil/udev/netlink: minimally import go-check
+    - tests: fix basic20 test on arm devices
+    - seed: make a shared seed system label validation helper
+    - tests/many: enable some uc20 tests, delete old unneeded tests or
+      TODOs
+    - boot/makebootable.go: set snapd_recovery_mode=install at image-
+      build time
+    - tests: migrate test from boot.sh helper to boot-state tool
+    - asserts: implement "storage-safety" in uc20 model assertion
+    - bootloader: use ForGadget when installing boot config
+    - spread: UC20 no longer needs 2GB of mem
+    - cmd/snap-confine: implement snap-device-helper internally
+    - bootloader/grub: replace old reference to Managed...Blr... with
+      Trusted...Blr...
+    - cmd/snap-bootstrap: add readme for snap-bootstrap + real state
+      diagram
+    - interfaces: fix greengrass attr namingThe flavor attribute names
+      are now as follows:
+    - tests/lib/nested: poke the API to get the snap revisions
+    - tests: compare options of mount units created by snapd and snapd-
+      generator
+    - o/snapstate,servicestate: use service-control task for service
+      actions
+    - sandbox: track applications unconditionally
+    - interfaces/greengrass-support: add additional "process" flavor for
+      1.11 update
+    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 10 Feb 2021 10:47:17 +0100
+
+snapd (2.48.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1906690
+    - tests: sign new nested-18|20* models to allow for generic serials
+    - secboot: add extra paranoia when waiting for that fde-reveal-key
+    - tests: backport netplan workarounds from #9785
+    - secboot: add workaround for snapcore/core-initrd issue #13
+    - devicestate: log checkEncryption errors via logger.Noticef
+    - tests: add nested spread end-to-end test for fde-hooks
+    - devicestate: implement checkFDEFeatures()
+    - boot: tweak resealing with fde-setup hooks
+    - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
+      init restrict file
+    - secboot: add new LockSealedKeys() that uses either TPM or
+      fde-reveal-key
+    - gadget: use "sealed-keys" to determine what method to use for
+      reseal
+    - boot: add sealKeyToModeenvUsingFdeSetupHook()
+    - secboot: use `fde-reveal-key` if available to unseal key
+    - cmd/snap-update-ns: fix sorting of overname mount entries wrt
+      other entries
+    - o/devicestate: save model with serial in the device save db
+    - devicestate: add runFDESetupHook() helper
+    - secboot,devicestate: add scaffoling for "fde-reveal-key" support
+    - hookstate: add new HookManager.EphemeralRunHook()
+    - update-pot: fix typo in plural keyword spec
+    - store,cmd/snap-repair: increase initial expontential time
+      intervals
+    - o/devicestate,daemon: fix reboot system action to not require a
+      system label
+    - github: run nested suite when commit is pushed to release branch
+    - tests: reset fakestore unit status
+    - tests: fix uc20-create-parition-* tests for updated gadget
+    - hookstate: implement snapctl fde-setup-{request,result}
+    - devicestate: make checkEncryption fde-setup hook aware
+    - client,snapctl: add naive support for "stdin"
+    - devicestate: support "storage-safety" defaults during install
+    - snap: use the boot-base for kernel hooks
+    - vendor: update secboot repo to avoid including secboot.test binary
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 15 Dec 2020 20:21:44 +0100
+
+snapd (2.48.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1906690
+    - gadget: disable ubuntu-boot role validation check
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Dec 2020 17:43:30 +0100
+
+snapd (2.48-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1904098
+    - osutil: add KernelCommandLineKeyValue
+    - devicestate: implement boot.HasFDESetupHook
+    - boot/makebootable.go: set snapd_recovery_mode=install at image-
+      build time
+    - bootloader: use ForGadget when installing boot config
+    - interfaces/raw_usb: allow read access to /proc/tty/drivers
+    - boot: add scaffolding for "fde-setup" hook support for sealing
+    - tests: fix basic20 test on arm devices
+    - seed: make a shared seed system label validation helper
+    - snap: add new "fde-setup" hooktype
+    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
+    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
+      device handling
+    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
+      messiness
+    - tests/nested/manual/refresh-revert-fundamentals: temporarily
+      disable secure boot
+    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
+      boot modes
+    - many: address degraded recover mode feedback, cleanups
+    - tests: Use systemd-run on tests part2
+    - tests: set the opensuse tumbleweed system as manual in spread.yaml
+    - secboot: call BlockPCRProtectionPolicies even if the TPM is
+      disabled
+    - vendor: update to current secboot
+    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
+      save
+    - spread.yaml: increase number of workers on 20.10
+    - snap: add new `snap recovery --show-keys` option
+    - tests: minor test tweaks suggested in the review of 9607
+    - snapd-generator: set standard snapfuse options when generating
+      units for containers
+    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
+    - interfaces: share /tmp/.X11-unix/ from host or provider
+    - tests: enable main lxd test on 20.10
+    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
+      degraded mode
+    - gadget/install: add progress logging
+    - packaging: keep secboot/encrypt_dummy.go in debian
+    - interfaces/udev: use distro specific path to snap-device-helper
+    - o/devistate: fix chaining of tasks related to regular snaps when
+      preseeding
+    - gadget, overlord/devicestate: validate that system supports
+      encrypted data before install
+    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
+      ESP layout
+    - many: add /v2/system-recovery-keys API and client
+    - secboot, many: return UnlockMethod from Unlock* methods for future
+      usage
+    - many: mv keys to ubuntu-boot, move model file, rename keyring
+      prefix for secboot
+    - tests: using systemd-run instead of manually create a systemd unit
+      - part 1
+    - secboot, cmd/snap-bootstrap: enable or disable activation with
+      recovery key
+    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
+      disks first
+    - secboot: add LockTPMSealedKeys() to lock access to keys
+      independently
+    - gadget: correct sfdisk arguments
+    - bootloader/assets/grub: adjust fwsetup menuentry label
+    - tests: new boot state tool
+    - spread: use the official image for Ubuntu 20.10, no longer an
+      unstable system
+    - tests/lib/nested: enable snapd logging to console for core18
+    - osutil/disks: re-implement partition searching for disk w/ non-
+      adjacent parts
+    - tests: using the nested-state tool in nested tests
+    - many: seal a fallback object to the recovery boot chain
+    - gadget, gadget/install: move helpers to install package, refactor
+      unit tests
+    - dirs: add "gentoo" to altDirDistros
+    - update-pot: include file locations in translation template, and
+      extract strings from desktop files
+    - gadget/many: drop usage of gpt attr 59 for indicating creation of
+      partitions
+    - gadget/quantity: tweak test name
+    - snap: fix failing unittest for quantity.FormatDuration()
+    - gadget/quantity: introduce a new package that captures quantities
+    - o/devicestate,a/sysdb: make a backup of the device serial to save
+    - tests: fix rare interaction of tests.session and specific tests
+    - features: enable classic-preserves-xdg-runtime-dir
+    - tests/nested/core20/save: check the bind mount and size bump
+    - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
+    - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
+      tests
+    - o/devicestate: unit test tweaks
+    - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
+    - testutil, cmd/snap/version: fix misc little errors
+    - overlord/devicestate: bind mount ubuntu-save under
+      /var/lib/snapd/save on startup
+    - gadget/internal: tune ext4 setting for smaller filesystems
+    - tests/nested/core20/save: a test that verifies ubuntu-save is
+      present and set up
+    - tests: update google sru backend to support groovy
+    - o/ifacestate: handle interface hooks when preseeding
+    - tests: re-enable the apt hooks test
+    - interfaces,snap: use correct type: {os,snapd} for test data
+    - secboot: set metadata and keyslots sizes when formatting LUKS2
+      volumes
+    - tests: improve uc20-create-partitions-reinstall test
+    - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
+    - cmd/snap-bootstrap: mount ubuntu-save during boot if present
+    - secboot: fix doc comment on helper for unlocking volume with key
+    - tests: add spread test for refreshing from an old snapd and core18
+    - o/snapstate: generate snapd snap wrappers again after restart on
+      refresh
+    - secboot: version bump, unlock volume with key
+    - tests/snap-advise-command: re-enable test
+    - cmd/snap, snapmgr, tests: cleanups after #9418
+    - interfaces: deny connected x11 plugs access to ICE
+    - daemon,client: write and read a maintenance.json file for when
+      snapd is shut down
+    - many: update to secboot v1 (part 1)
+    - osutil/disks/mockdisk: panic if same mountpoint shows up again
+      with diff opts
+    - tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
+      reseal tests
+    - many: implement snap routine console-conf-start for synchronizing
+      auto-refreshes
+    - dirs, boot: add ubuntu-save directories and related locations
+    - usersession: fix typo in test name
+    - overlord/snapstate: refactor ihibitRefresh
+    - overlord/snapstate: stop warning about inhibited refreshes
+    - cmd/snap: do not hardcode snapshot age value
+    - overlord,usersession: initial notifications of pending refreshes
+    - tests: add a unit test for UpdateMany where a single snap fails
+    - o/snapstate/catalogrefresh.go: don't refresh catalog in install
+      mode uc20
+    - tests: also check snapst.Current in undo-unlink tests
+    - tests: new nested tool
+    - o/snapstate: implement undo handler for unlink-snap
+    - tests: clean systems.sh helper and migrate last set of tests
+    - tests: moving the lib section from systems.sh helper to os.query
+      tool
+    - tests/uc20-create-partitions: don't check for grub.cfg
+    - packaging: make sure that static binaries are indeed static, fix
+      openSUSE
+    - many: have install return encryption keys for data and save,
+      improve tests
+    - overlord: add link participant for linkage transitions
+    - tests: lxd smoke test
+    - tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
+      seed too
+    - tests: moving main suite from systems.sh to os.query tool
+    - tests: moving the core test suite from systems.sh to os.query tool
+    - cmd/snap-confine: mask host's apparmor config
+    - o/snapstate: move setting updated SnapState after error paths
+    - tests: add value to INSTANCE_KEY/regular
+    - spread, tests: tweaks for openSUSE
+    - cmd/snap-confine: update path to snap-device-helper in AppArmor
+      profile
+    - tests: new os.query tool
+    - overlord/snapshotstate/backend: specify tar format for snapshots
+    - tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
+      UC20
+    - client,daemon,snap: auto-import does not error on managed devices
+    - interfaces: PTP hardware clock interface
+    - tests: use tests.backup tool
+    - many: verify that unit tests work with nosecboot tag and without
+      secboot package
+    - wrappers: do not error out on read-only /etc/dbus-1/session.d
+      filesystem on core18
+    - snapshots: import of a snapshot set
+    - tests: more output for sbuild test
+    - o/snapstate: re-order remove tasks for individual snap revisions
+      to remove current last
+    - boot: skip some unit tests when running as root
+    - o/assertstate: introduce
+      ValidationTrackingKey/ValidationSetTracking and basic methods
+    - many: allow ignoring running apps for specific request
+    - tests: allow the searching test to fail under load
+    - overlord/snapstate: inhibit startup while unlinked
+    - seed/seedwriter/writer.go: check DevModeConfinement for dangerous
+      features
+    - tests/main/sudo-env: snap bin is available on Fedora
+    - boot, overlord/devicestate: list trusted and managed assets
+      upfront
+    - gadget, gadget/install: support for ubuntu-save, create one during
+      install if needed
+    - spread-shellcheck: temporary workaround for deadlock, drop
+      unnecessary test
+    - snap: support different exit-code in the snap command
+    - logger: use strutil.KernelCommandLineSplit in
+      debugEnabledOnKernelCmdline
+    - logger: fix snapd.debug=1 parsing
+    - overlord: increase refresh postpone limit to 14 days
+    - spread-shellcheck: use single thread pool executor
+    - gadget/install,secboot: add debug messages
+    - spread-shellcheck: speed up spread-shellcheck even more
+    - spread-shellcheck: process paths from arguments in parallel
+    - tests: tweak error from tests.cleanup
+    - spread: remove workaround for openSUSE go issue
+    - o/configstate: create /etc/sysctl.d when applying early config
+      defaults
+    - tests: new tests.backup tool
+    - tests: add tests.cleanup pop sub-command
+    - tests: migration of the main suite to snaps-state tool part 6
+    - tests: fix journal-state test
+    - cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
+      recover files
+    - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
+      same IP addr
+    - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
+      building snapd
+    - boot, gadget, bootloader: observer preserves managed bootloader
+      configs
+    - tests/nested/manual: add uc20 grade signed cloud-init test
+    - o/snapstate/autorefresh.go: eliminate race when launching
+      autorefresh
+    - daemon,snapshotstate: do not return "size" from Import()
+    - daemon: limit reading from snapshot import to Content-Length
+    - many: set/expect Content-Length header when importing snapshots
+    - github: switch from ::set-env command to environment file
+    - tests: migration of the main suite to snaps-state tool part 5
+    - client: cleanup the Client.raw* and Client.do* method families
+    - tests: moving main suite to snaps-state tool part 4
+    - client,daemon,snap: use constant for snapshot content-type
+    - many: fix typos and repeated "the"
+    - secboot: fix tpm connection leak when it's not enabled
+    - many: scaffolding for snapshots import API
+    - run-checks: run spread-shellcheck too
+    - interfaces: update network-manager interface to allow
+      ObjectManager access from unconfined clients
+    - tests: move core and regression suites to snaps-state tool
+    - tests: moving interfaces tests to snaps-state tool
+    - gadget: preserve files when indicated by content change observer
+    - tests: moving smoke test suite and some tests from main suite to
+      snaps-state tool
+    - o/snapshotstate: pass set id to backend.Open, update tests
+    - asserts/snapasserts: introduce ValidationSets
+    - o/snapshotstate: improve allocation of new set IDs
+    - boot: look at the gadget for run mode bootloader when making the
+      system bootable
+    - cmd/snap: allow snap help vs --all to diverge purposefully
+    - usersession/userd: separate bus name ownership from defining
+      interfaces
+    - o/snapshotstate: set snapshot set id from its filename
+    - o/snapstate: move remove-related tests to snapstate_remove_test.go
+    - desktop/notification: switch ExpireTimeout to time.Duration
+    - desktop/notification: add unit tests
+    - snap: snap help output refresh
+    - tests/nested/manual/preseed: include a system-usernames snap when
+      preseeding
+    - tests: fix sudo-env test
+    - tests: fix nested core20 shellcheck bug
+    - tests/lib: move to new directory when restoring PWD, cleanup
+      unpacked unpacked snap directories
+    - desktop/notification: add bindings for FDO notifications
+    - dbustest: fix stale comment references
+    - many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
+      drop former
+    - snap-repair: add uc20 support
+    - tests: print all the serial logs for the nested test
+    - o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
+      bug in test
+    - cmd/snap/auto-import: stop importing system user assertions from
+      initramfs mnts
+    - osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
+      as Unknown*
+    - asserts: deserialize grouping only once in Pool.AddBatch if needed
+    - gadget: allow content observer to have opinions about a change
+    - tests: new snaps-state command - part1
+    - o/assertstate: support refreshing any number of snap-declarations
+    - boot: use test helpers
+    - tests/core/snap-debug-bootvars: also check snap_mode
+    - many/apparmor: adjust rules for reading profile/ execing new
+      profiles for new kernel
+    - tests/core/snap-debug-bootvars: spread test for snap debug boot-
+      vars
+    - tests/lib/nested.sh: more little tweaks
+    - tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
+    - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
+      recover modes
+    - overlord: explicitly set refresh-app-awareness in tests
+    - kernel: remove "edition" from kernel.yaml and add "update"
+    - spread: drop vendor from the packed project archive
+    - boot: fix debug bootloader variables dump on UC20 systems
+    - wrappers, systemd: allow empty root dir and conditionally do not
+      pass --root to systemctl
+    - tests/nested/manual: add test for grades above signed booting with
+      testkeys
+    - tests/nested: misc robustness fixes
+    - o/assertstate,asserts: use bulk refresh to refresh snap-
+      declarations
+    - tests/lib/prepare.sh: stop patching the uc20 initrd since it has
+      been updated now
+    - tests/nested/manual/refresh-revert-fundamentals: re-enable test
+    - update-pot: ignore .go files inside .git when running xgettext-go
+    - tests: disable part of the lxd test completely on 16.04.
+    - o/snapshotstate: tweak comment regarding snapshot filename
+    - o/snapstate: improve snapshot iteration
+    - bootloader: lk cleanups
+    - tests: update to support nested kvm without reboots on UC20
+    - tests/nested/manual/preseed: disable system-key check for 20.04
+      image
+    - spread.yaml: add ubuntu-20.10-64 to qemu
+    - store: handle v2 error when fetching assertions
+    - gadget: resolve device mapper devices for fallback device lookup
+    - tests/nested/cloud-init-many: simplify tests and unify
+      helpers/seed inputs
+    - tests: copy /usr/lib/snapd/info to correct directory
+    - check-pr-title.py * : allow "*" in the first part of the title
+    - many: typos and small test tweak
+    - tests/main/lxd: disable cgroup combination for 16.04 that is
+      failing a lot
+    - tests: make nested signing helpers less confusing
+    - tests: misc nested changes
+    - tests/nested/manual/refresh-revert-fundamentals: disable
+      temporarily
+    - tests/lib/cla_check: default to Python 3, tweaks, formatting
+    - tests/lib/cl_check.py: use python3 compatible code
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 Nov 2020 17:51:02 +0100
+
+snapd (2.47.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1895929
+    - o/configstate: create /etc/sysctl.d when applying early config
+      defaults
+    - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
+      same IP addr
+    - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
+      building snapd
+    - cmd/snap: allow snap help vs --all to diverge purposefully
+    - snap: snap help output refresh
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 08 Oct 2020 09:30:44 +0200
+
+snapd (2.47-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1895929
+    - tests: fix nested core20 shellcheck bug
+    - many/apparmor: adjust rule for reading apparmor profile for new
+      kernel
+    - snap-repair: add uc20 support
+    - cmd/snap/auto-import: stop importing system user assertions from
+      initramfs mnts
+    - cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
+      recover modes
+    - gadget: resolve device mapper devices for fallback device lookup
+    - secboot: add boot manager profile to pcr protection profile
+    - sysconfig,o/devicestate: mv DisableNoCloud to
+      DisableAfterLocalDatasourcesRun
+    - tests: make gadget-reseal more robust
+    - tests: skip nested images pre-configuration by default
+    - tests: fix for basic20 test running on external backend and rpi
+    - tests: improve kernel reseal test
+    - boot: adjust comments, naming, log success around reseal
+    - tests/nested, fakestore: changes necessary to run nested uc20
+      signed/secured tests
+    - tests: add nested core20 gadget reseal test
+    - boot/modeenv: track unknown keys in Read and put back into modeenv
+      during Write
+    - interfaces/process-control: add sched_setattr to seccomp
+    - boot: with unasserted kernels reseal if there's a hint modeenv
+      changed
+    - client: bump the default request timeout to 120s
+    - configcore: do not error in console-conf.disable for install mode
+    - boot: streamline bootstate20.go reseal and tests changes
+    - boot: reseal when changing kernel
+    - cmd/snap/model: specify grade in the model command output
+    - tests: simplify
+      repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
+    - test: improve logging in nested tests
+    - nested: add support to telnet to serial port in nested VM
+    - secboot: use the snapcore/secboot native recovery key type
+    - tests/lib/nested.sh: use more focused cloud-init config for uc20
+    - tests/lib/nested.sh: wait for the tpm socket to exist
+    - spread.yaml, tests/nested: misc changes
+    - tests: add more checks to disk space awareness spread test
+    - tests: disk space awareness spread test
+    - boot: make MockUC20Device use a model and MockDevice more
+      realistic
+    - boot,many: reseal only when meaningful and necessary
+    - tests/nested/core20/kernel-failover: add test for failed refresh
+      of uc20 kernel
+    - tests: fix nested to work with qemu and kvm
+    - boot: reseal when updating boot assets
+    - tests: fix snap-routime-portal-info test
+    - boot: verify boot chain file in seal and reseal tests
+    - tests: use full path to test-snapd-refresh.version binary
+    - boot: store boot chains during install, helper for checking
+      whether reseal is needed
+    - boot: add call to reseal an existing key
+    - boot: consider boot chains with unrevisioned kernels incomparable
+    - overlord: assorted typos and miscellaneous changes
+    - boot: group SealKeyModelParams by model, improve testing
+    - secboot: adjust parameters to buildPCRProtectionProfile
+    - strutil: add SortedListsUniqueMergefrom the doc comment:
+    - snap/naming: upgrade TODO to TODO:UC20
+    - secboot: add call to reseal an existing key
+    - boot: in seal.go adjust error message and function names
+    - o/snapstate: check available disk space in RemoveMany
+    - boot: build bootchains data for sealing
+    - tests: remove "set -e" from function only shell libs
+    - o/snapstate: disk space check on UpdateMany
+    - o/snapstate: disk space check with snap update
+    - snap: implement new `snap reboot` command
+    - boot: do not reorder boot assets when generating predictable boot
+      chains and other small tweaks
+    - tests: some fixes and improvements for nested execution
+    - tests/core/uc20-recovery: fix check for at least specific calls to
+      mock-shutdown
+    - boot: be consistent using bootloader.Role* consts instead of
+      strings
+    - boot: helper for generating secboot load chains from a given boot
+      asset sequence
+    - boot: tweak boot chains to support a list of kernel command lines,
+      keep track of model and kernel boot file
+    - boot,secboot: switch to expose and use snapcore/secboot load event
+      trees
+    - tests: use `nested_exec` in core{20,}-early-config test
+    - devicestate: enable cloud-init on uc20 for grade signed and
+      secured
+    - boot: add "rootdir" to baseBootenvSuite and use in tests
+    - tests/lib/cla_check.py: don't allow users.noreply.github.com
+      commits to pass CLA
+    - boot: represent boot chains, helpers for marshalling and
+      equivalence checks
+    - boot: mark successful with boot assets
+    - client, api: handle insufficient space error
+    - o/snapstate: disk space check with single snap install
+    - configcore: "service.console-conf.disable" is gadget defaults only
+    - packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
+      AppArmor profile path
+    - tests: skip udp protocol in nfs-support test on ubuntu-20.10
+    - packaging/debian-sid: tweak code preparing _build tree
+    - many: move seal code from gadget/install to boot
+    - tests: remove workaround for cups on ubuntu-20.10
+    - client: implement RebootToSystem
+    - many: seed.Model panics now if called before LoadAssertions
+    - daemon: add /v2/systems "reboot" action API
+    - github: run tests also on push to release branches
+    - interfaces/bluez: let slot access audio streams
+    - seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
+      new seed.ReadSystemEssential
+    - interfaces: allow snap-update-ns to read /proc/cmdline
+    - tests: new organization for nested tests
+    - o/snapstate, features: add feature flags for disk space awareness
+    - tests: workaround for cups issue on 20.10 where default printer is
+      not configured.
+    - interfaces: update cups-control and add cups for providing snaps
+    - boot: keep track of the original asset when observing updates
+    - tests: simplify and fix tests for disk space checks on snap remove
+    - sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
+      cloud.conf
+    - tests/main: mv core specific tests to core suite
+    - tests/lib/nested.sh: reset the TPM when we create the uc20 vm
+    - devicestate: rename "mockLogger" to "logbuf"
+    - many: introduce ContentChange for tracking gadget content in
+      observers
+    - many: fix partion vs partition typo
+    - bootloader: retrieve boot chains from bootloader
+    - devicestate: add tests around logging in RequestSystemAction
+    - boot: handle canceled update
+    - bootloader: tweak doc comments (thanks Samuele)
+    - seed/seedwriter: test local asserted snaps with UC20 grade signed
+    - sysconfig/cloudinit.go: add DisableNoCloud to
+      CloudInitRestrictOptions
+    - many: use BootFile type in load sequences
+    - boot,bootloader: clarifications after the changes to introduce
+      bootloader.Options.Role
+    - boot,bootloader,gadget: apply new bootloader.Options.Role
+    - o/snapstate, features: add feature flag for disk space check on
+      remove
+    - testutil: add checkers for symbolic link target
+    - many: refactor tpm seal parameter setting
+    - boot/bootstate20: reboot to rollback to previous kernel
+    - boot: add unit test helpers
+    - boot: observe update & rollback of trusted assets
+    - interfaces/utf: Add MIRKey to u2f devices
+    - o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
+      cloud-init tests
+    - many: check that users of BaseTest don't forget to consume
+      cleanups
+    - tests/nested/core20/tpm: verify trusted boot assets tracking
+    - github: run macOS job with Go 1.14
+    - many: misc doc-comment changes and typo fixes
+    - o/snapstate: disk space check with InstallMany
+    - many: cloud-init cleanups from previous PR's
+    - tests: running tests on opensuse leap 15.2
+    - run-checks: check for dirty build tree too
+    - vendor: run ./get-deps.sh to update the secboot hash
+    - tests: update listing test for "-dirty" versions
+    - overlord/devicestate: do not release the state lock when updating
+      gadget assets
+    - secboot: read kernel efi image from snap file
+    - snap: add size to the random access file return interface
+    - daemon: correctly parse Content-Type HTTP header.
+    - tests: account for apt-get on core18
+    - cmd/snap-bootstrap/initramfs-mounts: compute string outside of
+      loop
+    - mkversion.sh: simple hack to include dirty in version if the tree
+      is dirty
+    - cgroup,snap: track hooks on system bus only
+    - interfaces/systemd: compare dereferenced Service
+    - run-checks: only check files in git for misspelling
+    - osutil: add a package doc comment (via doc.go)
+    - boot: complain about reused asset name during initial install
+    - snapstate: installSize helper that calculates total size of snaps
+      and their prerequisites
+    - snapshots: export of snapshots
+    - boot/initramfs_test.go: reset boot vars on the bootloader for each
+      iteration
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 29 Sep 2020 17:19:13 +0200
+
+snapd (2.46.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1891134
+    - interfaces: allow snap-update-ns to read
+      /proc/cmdline
+    - github: run macOS job with Go 1.14
+    - o/snapstate, features: add feature flag for disk space check on
+      remove
+    - tests: account for apt-get on core18
+    - mkversion.sh: include dirty in version if the tree
+      is dirty
+    - interfaces/systemd: compare dereferenced Service
+    - vendor.json: update mysterious secboot SHA again
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Sep 2020 17:42:54 +0200
+
+snapd (2.46-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1891134
+    - logger: add support for setting snapd.debug=1 on kernel cmdline
+    - o/snapstate: check disk space before creating automatic snapshot
+      on remove
+    - boot, o/devicestate: observe existing recovery bootloader trusted
+      boot assets
+    - many: use transient scope for tracking apps and hooks
+    - features: add HiddenSnapFolder feature flag
+    - tests/lib/nested.sh: fix partition typo, unmount the image on uc20
+      too
+    - runinhibit: open the lock file in read-only mode in IsLocked
+    - cmd/s-b/initramfs-mounts: make recover -> run mode transition
+      automatic
+    - tests: update spread test for unknown plug/slot with snapctl is-
+      connected
+    - osutil: add OpenExistingLockForReading
+    - kernel: add kernel.Validate()
+    - interfaces: add vcio interface
+    - interfaces/{docker,kubernetes}-support: load overlay and support
+      systemd cgroup driver
+    - tests/lib/nested.sh: use more robust code for finding what loop
+      dev we mounted
+    - cmd/snap-update-ns: detach all bind-mounted file
+    - snap/snapenv: set SNAP_REAL_HOME
+    - packaging: umount /snap on purge in containers
+    - interfaces: misc policy updates xlvi
+    - secboot,cmd/snap-bootstrap: cross-check partitions before
+      unlocking, mounting
+    - boot: copy boot assets cache to new root
+    - gadget,kernel: add new kernel.{Info,Asset} struct and helpers
+    - o/hookstate/ctlcmd: make is-connected check whether the plug or
+      slot exists
+    - tests: find -ignore_readdir_race when scanning cgroups
+    - interfaces/many: deny arbitrary desktop files and misc from
+      /usr/share
+    - tests: use "set -ex" in prep-snapd-in-lxd.sh
+    - tests: re-enable udisks test on debian-sid
+    - cmd/snapd-generator: use PATH fallback if PATH is not set
+    - tests: disable udisks2 test on arch linux
+    - github: use latest/stable go, not latest/edge
+    - tests: remove support for ubuntu 19.10 from spread tests
+    - tests: fix lxd test wrongly tracking 'latest'
+    - secboot: document exported functions
+    - cmd: compile snap gdbserver shim correctly
+    - many: correctly calculate the desktop file prefix everywhere
+    - interfaces: add kernel-crypto-api interface
+    - corecfg: add "system.timezone" setting to the system settings
+    - cmd/snapd-generator: generate drop-in to use fuse in container
+    - cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
+      from previous PR
+    - interfaces/many: miscellaneous updates for strict microk8s
+    - secboot,cmd/snap-bootstrap: don't import boot package from secboot
+    - cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
+      the-tool
+    - tests: work around broken update of systemd-networkd
+    - tests/main/install-fontconfig-cache-gen: enhance test by
+      verifying, add fonts to test
+    - o/devicestate: wrap asset update observer error
+    - boot: refactor such that bootStateUpdate20 mainly carries Modeenv
+    - mkversion.sh: disallow changelog versions that have git in it, if
+      we also have git version
+    - interfaces/many: miscellaneous updates for strict microk8s
+    - snap: fix repeated "cannot list recovery system" and add test
+    - boot: track trusted assets during initial install, assets cache
+    - vendor: update secboot to fix key data validation
+    - tests: unmount FUSE file-systems from XDG runtime dir
+    - overlord/devicestate: workaround non-nil interface with nil struct
+    - sandbox/cgroup: remove temporary workaround for multiple cgroup
+      writers
+    - sandbox/cgroup: detect dangling v2 cgroup
+    - bootloader: add helper for creating a bootloader based on gadget
+    - tests: support different images on nested execution
+    - many: reorg cmd/snapinfo.go into snap and new client/clientutil
+    - packaging/arch: use external linker when building statically
+    - tests: cope with ghost cgroupv2
+    - tests: fix issues related to restarting systemd-logind.service
+    - boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
+      gadget updates
+    - vendor: update github.com/kr/pretty to fix diffs of values with
+      pointer cycles
+    - boot: move bootloaderKernelState20 impls to separate file
+    - .github/workflows: move snap building to test.yaml as separate
+      cached job
+    - tests/nested/manual/minimal-smoke: run core smoke tests in a VM
+      meeting minimal requirements
+    - osutil: add CommitAs to atomic file
+    - gadget: introduce content update observer
+    - bootloader: introduce TrustedAssetsBootloader, implement for grub
+    - o/snapshotstate: helpers for calculating disk space needed for an
+      automatic snapshot
+    - gadget/install: retrieve command lines from bootloader
+    - boot/bootstate20: unify commit method impls, rm
+      bootState20MarkSuccessful
+    - tests: add system information and image information when debug
+      info is displayed
+    - tests/main/cgroup-tracking: try to collect some information about
+      cgroups
+    - boot: introduce current_boot_assets and
+      current_recovery_boot_assets to modeenv
+    - tests: fix for timing issues on journal-state test
+    - many: remove usage and creation of hijacked pid cgroup
+    - tests: port regression-home-snap-root-owned to tests.session
+    - tests: run as hightest via tests.session
+    - github: run CLA checks on self-hosted workers
+    - github: remove Ubuntu 19.10 from actions workflow
+    - tests: remove End-Of-Life opensuse/fedora releases
+    - tests: remove End-Of-Life releases from spread.yaml
+    - tests: fix debug section of appstream-id test
+    - interfaces: check !b.preseed earlier
+    - tests: work around bug in systemd/debian
+    - boot: add deepEqual, Copy helpers for Modeenv to simplify
+      bootstate20 refactor
+    - cmd: add new "snap recovery" command
+    - interfaces/systemd: use emulation mode when preseeding
+    - interfaces/kmod: don't load kernel modules in kmod backend when
+      preseeding
+    - interfaces/udev: do not reload udevadm rules when preseeding
+    - cmd/snap-preseed: use snapd from the deb if newer than from seeds
+    - boot: fancy marshaller for modeenv values
+    - gadget, osutil: use atomic file copy, adjust tests
+    - overlord: use new tracking cgroup for refresh app awareness
+    - github: do not skip gofmt with Go 1.9/1.10
+    - many: introduce content write observer, install mode glue, initial
+      seal stubs
+    - daemon,many: switch to use client.ErrorKind and drop the local
+      errorKind...
+    - tests: new parameters for nested execution
+    - client: move all error kinds into errors.go and add doc strings
+    - cmd/snap: display the error in snap debug seeding if seeding is in
+      error
+    - cmd/snap/debug/seeding: use unicode for proper yaml
+    - tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
+      recovery_mode
+    - osutil/disks: add mock disk and tests for happy path of mock disks
+    - tests: refresh/revert snapd in uc20
+    - osutil/disks: use a dedicated error to indicate a fs label wasn't
+      found
+    - interfaces/system-key: in WriteSystemKey during tests, don't call
+      ParserFeatures
+    - boot: add current recovery systems to modeenv
+    - bootloader: extend managed assets bootloader interface to compose
+      a candidate command line
+    - interfaces: make the unmarshal test match more the comment
+    - daemon/api: use pointers to time.Time for debug seeding aspect
+    - o/ifacestate: update security profiles in connect undo handler
+    - interfaces: add uinput interface
+    - cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
+      tests
+    - o/devicestate: save seeding/preseeding times for use with debug
+      seeding api
+    - cmd/snap/debug: add "snap debug seeding" command for preseeding
+      debugging
+    - tests/main/selinux-clean: workaround SELinux denials triggered by
+      linger setup on Centos8
+    - bootloader: compose command line with mode and extra arguments
+    - cmd/snap, daemon: detect and bail purge on multi-snap
+    - o/ifacestate: fix bug in snapsWithSecurityProfiles
+    - interfaces/builtin/multipass: replace U+00A0 no-break space with
+      simple space
+    - bootloader/assets: generate bootloader assets from files
+    - many/tests/preseed: reset the preseeded images before preseeding
+      them
+    - tests: drop accidental accents from e
+    - secboot: improve key sealing tests
+    - tests: replace _wait_for_file_change with retry
+    - tests: new fs-state which replaces the files.sh helper
+    - sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
+      from path
+    - cmd/snap: track started apps and hooks
+    - tests/main/interfaces-pulseaudio: disable start limit checking for
+      pulseaudio service
+    - api: seeding debug api
+    - .github/workflows/snap-build.yaml: build the snapd snap via GH
+      Actions too
+    - tests: moving journalctl.sh to a new journal-state tool
+    - tests/nested/manual: add spread tests for cloud-init vuln
+    - bootloader/assets: helpers for registering per-edition snippets,
+      register snippets for grub
+    - data,packaging,wrappers: extend D-Bus service activation search
+      path
+    - spread: add opensuse 15.2 and tumbleweed for qemu
+    - overlord,o/devicestate: restrict cloud-init on Ubuntu Core
+    - sysconfig/cloudinit: add RestrictCloudInit
+    - cmd/snap-preseed: check that target path exists and is a directory
+      on --reset
+    - tests: check for pids correctly
+    - gadget,gadget/install: refactor partition table update
+    - sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
+      type
+    - interface/fwupd: add more policies for making fwupd upstream
+      strict
+    - tests: new to-one-line tool which replaces the strings.sh helper
+    - interfaces: new helpers to get and compare system key, for use
+      with seeding debug api
+    - osutil, many: add helper for checking whether the process is a go
+      test binary
+    - cmd/snap-seccomp/syscalls: add faccessat2
+    - tests: adjust xdg-open after launcher changes
+    - tests: new core config helper
+    - usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
+      open
+    - cmd/snap-preseed: handle relative chroot path
+    - snapshotstate: move sizer to osutil.Sizer()
+    - tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
+      kernel tests
+    - gadget/install,secboot: use snapcore/secboot luks2 api
+    - boot/initramfs_test.go: add Commentf to more Assert()'s
+    - tests/lib: account for changes in arch package file name extension
+    - bootloader/bootloadertest: fix comment typo
+    - bootloader: add helper for getting recovery system environment
+      variables
+    - tests: preinstall shellcheck and run tests on focal
+    - strutil: add a helper for parsing kernel command line
+    - osutil: add CheckFreeSpace helper
+    - secboot: update tpm connection error handling
+    - packaging, cmd/snap-mgmt, tests: remove modules files on purge
+    - tests: add tests.cleanup helper
+    - packaging: add "ca-certificates" to build-depends
+    - tests: more checks in core20 early config spread test
+    - tests: fix some snapstate tests to use pointers for
+      snapmgrTestSuite
+    - boot: better naming of helpers for obtaining kernel command line
+    - many: use more specific check for unit test mocking
+    - systemd/escape: fix issues with "" and "\t" handling
+    - asserts: small improvements and corrections for sequence-forming
+      assertions' support
+    - boot, bootloader: query kernel command line of run mod and
+      recovery mode systems
+    - snap/validate.go: disallow snap layouts with new top-level
+      directories
+    - tests: allow to add a new label to run nested tests as part of PR
+      validation
+    - tests/core/gadget-update-pc: port to UC20
+    - tests: improve nested tests flexibility
+    - asserts: integer headers: disallow prefix zeros and make parsing
+      more uniform
+    - asserts: implement Database.FindSequence
+    - asserts: introduce SequenceMemberAfter in the asserts backstores
+    - spread.yaml: remove tests/lib/tools from PATH
+    - overlord: refuse to install snaps whose activatable D-Bus services
+      conflict with installed snaps
+    - tests: shorten lxd-state undo-mount-changes
+    - snap-confine: don't die if a device from sysfs path cannot be
+      found by udev
+    - tests: fix argument handling of apt-state
+    - tests: rename lxd-tool to lxd-state
+    - tests: rename user-tool to user-state, fix --help
+    - interfaces: add gconf interface
+    - sandbox/cgroup: avoid parsing security tags twice
+    - tests: rename version-tool to version-compare
+    - cmd/snap-update-ns: handle anomalies better
+    - tests: fix call to apt.Package.mark_install(auto_inst=True)
+    - tests: rename mountinfo-tool to mountinfo.query
+    - tests: rename memory-tool to memory-observe-do
+    - tests: rename invariant-tool to tests.invariant
+    - tests: rename apt-tool to apt-state
+    - many: managed boot config during run mode setup
+    - asserts: introduce the concept of sequence-forming assertion types
+    - tests: tweak comments/output in uc20-recovery test
+    - tests/lib/pkgdb: do not use quiet when purging debs
+    - interfaces/apparmor: allow snap-specific /run/lock
+    - interfaces: add system-source-code for access to /usr/src
+    - sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
+    - gadget/install: move udev trigger to gadget/install
+    - many: make nested spread tests more reliable
+    - tests/core/uc20-recovery: apply hack to get gopath in recover mode
+      w/ external backend
+    - tests: enable tests on uc20 which now work with the real model
+      assertion
+    - tests: enable system-snap-refresh test on uc20
+    - gadget, bootloader: preserve managed boot assets during gadget
+      updates
+    - tests: fix leaked dbus-daemon in selinux-clean
+    - tests: add servicestate.Control tests
+    - tests: fix "restart.service"
+    - wrappers: helper for enabling services - extract and move enabling
+      of services into a helper
+    - tests: new test to validate refresh and revert of kernel and
+      gadget on uc20
+    - tests/lib/prepare-restore: collect debug info when prepare purge
+      fails
+    - bootloader: allow managed bootloader to update its boot config
+    - tests: Remove unity test from nightly test suite
+    - o/devicestate: set mark-seeded to done in the task itself
+    - tests: add spread test for disconnect undo caused by failing
+      disconnect hook
+    - sandbox/cgroup: allow discovering PIDs of given snap
+    - osutil/disks: support IsDecryptedDevice for mountpoints which are
+      dm devices
+    - osutil: detect autofs mounted in /home
+    - spread.yaml: allow amazon-linux-2-64 qemu with
+      ec2-user/ec2-user
+    - usersession: support additional zoom URL schemes
+    - overlord: mock timings.DurationThreshold in TestNewWithGoodState
+    - sandbox/cgroup: add tracking helpers
+    - tests: detect stray dbus-daemon
+    - overlord: refuse to install snaps providing user daemons on Ubuntu
+      14.04
+    - many: move encryption and installer from snap-boostrap to gadget
+    - o/ifacestate: fix connect undo handler
+    - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
+    - bootloader: introduce managed bootloader, implement for grub
+    - tests: fix incorrect check in smoke/remove test
+    - asserts,seed: split handling of essential/not essential model
+      snaps
+    - gadget: fix typo in mounted filesystem updater
+    - gadget: do only one mount point lookup in mounted fs updater
+    - tests/core/snap-auto-mount: try to make the test more robust
+    - tests: adding ubuntu-20.04 to google-sru backend
+    - o/servicestate: add updateSnapstateServices helper
+    - bootloader: pull recovery grub config from internal assets
+    - tests/lib/tools: apply linger workaround when needed
+    - overlord/snapstate: graceful handling of denied "managed" refresh
+      schedule
+    - snapstate: fix autorefresh from classic->strict
+    - overlord/configstate: add system.kernel.printk.console-loglevel
+      option
+    - tests: fix assertion disk handling for nested UC systems
+    - snapstate: use testutil.HostScaledTimeout() in snapstate tests
+    - tests: extra worker for google-nested backend to avoid timeout
+      error on uc20
+    - snapdtool: helper to check whether the current binary is reexeced
+      from a snap
+    - tests: mock servicestate in api tests to avoid systemctl checks
+    - many: rename back snap.Info.GetType to Type
+    - tests/lib/cla_check: expect explicit commit range
+    - osutil/disks: refactor diskFromMountPointImpl a bit
+    - o/snapstate: service-control task handler
+    - osutil: add disks pkg for associating mountpoints with
+      disks/partitions
+    - gadget,cmd/snap-bootstrap: move partitioning to gadget
+    - seed: fix LoadEssentialMeta when gadget is not loaded
+    - cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
+      secure_path
+    - asserts: introduce new assertion validation-set
+    - asserts,daemon: add support for "serials" field in system-user
+      assertion
+    - data/sudo: drop a failed sudo secure_path workaround
+    - gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
+    - boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
+    - spread.yaml: update secure boot attribute name
+    - interfaces/block_devices: add NVMe subsystem devices, support
+      multipath paths
+    - tests: use the "jq" snap from the edge channel
+    - tests: simplify the tpm test by removing the test-snapd-mokutil
+      snap
+    - boot/bootstate16.go: clean snap_try_* vars when not in Trying
+      status too
+    - tests/main/sudo-env: check snap path under sudo
+    - tests/main/lxd: add test for snaps inside nested lxd containers
+      not working
+    - asserts/internal: expand errors about invalid serialized grouping
+      labels
+    - usersession/userd: add msteams url support
+    - tests/lib/prepare.sh: adjust comment about sgdisk
+    - tests: fix how gadget pc is detected when the snap does not exist
+      and ls fails
+    - tests: move a few more tests to snapstate_update_test.go
+    - tests/main: add spread test for running svc from install hook
+    - tests/lib/prepare: increase the size of the uc16/uc18 partitions
+    - tests/special-home-can-run-classic-snaps: re-enable
+    - workflow: test PR title as part of the static checks again
+    - tests/main/xdg-open-compat: backup and restore original xdg-open
+    - tests: move update-related tests to snapstate_update_test.go
+    - cmd,many: move Version and bits related to snapd tools to
+      snapdtool, merge cmdutil
+    - tests/prepare-restore.sh: reset-failed systemd-journald before
+      restarting
+    - interfaces: misc small interface updates
+    - spread: use find rather than recursive ls, skip mounted snaps
+    - tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
+      /var/lib/snapd
+    - tests: enable snap-auto-mount test on core20
+    - cmd/snap: do not show $PATH warning when executing under sudo on a
+      known distro
+    - asserts/internal: add some iteration benchmarks
+    - sandbox/cgroup: improve pid parsing code
+    - snap: add new `snap run --experimental-gdbserver` option
+    - asserts/internal: limit Grouping size switching to a bitset
+      representationWe don't always use the bit-set representation
+      because:
+    - snap: add an activates-on property to apps for D-Bus activation
+    - dirs: delete unused Cloud var, fix typo
+    - sysconfig/cloudinit: make callers of DisableCloudInit use
+      WritableDefaultsDir
+    - tests: fix classic ubuntu core transition auth
+    - tests: fail in setup_reflash_magic() if there is snapd state left
+    - tests: port interfaces-many-core-provided to tests.session
+    - tests: wait after creating partitions with sfdisk
+    - bootloader: introduce bootloarder assets, import grub.cfg with an
+      edition marker
+    - riscv64: bump timeouts
+    - gadget: drop dead code, hide exports that are not used externally
+    - tests: port 2 uc20 part1
+    - tests: fix bug waiting for snap command to be ready
+    - tests: move try-related tests to snapstate_try_test.go
+    - tests: add debug for 20.04 prepare failure
+    - travis.yml: removed, all our checks run in GH actions now
+    - tests: clean up up the use of configcoreSuite in the configcore
+      tests
+    - sandbox/cgroup: remove redundant pathOfProcPidCgroup
+    - sandbox/cgroup: add tests for ParsePids
+    - tests: fix the basic20 test for uc20 on external backend
+    - tests: use configcoreSuite in journalSuite and remove some
+      duplicated code
+    - tests: move a few more tests to snapstate_install_test
+    - tests: assorted small patches
+    - dbusutil/dbustest: separate license from package
+    - interfaces/builtin/time-control: allow POSIX clock API
+    - usersession/userd: add "slack" to the white list of URL schemes
+      handled by xdg-open
+    - tests: check that host settings like hostname are settable on core
+    - tests: port xdg-settings test to tests.session
+    - tests: port snap-handle-link test to tests.session
+    - arch: add riscv64
+    - tests: core20 early defaults spread test
+    - tests: move install tests from snapstate_test.go to
+      snapstate_install_test.go
+    - github: port macOS sanity checks from travis
+    - data/selinux: allow checking /var/cache/app-info
+    - o/devicestate: core20 early config from gadget defaults
+    - tests: autoremove after removing lxd in preseed-lxd test
+    - secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
+    - sandbox/cgroup: move FreezerCgroupDir from dirs.go
+    - tests: update the file used to detect the boot path on uc20
+    - spread.yaml: show /var/lib/snapd in debug
+    - cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
+      netplan files
+    - snap/naming: add helpers to parse app and hook security tags
+    - tests: modernize retry tool
+    - tests: fix and trim debug section in xdg-open-portal
+    - tests: modernize and use snapd.tool
+    - vendor: update to latest github.com/snapcore/bolt for riscv64
+    - cmd/snap-confine: add support for libc6-lse
+    - interfaces: miscellaneous policy updates xlv
+    - interfaces/system-packages-doc: fix typo in variable names
+    - tests: port interfaces-calendar-service to tests.session
+    - tests: install/run the lzo test snap too
+    - snap: (small) refactor of `snap download` code for
+      testing/extending
+    - data: fix shellcheck warnings in snapd.sh.in
+    - packaging: disable buildmode=pie for riscv64
+    - tests: install test-snapd-rsync snap from edge channel
+    - tests: modernize tests.session and port everything using it
+    - tests: add ubuntu 20.10 to spread tests
+    - cmd/snap/remove: mention snap restore/automatic snapshots
+    - dbusutil: move all D-Bus helpers and D-Bus test helpers
+    - wrappers: pass 'disable' flag to StopServices wrapper
+    - osutil: enable riscv64 build
+    - snap/naming: add ParseSecurityTag and friends
+    - tests: port document-portal-activation to session-tool
+    - bootloader: rename test helpers to reflect we are mocking EFI boot
+      locations
+    - tests: disable test of nfs v3 with udp proto on debian-sid
+    - tests: plan to improve the naming and uniformity of utilities
+    - tests: move *-tool tests to their own suite
+    - snap-bootstrap: remove sealed key file on reinstall
+    - bootloader/ubootenv: don't panic with an empty uboot env
+    - systemd: rename actualFsTypeAndMountOptions to
+      hostFsTypeAndMountOptions
+    - daemon: fix filtering of service-control changes for snap.app
+    - tests: spread test for preseeding in lxd container
+    - tests: fix broken snapd.session agent.socket
+    - wrappers: add RestartServices function and ReloadOrRestart to
+      systemd
+    - o/cmdstate: handle ignore flag on exec-command tasks
+    - gadget: make ext4 filesystems with or without metadata checksum
+    - tests: update statx test to run on all LTS releases
+    - configcore: show better error when disabling services
+    - interfaces: add hugepages-control
+    - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
+    - tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
+    - tests: skip interfaces-openvswitch for centos 8 in nightly suite
+    - tests: reload systemd --user for root, if present
+    - tests: reload systemd after editing /etc/fstab
+    - tests: add missing dependencies needed for sbuild test on debian
+    - tests: reload systemd after removing pulseaudio
+    - image, tests: core18 early config.
+    - interfaces: add system-packages-doc interface
+    - cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
+      preseeding
+    - interfaces/fwupd: allow bind mount to /boot on core
+    - tests: improve oom-vitality tests
+    - tests: add fedora 32 to spread.yaml
+    - config: apply vitality-hint immediately when the config changes
+    - tests: port snap-routine-portal-info to session-tool
+    - configcore: add "service.console-conf.disable" config option
+    - tests: port xdg-open to session-tool
+    - tests: port xdg-open-compat to session-tool
+    - tests: port interfaces-desktop-* to session-tool
+    - spread.yaml: apply yaml formatter/linter
+    - tests: port interfaces-wayland to session-tool
+    - o/devicestate: refactor current system handling
+    - snap-mgmt: perform cleanup of user services
+    - snap/snapfile,squashfs: followups from 8729
+    - boot, many: require mode in modeenv
+    - data/selinux: update policy to allow forked processes to call
+      getpw*()
+    - tests: log stderr from dbus-monitor
+    - packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
+      tag
+    - snap/squashfs: also symlink snap Install with uc20 seed snap dir
+      layout
+    - interfaces/builtin/desktop: do not mount fonts cache on distros
+      with quirks
+    - data/selinux: allow snapd to remove/create the its socket
+    - testutil/exec.go: set PATH after running shellcheck
+    - tests: silence stderr from dbus-monitor
+    - snap,many: mv Open to snapfile pkg to support add'l options to
+      Container methods
+    - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
+      gadget
+    - github: remove workaround for bug 133 in actions/cache
+    - tests: remove dbus.sh
+    - cmd/snap-preseed: improve mountpoint checks of the preseeded
+      chroot
+    - spread.yaml: add ps aux to debug section
+    - github: run all spread systems in a single go with cached results
+    - test: session-tool cli tweaks
+    - asserts: rest of the Pool API
+    - tests: port interfaces-network-status-classic to session-tool
+    - packaging: remove obsolete 16.10,17.04 symlinks
+    - tests: setup portals before starting user session
+    - o/devicestate: typo fix
+    - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
+      devices
+    - cmd/snap/model: support store, system-user-authority keys in
+      --verbose
+    - o/devicestate: raise conflict when requesting system action while
+      seeding
+    - tests: detect signs of crashed snap-confine
+    - tests: sign kernel and gadget to run nested tests using current
+      snapd code
+    - tests: remove gnome-online-accounts we install
+    - tests: fix the issue where all the tests were executed on secboot
+      system
+    - tests: port interfaces-accounts-service to session-tool
+    - interfaces/network-control: bring /var/lib/dhcp from host
+    - image,cmd/snap,tests: add support for store-wide cohort keys
+    - configcore: add nomanagers buildtag for conditional build
+    - tests: port interfaces-password-manager-service to session-tool
+    - o/devicestate: cleanup system actions supported by recover mode
+    - snap-bootstrap: remove create-partitions and update tests
+    - tests: fix nested tests
+    - packaging/arch: update PKGBUILD to match one in AUR
+    - tests: port interfaces-location-control to session-tool
+    - tests: port interfaces-contacts-service to session-tool
+    - state: log task errors in the journal too
+    - o/devicestate: change how current system is reported for different
+      modes
+    - devicestate: do not report "ErrNoState" for seeded up
+    - tests: add a note about broken test sequence
+    - tests: port interfaces-autopilot-introspection to session-tool
+    - tests: port interfaces-dbus to session-tool
+    - packaging: update sid packaging to match 16.04+
+    - tests: enable degraded test on uc20
+    - c/snaplock/runinhibit: add run inhibition operations
+    - tests: detect and report root-owned files in /home
+    - tests: reload root's systemd --user after snapd tests
+    - tests: test registration with serial-authority: [generic]
+    - cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
+      key in recover
+    - tests/mount-ns: stop binfmt_misc mount unit
+    - cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
+      uuid if available
+    - daemon, tests: indicate system mode, test switching to recovery
+      and back to run
+    - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
+      denials
+    - tests/mount-ns: update to reflect new UEFI boot mode
+    - usersession,tests: clean ups for userd/settings.go and move
+      xdgopenproxy under usersession
+    - tests: disable mount-ns test
+    - tests: test user belongs to systemd-journald, on core20
+    - tests: run core/snap-set-core-config on uc20 too
+    - tests: remove generated session-agent units
+    - sysconfig: use new _writable_defaults dir to create cloud config
+    - cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
+      future work
+    - asserts: make clearer that with label we mean a serialized label
+    - cmd/snap-bootstrap: tweak recovery trigger log messages
+    - asserts: introduce PoolTo 
+    - userd: allow setting default-url-scheme-handler
+    - secboot: append uuid to ubuntu-data when decrypting
+    - o/configcore: pass extra options to FileSystemOnlyApply
+    - tests: add dbus-user-session to bionic and reorder package names
+    - boot, bootloader: adjust comments, expand tests
+    - tests: improve debugging of user session agent tests
+    - packaging: add the inhibit directory
+    - many: add core.resiliance.vitality-hint config setting
+    - tests: test adjustments and fixes for recently published images
+    - cmd/snap: coldplug auto-import assertions from all removable
+      devices
+    - secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
+      secboot
+    - tests: not fail when boot dir cannot be determined
+    - tests: new directory used to store the cloud images on gce
+    - tests: inject snapd from edge into seeds of the image in manual
+      preseed test
+    - usersession/agent,wrappers: fix races between Shutdown and Serve
+    - tests: add dependency needed for next upgrade of bionic
+    - tests: new test user is used for external backend
+    - cmd/snap: fix the order of positional parameters in help output
+    - tests: don't create root-owned things in ~test
+    - tests/lib/prepare.sh: delete patching of the initrd
+    - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
+      as well
+    - progress: tweak multibyte label unit test data
+    - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
+    - gadget: fix fallback device lookup for 'mbr' type structures
+    - configcore: only reload journald if systemd is new enough
+    - cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
+    - wrappers: allow user mode systemd daemons
+    - progress: fix progress bar with multibyte duration units
+    - tests: fix raciness in pulseaudio test
+    - asserts/internal: introduce Grouping and Groupings
+    - tests: remove user.sh
+    - tests: pair of follow-ups from earlier reviews
+    - overlord/snapstate: warn of refresh/postpone events
+    - configcore,tests: use daemon-reexec to apply watchdog config
+    - c/snap-bootstrap: check mount states via initramfsMountStates
+    - store: implement DownloadAssertions
+    - tests: run smoke test with different bases
+    - tests: port user-mounts test to session-tool
+    - store: handle error-list in fetch-assertions results
+    - tests: port interfaces-audio-playback-record to session-tool
+    - data/completion: add `snap` command completion for zsh
+    - tests/degraded: ignore failure in systemd-vconsole-setup.service
+    - image: stub implementation of image.Prepare for darwin
+    - tests: session-tool --restore -u stops user-$UID.slice
+    - o/ifacestate/handlers.go: fix typo
+    - tests: port pulseaudio test to session-tool
+    - tests: port user-session-env to session-tool
+    - tests: work around journald bug in core16
+    - tests: add debug to core-persistent-journal test
+    - tests: port selinux-clean to session-tool
+    - tests: port portals test to session-tool, fix portal tests on sid
+    - tests: adding option --no-install-recommends option also when
+      install all the deps
+    - tests: add session-tool --has-systemd-and-dbus
+    - packaging/debian-sid: add gcc-multilib to build deps
+    - osutil: expand FileLock to support shared locks and more
+    - packaging: stop depending on python-docutils
+    - store,asserts,many: support the new action fetch-assertions
+    - tests: port snap-session-agent-* to session-tool
+    - packaging/fedora: disable FIPS compliant crypto for static
+      binaries
+    - tests: fix for preseeding failures
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 25 Aug 2020 17:26:21 +0200
+
+snapd (2.45.3.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1875071
+    - o/ifacestate: fix bug in snapsWithSecurityProfiles
+    - tests/main/selinux-clean: workaround SELinux denials triggered by
+      linger setup on Centos8
+
+ -- Samuele Pedroni <pedronis@lucediurna.net>  Tue, 28 Jul 2020 21:43:38 +0200
+
+snapd (2.45.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1875071
+    - many: backport _writable_defaults dir changes
+    - tests: fix incorrect check in smoke/remove test
+    - cmd/snap-bootstrap,seed: backport of uc20 PRs
+    - tests: avoid exit when nested type var is not defined
+    - cmd/snap-preseed: backport fixes
+    - interfaces: optimize rules of multiple connected iio/i2c/spi plugs
+    - many: cherry-picks for 2.45, gh-action, test fixes
+    - tests/lib: account for changes in arch package file name extension
+    - postrm, snap-mgmt: cleanup modules and other cherry-picks
+    - snap-confine: don't die if a device from sysfs path cannot be
+      found by udev
+    - data/selinux: update policy to allow forked processes to call
+      getpw*()
+    - tests/main/interfaces-time-control: exercise setting time via date
+    - interfaces/builtin/time-control: allow POSIX clock API
+    - usersession/userd: add "slack" to the white list of URL schemes
+      handled by xdg-open
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Mon, 27 Jul 2020 12:01:14 +0200
+
+snapd (2.45.2-1) unstable; urgency=high
+
+  * SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
+    implementation
+    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
+      variable modification when calling the system xdg-open. Patch
+      thanks to James Henstridge
+    - packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
+      restarted. Patch thanks to Michael Vogt
+    - CVE-2020-11934
+  * SECURITY UPDATE: arbitrary code execution vulnerability on core
+    devices with access to physical removable media
+    - devicestate: Disable/restrict cloud-init after seeding.
+    - CVE-2020-11933
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 10 Jul 2020 20:06:29 +0200
+
+snapd (2.45.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1875071
+    - data/selinux: allow checking /var/cache/app-info
+    - cmd/snap-confine: add support for libc6-lse
+    - interfaces: miscellaneous policy updates xlv
+    - snap-bootstrap: remove sealed key file on reinstall
+    - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
+    - gadget: make ext4 filesystems with or without metadata checksum
+    - interfaces/fwupd: allow bind mount to /boot on core
+    - tests: cherry-pick test fixes from master
+    - snap/squashfs: also symlink snap Install with uc20 seed snap dir
+      layout
+    - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
+      devices
+    - snap,many: mv Open to snapfile pkg to support add'l options to
+      Container methods
+    - interfaces/builtin/desktop: do not mount fonts cache on distros
+      with quirks
+    - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
+      gadget
+    - data/completion, packaging: cherry-pick zsh completion
+    - state: log task errors in the journal too
+    - devicestate: do not report "ErrNoState" for seeded up
+    - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
+      denials
+    - packaging/fedora: disable FIPS compliant crypto for static
+      binaries
+    - packaging: stop depending on python-docutils
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 05 Jun 2020 15:13:49 +0200
+
+snapd (2.45-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1875071
+    - o/devicestate: support doing system action reboots from recover
+      mode
+    - vendor: update to latest secboot
+    - tests: not fail when boot dir cannot be determined
+    - configcore: only reload journald if systemd is new enough
+    - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
+      when decrypting
+    - tests/lib/prepare.sh: delete patching of the initrd
+    - cmd/snap: coldplug auto-import assertions from all removable
+      devices
+    - cmd/snap: fix the order of positional parameters in help output
+    - c/snap-bootstrap: port mount state mocking to the new style on
+      master
+    - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
+      as well
+    - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
+      unlock in recover mode initramfs
+    - progress: tweak multibyte label unit test data
+    - gadget: fix fallback device lookup for 'mbr' type structures
+    - progress: fix progress bar with multibyte duration units
+    - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
+    - many: put the sealed keys in a directory on seed for tidiness
+    - cmd/snap-bootstrap: measure epoch and model before unlocking
+      encrypted data
+    - o/configstate: core config handler for persistent journal
+    - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
+    - packaging: add "$TAGS" to dh_auto_test for debian packaging
+    - tests: ensure $cache_dir is actually available
+    - secboot,cmd/snap-bootstrap: add model to pcr protection profile
+    - devicestate: do not use snap-boostrap in devicestate to install
+    - tests: fix a typo in nested.sh helper
+    - devicestate: add support for cloud.cfg.d config from the gadget
+    - cmd/snap-bootstrap: cleanups, naming tweaks
+    - testutil: add NewDBusTestConn
+    - snap-bootstrap: lock access to sealed keys
+    - overlord/devicestate: preserve the current model inside ubuntu-
+      boot
+    - interfaces/apparmor: use differently templated policy for non-core
+      bases
+    - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
+      syscalls
+    - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
+      other misc changes
+    - o/snapstate: tweak "waiting for restart" message
+    - boot: store model model and grade information in modeenv
+    - interfaces/firewall-control: allow -legacy and -nft for core20
+    - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
+      bootloaders
+    - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
+      implementation
+    - daemon: fix error message from `snap remove-user foo` on classic
+    - overlord: have a variant of Mock that can take a state.State
+    - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
+    - seed: clearer errors for missing essential snapd or core snap
+    - cmd/snap-bootstrap/initramfs-mounts: support
+      EnvRefExtractedKernelBootloader's
+    - gadget, cmd/snap-bootstrap: MBR schema support
+    - image: improve/adjust DownloadSnap doc comment
+    - asserts: introduce ModelGrade.Code
+    - tests: ignore user-12345 slice and service
+    - image,seed/seedwriter: support redirect channel aka default
+      tracks
+    - bootloader: use binary.Read/Write
+    - tests: uc20 nested suite part II
+    - tests/boot: refactor to make it easier for new
+      bootloaderKernelState20 impl
+    - interfaces/openvswitch: support use of ovs-appctl
+    - snap-bootstrap: copy auth data from real ubuntu-data in recovery
+      mode
+    - snap-bootstrap: seal and unseal encryption key using tpm
+    - tests: disable special-home-can-run-classic-snaps due to jenkins
+      repo issue
+    - packaging: fix build on Centos8 to support BUILDTAGS
+    - boot/bootstate20: small changes to bootloaderKernelState20
+    - cmd/snap: Implement a "snap routine file-access" command
+    - spread.yaml: switch back to latest/candidate for lxd snap
+    - boot/bootstate20: re-factor kernel methods to use new interface
+      for state
+    - spread.yaml,tests/many: use global env var for lxd channel
+    - boot/bootstate20: fix bug in try-kernel cleanup
+    - config: add system.store-certs.[a-zA-Z0-9] support
+    - secboot: key sealing also depends on secure boot enabled
+    - httputil: fix client timeout retry tests
+    - cmd/snap-update-ns: handle EBUSY when unlinking files
+    - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
+      vars
+    - secboot: add tpm support helpers
+    - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
+      kernel and gadget
+    - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
+    - tests: preserve size for centos images on spread.yaml
+    - github: partition the github action workflows
+    - run-checks: use consistent "Checking ..." style messages
+    - bootloader: add efi pkg for reading efi variables
+    - data/systemd: do not run snapd.system-shutdown if finalrd is
+      available
+    - overlord: update tests to work with latest go
+    - cmd/snap: do not hide debug boot-vars on core
+    - cmd/snap-bootstrap: no error when not input devices are found
+    - snap-bootstrap: fix partition numbering in create-partitions
+    - httputil/client_test.go: add two TLS version tests
+    - tests: ignore user@12345.service hierarchy
+    - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
+    - tests: rewrite timeserver-control test
+    - tests: fix racy pulseaudio tests
+    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
+    - tests: update snap-preseed --reset logic to accommodate for 2.44
+      change
+    - cmd/snap: don't wait for system key when stopping
+    - sandbox/cgroup: avoid making arrays we don't use
+    - osutil: mock proc/self/mountinfo properly everywhere
+    - selinux: export MockIsEnforcing; systemd: use in tests
+    - tests: add 32 bit machine to GH actions
+    - tests/session-tool: kill cron session, if any
+    - asserts: it should be possible to omit many snap-ids if allowed,
+      fix
+    - boot: cleanup more things, simplify code
+    - github: skip spread jobs when corresponding label is set
+    - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
+      pkg
+    - tests/session-tool: add session-tool --dump
+    - github: allow cached debian downloads to restore
+    - tests/session-tool: session ordering is non-deterministic
+    - tests: enable unit tests on debian-sid again
+    - github: move spread to self-hosted workers
+    - secboot: import secboot on ubuntu, provide dummy on !ubuntu
+    - overlord/devicestate: support for recover and run modes
+    - snap/naming: add validator for snap security tag
+    - interfaces: add case for rootWritableOverlay + NFS
+    - tests/main/uc20-create-partitions: tweaks, renames, switch to
+      20.04
+    - github: port CLA check to Github Actions
+    - interfaces/many: miscellaneous policy updates xliv
+    - configcore,tests: fix setting watchdog options on UC18/20
+    - tests/session-tool: collect information about services on startup
+    - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
+      partitions
+    - state: add state.CopyState() helper
+    - tests/session-tool: stop anacron.service in prepare
+    - interfaces: don't use the owner modifier for files shared via
+      document portal
+    - systemd: move the doc comments to the interface so they are
+      visible
+    - cmd/snap-recovery-chooser: tweaks
+    - interfaces/docker-support: add overlayfs file access
+    - packaging: use debian/not-installed to ignore snap-preseed
+    - travis.yml: disable unit tests on travis
+    - store: start splitting store.go and store_test.go into subtopic
+      files
+    - tests/session-tool: stop cron/anacron from meddling
+    - github: disable fail-fast as spread cannot be interrupted
+    - github: move static checks and spread over
+    - tests: skip "/etc/machine-id" in "writablepaths" test
+    - snap-bootstrap: store encrypted partition recovery key
+    - httputil: increase testRetryStrategy max timelimit to 5s
+    - tests/session-tool: kill leaking closing session
+    - interfaces: allow raw access to USB printers
+    - tests/session-tool: reset failed session-tool units
+    - httputil: increase httpclient timeout in
+      TestRetryRequestTimeoutHandling
+    - usersession: extend timerange in TestExitOnIdle
+    - client: increase timeout in client tests to 100ms
+    - many: disentagle release and snapdenv from sandbox/*
+    - boot: simplify modeenv mocking to always write a modeenv
+    - snap-bootstrap: expand data partition on install
+    - o/configstate: add backlight option for core config
+    - cmd/snap-recovery-chooser: add recovery chooser
+    - features: enable robust mount ns updates
+    - snap: improve TestWaitRecovers test
+    - sandbox/cgroup: add ProcessPathInTrackingCgroup
+    - interfaces/policy: fix comment in recent new test
+    - tests: make session tool way more robust
+    - interfaces/seccomp: allow passing an address to setgroups
+    - o/configcore: introduce core config handlers (3/N)
+    - interfaces: updates to login-session-observe, network-manager and
+      modem-manager interfaces
+    - interfaces/policy/policy_test.go: add more tests'allow-
+      installation: false' and we grant based on interface attributes
+    - packaging: detect/disable broken seed in the postinst
+    - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
+      library
+    - tests: remove google-tpm backend from spread.yaml
+    - tests: install dependencies with apt using --no-install-recommends
+    - usersession/userd: add zoommtg url support
+    - snap-bootstrap: fix disk layout sanity check
+    - snap: add `snap debug state --is-seeded` helper
+    - devicestate: generate warning if seeding fails
+    - config, features: move and rename config.GetFeatureFlag helper to
+      features.Flag
+    - boot, overlord/devicestate, daemon:  implement requesting boot
+      into a given recovery system
+    - xdgopenproxy: forward requests to the desktop portal
+    - many: support immediate reboot
+    - store: search v2 tweaks
+    - tests: fix cross build tests when installing dependencies
+    - daemon: make POST /v2/systems/<label> root only
+    - tests/lib/prepare.sh: use only initrd from the kernel snap
+    - cmd/snap,seed: validate full seeds (UC 16/18)
+    - tests/main/user-session-env: stop the user session before deleting
+      the test-zsh user
+    - overlord/devicestate, daemon: record the seed current system was
+      installed from
+    - gadget: SystemDefaults helper function to convert system defaults
+      config into a flattened map suitable for FilesystemOnlyApply.
+    - many: comment or avoid cryptic snap-ids in tests
+    - tests: add LXD_CHANNEL environment
+    - store: support for search API v2
+    - .github: register a problem matcher to detect spread failures
+    - seed: add Info() method for seed.Snap
+    - github: always run the "Discard spread workers" step, even if the
+      job fails
+    - github: offload self-hosted workers
+    - cmd/snap: the model command needs just a client, no waitMixin
+    - github: combine tests into one workflow
+    - github: fix order of go get caches
+    - tests: adding more workers for ubuntu 20.04
+    - boot,overlord: rename operating mode to system mode
+    - config: add new Transaction.GetPristine{,Maybe}() function
+    - o/devicestate: rename readMaybe* to maybeRead*
+    - github: cache Debian dependencies for unit tests
+    - wrappers: respect pre-seeding in error path
+    - seed: validate UC20 seed system label
+    - client, daemon, overlord/devicestate: request system action API
+      and stubs
+    - asserts,o/devicestate: support model specified alternative serial-
+      authority
+    - many: introduce naming.WellKnownSnapID
+    - o/configcore: FilesystemOnlyApply method for early configuration
+      of core (1/N)
+    - github: run C unit tests
+    - github: run spread tests on PRs only
+    - interfaces/docker-support: make containerd abstract socket more
+      generic
+    - tests: cleanup security-private-tmp properly
+    - overlord/devicestate,boot: do not hold to the originally read
+      modeenv
+    - dirs: rm RunMnt; boot: add vars for early boot env layout;
+      sysconfig: take targetdir arg
+    - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
+      s.runMnt
+    - tests: add regression test for MAAS refresh bug
+    - errtracker: add missing mocks
+    - github: apt-get update before installing build-deps
+    - github: don't fail-fast
+    - github: run spread via github actions
+    - boot,many: add modeenv.WriteTo, make Write take no args
+    - wrappers: fix timer schedules that are days only
+    - tests/main/snap-seccomp-syscalls: install gperf
+    - github: always checkout to snapcore/snapd
+    - github: add prototype workflow running unit tests
+    - many: improve comments, naming, a possible TODO
+    - client: use Assert when checking for error
+    - tests: ensure sockets target is ready in session agent spread
+      tests
+    - osutil: do not leave processes behind after the test run
+    - tests: update proxy-no-core to match latest CDN changes
+    - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
+      dangerous
+    - cmd/snap-failure,tests: try to make snap-failure more robust
+    - many: fix packages having mistakenly their copyright as doc
+    - many: enumerate system seeds, return them on the /v2/systems API
+      endpoint
+    - randutil: don't consume kernel entropy at init, just mix more info
+      to try to avoid fleet collisions
+    - snap-bootstrap: add creationSupported predicate for partition
+      types
+    - tests: umount partitions which are not umounted after remount
+      gadget
+    - snap: run gofmt -s
+    - many: improve environment handling, fixing duplicate entries
+    - boot_test: add many boot robustness tests for UC20 kernel
+      MarkBootSuccessul and SetNextBoot
+    - overlord: remove unneeded overlord.MockPruneInterval() mocks
+    - interfaces/greengrass-support: fix typo
+    - overlord,timings,daemon: separate timings from overlord/state
+    - tests: enable nested on core20 and test current branch
+    - snap-bootstrap: remove created partitions on reinstall
+    - boot: apply Go 1.10 formatting
+    - apparmor: use rw for uuidd request to default and remove from
+      elsewhere
+    - packaging: add README.source for debian
+    - tests: cleanup various uc20 boot tests from previous PR
+    - devicestate: disable cloud-init by default on uc20
+    - run-checks: tweak formatting checks
+    - packaging,tests: ensure debian-sid builds without vendor/
+    - travis.yml: run unit tests with go/master as well* travis.yml: run
+      unit tests with go/master as well
+    - seed: make Brand() part of the Seed interface
+    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
+    - daemon: do a forceful server shutdown if we hit a deadline
+    - tests/many: don't use StartLimitInterval anymore, unify snapd-
+      failover variants, build snapd snap for UC16 tests
+    - snap-seccomp: robustness improvements
+    - run-tests: disable -v for go test to avoid spaming the logs
+    - snap: whitelist lzo as support compression for snap pack
+    - snap: tweak comment in Install() for overlayfs detection
+    - many: introduce snapdenv.Preseeding instead of release.PreseedMode
+    - client, daemon, overlord/devicestate: structures and stubs for
+      systems API
+    - o/devicestate: delay the creation of mark-seeded task until
+      asserts are loaded
+    - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
+      policy, updates
+    - interfaces/greengrass-support: add new 1.9 access
+    - snap: do not hardlink on overlayfs
+    - boot,image: ARM kernel extract prepare image
+    - interfaces: make gpio robust against not-existing gpios in /sys
+    - cmd/snap-preseed: handle --reset flag
+    - many: introduce snapdenv to present common snapd env options
+    - interfaces/kubernetes-support: allow autobind to journald socket
+    - snap-seccomp: allow mprotect() to unblock the tests
+    - tests/lib/reset: workaround unicode dot in systemctl output
+    - interfaces/udisks2: also allow Introspection on
+      /org/freedesktop/UDisks/**
+    - snap: introduce Container.RandomAccessFile
+    - o/ifacestate, api: implementation of snap disconnect --forget
+    - cmd/snap: make the portal-info command search for the network-
+      status interface
+    - interfaces: work around apparmor_parser slowness affecting uio
+    - tests: fix/improve failing spread tests
+    - many: clean separation of bootenv mocking vs mock bootloader kinds
+    - tests: mock prune ticker in overlord tests to reduce wait times
+    - travis: disable arm64 again
+    - httputil: add support for extra snapd certs
+    - travis.yml: run unit tests on arm64 as well
+    - many: fix a pair of ineffectual assignments
+    - tests: add uc20 kernel snap upgrade managers test, fix
+      bootloadertest bugs
+    - o/snapstate: set base in SnapSetup on snap revert
+    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
+    - cmd/snap-exec: add test case for LP bug 1860369
+    - interfaces: make the network-status interface implicit on
+      classic
+    - interfaces: power control interfaceIt is documented in the
+      kernel
+    - interfaces: miscellaneous policy updates
+    - cmd/snap: add a "snap routine portal-info" command
+    - usersession/userd: add "apt" to the white list of URL schemes
+      handled by xdg-open
+    - interfaces/desktop: allow access to system prompter interface
+    - devicestate: allow encryption regardless of grade
+    - tests: run ipv6 network-retry test too
+    - tests: test that after "remove-user" the system is unmanaged
+    - snap-confine: unconditionally add /dev/net/tun to the device
+      cgroup
+    - snapcraft.yaml: use sudo -E and remove workaround
+    - interfaces/audio_playback: Fix pulseaudio config access
+    - ovelord/snapstate: update only system wide fonts cache
+    - wrappers: import /etc/environment in all services
+    - interfaces/u2f: Add Titan USB-C key
+    - overlord, taskrunner: exit on task/ensure error when preseeding
+    - tests: add session-tool, a su / sudo replacement
+    - wrappers: add mount unit dependency for snapd services on core
+      devices
+    - tests: just remove user when the system is not managed on create-
+      user-2 test
+    - snap-preseed: support for preseeding of snapd and core18
+    - boot: misc UC20 changes
+    - tests: adding arch-linux execution
+    - packaging: revert "work around review-tools and snap-confine"
+    - netlink: fix panic on arm64 with the new rawsockstop codewith a
+      nil Timeval panics
+    - spread, data/selinux: add CentOS 8, update policy
+    - tests: updating checks to new test account for snapd-test snaps
+    - spread.yaml: mv opensuse 15.1 to unstable
+    - cmd/snap-bootstrap,seed: verify only in-play snaps
+    - tests: use ipv4 in retry-network to unblock failing master
+    - data/systemd: improve the description
+    - client: add "Resume" to DownloadOptions and new test
+    - tests: enable snapd-failover on uc20
+    - tests: add more debug output to the snapd-failure handling
+    - o/devicestate: unset recovery_system when done seeding
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 May 2020 17:17:57 +0200
+
+snapd (2.44.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - spread.yaml: adding more workers for ubuntu 20.04
+    - packaging: stop depending on python-docutils on opensuse
+    - spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
+      is not recent enough to drive ubuntu-core-20
+    - spread.yaml: Preserve size for centos images on spread.yaml
+    - spread.yaml: use non-uefi enabled image for uc20
+    - tests: ensure $cache_dir is actually available
+    - tests: disable preseed tests, they work in master but require too
+      much cherry-picking here
+    - travis.yml: remove go/master unit tests from 2.44
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 30 Apr 2020 09:09:22 +0200
+
+snapd (2.44.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - packaging/fedora: disable FIPS compliant crypto for static
+      binaries
+    - interfaces/firewall-control: allow -legacy and -nft for core20
+    - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
+      syscalls
+    - tests: 16.04 and 18.04 now have mediating pulseaudio
+    - tests: ignore user@12345.service hierarchy
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Apr 2020 08:32:56 +0200
+
+snapd (2.44.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - tests: fix racy pulseaudio tests
+    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
+    - tests: update snap-preseed --reset logic
+    - tests: backport partition fixes
+    - cmd/snap: don't wait for system key when stopping
+    - interfaces/many: miscellaneous policy updates xliv
+    - tests/main/uc20-snap-recovery: use 20.04 system
+    - tests: skip "/etc/machine-id" in "writablepaths
+    - interfaces/docker-support: add overlays file access
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 10 Apr 2020 16:57:25 +0200
+
+snapd (2.44.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - packaging: detect/disable broken seeds in the postinst
+    - cmd/snap,seed: validate full seeds (UC 16/18)
+    - snap: add `snap debug state --is-seeded` helper
+    - devicestate: generate warning if seeding fails
+    - store: support for search API v2
+    - cmd/snap-seccomp/syscalls: update the list of known syscalls
+    - snap/cmd: the model command needs just a client, no waitMixin
+    - tests: cleanup security-private-tmp properly
+    - wrappers: fix timer schedules that are days only
+    - tests: update proxy-no-core to match latest CDN changes
+    - cmd/snap-failure,tests: make snap-failure more robust
+    - tests, many: don't use StartLimitInterval anymore, unify snapd-
+      failover variants, build snapd snap for UC16 tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Apr 2020 09:51:34 +0200
+
+snapd (2.44.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - randutil: switch back to setting up seed with lower entropy data
+    - interfaces/greengrass-support: fix typo
+    - packaging,tests: ensure debian-sid builds without vendor/
+    - travis.yml: run unit tests with go/master as well
+    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 21 Mar 2020 18:32:12 +0100
+
+snapd (2.44-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1864808
+    - daemon: do a forceful serer shutdown if we hit a deadline
+    - snap: whitelist lzo as support compression for snap pack
+    - data/selinux: update policy to allow more ops
+    - interfaces/greengrass-support: add new 1.9 access
+    - snap: do not hardlink on overlayfs
+    - cmd/snap-preseed: handle --reset flag
+    - interfaces/kubernetes-support: allow autobind to journald socket
+    - snap-seccomp: allow mprotect() to unblock the tests
+    - tests/lib/reset: workaround unicode dot in systemctl output
+    - interfaces: work around apparmor_parser slowness affecting uio
+    - interfaces/udisks2: also allow Introspection on
+      /org/freedesktop/UDisks2/**
+    - tests: mock prune ticker in overlord tests to reduce wait times
+    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
+    - interfaces: miscellaneous policy updates
+    - interfaces/audio_playback: Fix pulseaudio config access
+    - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
+    - ovelord/snapstate: update only system wide fonts cache
+    - wrappers: import /etc/environment in all services
+    - interfaces/u2f: Add Titan USB-C key
+    - overlord, taskrunner: exit on task/ensure error when preseeding
+    - overlord/snapstate/backend: update snapd services contents in unit
+      tests
+    - wrappers: add mount unit dependency for snapd services on core
+      devices
+    - Revert "tests: remove /tmp/snap.* left over by other tests"
+    - Revert "packaging: work around review-tools and snap-confine"
+    - netlink: fix panic on arm64 with the new rawsockstop code
+    - spread, data/selinux: add CentOS 8, update policy
+    - spread.yaml: mv opensuse tumbleweed to unstable too
+    - spread.yaml: mv opensuse 15.1 to unstable
+    - tests: use ipv4 in retry-network to unblock failing master
+    - data/systemd: improve the description
+    - tests/lib/prepare.sh: simplify, combine code paths
+    - tests/main/user-session-env: add test verifying environment
+      variables inside the user session
+    - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
+    - run-checks: SKIP_GMFMT really skips formatting checks
+    - tests: enable more tests for UC20/UC18
+    - tests: remove tmp dir for snap not-test-snapd-sh on security-
+      private-tmp test
+    - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
+      simplify bootstrap code
+    - snapstate: do not restart in undoLinkSnap unless on first install
+    - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
+    - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
+      mode too
+    - cmd/libsnap, tests: fix C unit tests failing as non-root
+    - cmd/snap-bootstrap: verify kernel snap is in modeenv before
+      mounting it
+    - tests: adding amazon linux to google backend
+    - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
+      status
+    - client: add support for "ResumeToken", "HeaderPeek" to download
+    - build: enable type: snapd
+    - tests: rm -rf /tmp/snap.* in restore
+    - cmd/snap-confine: deny snap-confine to load nss libs
+    - snapcraft.yaml: add comments, rename snapd part to snapd-deb
+    - boot: write current_kernels in bootstate20, makebootable
+    - packaging: work around review-tools and snap-confine
+    - tests: skipping interfaces-openvswitch on centos due to package is
+      not available
+    - packaging,snap-confine: stop being setgid root
+    - cmd/snap-confine: bring /var/lib/dhcp from host, if present
+    - store: rely on CommandFromSystemSnap to find xdelta3
+    - tests: bump sleep time of the new overlord tests
+    - cmd/snap-preseed: snapd version check for the target
+    - netlink: fix/support stopping goroutines reading netlink raw
+      sockets
+    - tests: reset PS1 before possibly interactive dash
+    - overlord, state: don't abort changes if spawn time before
+      StartOfOperationTime (2/2)
+    - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
+      snapd snap
+    - tests: ask tar to speak English
+    - tests: using google storage when downloading ubuntu cloud images
+      from gce
+    - Coverity produces false positives for code like this:
+    - many: maybe restart & security backend options
+    - o/standby: add SNAPD_STANDBY_WAIT to control standby in
+      development
+    - snap: use the actual staging snap-id for snapd
+    - cmd/snap-bootstrap: create a new parser instance
+    - snapcraft.yaml: use build-base and adopt-info, rm builddeb
+      plugin
+    - tests: set StartLimitInterval in snapd failover test
+    - tests: disable archlinux system
+    - tests: add preseed test for classic
+    - many, tests: integrate all preseed bits and add spread tests
+    - daemon: support resuming downloads
+    - tests: use Filename() instead of filepath.Base(sn.MountFile())
+    - tests/core: add swapfiles test
+    - interfaces/cpu-control: allow to control cpufreq tunables
+    - interfaces: use commonInteface for desktopInterface
+    - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
+      location
+    - snap/info: add Filename
+    - bootloader: make uboot a RecoveryAwareBootloader
+    - gadget: skip update when mounted filesystem content is identical
+    - systemd: improve is-active check for 'failed' services
+    - boot: add current_kernels to modeenv
+    - o/devicestate: StartOfOperationTime helper for Prune (1/2)
+    - tests: detect LXD launching i386 containers
+    - tests: move main/ubuntu-core-* tests to core/ suite
+    - tests: remove snapd in ubuntu-core-snapd
+    - boot: enable base snap updates in bootstate20
+    - tests: Fix core revert channel after 2.43 has been released to
+      stable
+    - data/selinux: unify tabs/spaces
+    - o/ifacestate: move ResolveDisconnect to ifacestate
+    - spread: move centos to stable systems
+    - interfaces/opengl: allow datagrams to nvidia-driver
+    - httputil: add NoNetwork(err) helper, spread test and use in serial
+      acquire
+    - store: detect if server does not support http range headers
+    - test/lib/user: add helper lib for doing things for and as a user
+    - overlord/snapstate, wrappers: undo of snapd on core
+    - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
+      set kill timeout
+    - store: add support for resume in DownloadStream
+    - cmd/snap: implement 'snap remove-user'
+    - overlord/devicestate: fix preseed unit tests on systems not using
+      /snap
+    - tests/main/static: ldd in glibc 2.31 logs to stderr now
+    - run-checks, travis: allow skipping spread jobs by adding a label
+    - tests: add new backend which includes images with tpm support
+    - boot: use constants for boot status values
+    - tests: add "core" suite for UC specific tests
+    - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
+    - tests: retry mounting the udisk2 device due to timing issue
+    - usersession/client: add a client library for the user session
+      agent
+    - o/devicestate: Handle preseed mode in the firstboot mode (core16
+      only for now).
+    - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
+    - cmd/snap-confine: detect base transitions on core16
+    - boot: don't use "kernel" from the modeenv anymore
+    - interfaces: add uio interface
+    - tests: repack the initramfs + kernel snap for UC20 spread tests
+    - interfaces/greengrass-support: add /dev/null ->
+      /proc/latency_stats mount
+    - httputil: remove workaround for redirect handling in go1.7
+    - httputil: remove go1.6 transport workaround
+    - snap: add `snap pack --compression=<comp>` options
+    - tests/lib/prepare: fix hardcoded loopback device names for UC
+      images
+    - timeutil: add a unit test case for trivial schedule
+    - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
+      introduction
+    - dirs: variable with distros using alternate snap mount
+    - many,randutil: centralize and streamline our random value
+      generation
+    - tests/lib/prepare-restore: Revert "Continue on errors updating or
+      installing dependencies"
+    - daemon: Allow clients to call /v2/logout via Polkit
+    - dirs: manjaro-arm is like manjaro
+    - data, packaging: Add sudoers snippet to allow snaps to be run with
+      sudo
+    - daemon, store: better expose single action errors
+    - tests: switch mount-ns test to differential data set
+    - snapstate: refactor things to add the re-refresh task last
+    - daemon: drop support for the DELETE method
+    - client: move to /v2/users; implement RemoveUser
+    - boot: enable UC20 kernel extraction and bootState20 handling
+    - interfaces/policy: enforce plug-names/slot-names constraints
+    - asserts: parse plug-names/slot-names constraints
+    - daemon: make users result more consistent
+    - cmd/snap-confine,tests: support x.y.z nvidia version
+    - dirs: fixlet for XdgRuntimeDirGlob
+    - boot: add bootloader options to coreKernel
+    - o/auth,daemon: do not remove unknown user
+    - tests: tweak and enable tests on ubuntu 20.04
+    - daemon: implement user removal
+    - cmd/snap-confine: allow snap-confine to link to libpcre2
+    - interfaces/builtin: Allow NotificationReplied signal on
+      org.freedesktop.Notifications
+    - overlord/auth: add RemoveUserByName
+    - client: move user-related things to their own files
+    - boot: tweak kernel cmdline helper docstring
+    - osutil: implement deluser
+    - gadget: skip update when raw structure content is unchanged
+    - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
+      detection to boot
+    - tests: fix revisions leaking from snapd-refresh test
+    - daemon: refactor create-user to a user action & hide behind a flag
+    - osutil/tests: check there are no leftover symlinks with
+      AtomicSymlink
+    - grub: support atomically renaming kernel symlinks
+    - osutil: add helpers for creating symlinks and renaming in an
+      atomic manner
+    - tests: add marker tag for core 20 test failure
+    - tests: fix gadget-update-pc test leaking snaps
+    - tests: remove revision leaking from ubuntu-core-refresh
+    - tests: remove revision leaking from remodel-kernel
+    - tests: disable system-usernames test on core20
+    - travis, tests, run-checks: skip nakedret
+    - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
+    - tests: update mount-ns test tables
+    - snap: disable auto-import in uc20 install-mode
+    - tests: add a command-chain service test
+    - tests: use test-snapd-upower instead of upower
+    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
+    - spread.yaml: fix ubuntu 19.10 and 20.04 names
+    - debian: check embedded keys for snap-{bootstrap,preseed} too
+    - interfaces/apparmor: fix doc-comments, unnecessary code
+    - o/ifacestate,o/devicestatate: merge gadget-connect logic into
+      auto-connect
+    - bootloader: add ExtractedRunKernelImageBootloader interface,
+      implement in grub
+    - tests: add spread test for hook permissions
+    - cmd/snap-bootstrap: check device size before boostrapping and
+      produce a meaningful error
+    - cmd/snap: add ability to register "snap routine" commands
+    - tests: add a test demonstrating that snaps can't access the
+      session agent socket
+    - api: don't return connections referring to non-existing
+      plugs/slots
+    - interfaces: refactor path() from raw-volume into utils with
+      comments for old
+    - gitignore: ignore snap files
+    - tests: skip interfaces-network-manager on arm devices
+    - o/devicestate: do not create perfTimings if not needed inside
+      ensureSeed/Operational
+    - tests: add ubuntu 20.04 to the tests execution and remove
+      tumbleweed from unstable
+    - usersession: add systemd user instance service control to user
+      session agent
+    - cmd/snap: print full channel in 'snap list', 'snap info'
+    - tests: remove execution of ubuntu 19.04 from google backend
+    - cmd/snap-boostrap: add mocking for fakeroot
+    - tests/core18/snapd-failover: collect more debug info
+    - many: run black formatter on all python files
+    - overlord: increase settle timeout for slow machines
+    - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
+    - store, o/snapstate: send default-tracks header, use
+      RedirectChannel
+    - overlord/standby: fix possible deadlock in standby test
+    - cmd/snap-discard-ns: fix pattern for .info files
+    - boot: add HasModeenv to Device
+    - devicestate: do not allow remodel between core20 models
+    - bootloader,snap: misc tweaks
+    - store, overlord/snapstate, etc: SnapAction now returns a []…Result
+    - snap-bootstrap: create encrypted partition
+    - snap: remove "host" output from `snap version`
+    - tests: use snap remove --purge flag in most of the spread tests
+    - data/selinux, test/main/selinux-clean: update the test to cover
+      more scenarios
+    - many: drop NameAndRevision, use snap.PlaceInfo instead
+    - boot: split MakeBootable tests into their own file
+    - travis-ci: add go import path
+    - boot: split MakeBootable implementations into their own file
+    - tests: enable a lot of the tests of main on uc20
+    - packaging, tests: stop services in prerm
+    - tests: enable regression suite on core20
+    - overlord/snapstate: improve snapd snap backend link unit tests
+    - boot: implement SetNextBoot in terms of bootState.setNext
+    - wrappers: write and undo snapd services on core
+    - boot,o/devicestate: refactor MarkBootSuccessful over bootState
+    - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
+    - snap-bootstrap: refactor partition creation
+    - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
+    - tests: add core20 tests
+    - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
+      use the information
+    - tests/main/snap-sign: add test for non-stdin signing
+    - snap-bootstrap: trigger udev after filesystem creation
+    - boot,overlord: introduce internal abstraction bootState and use it
+      for InUse/GetCurrentBoot
+    - overlord/snapstate: tracks are now sticky
+    - cmd: sign: add filename param
+    - tests: remove "test-snapd-tools" in smoke/sandbox on restore
+    - cmd/snap, daemon: stop over-normalising channels
+    - tests: fix classic-ubuntu-core-transition-two-cores after refactor
+      of MATCH -v
+    - packaging: ship var/lib/snapd/desktop/applications in the pkg
+    - spread: drop copr repo with F30 build dependencies
+    - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
+    - tests: fix partition creation test
+    - tests: unify/rename services-related spread tests to start with
+      services- prefix
+    - test: extract code that modifies "writable" for test prep
+    - systemd: handle preseed mode
+    - snap-bootstrap: read only stdout when parsing the sfdisk json
+    - interfaces/browser-support: add more product/vendor paths
+    - boot: write compat UC16 bootvars in makeBootable20RunMode
+    - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
+    - devicestate: request reboot after successful doSetupRunSystem()
+    - snapd.core-fixup.sh: do not run on UC20 at all
+    - tests: unmount automounted snap-bootstrap devices
+    - devicestate: run boot.MakeBootable in doSetupRunSystem
+    - boot: copy kernel/base to data partition in makeBootable20RunMode
+    - tests: also check nested lxd container
+    - run-checks: complain about MATCH -v
+    - boot: always return the trivial boot participant in ephemeral mode
+    - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
+      gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
+    - snap-bootstrap: append new partitions
+    - snap-bootstrap: mount filesystems after creation
+    - snapstate: do not try to detect rollback in ephemeral modes
+    - snap-bootstrap: trigger udev for new partitions
+    - cmd/snap-bootstrap: xxx todos about kernel cross-checks
+    - tests: avoid mask rsyslog service in case is not enabled on the
+      system
+    - tests: fix use of MATCH -v
+    - cmd/snap-preseed: update help strings
+    - cmd/snap-bootstrap: actually parse snapd_recovery_system label
+    - bootstrap: reduce runmode mounts from 5 to 2 steps.
+    - lkenv.go: adjust for new location of include file
+    - snap: improve squashfs.ReadFile() error
+    - systemd: fix uc20 shutdown
+    - boot: write modeenv when creating the run mode
+    - boot,image: add skeleton boot.makeBootable20RunMode
+    - cmd/snap-preseed: add snap-preseed executable
+    - overlord,boot: follow ups to #7889 and #7899
+    - interfaces/wayland: Add access to Xwayland's shm files
+    - o/hookstate/ctlcmd: fix command name in snapctl -h
+    - daemon,snap: remove screenshot deprecation notice
+    - overlord,o/snapstate: make sure we never leave config behind
+    - many: pass consistently boot.Device state to boot methods
+    - run-checks: check multiline string blocks in
+      restore/prepare/execute sections of spread tests
+    - intrefaces: login-session-control - added missing dbus commands
+    - tests/main/parallel-install-remove-after: parallel installs should
+      not break removal
+    - overlord/snapstate: tweak assumes error hint
+    - overlord: replace DeviceContext.OldModel with GroundContext
+    - devicestate: use httputil.ShouldRetryError() in
+      prepareSerialRequest
+    - tests: replace "test-snapd-base-bare" with real "bare" base snap
+    - many: pass a Model to the gadget info reading functions
+    - snapstate: relax gadget constraints in ConfigDefaults Et al.
+    - devicestate: only run ensureBootOk() in "run" mode
+    - tests/many: quiet lxc launching, file pushing
+    - tests: disable apt-hooks test until it can be properly fixed
+    - tests: 16.04 and 18.04 now have mediating pulseaudio
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 17 Mar 2020 20:55:47 +0100
+
+snapd (2.43.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1856159
+    - interfaces/opengl: allow datagrams to nvidia-driver
+    - httputil: add NoNetwork(err) helper, spread test and use
+      in serial acquire
+    - interfaces: add uio interface
+    - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
+      start due to apparmor deny on mounting of "/proc/latency_stats".
+    - data, packaging: Add sudoers snippet to allow snaps to be run with
+      sudo
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 12 Feb 2020 14:59:15 +0100
+
+snapd (2.43.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1856159
+    - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
+    - overlord/snapstate: fix for re-refresh bug
+    - tests, run-checks, many: fix nakedret issues
+    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
+    - tests: use test-snapd-upower instead of upower
+    - overlord: increase overall settle timeout for slow arm boards
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 28 Jan 2020 15:50:25 +0100
+
+snapd (2.43.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1856159
+    - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
+    - overlord/standby: fix possible deadlock in standby test
+    - cmd/snap-discard-ns: fix pattern for .info files
+    - overlord,o/snapstate: make sure we never leave config behind
+    - data/selinux: update policy to cover more cases
+    - snap: remove "host" output from `snap version`
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 14 Jan 2020 20:30:07 +0100
+
+snapd (2.43-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 09 Jan 2020 17:16:12 +0100
+
+snapd (2.42.5-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1853244
+    - snap-confine: revert, with comment, explicit unix deny for nested
+      lxd
+    - Disable mount-ns test on 16.04. It is too flaky currently.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 06 Dec 2019 14:10:56 +0100
+
+snapd (2.42.4-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1853244
+    - overlord/snapstate: make sure configuration defaults are applied
+      only once
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 28 Nov 2019 06:48:26 +0100
+
+snapd (2.42.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1853244
+    - overlord/snapstate: pick up system defaults when seeding the snapd
+      snap
+    - cmd/snap-update-ns: fix overlapping, nested writable mimic
+      handling
+    - interfaces: misc updates for u2f-devices, browser-support,
+      hardware-observe, et al
+    - tests: reset failing "fwupd-refresh.service" if needed
+    - tests/main/gadget-update-pc: use a program to modify gadget yaml
+    - snap-confine: suppress noisy classic snap file_inherit denials
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 27 Nov 2019 12:41:07 +0100
+
+snapd (2.42.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1853244
+    - interfaces/lxd-support: Fix on core18
+    - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
+      2.4.1 now
+    - snap-seccomp: add missing clock_getres_time64
+    - cmd/snap-seccomp/syscalls: update the list of known
+      syscalls
+    - sandbox/seccomp: accept build ID generated by Go toolchain
+    - interfaces: allow access to ovs bridge sockets
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 20 Nov 2019 08:09:15 +0100
+
+snapd (2.42.1-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1846181
+    - interfaces: de-duplicate emitted update-ns profiles
+    - packaging: tweak handling of usr.lib.snapd.snap-confine
+    - interfaces: allow introspecting network-manager on core
+    - tests/main/interfaces-contacts-service: disable on openSUSE
+      Tumbleweed
+    - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
+    - snap: fix default-provider in seed validation
+    - tests: update system-usernames test now that opensuse-15.1 works
+    - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
+    - gadget: rename "boot{select,img}" -> system-boot-{select,image}
+    - tests: listing test, make accepted snapd/core versions consistent
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 30 Oct 2019 13:17:43 +0100
+
+snapd (2.42-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 01 Oct 2019 11:40:58 +0200
+
+snapd (2.41-1) unstable; urgency=medium
+
+  [ Michael Vogt ]
+  * New upstream release, LP: #1840740
+
+  [ Jamie Strandboge ]
+  * debian/control: Depends on apparmor >= 2.10.95-5 instead of
+    2.10.95-0ubuntu2.2 since 2.10.95-5 in Debian is the first version to have
+    all the patches that 2.10.95-0ubuntu2.2 in Ubuntu brought.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 30 Aug 2019 08:53:57 +0200
+
+snapd (2.40-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Michael Vogt <mvo@debian.org>  Tue, 23 Jul 2019 15:38:36 +0200
+
+snapd (2.39.3-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1827495
+    - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
+    - spread: run tests against openSUSE 15.1
+    - data/selinux: fix policy for snaps with bases and classic snaps
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 21 Jun 2019 09:06:01 +0200
+
+snapd (2.39.2-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1827495
+    - debian: rework how we run autopkgtests
+    - interfaces/docker-support: add overlayfs accesses for ubuntu core
+    - data/selinux: permit init_t to remount snappy_snap_t
+    - strutil/shlex: fix ineffassign
+    - packaging: fix build-depends on powerpc
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 05 Jun 2019 08:46:14 +0200
+
+snapd (2.39-1) unstable; urgency=medium
+
+   * New upstream release
+   * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
+     fixed upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 28 Feb 2019 18:21:26 +0100
+
+snapd (2.39.1-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 May 2019 12:08:43 +0200
+
+snapd (2.38-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 21 Mar 2019 11:02:04 +0100
+
+snapd (2.37.4-1) unstable; urgency=medium
+
+  * New upstream release
+  * d/patches0008-snap-squashsh-skip-TestBuildDate-on-Debian.patch: drop,
+    fixed upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 28 Feb 2019 18:21:26 +0100
+
+snapd (2.37.3-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 19 Feb 2019 13:46:24 +0100
+
+snapd (2.37.2-1) unstable; urgency=medium
+
+  * New upstream releease. 
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 07 Feb 2019 21:26:34 +1300
+
+snapd (2.37.1-1) unstable; urgency=medium
+
+  * New upstream release.
+  * d/patches/0009-interfaces-apparmor-mock-presence-of-overlayfs-root.patch:
+    applied upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 29 Jan 2019 19:24:35 +0100
+
+snapd (2.37-3) unstable; urgency=medium
+
+  * Fix --no-arch-any build.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 24 Jan 2019 16:11:17 +1300
+
+snapd (2.37-2) unstable; urgency=medium
+
+  * d/patches/0010-man-page-sections.patch: fix a couple of instances of the
+    lintian warning 'manpage-section-mismatch'.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Thu, 24 Jan 2019 09:52:09 +1300
+
+snapd (2.37-1) unstable; urgency=medium
+
+  [ Michael Hudson-Doyle ]
+  * New upstream version.
+  * d/control: make myself Maintainer, use my Debian address, update Vcs-* to
+    point to salsa.
+  * Add new build-dependencies.
+  * d/watch: update to download new upstream-provided no-vendor tarballs.
+  * d/patches: refresh/drop.
+  * d/patches/no-snapfuse.patch: do not depend on snapfuse fork of squashfuse.
+  * d/patches/upstram-bolt.patch: use upstream version of boltdb.
+  * d/patches/systemd-activation-compat.patch: compatibility for the
+    newer go-systemd in debian
+
+  [ Ondřej Nový ]
+  * d/copyright: Use https protocol in Format field
+  * d/changelog: Remove trailing whitespaces
+
+  [ Zygmunt Krynicki ]
+  * Update unreleased package to 2.37
+  * Drop and recreate all patches
+  * Add patches for failing unit tests
+  * Reconcile packaging with snapd upstream
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Tue, 22 Jan 2019 12:39:58 +0100
+
+snapd (2.30-5) unstable; urgency=medium
+
+  * Team upload.
+  * add fix-pkg-config-line.patch to fix FTBFS
+  * Set XS-Go-Import-Path
+
+ -- Michael Stapelberg <stapelberg@debian.org>  Sat, 10 Feb 2018 23:18:15 +0100
+
+snapd (2.30-4) unstable; urgency=medium
+
+  * Fix Built-Using computation on Debian.
+  * Add d/patches/disable-TestDoRequestSerialErrorsOnNoHost.patch to disable
+    a flaky test.
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 16 Jan 2018 13:02:31 +1300
+
+snapd (2.30-3) unstable; urgency=medium
+
+  * Fix arch builds again, sigh,
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 09 Jan 2018 13:56:48 +1300
+
+snapd (2.30-2) unstable; urgency=medium
+
+  * Fix arch-all-only build. (Closes: 886431)
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 09 Jan 2018 10:48:20 +1300
+
+snapd (2.30-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Remove several patches:
+    - 0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch: included in
+      release.
+    - apparmor-compat.patch, no-reexec-on-debian.patch: Removed as upstream
+      now implements a better solution to the problem.
+    - pb.v1-canonical-path.patch: applied upstream.
+  * Stop installing udev/rules.d/80-snappy-assign.rules, gone upstream
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Fri, 05 Jan 2018 09:39:07 +1300
+
+snapd (2.28.5) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - snap-confine: cleanup broken nvidia udev tags
+    - cmd/snap-confine: update valid security tag regexp
+    - overlord/ifacestate: refresh udev backend on startup
+    - dbus: ensure io.snapcraft.Launcher.service is created on re-
+      exec
+    - snap-confine: add support for handling /dev/nvidia-modeset
+    - interfaces/network-control: remove incorrect rules for tun
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 Oct 2017 23:25:46 +0200
+
+snapd (2.28.4) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - interfaces/opengl: don't udev tag nvidia devices and use snap-
+      confine instead
+    - debian: fix replaces/breaks for snap-xdg-open (thanks to apw!)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 11 Oct 2017 19:40:57 +0200
+
+snapd (2.28.3) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - interfaces/lxd: lxd slot implementation can also be an app
+      snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 11 Oct 2017 08:20:26 +0200
+
+snapd (2.28.2) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - interfaces: fix udev rules for tun
+    - release,cmd,dirs: Redo the distro checks to take into account
+      distribution families
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 10 Oct 2017 18:39:58 +0200
+
+snapd (2.28.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - snap-confine: update apparmor rules for fedora based basesnaps
+    - snapstate: rename refresh hook to post-refresh for consistency
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 27 Sep 2017 17:59:49 -0400
+
+snapd (2.28) xenial; urgency=medium
+
+  * New upstream release, LP: #1714984
+    - hooks: rename refresh to after-refresh
+    - snap-confine: bind mount /usr/lib/snapd relative to snap-confine
+    - cmd,dirs: treat "liri" the same way as "arch"
+    - snap-confine: fix base snaps on core
+    - hooks: substitute env vars when executing hooks
+    - interfaces: updates for default, browser-support, desktop, opengl,
+      upower and stub-resolv.conf
+    - cmd,dirs: treat manjaro the same as arch
+    - systemd: do not run auto-import and repair services on classic
+    - packaging/fedora: Ensure vendor/ is empty for builds and fix spec
+      to build current master
+    - many: fix TestSetConfNumber missing an Unlock and other fragility
+      improvements
+    - osutil: adjust StreamCommand tests for golang 1.9
+    - daemon: allow polkit authorisation to install/remove snaps
+    - tests: make TestCmdWatch more robust
+    - debian: improve package description
+    - interfaces: add netlink kobject uevent to hardware observe
+    - debian: update trusted account-keys check on 14.04 packaging
+    - interfaces/network-{control,observe}: allow receiving
+      kobject_uevent() messages
+    - tests: fix lxd test for external backend
+    - snap-confine,snap-update-ns: add -no-pie to fix FTBFS on
+      go1.7,ppc64
+    - corecfg: mock "systemctl" in all corecfg tests
+    - tests: fix unit tests on Ubuntu 14.04
+    - debian: add missing flags when building static snap-exec
+    - many: end-to-end support for the bare base snap
+    - overlord/snapstate: SetRootDir from SetUpTest, not in just some
+      tests
+    - store: have an ad-hoc method on cfg to get its list of uris for
+      tests
+    - daemon: let client decide whether to allow interactive auth via
+      polkit
+    - client,daemon,snap,store: add license field
+    - overlord/snapstate: rename HasCurrent to IsInstalled, remove
+      superfluous/misleading check from All
+    - cmd/snap: SetRootDir from SetUpTest, not in just some individual
+      tests.
+    - systemd: rename snap-repair.{service,timer} to snapd.snap-
+      repair.{service,timer}
+    - snap-seccomp: remove use of x/net/bpf from tests
+    - httputil: more naive per go version way to recreate a default
+      transport for tls reconfig
+    - cmd/snap-seccomp/main_test.go: add one more syscall for arm64
+    - interfaces/opengl: use == to compare, not =
+    - cmd/snap-seccomp/main_test.go: add syscalls for armhf and arm64
+    - cmd/snap-repair: track and use a lower bound for the time for
+      TLS checks
+    - interfaces: expose bluez interface on classic OS
+    - snap-seccomp: add in-kernel bpf tests
+    - overlord: always try to get a serial, lazily on classic
+    - tests: add nmcli regression test
+    - tests: deal with __PNR_chown on aarch64 to fix FTBFS on arm64
+    - tests: add autopilot-introspection interface test
+    - vendor: fix artifact from manually editing vendor/vendor.json
+    - tests: rename complexion to test-snapd-complexion
+    - interfaces: add desktop and desktop-legacy
+      interfaces/desktop: add new 'desktop' interface for modern DEs
+      interfaces/builtin/desktop_test.go: use modern testing techniques
+      interfaces/wayland: allow read on /etc/drirc for Plasma desktop
+      interfaces/desktop-legacy: add new 'legacy' interface (currently
+      for a11y and input)
+    - tests: fix race in snap userd test
+    - devices/iio: add read/write for missing sysfs entries
+    - spread: don't set HTTPS?_PROXY for linode
+    - cmd/snap-repair: check signatures of repairs from Next
+    - env: set XDG_DATA_DIRS for wayland et.al.
+    - interfaces/{default,account-control}: Use username/group instead
+      of uid/gid
+    - interfaces/builtin: use udev tagging more broadly
+    - tests: add basic lxd test
+    - wrappers: ensure bash completion snaps install on core
+    - vendor: use old golang.org/x/crypto/ssh/terminal to build on
+      powerpc again
+    - docs: add PULL_REQUEST_TEMPLATE.md
+    - interfaces: fix network-manager plug
+    - hooks: do not error out when hook is optional and no hook handler
+      is registered
+    - cmd/snap: add userd command to replace snapd-xdg-open
+    - tests: new regex used to validate the core version on extra snaps
+      ass...
+    - snap: add new `snap switch` command
+    - tests: wait more and more debug info about fakestore start issues
+    - apparmor,release: add better apparmor detection/mocking code
+    - interfaces/i2c: adjust sysfs rule for alternate paths
+    - interfaces/apparmor: add missing call to dirs.SetRootDir
+    - cmd: "make hack" now also installs snap-update-ns
+    - tests: copy files with less verbosity
+    - cmd/snap-confine: allow using additional libraries required by
+      openSUSE
+    - packaging/fedora: Merge changes from Fedora Dist-Git
+    - snapstate: improve the error message when classic confinement is
+      not supported
+    - tests: add test to ensure amd64 can run i386 syscall binaries
+    - tests: adding extra info for fakestore when fails to start
+    - tests: install most important snaps
+    - cmd/snap-repair: more test coverage of filtering
+    - squashfs: remove runCommand/runCommandWithOutput as we do not need
+      it
+    - cmd/snap-repair: ignore superseded revisions, filter on arch and
+      models
+    - hooks: support for refresh hook
+    - Partial revert "overlord/devicestate, store: update device auth
+      endpoints URLs"
+    - cmd/snap-confine: allow reading /proc/filesystems
+    - cmd/snap-confine: genearlize apparmor profile for various lib
+      layout
+    - corecfg: fix proxy.* writing and add integration test
+    - corecfg: deal with system.power-key-action="" correctly
+    - vendor: update vendor.json after (presumed) manual edits
+    - cmd/snap: in `snap info`, don't print a newline between tracks
+    - daemon: add polkit support to /v2/login
+    - snapd,snapctl: decode json using Number
+    - client: fix go vet 1.7 errors
+    - tests: make 17.04 shellcheck clean
+    - tests: remove TestInterfacesHelp as it breaks when go-flags
+      changes
+    - snapstate: undo a daemon restart on classic if needed
+    - cmd/snap-repair: recover brand/model from
+      /var/lib/snapd/seed/assertions checking signatures and brand
+      account
+    - spread: opt into unsafe IO during spread tests
+    - snap-repair: update snap-repair/runner_test.go for API change in
+      makeMockServer
+    - cmd/snap-repair: skeleton code around actually running a repair
+    - tests: wait until the port is listening after start the fake store
+    - corecfg: fix typo in tests
+    - cmd/snap-repair: test that redirects works during fetching
+    - osutil: honor SNAPD_UNSAFE_IO for testing
+    - vendor: explode and make more precise our golang.go/x/crypto deps,
+      use same version as Debian unstable
+    - many: sanitize NewStoreStack signature, have shared default store
+      test private keys
+    - systemd: disable `Nice=-5` to fix error when running inside lxd
+    - spread.yaml: update delta ref to 2.27
+    - cmd/snap-repair: use E-Tags when refetching a repair to retry
+    - interfaces/many: updates based on chromium and mrrescue denials
+    - cmd/snap-repair: implement most logic to get the next repair to
+      run/retry in a brand sequence
+    - asserts/assertstest: copy headers in SigningDB.Sign
+    - interfaces: convert uhid to common interface and test cases
+      improvement for time_control and opengl
+    - many tests: move all panicing fake store methods to a common place
+    - asserts: add store assertion type
+    - interfaces: don't crash if content slot has no attributes
+    - debian: do not build with -buildmode=pie on i386
+    - wrappers: symlink completion snippets when symlinking binaries
+    - tests: adding more debug information for the interfaces-cups-
+      control …
+    - apparmor: pass --quiet to parser on load unless SNAPD_DEBUG is set
+    - many: allow and support serials signed by the 'generic' authority
+      instead of the brand
+    - corecfg: add proxy configuration via `snap set core
+      proxy.{http,https,ftp}=...`
+    - interfaces: a bunch of interfaces test improvement
+    - tests: enable regression and completion suites for opensuse
+    - tests: installing snapd for nested test suite
+    - interfaces: convert lxd_support to common iface
+    - interfaces: add missing test for camera interface.
+    - snap: add support for parsing snap layout section
+    - cmd/snap-repair: like for downloads we cannot have a timeout (at
+      least for now), less aggressive retry strategies
+    - overlord: rely on more conservative ensure interval
+    - overlord,store: no piles of return args for methods gathering
+      device session request params
+    - overlord,store: send model assertion when setting up device
+      sessions
+    - interfaces/misc: updates for unity7/x11, browser-
+      support, network-control and mount-observe
+      interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
+      interfaces/browser-support: update sysfs reads for
+      newer browser versions, interfaces/network-control: rw for
+      ieee80211 advanced wireless interfaces/mount-observe: allow read
+      on sysfs entries for block devices
+    - tests: use dnf --refresh install to avert stale cache
+    - osutil: ensure TestLockUnlockWorks uses supported flock
+    - interfaces: convert lxd to common iface
+    - tests: restart snapd to ensure re-exec settings are applied
+    - tests: fix interfaces-cups-control test
+    - interfaces: improve and tweak bunch of interfaces test cases.
+    - tests: adding extra worker for fedora
+    - asserts,overlord/devicestate: support predefined assertions that
+      don't establish foundational trust
+    - interfaces: convert two hardware_random interfaces to common iface
+    - interfaces: convert io_ports_control to common iface
+    - tests: fix for  upgrade test on fedora
+    - daemon, client, cmd/snap: implement snap start/stop/restart
+    - cmd/snap-confine: set _FILE_OFFSET_BITS to 64
+    - interfaces: covert framebuffer to commonInterface
+    - interfaces: convert joystick to common iface
+    - interfaces/builtin: add the spi interface
+    - wrappers, overlord/snapstate/backend: make link-snap clean up on
+      failure.
+    - interfaces/wayland: add wayland interface
+    - interfaces: convert kvm to common iface
+    - tests: extend upower-observe test to cover snaps providing slots
+    - tests: enable main suite for opensuse
+    - interfaces: convert physical_memory_observe to common iface
+    - interfaces: add missing test for optical_drive interface.
+    - interfaces: convert physical_memory_control to common iface
+    - interfaces: convert ppp to common iface
+    - interfaces: convert time-control to common iface
+    - tests: fix failover test
+    - interfaces/builtin: rework for avahi interface
+    - interfaces: convert broadcom-asic-control to common iface
+    - snap/snapenv: document the use of CoreSnapMountDir for SNAP
+    - packaging/arch: drop patches merged into master
+    - cmd: fix mustUnsetenv docstring (thanks to Chipaca)
+    - release: remove default from VERSION_ID
+    - tests: enable regression, upgrade and completion test suites for
+      fedora
+    - tests: restore interfaces-account-control properly
+    - overlord/devicestate, store: update device auth endpoints URLs
+    - tests: fix install-hook test failure
+    - tests: download core and ubuntu-core at most once
+    - interfaces: add common support for udev
+    - overlord/devicestate: fix, don't assume that the serial is backed
+      by a 1-key chain
+    - cmd/snap-confine: don't share /etc/nsswitch from host
+    - store: do not resume a download when we already have the whole
+      thing
+    - many: implement "snap logs"
+    - store: don't call useDeltas() twice in quick succession
+    - interfaces/builtin: add kvm interface
+    - snap/snapenv: always expect /snap for $SNAP
+    - cmd: mark arch as non-reexecing distro
+    - cmd: fix tests that assume /snap mount
+    - gitignore: ignore more build artefacts
+    - packaging: add current arch packaging
+    - interfaces/unity7: allow receiving media key events in (at least)
+      gnome-shell
+    - interfaces/many, cmd/snap-confine: miscellaneous policy updates
+    - interfaces/builtin: implement broadcom-asic-control interface
+    - interfaces/builtin: reduce duplication and remove cruft in
+      Sanitize{Plug,Slot}
+    - tests: apply underscore convention for SNAPMOUNTDIR variable
+    - interfaces/greengrass-support: adjust accesses now that have
+      working snap
+    - daemon, client, cmd/snap: implement "snap services"
+    - tests: fix refresh tests not stopping fake store for fedora
+    - many: add the interface command
+    - overlord/snapstate/backend: some copydata improvements
+    - many: support querying and completing assertion type names
+    - interfaces/builtin: discard empty Validate{Plug,Slot}
+    - cmd/snap-repair:  start of Runner, implement first pass of Peek
+      and Fetch
+    - tests: enable main suite on fedora
+    - snap: do not always quote the snap info summary
+    - vendor: update go-flags to address crash in "snap debug"
+    - interfaces: opengl support pci device and vendor
+    - many: start implenting "base" snap type on the snapd side
+    - arch,release: map armv6 correctly
+    - many: expose service status in 'snap info'
+    - tests: add browser-support interface test
+    - tests: disable snapd-notify for the external backend
+    - interfaces: Add /run/uuid/request to openvswitch
+    - interfaces: add password-manager-service implicit classic
+      interface
+    - cmd: rework reexec detection
+    - cmd: fix re-exec bug when starting from snapd 2.21
+    - tests: dependency packages installed during prepare-project
+    - tests: remove unneeded check for re-exec in InternalToolPath()
+    - cmd,tests: fix classic confinement confusing re-execution code
+    - store: configurable base api
+    - tests: fix how package lists are updated for opensuse and fedora
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 25 Sep 2017 12:07:34 -0400
+
+snapd (2.27.6-2) unstable; urgency=medium
+
+  * Add d/patches/0001-osutil-adjust-StreamCommand-tests-for-golang-1.9.patch
+    to fix FTBFS with Go 1.9. (Closes: #876867)
+
+ -- Michael Hudson-Doyle <mwhudson@debian.org>  Tue, 26 Sep 2017 13:41:53 -0400
+
+snapd (2.27.6-1) unstable; urgency=medium
+
+  * New upstream release, LP: #1703798:
+    - interfaces: add udev netlink support to hardware-observe
+    - interfaces/network-{control,observe}: allow receiving
+      kobject_uevent() messages
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Fri, 08 Sep 2017 00:03:18 +0200
+
+snapd (2.27.5-1) unstable; urgency=medium
+
+  * New upstream release.
+    - interfaces: fix network-manager plug regression
+    - hooks: do not error when hook handler is not registered
+    - interfaces/alsa,pulseaudio: allow read on udev data for sound
+    - interfaces/optical-drive: read access to udev data for /dev/scd*
+    - interfaces/browser-support: read on /proc/vmstat and misc udev data
+
+ -- Zygmunt Krynicki <me@zygoon.pl>  Thu, 31 Aug 2017 10:11:20 +0200
+
+snapd (2.27.4-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Enable seccomp.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 24 Aug 2017 22:12:52 +1200
+
+snapd (2.27.2-2) unstable; urgency=medium
+
+  * Fix re-exec test failure.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Fri, 18 Aug 2017 11:37:47 +1200
+
+snapd (2.27.2-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Stop using single-debian-patch, split delta into separate patches.
+  * Allow confining snap-confine even when --disable-apparmor is used.
+  * Pass --enable-static-libcap to cmd/configure, as was always the intention.
+  * Disable re-exec on Debian until core snap can cope with a partial apparmor
+    implementation. (Closes: #851473)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Fri, 18 Aug 2017 11:00:31 +1200
+
+snapd (2.27.1-1) unstable; urgency=medium
+
+  * New upstream release. (Closes: #868959, #869268, #872071)
+  * New changes to upstream sources:
+    - Disable cmd/snap-seccomp tests as they depend on an unpackaged fork of
+      golang/x/net.
+    - Use upstream version of libseccomp-golang.
+  * Do not install ancient ubuntu-core-launcher symlink.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 14 Aug 2017 21:53:09 +1200
+
+snapd (2.27.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1703798:
+    - tests: use dnf --refresh install to avert stale cache
+    - tests: fix test failure on 14.04 due to old version of
+      flock
+    - updates for unity7/x11, browser-support, network-control,
+      mount-observe
+    - interfaces/unity7,x11: update for NETLINK_KOBJECT_UEVENT
+    - interfaces/browser-support: update sysfs reads for
+      newer browser versions
+    - interfaces/network-control: rw for ieee80211 advanced wireless
+    - interfaces/mount-observe: allow read on sysfs entries for block
+      devices
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 14 Aug 2017 08:02:17 +0200
+
+snapd (2.27) xenial; urgency=medium
+
+  * New upstream release, LP: #1703798
+    - fix build failure on 32bit fedora
+    - interfaces: add password-manager-service implicit classic interface
+    - interfaces/greengrass-support: adjust accesses now that have working
+      snap
+    - interfaces/many, cmd/snap-confine: miscellaneous policy updates
+    - interfaces/unity7: allow receiving media key events in (at least)
+      gnome-shell
+    - cmd: fix re-exec bug when starting from snapd 2.21
+    - tests: restore interfaces-account-control properly
+    - cmd: fix tests that assume /snap mount
+    - cmd: mark arch as non-reexecing distro
+    - snap-confine: don't share /etc/nsswitch from host
+    - store: talk to api.snapcraft.io for purchases
+    - hooks: support for install and remove hooks
+    - packaging: fix Fedora support
+    - tests: add bluetooth-control interface test
+    - store: talk to api.snapcraft.io for assertions
+    - tests: remove snapd before building from branch
+    - tests: add avahi-observe interface test
+    - store: orders API now checks if customer is ready
+    - cmd/snap: snap find only searches stable
+    - interfaces: updates default, mir, optical-observe, system-observe,
+      screen-inhibit-control and unity7
+    - tests: speedup prepare statement part 1
+    - store: do not send empty refresh requests
+    - asserts: fix error handling in snap-developer consistency check
+    - systemd: add explicit sync to snapd.core-fixup.sh
+    - snapd: generate snap cookies on startup
+    - cmd,client,daemon: expose "force devmode" in sysinfo
+    - many: introduce and use strutil.ListContains and also
+      strutil.SortedListContains
+    - assserts,overlord/assertstate: test we don't accept chains of
+      assertions founded on a self-signed key coming externally
+    - interfaces: enable access to bridge settings
+    - interfaces: fix copy-pasted iio vs io in io-ports-control
+    - cmd/snap-confine: various small fixes and tweaks to seccomp
+      support code
+    - interfaces: bring back seccomp argument filtering
+    - systemd, osutil: rework systemd logs in preparation for services
+      commands
+    - tests: store /etc/systemd/system/snap-*core*.mount in snapd-
+      state.tar.gz
+    - tests: shellcheck improvements for tests/main tasks - first set of
+      tests
+    - cmd/snap: `--last` for abort and watch, and aliases
+      (search→find, change→tasks)
+    - tests: shellcheck improvements for tests/lib scripts
+    - tests: create ramdisk if it's not present
+    - tests: shellcheck improvements for nightly upgrade and regressions
+      tests
+    - snapd: fix for snapctl get panic on null config values.
+    - tests: fix for rng-tools service not restarting
+    - systemd: add snapd.core-fixup.service unit
+    - cmd: avoid using current symlink in InternalToolPath
+    - tests: fix timeout issue for test refresh core with hanging …
+    - intefaces: control bridged vlan/ppoe-tagged traffic
+    - cmd/snap: include snap type in notes
+    - overlord/state: Abort() only visits each task once
+    - tests: extend find-private test to cover more cases
+    - snap-seccomp: skip socket() tests on systems that use socketcall()
+      instead of socket()
+    - many: support snap title as localized/title-cased name
+    - snap-seccomp: deal with mknod on aarch64 in the seccomp tests
+    - interfaces: put base policy fragments inside each interface
+    - asserts: introduce NewDecoderWithTypeMaxBodySize
+    - tests: fix snapd-notify when it takes more time to restart
+    - snap-seccomp: fix snap-seccomp tests in artful
+    - tests: fix for create-key task to avoid rng-tools service ramains
+      alive
+    - snap-seccomp: make sure snap-seccomp writes the bpf file
+      atomically
+    - tests: do not disable ipv6 on core systems
+    - arch: the kernel architecture name is armv7l instead of armv7
+    - snap-confine: ensure snap-confine waits some seconds for seccomp
+      security profiles
+    - tests: shellcheck improvements for tests/nested tasks
+    - wrappers: add SyslogIdentifier to the service unit files.
+    - tests: shellcheck improvements for unit tasks
+    - asserts: implement FindManyTrusted as well
+    - asserts: open up and optimize Encoder to help avoiding unnecessary
+      copying
+    - interfaces: simplify snap-confine by just loading pre-generated
+      bpf code
+    - tests: restart rng-tools services after few seconds
+    - interfaces, tests: add mising dbus abstraction to system-observe
+      and extend spread test
+    - store: change main store host to api.snapcraft.io
+    - overlord/cmdstate: new package for running commands as tasks.
+    - spread: help libapt resolve installing libudev-dev
+    - tests: show the IP from .travis.yaml
+    - tests/main: use pkgdb function in more test cases
+    - cmd,daemon: add debug command for displaying the base policy
+    - tests: prevent quoting error on opensuse
+    - tests: fix nightly suite
+    - tests: add linode-sru backend
+    - snap-confine: validate SNAP_NAME against security tag
+    - tests: fix ipv6 disable for ubuntu-core
+    - tests: extend core-revert test to cover bluez issues
+    - interfaces/greengrass-support: add support for Amazon Greengrass
+      as a snap
+    - asserts: support timestamp and optional disabled header on repair
+    - tests: reboot after upgrading to snapd on the -proposed pocket
+    - many: fix test cases to work with different DistroLibExecDir
+    - tests: reenable help test on ubuntu and debian systems
+    - packaging/{opensuse,fedora}: allow package build with testkeys
+      included
+    - tests/lib: generalize RPM build support
+    - interfaces/builtin: sync connected slot and permanent slot snippet
+    - tests: fix snap create-key by restarting automatically rng-tools
+    - many: switch to use http numeric statuses as agreed
+    - debian: add missing  Type=notify in 14.04 packaging
+    - tests: mark interfaces-openvswitch as manual due to prepare errors
+    - debian: unify built_using between the 14.04 and 16.04 packaging
+      branch
+    - tests: pull from urandom when real entropy is not enough
+    - tests/main/manpages: install missing man package
+    - tests: add refresh --time output check
+    - debian: add missing "make -C data/systemd clean"
+    - tests: fix for upgrade test when it is repeated
+    - tests/main: use dir abstraction in a few more test cases
+    - tests/main: check for confinement in a few more interface tests
+    - spread: add fedora snap bin dir to global PATH
+    - tests: check that locale-control is not present on core
+    - many: snapctl outside hooks
+    - tests: add whoami check
+    - interfaces: compose the base declaration from interfaces
+    - tests: fix spread flaky tests linode
+    - tests,packaging: add package build support for openSUSE
+    - many: slight improvement of some snap error messaging
+    - errtracker: Include /etc/apparmor.d/usr.lib.snap-confine md5sum in
+      err reports
+    - tests: fix for the test postrm-purge
+    - tests: restoring the /etc/environment and service units config for
+      each test
+    - daemon: make snapd a "Type=notify" daemon and notify when startup
+      is done
+    - cmd/snap-confine: add support for --base snap
+    - many: derive implicit slots from interface meta-data
+    - tests: add core revert test
+    - tests,packaging: add package build support for Fedora for our
+      spread setup
+    - interfaces: move base declaration to the policy sub-package
+    - tests: fix for snapd-reexec test cheking for restart info on debug
+      log
+    - tests: show available entropy on error
+    - tests: clean journalctl logs on trusty
+    - tests: fix econnreset on staging
+    - tests: modify core before calling set
+    - tests: add snap-confine privilege test
+    - tests: add staging snap-id
+    - interfaces/builtin: silence ptrace denial for network-manager
+    - tests: add alsa interface spread test
+    - tests: prefer ipv4 over ipv6
+    - tests: fix for econnreset test checking that the download already
+      started
+    - httputil,store: extract retry code to httputil, reorg usages
+    - errtracker: report if snapd did re-execute itself
+    - errtracker: include bits of snap-confine apparmor profile
+    - tests: take into account staging snap-ids for snap-info
+    - cmd: add stub new snap-repair command and add timer
+    - many: stop "snap refresh $x --channel invalid" from working
+    - interfaces: revert "interfaces: re-add reverted ioctl and quotactl
+    - snapstate: consider connect/disconnect tasks in
+      CheckChangeConflict.
+    - interfaces: disable "mknod |N" in the default seccomp template
+      again
+    - interfaces,overlord/ifacestate: make sure installing slots after
+      plugs works similarly to plugs after slots
+    - interfaces/seccomp: add bind() syscall for forced-devmode systems
+    - packaging/fedora: Sync packaging from Fedora Dist-Git
+    - tests: move static and unit tests to spread task
+    - many: error types should be called FooError, not ErrFoo.
+    - partition: add directory sync to the save uboot.env file code
+    - cmd: test everything (100% coverage \o/)
+    - many: make shell scripts shellcheck-clean
+    - tests: remove additional setup for docker on core
+    - interfaces: add summary to each interface
+    - many: remove interface meta-data from list of connections
+    - logger (& many more, to accommodate): drop explicit syslog.
+    - packaging: import packaging bits for opensuse
+    - snapstate,many: implement snap install --unaliased
+    - tests/lib: abstract build dependency installation a bit more
+    - interfaces, osutil: move flock code from interfaces/mount to
+      osutil
+    - cmd: auto import assertions only from ext4,vfat file systems
+    - many: refactor in preparation for 'snap start'
+    - overlord/snapstate: have an explicit code path last-refresh
+      unset/zero => immediately refresh try
+    - tests: fixes for executions using the staging store
+    - tests: use pollinate to seed the rng
+    - cmd/snap,tests: show the sha3-384 of the snap for snap info
+      --verbose SNAP-FILE
+    - asserts: simplify and adjust repair assertion definition
+    - cmd/snap,tests: show the snap id if available in snap info
+    - daemon,overlord/auth: store from model assertion wins
+    - cmd/snap,tests/main: add confinement switch instead of spread
+      system blacklisting
+    - many: cleanup MockCommands and don't leave a process around after
+      hookstate tests
+    - tests: update listing test to the core version number schema
+    - interfaces: allow snaps to use the timedatectl utility
+    - packaging: Add Fedora packaging files
+    - tests/libs: add distro_auto_remove_packages function
+    - cmd/snap: correct devmode note for anomalous state
+    - tests/main/snap-info: use proper pkgdb functions to install distro
+      packages
+    - tests/lib: use mktemp instead of tempfile to work cross-distro
+    - tests: abstract common dirs which differ on distributions
+    - many: model and expose interface meta-data.
+    - overlord: make config defaults from gadget work also at first boot
+    - interfaces/log-observe: allow using journalctl from hostfs for
+      classic distro
+    - partition,snap: add support for android boot
+    - errtracker: small simplification around readMachineID
+    - snap-confine: move rm_rf_tmp to test-utils.
+    - tests/lib: introduce pkgdb helper library
+    - errtracker: try multiple paths to read machine-id
+    - overlord/hooks: make sure only one hook for given snap is executed
+      at a time.
+    - cmd/snap-confine: use SNAP_MOUNT_DIR to setup /snap inside the
+      confinement env
+    - tests: bump kill-timeout and remove quiet call on build
+    - tests/lib/snaps: add a test store snap with a passthrough
+      configure hook
+    - daemon: teach the daemon to wait on active connections when
+      shutting down
+    - tests: remove unit tests task
+    - tests/main/completion: source from /usr/share/bash-completion
+    - assertions: add "repair" assertion
+    - interfaces/seccomp: document Backend.NewSpecification
+    - wrappers: make StartSnapServices cleanup any services that were
+      added if a later one fails
+    - overlord/snapstate: avoid creating command aliases for daemons
+    - vendor: remove unused packages
+    - vendor,partition: fix panics from uenv
+    - cmd,interfaces/mount: run snap-update-ns and snap-discard-ns from
+      core if possible
+    - daemon: do not allow to install ubuntu-core anymore
+    - wrappers: service start/stop were inconsistent
+    - tests: fix failing tests (snap core version, syslog changes)
+    - cmd/snap-update-ns: add actual implementation
+    - tests: improve entropy also for ubuntu
+    - cmd/snap-confine: use /etc/ssl from the core snap
+    - wrappers: don't convert between []byte and string needlessly.
+    - hooks: default timeout
+    - overlord/snapstate: Enable() was ignoring the flags from the
+      snap's state, resulting in losing "devmode" on disable/enable.
+    - difs,interfaces/mount: add support for locking namespaces
+    - interfaces/mount: keep track of kept mount entries
+    - tests/main: move a bunch of greps over to MATCH
+    - interfaces/builtin: make all interfaces private
+    - interfaces/mount: spell unmount correctly
+    - tests: allow 16-X.Y.Z version of core snap
+    - the timezone_control interface only allows changing /etc/timezone
+      and /etc/writable/timezone. systemd-timedated also updated the
+      link of /etc/localtime and /etc/writable/localtime ... allow
+      access to this file too
+    - cmd/snap-confine: aggregate operations holding global lock
+    - api, ifacestate: resolve disconnect early
+    - interfaces/builtin: ensure we don't register interfaces twice
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 10 Aug 2017 12:43:16 +0200
+
+snapd (2.26.14) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - cmd: fix incorrect re-exec when starting from snapd 2.21
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 20 Jul 2017 13:52:05 +0200
+
+snapd (2.26.13) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - cmd,tests: fix classic confinement confusing re-execution code
+    - cmd: fix incorrect check check for re-exec in InternalToolPath()
+    - snap-seccomp: add secondary arch for unrestricted snaps as well
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 18 Jul 2017 20:34:33 +0200
+
+snapd (2.26.10) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 17 Jul 2017 11:58:22 +0200
+
+snapd (2.26.9) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - statically link libseccomp in snap-seccomp to fix refresh issue
+      on trusty
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 12 Jul 2017 08:27:14 +0200
+
+snapd (2.26.8) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - Fix snap-seccomp tests in artful/trusty on i386/s390x/aarch64
+    - add snapd.core-fixup.service unit
+    - ensure re-exec uses the right internal tools
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 05 Jul 2017 07:48:22 +0200
+
+snapd (2.26.6) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - interfaces: allow snaps to use the timedatectl utility in
+      time-control
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 27 Jun 2017 08:36:23 +0100
+
+snapd (2.26.5) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - backport of seccomp-bpf branch to the 2.26 release to ensure snap
+      revert with new seccomp syntax works correctly
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 26 Jun 2017 15:30:15 +0100
+
+snapd (2.26.4) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - partly revert aace15ab53 to unbreak core reverts
+    - Revert "interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)"
+    - Disable "mknod |N" in the default seccomp template
+      reasons outline in https://forum.snapcraft.io/t/snapd-2-25-blocked-because-of-revert-race-condition
+    - errtracker: include bits of snap-confine apparmor profile
+    - errtracker: report if snapd did re-execute itself
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 01 Jun 2017 18:50:52 +0200
+
+snapd (2.26.3) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - cherry pick test fixes f0103a6, 9de5c8a, d7725a7 to make
+      sure the image tests are updated for the changes in the
+      `snap info core` output and the removal of the rsyslog
+      package from core.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 17 May 2017 11:31:56 +0200
+
+snapd (2.26.2) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - cherry pick d444728 to make the uboot.env file parsing more
+      robust
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 16 May 2017 18:37:07 +0200
+
+snapd (2.26.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - store: fix panic error in auth
+    - tests: the new ubuntu-image snap needs classic confinement, adjust
+      tests
+    - cmd/snap-confine: don't fail on pre 3.8 kernel
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 May 2017 21:44:27 +0200
+
+snapd (2.26) xenial; urgency=medium
+
+  * New upstream release, LP: #1690083
+    - timeutil: avoid panicking when the window is very small
+    - image: fix go vet issue
+    - overlord/ifacestate: don't spam logs with harmless auto-connect
+      messages
+    - interfaces/builtin: add network-status interface
+    - interfaces/builtin: add online-accounts-service interface
+    - interfaces/builtin: distribute code of touching allInterfaces
+    - interfaces: API additions for interface hooks
+    - interfaces/builtin: add storage-framework-service interface
+    - tests: disable create-key test on ppc64el for artful (expect not
+      working)
+    - snap: make `snap prepare-image --extra-snaps` derive side info
+    - tests: unify tests/{main/completion,completion}/lib.exp0
+    - cmd/snap: tweak info channels output
+    - interfaces: ensure that legacy interface methods are unused
+    - packaging: cleanup how built-using is generated
+    - tests: extend kernel-module-control interface test
+    - interfaces/network: workaround Go's need for NETLINK_ROUTE with
+      'net'.
+    - cmd/snap-confine: use defensive argument parser
+    - tests: add test for empty snap name on revert
+    - overlord/hookstate: remove unused Context.timeout
+    - tests: additional setup in docker test for core systems
+    - configstate: return error if patch is invalid
+    - interfaces: add random interface
+    - store, daemon, client, cmd/snap: handle PASSWORD_POLICY_ERROR
+    - cmd/snap, client: add "whoami" command
+    - cmd/snap: iterate interface tab completion
+    - snap: move locale-control to only be present on classic
+    - interfaces/browser-support: deny read on squashfs backing files
+      and LVM vg names
+    - tests: wait for the docker socket to be listening
+    - snap: add `snap refresh --time` option
+    - tests: re-enable and moderninze /media sharing test
+    - cmd: make rst2man optional
+    - tests: remove quoting from [[ ]] when globs
+    - interfaces: allow plugging DBus clients to introspect the slot
+      service
+    - packaging/ubuntu*/changelog: drop extra dash
+    - snap-confine: init the ENTRY variable, coverity is unhappy
+      otherwise
+    - cmd/snap-confine/spread-tests: discard useless --version test
+    - spread: add spread target qemu:debian-9-64
+    - interfaces: mediate netlink sockets via seccomp
+    - tests,cmd/snap-confine: port older snapd-discard-ns tests
+    - cmd/snap-confine/tests: fix shellcheck on recently added files
+    - tests/upgrade: force install core snap from beta for debian
+    - overlord/snapstate/backend,interfaces/mount: move ns management
+      code.
+    - tests: extend network-control spread test to cope with network
+      namespaces
+    - tests: fail early in the spread suite if trying to run it inside a
+      container
+    - tests: set ownership of $PROJECT_PATH for the external backend
+    - tests: specify the auto-refreshable snap being tested
+    - many: fix tests with go1.8 / artful
+    - fix for tests: debian does not have /snap/bin in secure_path so
+      sudo
+    - snap: support for snap tasks --last=...
+    - cmd/snap-confine: remove obsolete debug message
+    - address review feedback, add a lot of comments :-), call
+      shellcheck on the completion scripts, fix a bug in compopt
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 May 2017 10:05:44 +0200
+
+snapd (2.25) xenial; urgency=medium
+
+  * New upstream release, LP: #1686713
+    - interfaces/default: allow mknod for regular files, pipes and
+      sockets
+    - many: use "SNAP.APP as ALIAS" instead of => when listing
+      added/removed aliases
+    - cmd/snap-confine: write current mount profile
+    - cmd/snap-discard-ns: remove current profile when cleaning up
+    - many: support debian in our CI
+    - tests: tweak time for econnreset test a bit more
+    - cmd/snap-confine: re-enable re-assciate fix for CE
+    - many: aliases v2 cleanups
+    - cmd/snap-confine: don't use apparmor if it is disabled on boot
+    - many: implement `snap prefer <snap>`  (aliases v2)
+    - many: adjust /aliases and "snap aliases" to aliases v2, also some
+      cleanup
+    - snapstate: normalize gadget defaults
+    - many: allow core refresh.schedule setting
+    - many: show alias changes on snap alias/unalias (aliases v2)
+    - client,cmd/snap: improve messaging on --devmode and --classic
+    - many: implement `snap unalias <alias-or-snap>` (aliases v2)
+    - store: retry on connection reset
+    - interfaces/mount: add Change.Perform
+    - tests: add openvswitch interface spread test
+    - interfaces/i2c: allow modifying device-specific sysfs entries
+    - interfaces: allow writing to /run/systemd/journal/stdout by
+      default
+    - tests: ensure travis fails early if static checks fail
+    - store,daemon: make store interpret channel="" as stable in most
+      cases
+    - overlord/snapstate: make UpdateAliases idempotent, simplify the
+      backend interface bits for aliases not used anymore (aliases v2)
+    - many: implement snap alias <snap.app> <alias> (aliases v2)
+    - snap-confine: add code to ensure that / or /snap is mounted
+      "shared"
+    - many: show available "tracks" in `snap info`
+    - cmd/snap: make users Xauthority file available in snap environment
+    - interfaces/mount: write current fstab files with mode 0644
+    - overlord: switch to aliases v2 tasks for install/refresh etc ops
+      plus transition
+    - tests: parameterize gadget snap channel (#3117)
+    - tests: copy .real profile as .real
+    - tests: add empty initrd failover test
+    - many: mount squashfs as read-only
+    - cmd: make locking around namespaces explicit
+    - tests: address review comments from #3186
+    - tests: add dbus interface spread test
+    - interfaces/mount: add ReadMountInfo and LoadMountInfo
+    - snap: require snap name for 'revert'
+    - overlord: maintain per-revision snapshots of snap configuration
+    - tests: relax network-bind interface regexps
+    - interfaces: re-add reverted ioctl and quotactl (revert 21bc6b9f)
+    - store: retry once on hashsum mismatches in a Download()
+    - interfaces/builtin: don't panic if content plug has nil attrs
+    - interfaces/mount: pass mount.Profile to mount.NeededChanges
+    - packaging: add `built-using` header for 16.04 packaging
+    - interfaces: add media-hub interface
+    - interfaces/builtin: allow full access to properties iface of the
+      udisks service
+    - tests: handle case when both .real and plain are present
+    - interfaces/mount: add Change.String for readable output
+    - tests: ensure we mock force dev mode as well to fix FTBFS in
+      sbuild
+    - store: add more logs around retry in download
+    - interfaces/mount: add stub Change.{Needed,Perform}
+    - tests: allow installing snapd from -proposed for SRU validation
+    - interfaces/mount: parse mount options to map[string]string
+    - snap: added tasks subcommand
+    - tests: copy snap-confine apparmor profile into testbed
+    - interfaces/mount: improve go identifier names of mountinfo, parse
+      optional fields
+    - Arch Linux wants to respect FHS
+      (https://bugs.archlinux.org/task/53656),
+    - daemon: do not set RemoveSnapPath flag when doing a try
+    - debian: add maintscript helper to remove usr.lib.snapd.snap-
+      confine in snap-confine
+    - cmd/snap-confine: don't use plain "classic" term
+    - cmd/snap-confine: set TMPDIR and TEMPDIR each time
+    - many: fixes for `go vet` in go 1.7
+    - tests: add kernel-module-control interface test
+    - overlord/snapstate: introduce tasks for aliases v2 semantics with
+      temporary names for now (aliases v2)
+    - overlord/devicestate: switch to ssh-keygen for device key
+      generation
+    - snap: skip /dev/ram from auto-import assertions to make it less
+      noisy (#3010)
+    - interfaces: add kubernetes-support interface and adjust related
+      interfaces (LP: #1664638)
+    - tests: download previous snapd package from published versions
+      instead of specific PPA
+    - snap: run snap-confine from core if snap is also running from core
+    - overlord/ifacestate: automatically rename connections on core snap
+    - many: break the /aliases mutation API with a clean 400 (aliases
+      v2)
+    - interfaces/builting: allow read-only access to /sys/module
+    - tests: add extra test after the core transition for snap get/set
+      core
+    - store: misc cleanups in tests
+    - interfaces/mount: add parser for mountinfo entries
+    - store: tests for unexpected EOF
+    - tests: fix unity test
+    - interfaces,overlord: log interface auto-connection failures
+    - cmd/snap-update-ns: add C preamble for setns
+    - interfaces: validate plug/slot uniqueness
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 28 Apr 2017 07:57:49 +0200
+
+snapd (2.24.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1681799:
+    - fix autopkgtest failures with stable core snap
+    - ensure the snap-confine transitional package cleans up
+      the no-longer-used apparmor profile to fix the kernels
+      autopkgtest failures
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 19 Apr 2017 11:54:33 +0200
+
+snapd (2.24) xenial; urgency=medium
+
+  * New upstream release, LP: #1681799:
+    - interfaces/mount: add InfoEntry type
+    - many: fix plug auto-connect during core transition
+    - interfaces: fold network bind into core support with tests
+    - .travis.yml: add option to make raw log less noisy
+    - interfaces: adjust shm accesses to use 'm' for updated mmap kernel
+      mediation
+    - many: rename two core plugs that clash with slot names
+    - snap-confine,browser-support: /dev/tty for snap-confine, misc
+      browser-support for gnome-shell
+    - store: add download test with EOF in the middle
+    - tests: adjust to look for network-bind-plug
+    - store: make hash error message more accurate
+    - overlord/snapstate: simplify AliasesStatus down to just an
+      AutoAliasesDisabled bool flag (aliases v2)
+    - errtracker: never send errtracker reports when running under
+      SNAPPY_TESTING
+    - interfaces/repo: validate slot/plug names
+    - daemon: Give the snap directories via GET /v2/system-info
+    - interfaces/unity7: support unity messaging menu
+    - interfaces/mount: add high-level Profile functions
+    - git: ignore only the cmd/Makefile{,.in}
+    - cmd: explicitly set _GNU_SOURCE and _FILE_OFFSET_BITS for xfs
+      support
+    - daemon: add desktop file location for app to the API
+    - overlord,release: disable classic snap support when not possible
+    - overlord: fix TestEnsureLoopPrune not to be so racy
+    - many: abstract path to /bin/{true,false}
+    - data/systemd: tweak data/systemd/Makefile to be slightly simpler
+    - store: handle EOF via url.Error check
+    - packaging: use templates for relevant systemd units
+    - tests: run gccgo only on ubuntu-16.04-64
+    - .travis.yml: remove travis matrix and do a single sequential run
+    - overlord/state: make sure that setting to nil a state key is
+      equivalent to deleting it
+    - tests: fix incorrect shell expression
+    - interfaces/mount: add OptsToFlags for converting arguments to
+      syscall…
+    - interfaces: add a joystick interface
+    - tests: enable docker test for more ubuntu-core systems
+    - tests: download and install additional dependencies when using
+      prepackaged snapd
+    - many: add support for partially static builds
+    - interfaces: allow slot to introspect dbus-daemon in dbus
+      interface, allow /usr/bin/arch by default
+    - interfaces/mount: fix golint issues
+    - interfaces/mount: add function for saving fstab-like file
+    - osutil: introducing GetenvInt64, like GetenvBool but Int64er.
+    - interfaces: drop udev tagging from framebuffer interface
+    - snapstate: more helpers to work with aliases state (aliases
+      v2)
+    - interfaces/mount: add function for parsing fstab-like file
+    - cmd: disable the re-associate fix as requested by jdstrand
+    - overlord/snapstate: unlock/relock the state less, especially not
+      across mutating the SnapState of a snap
+    - interfaces: allow executing ld.so (needed with new AppArmor base
+      abstraction)
+    - interfaces/mount: add function for parsing mount entries
+    - cmd: rework header check for xfs/xqm.h
+    - cmd: add poky to the list of distros which don't support reexec
+    - overlord: finish reorg, revert "be more conservative until we have
+      cut 2.23.x"
+    - cmd: select what socket to use in cmd/snap{,ctl}
+    - overlord: remove snap config values when snap is removed
+    - snapstate: introduce helper to apply to disk a alias states change
+      for a snap (aliases v2)
+    - configstate,hookstate: timeout the configure hook after 5 mins,
+      report failures to the errtracker
+    - interfaces/seccomp: add bind as part of the default seccomp policy
+      for hooks
+    - cmd: discard the C implementation of snap-update-ns
+    - tests: remove stale apt proxy leftover from cloud-init
+    - tests: move unity test to nightly suite
+    - interfaces: add support for location-observe for
+      dbus::ObjectManager session paths
+    - boot: log error in KernelOrOsRebootRequired
+    - interfaces: remove old API
+    - interfaces: use udev spec
+    - interfaces: convert systemd backend to new APIs
+    - osutil: add BootID
+    - tests: move docker test to new nightly suite
+    - interfaces/mount: compute mount changes required to transition
+      mount profiles
+    - data/selinux: add context definition for snapctl
+    - overlord: clean up organization under state packages
+    - overlord: make sure all managers packages have *state.go with the
+      main state manipulation/query APIs
+    - interfaces: use spec in the dbus backend
+    - store: download from authenticated URL if there is a device
+      session set
+    - tests: remove core_name variable
+    - interfaces: rename thumbnailer to thumbnailer-service
+    - interfaces: add chroot to base templates
+    - asserts: remove some unused things
+    - systemd: mount the squashfs with nodev
+    - overlord: when shutting down assume errors might be due to
+      cancellation so retry
+    - cmd: rename all unit tests to $command/unit-test
+    - cmd/snap: fix help string for version command
+    - asserts: don't allow revocations with other items for the same
+      developer
+    - tests: skip lp-1644439 test on older kernels
+    - interfaces: allow "sync" to be used by core support
+    - assertstate,snapstate: have assertstate.AutoAliases use the
+      "aliases" header
+    - interfaces: allow writing config.txt.tmp  in the core-support
+      interface
+    - tests: adjust network-bind test
+    - interfaces: dbus backend spec
+    - asserts: introduce a snap-declaration "aliases" header to list
+      auto aliases with explicit targets
+    - cmd: enable large file support
+    - cmd/snap: handle missing snap-confine
+    - cmd/snap-confine: re-associate with pid-1 mount namespace if
+      required
+    - cmd/libsnap: make mountinfo structures public
+    - tests: fix interfaces-cups-control for zesty
+    - misc: revert "Log if the system goes into ForceDevMode"
+    - interfaces: seccomp tests cleanup
+    - cmd: validate SNAP_NAME
+    - interfaces: log if the system goes into ForceDevMode
+    - tests: fix classic-ubuntu-core-transition race
+    - interfaces: use apparmor spec in the apparmor backend
+    - interfaces: alphabetize framebuffer in base decl and add it to
+      all_test.go
+    - tests: add ubuntu-core-16-32 system to the external backend and
+      fix docker test
+    - cmd/libsnap: simplify sc_string_quote default case
+    - osutil: fix double expand in environment map code and add test
+    - interfaces: extend location-control out-of-process provider
+      support
+    - cmd/snap-update-ns: use bidirectional lists for mount entries
+    - tests: prevent automatic transition before setting the initial
+      state of the test
+    - release: detect if we are in ForcedDevMode by inspecting the
+      kernel
+    - tests: add core-snap-refresh test
+    - interfaces: add maliit input method interface
+    - interfaces: seccomp spec API tweaks for better tests
+    - interfaces: updates for mir-kiosk in browser-support, mir, opengl,
+      unity7
+    - testutils: address review feedback from PR#2997
+    - tests: specify the core version to be unsquashfs'ed in the
+      failover tests
+    - interfaces: use MockInfo in tests
+    - cmd/libsnap: add sc_quote_string
+    - cmd/snap-confine: use sc_do_umount everywhere
+    - interfaces: add unity8 plug permissions
+    - timeutil: a few helpers for the recurring events
+    - asserts: implement snap-developer type
+    - partition: deal with grub{,2}-editenv in tests
+    - many: add new (hidden) `snap debug ensure-state-soon` command and
+      use in tests
+    - interfaces/builtin: small refactor of dbus tests
+    - packaging, tests: use "systemctl list-unit-files --full"
+      everywhere
+    - many: some opensuse patches that are ready to go into master
+    - packaging: add opensuse permissions files
+    - client, daemon: move "snap list" name filtering into snapd.
+    - interfaces: use seccomp specs
+    - overlord/snapstate: small cleanup of
+      ensureForceDevmodeDropsDevmodeFromState
+    - interfaces/builtin/alsa: add read access to alsa state dir
+    - interfaces: use spec in kmod backend, updated firewall_control,
+      openvswitch_support, ppp
+    - cmd/snap-confine: use sc_do_mount everywhere
+    - tests: remove workaround for docker again, snap-declaration is
+      fixed now
+    - interfaces: interface to allow autopilot introspection
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 11 Apr 2017 13:31:46 +0200
+
+snapd (2.23.6) xenial; urgency=medium
+
+  * New upstream release, LP: #1673568
+    - cmd: use the most appropriate snap/snapctl sockets
+    - tests: fix interfaces-cups-control for zesty
+    - configstate,hookstate: timeout the configure hook after 5 mins,
+      report failures
+    - packaging: rename the file shipping snap-confine AA profile to
+      workaround dpkg bug #858004
+    - many: ignore configure hook failures on core refresh to ensure
+      upgrades are always possible
+    - snapstate: restart as needed if we undid unlinking aka relinked
+      core or kernel snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Mar 2017 15:30:35 +0200
+
+snapd (2.23.5) xenial; urgency=medium
+
+  * New upstream release, LP: #1673568
+    - allow "sync" in core-support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Mar 2017 18:13:43 +0100
+
+snapd (2.23.4) xenial; urgency=medium
+
+  * New upstream release, LP: #1673568
+    - fix core-support interface for the new pi-config options
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Mar 2017 16:05:57 +0100
+
+snapd (2.23.3) xenial; urgency=medium
+
+  * FTBFS due to missing files in vendor/
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Thu, 16 Mar 2017 19:56:55 +0100
+
+snapd (2.23.2) xenial; urgency=medium
+
+  * New upstream release, LP: #1673568
+    - cmd/snap: handle missing snap-confine (#3041)
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Thu, 16 Mar 2017 19:38:24 +0100
+
+snapd (2.23.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1665608
+    - packaging, tests: use "systemctl list-unit-files --full"
+      everywhere
+    - interfaces: fix default content attribute value
+    - tests: do not nuke the entire snapd.conf.d dir when changing
+      store settings
+    - hookstate: run the right "snap" command in the hookmanager
+    - snapstate: revert PR#2958, run configure hook again everywhere
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 08 Mar 2017 14:29:56 +0100
+
+snapd (2.23) xenial; urgency=medium
+
+  * New upstream release, LP: #1665608
+    - overlord: phase 2 with 2nd setup-profiles and hook done after
+      restart for core installation
+    - data: re-add snapd.refresh.{timer,service} with weekly schedule
+    - interfaces: allow 'getent' by default with some missing dbs to
+      various interfaces
+    - overlord/snapstate: drop forced devmode
+    - snapstate: disable running the configure hook on classic for the
+      core snap
+    - ifacestate: re-generate apparmor in InterfaceManager.initialize()
+    - daemon: DevModeDistro does not imply snapstate.Flags{DevMode:true}
+    - interfaces/bluez,network-manager: implement ConnectedSlot policy
+    - cmd: add helpers for mounting / unmounting
+    - snapstate: error in LinkSnap() if revision is unset
+    - release: add linuxmint 18 to the non-devmode distros
+    - cmd: fixes to run correctly on opensuse
+    - interfaces: consistently use 'const' instead of 'var' for security
+      policy
+    - interfaces: miscellaneous policy updates for unity7, udisks2 and
+      browser-support
+    - interfaces/apparmor: compensate for kernel behavior change
+    - many: only tweak core config if hook exists
+    - overlord/hookstate: don't report a run hook output error without
+      any context
+    - cmd/snap-update-ns: move test data and helpers to new module
+    - vet: fix vet error on mount test.
+    - tests: empty init (systemd) failover test
+    - cmd: add .indent.pro file to the tree
+    - interfaces: specs for apparmor, seccomp, udev
+    - wrappers/services: RemainAfterExit=yes for oneshot daemons w/ stop
+      cmds
+    - tests: several improvements to the nested suite
+    - tests: do not use core for "All snaps up to date" check
+    - cmd/snap-update-ns: add function for sorting mount entries
+    - httputil: copy some headers over redirects
+    - data/selinux: merge SELinux policy module
+    - kmod: added Specification for kmod security backend
+    - tests: failover test for rc.local crash
+    - debian/tests: map snapd deb pockets to core snap channels for
+      autopkgtest
+    - many: switch channels on refresh if needed
+    - interfaces/builtin: add /boot/uboot/config.txt access to core-
+      support
+    - release: assume higher version of supported distros will still
+      work
+    - cmd/snap-update-ns: add compare function for mount entries
+    - tests: enable docker test
+    - tests: bail out if core snap is not installed
+    - interfaces: use mount.Entry instead of string snippets.
+    - osutil: trivial tweaks to build ID support
+    - many: display kernel version in 'snap version'
+    - osutil: add package for reading Build-ID
+    - snap: error when `snap list foo` is run and no snap is installed
+    - cmd/snap-confine: don't crash if nvidia module is loaded but
+      drivers are not available
+    - tests: update listing test for latest core snap version update
+    - overlord/hookstate/ctlcmd: helper function for creating a deep
+      copy of interface attributes
+    - interfaces: add a linux framebuffer interface
+    - cmd/snap, store: change error messages to reflect latest UX doc
+    - interfaces: initial unity8 interface
+    - asserts: improved information about assertions format in the
+      Decode doc comment
+    - snapstate: ensure snapstate.CanAutoRefresh is nil in tests
+    - mkversion.sh: Add support for taking the version as a parameter
+    - interfaces: add an interface for use by thumbnailer
+    - cmd/snap-confine: ensure that hostfs is root owned.
+    - screen-inhibit-control: add methods for delaying screensavers
+    - overlord: optional device registration and gadget support on
+      classic
+    - overlord: make seeding work also on classic, optionally
+    - image,cmd/snap: refactoring and initial envvar support to use
+      stores needing auth
+    - tests: add libvirt interface spread test
+    - cmd/libsnap: add helper for dropping permissions
+    - interfaces: misc updates for network-control, firewall-control,
+      unity7 and default policy
+    - interfaces: allow recv* and send* by default, accept4 with accept
+      and other cleanups
+    - interfaces/builtin: add classic-support interface
+    - store: use xdelta3 from core if available and not on the regular
+      system
+    - snap: add contact: line in `snap info`
+    - interfaces/builtin: add network-setup-control which allows rw
+      access to netplan
+    - unity7: support missing signals and methods for status icons
+    - cmd: autoconf for RHEL
+    - cmd/snap-confine: look for PROCFS_SUPER_MAGIC
+    - dirs: use the right snap mount dir for the distribution
+    - many: differentiate between "distro" and "core" libexecdir
+    - cmd: don't reexec on RHEL family
+    - config: make helpers reusable
+    - snap-exec: support nested environment variables in environment
+    - release: add galliumos support
+    - interfaces/builtin: more path options for serial
+    - i18n: look into core snaps when checking for translations
+    - tests: nested image testing
+    - tests: add basic test for docker
+    - hookstate,ifacestate: support snapctl set/get slot and plug attrs
+      (step 3)
+    - cmd/snap: add shell completion to connect
+    - cmd: add functions to load/save fstab-like files
+    - snap run: create "current" symlink in user data dir
+    - cmd: autoconf for centos
+    - tests: add more debug if ubuntu-core-upgrade fails
+    - tests: increase service retries
+    - packaging/ubuntu-14.04: inform user how to extend PATH with
+      /snap/bin.
+    - cmd: add helpers for working with mount/umount commands
+    - overlord/snapstate: prepare for using snap-update-ns
+    - cmd: use per-snap mount profile to populate the mount namespace
+    - overlord/ifacestate: setup seccomp security on startup
+    - interface/seccomp: sort combined snippets
+    - release: don't force devmode on LinuxMint "serena"
+    - tests: filter ubuntu-core systems for authenticated find-private
+      test
+    - interfaces/builtin/core-support: Allow modifying logind
+      configuration from the core snap
+    - tests: fix "snap managed" output check and suppress output from
+      expect in the authenticated login tests
+    - interfaces: shutdown: also allow shutdown/reboot/suspend via
+      logind
+    - cmd/snap-confine-tests: reformat test to pass shellcheck
+    - cmd: add sc_is_debug_enabled
+    - interfaces/mount: add dedicated mount entry type
+    - interfaces/core-support: allow modifying systemd-timesyncd and
+      sysctl configuration
+    - snap: improve message after `snap refresh pkg1 pkg2`
+    - tests: improve snap-env test
+    - interfaces/io-ports-control: use /dev/port, not /dev/ports
+    - interfaces/mount-observe: add quotactl with arg filtering (LP:
+      #1626359)
+    - interfaces/mount: generate per-snap mount profile
+    - tests: add spread test for delta downloads
+    - daemon: show "$snapname (delta)" in progress when downloading
+      deltas
+    - cmd: use safer functions in sc_mount_opt2str
+    - asserts: introduce a variant of model assertions for classic
+      systems
+    - interfaces/core-support: allow modifying snap rsyslog
+      configuration
+    - interfaces: remove some syscalls already in the default policy
+      plus comment cleanups
+    - interfaces: miscellaneous updates for hardware-observe, kernel-
+      module-control, unity7 and default
+    - snap-confine: add the key for which hsearch_r fails
+    - snap: improve the error message for `snap try`
+    - tests: fix pattern and use MATCH in find-private
+    - tests: stop tying setting up staging store access to the setup of
+      the state tarball
+    - tests: add regression spread test for #1660941
+    - interfaces/default: don't allow TIOCSTI ioctl
+    - interfaces: allow nice/setpriority to 0-19 values for calling
+      process by default
+    - tests: improve debug when the core transition test hangs
+    - tests: disable ubuntu-core->core transition on ppc64el (its just
+      too slow)
+    - snapstate: move refresh from a systemd timer to the internal
+      snapstate Ensure()
+    - tests/lib/fakestore/refresh: some more info when we fail to copy
+      asserts
+    - overlord/devicestate: backoff between retries if the server seems
+      to have refused the serial-request
+    - image: check kernel/gadget publisher vs model brand, warn on store
+      disconnected snaps
+    - vendor: move gettext.go back to github.com/ojii/gettext.go
+    - store: retry on 502 http response as well
+    - tests: increase snap-service kill-timeout
+    - store,osutil: use new osutil.ExecutableExists(exe) check to only
+      use deltas if xdelta3 is present
+    - cmd: fix autogen.sh on fedora
+    - overlord/devicemgr: fix test: setup account-key before using the
+      key for signing
+    - cmd: add /usr/local/* to PATH
+    - cmd: add sc_string_append
+    - asserts: support for correctly suggesting format 2 for snap-
+      declaration
+    - interfaces: port mount backend to new APIs, unify content of per
+      app/hook profiles
+    - overlord/devicestate: implement policy about gadget and kernel
+      matching the model
+    - interfaces: allow sched_setscheduler again by default
+    - debian: update breaks/replaces for snap-confine->snapd
+    - debian: move the snap-confine packaging into snapd
+    - 14.04/integrationtests: rely on upstart to restart ssh.
+    - store: enable download deltas on classic by default
+    - spread: add unit suite
+    - snapctl: add config in client to disable auth and use it in
+      snapctl
+    - overlord/ifacestate: register all security backends with the
+      repository
+    - overlord,tests: have enable/disable affect security profiles
+    - tests: install ubuntu-core from the same channel as core
+    - overlord: move configstate.Transaction into config package
+    - seccomp-support.c: add PF_* domains which can be used instead of
+      AF_*
+    - store: always log retry summary when SNAPD_DEBUG is set
+    - tests: parameterize kernel snap channel
+    - snapenv: do not append ":" to the SNAP_LIBRARY_PATH
+    - interfaces/builtin: refine the content interface rules using $SLOT
+    - asserts,interfaces/policy: add support for
+      $SLOT()/$PLUG()/$MISSING in *-attributes constraintsThis adds
+      support for $SLOT(arg), $PLUG(arg) and $MISSING attribute
+      constraints in plugs and slots rules in snap-declarations:
+    - cmd/snap-confine: add snap-confine command line parser module
+    - tests: remove (some) garbage files found by restore cleanup
+      analysis
+    - cmd: fix issues uncovered by valgrind
+    - tests: fix typo in systems name
+    - cmd: collect string utilities in one module, add missing tests
+    - cmd: rename mountinfo to sc_mountinfo
+    - tests: allow to install snapd debs from a ppa instead of building
+      them
+    - spread: remove state tar on project restore
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Feb 2017 12:21:42 +0100
+
+snapd (2.22.7) xenial; urgency=medium
+
+  * New upstream release:
+    - errtracker,overlord/snapstate: more info in errtracker reports
+    - interfaces/apparmor: compensate for kernel behavior change
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 24 Feb 2017 19:24:11 +0100
+
+snapd (2.22.6) xenial; urgency=medium
+
+  * New upstream release, LP: #1667105
+    - overlord/ifacestate: don't fail if affected snap is gone
+    - revert #2910: osutil: add package for reading Build-ID (#2918)
+    - errtracker: include the build-id of host and core snapd (#2912)
+    - errtracker: include the number of ubuntu-core -> core retries
+      (#2915)
+    - snapstate: retry ubuntu-core -> core transition every 6h (#2914)
+    - osutil: add package for reading Build-ID (#2910)
+    - errtracker: include kernel version in error reports (#2905)
+    - release: return "unknown" if uname fails
+    - many: rebased uname branch for 2.22
+    - errtracker: include snapd version in err reports
+    - overlord/ifacestate: don't unconditionally retry stuff (#2906)
+    - snapstate: fix incorrect cut of the timestamps for the error
+      reports (#2908)
+    - tests: update listing test for latest core snap version update
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Wed, 22 Feb 2017 23:34:23 +0100
+
+snapd (2.22.5) xenial; urgency=medium
+
+  * Fix FTBFS due to machine-id file
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Tue, 21 Feb 2017 09:43:42 +0100
+
+snapd (2.22.4) xenial; urgency=medium
+
+  * New bugfix release:
+    - errtracker: add support for error reporting via daisy.ubuntu.com
+    - snapstate: allow for 6 retries for the core transition
+    - httputils: ensure User-Agent works across redirects
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 21 Feb 2017 09:07:10 +0100
+
+snapd (2.22.3) xenial; urgency=medium
+
+  * New bugfix release, LP: #1665729:
+    - Limit the number of retries for the ubuntu-core -> core
+      transition to fix possible store overload.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 17 Feb 2017 18:58:34 +0100
+
+snapd (2.22.2) xenial; urgency=medium
+
+  * New upstream release, LP: #1659522
+    - cherry pick fix for sched_setscheduler regression
+      (LP: #1661265)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Feb 2017 17:13:51 +0100
+
+snapd (2.22.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1659522
+    - cherry pick fix for snapctl auth.json handling
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 01 Feb 2017 17:09:31 +0100
+
+snapd (2.22) xenial; urgency=medium
+
+  * New upstream release, LP: #1659522
+    - many: make ubuntu-core-launcher mostly go
+    - interfaces/builtin: add account-control interface
+    - interfaces/builtin: add missing syscalls to core-support needed
+      for systemctl
+    - interfaces/builtin: rework core-support to only allow full access
+      to systemctl
+    - debian/tests: drop stale autopkgtest dependencies.
+    - tests: make the debugging of c-unit-tests more useful
+    - store: retry auth-related requests
+    - tests: integration test for system reload
+    - snap: be more helpful in the `snap install <already-installed>`
+      error message
+    - tests: set SNAPPY_USE_STAGING_STORE in su call
+    - tests: use test snap
+    - spread: set SNAPD_DEBUG=1 in the core snap as well
+    - tests: add extra debugging to security-setuid-root test
+    - cmd,snap,wrappers: systemd reload command support
+    - interfaces: builtin: mir: Allow recv and send
+    - overlord/ifacestate: use ParseConnRef
+    - overlord/snapstate,overlord/ifacestate: add automatic ubuntu-core
+      -> core transition
+    - debian: remove aliases as well in snapd.postrm
+    - many: change interfaces.ParseID to return value
+    - interfaces/opengl: allow access to the nvidia abstract socket
+    - overlord, daemon: flag failures feature fancy forms.
+    - many: add --classic support to try and revert, and make missing
+      these things a little harder
+    - interfaces: allow reading non-PCI-attached usb devices via raw-usb
+    - many: rename snap-alter-ns to snap-update-ns
+    - interfaces/builtin: add core-support
+    - store: increase the retry.LimitTime()
+    - debian: move the packaging out into package/$id-$version_id
+    - overlord/stapstate: don't use unkeyed fields
+    - many: add stub implementation of snap-alter-ns
+    - asserts: improve error message when key is not valid at the given
+      time
+    - snapstate, ifacestate: add snapstate.CheckChangeConflict() to
+      ifacestate.{Connect,Disconnect}
+    - debian: remove trusty specific bits
+    - docs: Add a note about building snapd.
+    - interfaces: miscellaneous updates for default and network-control
+    - daemon: bubble out store.ErrSnapNotFound in the findOne codepath
+    - store: add retry logging into download as well
+    - snap: show price in `snap info`
+    - cmd: add fault injection support code
+    - interfaces: network-manager: allow rw access to /etc/netplan
+    - debian: move systemd files out of ./debian and into ./data/systemd
+    - asserts: implement SuggestFormat to help avoid specifying the
+      wrong format iteration for an assertion
+    - many: detect potentially insecure use of snap-confine
+    - interfaces: allow querying added security backends
+    - cmd: ensure that all .c files have a -test.c file
+    - asserts: don't use 'context' for the path of attributes, want to
+      reuse the concept for something else
+    - interfaces: abbreviate ConnRef construction
+    - tests: ensure systemd override directory is available before using
+      it
+    - cmd: more build system cleanups and a small fix
+    - tests: increase retries for service up
+    - cmd: move seccomp cleanup function to seccomp-support
+    - many: auto-connect plugs and slots symmetrically
+    - overlord: use a ticker for the pruning
+    - interfaces/builtin: add uhid interface
+    - cmd/snap-confine: add shutdown helper
+    - tests: fix path used when debugging
+    - cmd: switch to non-recursive make
+    - overlord/ifacestate: setup security of snaps affected by auto-
+      connection
+    - spread: refresh apt cache before first install
+    - overlord: allow max 500 changes in "ready" state to avoid growing
+      changes for 24h
+    - snap: add {Plug,Slot}Info.SecurityTags
+    - cmd: move snap-discard-ns to dedicated directory
+    - tests: skip i18n test when no "snappy.mo" file is available
+    - interfaces,overlord/ifacestate: small refactor around reference
+      methods
+    - tests: remove the snapd dirs last (should fix random test errors)
+    - interfaces: mm: permissions for protocol proxies
+    - interfaces/builtin: add evolution interfaces
+    - many: extract the logging http client and user-agent handling for
+      use in devicestate
+    - interfaces: unity8-download-manager is the chosen name for this
+      interface.
+    - tests: add "quiet" wrapper function that only prints output on
+      failure
+    - tests: fix failing snapd-reexec test
+    - docs: simplify HACKING.md that snapd itself supports setting up
+      the sockets
+    - overlord: flag required-snaps from model as required and prevent
+      removing them
+    - spread: exclude .o and .a files
+    - tests: parameterize remote store
+    - cmd: fix hardcoded paths to rst2man and support rst2man.py
+    - tests: improve debug output when reexec is used
+    - tests: disable ipv6 before unpacking delta
+    - interfaces: add new interface API
+    - tests: change TRUST_TEST_KEYS to be controlled from the host
+    - spread: add boilerplate for Linode delta uploads
+    - wrappers: add support for the X-Ayatana-Desktop-Shortcuts=
+      extension
+    - partition: add support for native grubenv read/write and use it
+    - tests: add test ensuring manual pages are shipped
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 27 Jan 2017 23:18:57 +0100
+
+snapd (2.21-2) unstable; urgency=medium
+
+  * Modify snap-confine's apparmor rules to work on Debian when apparmor is
+    enabled on the kernel command line.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Wed, 25 Jan 2017 10:26:51 +1300
+
+snapd (2.21-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Disable i18n so the package can build in stretch without new packages.
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 16 Jan 2017 11:15:32 +1300
+
+snapd (2.21) xenial; urgency=medium
+
+  * New upstream release, LP: #1656382
+    - daemon: re-enable reexec
+    - interfaces: allow reading installed files from previous revisions
+      by default
+    - daemon: make activation optional
+    - tests: run all snap-confine tests in c-unit-tests task
+    - many: fix abbreviated forms of disconnect
+    - tests: switch more tests to MATCH
+    - store: export userAgent. daemon: print store.UserAgent() on
+      startup.
+    - tests: test classic confinement `snap list` and  `snap info`
+      output
+    - debian: skip snap-confine unit tests on nocheck
+    - overlord/snapstate: share code between Update and UpdateMany, so
+      that it deals with auto-aliases correctly
+    - interfaces: upower-observe: refactor to allow snaps to provide a
+      slot
+    - tests: add end-to-end store test for classic confinement
+    - overlord,overlord/snapstate: have UpdateMany retire/enable auto-
+      aliases even without new revision
+    - interfaces/browser-support: add @{PROC}/@{pid}/fd/[0-9] w and misc
+      /run/udev
+    - interfaces/builtin: add physical-memory-* and io-ports-control
+    - interfaces: allow getsockopt by default since it is so commonly
+      used
+    - cmd/snap, daemon, overlord/snapstate: tests and fixes for "snap
+      refresh" of a classic snap
+    - interfaces: allow read/write access of real-time clock with time-
+      control interface
+    - store: request no CDN via a header using SNAPPY_STORE_NO_CDN
+      envvar
+    - snap: add information about tracking channel (not just actual
+      channel)
+    - interfaces: use fewer dot imports
+    - overlord/snapstate: remove restrictions on ResetAliases
+    - overlord, store: move confinement filtering to the overlord (from
+      The Store)
+    - many: move interface test helpers to ifacetest package
+    - many: implement 'snap aliases'
+    - vet: fix for unkeyed fields error on aliases_test.go
+    - interfaces: miscellaneous policy updates for network-control,
+      unity7, pulseaudio, default and home
+    - tests: test for auto-aliases
+    - interface hooks: connect plug slot hooks (step 2)
+    - cmd/snap: fix internal naming in snap connect
+    - snap: use "size" as the json tag in snap.ChannelSnapInfo
+    - tests: restore the missing initialization of iface manager causing
+      race
+    - snap: fix missing sizes in `snap info <remote-snap>`
+    - tests: improve cleanup for c-unit-tests
+    - cmd/snap-confine: build non-installed libsnap-confine-private.a
+    - cmd/snap-confine: small tweaks to seccomp support code
+    - interfaces/docker-support: allow /run/shm/aufs.xeno for 14.04
+    - many: obtain installed snaps developer/publisher username through
+      assertions
+    - store: setting of fields for details endpoint
+    - cmd/snap-confine: check for rst2man on configure
+    - snap: show `snap --help` output when just running `snap`
+    - interface/builtin: drop the obsolete checks in udisks2
+      SanitizeSlot
+    - cmd/snap: remove currency switch following UX review
+    - spread: find top-level directory before running generate-
+      packaging-dir
+    - interface hooks: prepare plug slot hooks (step 1)
+    - i18n: use github.com/mvo5/gettext.go (pure go) for i18n to avoid
+      cgo
+    - many: put a marker in the User-Agent sent by snapd/snap when under
+      testingThe User-Agent will look like:
+    - tests: fix -reuse and -resend when govendor is missing
+    - snap: provide friendlier `snap find` message when no snaps are
+      found
+    - tests: fix mkversions.sh failure on zesty
+    - spread: install build-essential unconditionally
+    - spread: improve qemu ubuntu-14.04-{32,64} support
+    - overlord/snapstate,daemon: implement GET /v2/aliases handling
+    - store: retry user info request
+    - tests: port more snap-confine regression tests
+    - tests: cancel the scheduled reboot on ubuntu-core-upgrade-no-gc
+      and restore state
+    - tests: debug zesty autopkgtest failures
+    - overlord/snapstate: use keyed fields on literals
+    - tests: use MATCH in install-remove-multi
+    - tests: increase wait time for service to be up
+    - tests: make debug-each succeed if DENIED doesn't match
+    - tests: skip packaging dir generation for non-git based autopkgtest
+      runs
+    - tests: port refresh-all-undo to MATCH
+    - tests: improve snap connect test
+    - tests: port additional snap-confine regression tests
+    - tests: show --version when it matches unknown
+    - tests: optionally use apt proxy for qemu
+    - tests: add hello-classic test
+    - many: behave more consistently when pointed to staging and
+      possibly the fake store
+    - overlord/ifacestate: remove stale comments
+    - interfaces/apparmor: ignore snippets in classic confinement
+    - tests: port first regression test from snap-confine
+    - cmd/snap-confine: disable old tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 Jan 2017 19:39:51 +0100
+
+snapd (2.20.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1648520
+    - tests: enable the ppc64el tests again
+    - tests: add classic confinement test
+    - tests: run snap confine tests in debian/rules already
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Dec 2016 11:53:29 +0100
+
+snapd (2.20-2) unstable; urgency=medium
+
+  * Replace unversioned Conflicts on snap package with versioned
+    Breaks/Replaces, now that snap has dropped /usr/bin/snap.
+    Closes: #849162.
+
+ -- Steve Langasek <vorlon@debian.org>  Sun, 25 Dec 2016 17:50:25 -0600
+
+snapd (2.20-1) unstable; urgency=medium
+
+  * New upstream release.
+  * Update one test (cmd/snap/cmd_interfaces_test.go) to cope with the newer
+    golang-go-flags-dev in unstable.
+  * Explicitly include 'udev' in Build-Depends.
+  * Add tzdata to Build-Depends to avoid ftbfs. (Closes: #848754)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Mon, 19 Dec 2016 11:43:55 +1300
+
+snapd (2.20) xenial; urgency=medium
+
+  * New upstream release, LP: #1648520
+    - many: implement  "snap alias --reset" using snapstate.ResetAliases
+    - debian: use a packaging branch for 14.04
+    - store: retry downloads on io.Copy errors and sha3 checksum errors
+    - snap: show apps in `snap info`
+    - store: send an explicit X-Ubuntu-Classic header to the store
+    - overlord/snapstate: implement snapstate.ResetAliases
+    - interfaces/builtin: add dbus interface
+    - tests: fix tests on 17.04
+    - store: use mocked retry strategy to make store tests faster
+    - overlord: apply auto-aliases information from the snap-declaration
+      on install or refresh
+    - many: prepare landing on trusty
+    - many: implement snap unalias using snapstate.Unalias
+    - overlord/snapstate: fixing the placement/grouping of some
+      functions
+    - interfaces: support network namespaces via 'ip netns' in network-
+      control
+    - interfaces/builtin: fix pulseaudio apparmor rules
+    - interfaces/builtin: add iio interface
+    - tests: update custom core snap with the freshly build snap-confine
+    - interfaces: use sysd.{Disable,Stop} instead of sysd.DisableNow()
+    - overlord,overlord/snapstate: implement snapstate.Unalias by
+      generalizing the "alias" task
+    - interfaces: misc openstack snap enablement
+    - cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx
+    - notifications, daemon: kill the unsupported events endpoint
+    - client: only allow Dangerous option in InstallPath
+    - overlord/ifacestate: no interface checks if no snap id
+    - many: implement alias command
+    - snap: tweak snap install output as designed by Mark
+    - debian: fix Pre-Depends on dpkg
+    - tests: check if snap-confine --version is unknown
+    - cmd/snap-confine: allow content interface mounts
+    - tests: remove ppa:snappy-dev/image again
+    - interfaces/apparmor: allow access to core snap
+    - tests: remove snap-confine/ubuntu-core-launcher after the tests
+    - overlord,overlord/snapstate: implement snapstate.Alias
+    - cmd/snap: reject "snap disconnect foo"
+    - debian: add split ubuntu-core-launcher and snap-confine packages
+    - cmd: fix mkversion.sh and add regression test
+    - overlord/snapstate: setup/remove aliases as we link/unlink snaps
+    - cmd/snap,tests: alias support in snap run
+    - snap/snapenv: don't obscure HOME if snap uses classic confinement
+    - store: decode response.Body json inside retry loops
+    - cmd/snap-confine: fix compilation on platforms with gcc < 4.9.0
+    - vendor: update tomb package fixing context support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 15 Dec 2016 22:07:08 +0100
+
+snapd (2.19) xenial; urgency=medium
+
+  * New upstream release, LP: #1648520
+    - cmd/snap-confine: disable support for XDG_RUNTIME_DIR
+    - cmd/snap-confine/tests: fix stale path after move to snapd
+    - cmd/snap-confine: don't use __attribute__((nonull))
+    - snap: add description to `snap info`
+    - snap: show last refresh time
+    - store: switch default delta format from xdelta to xdelta3
+    - interfaces: fix system-observe interface to work with ps_mem
+    - debian: add missing ca-certificates dependency
+    - cmd/snap-confine: add support for classic confinement
+    - snapstate/backend: add backend methods to manage aliases
+    - tests: re-enable snap-confine unit tests via spread
+    - many: merge snap-confine into snapd
+    - many: add support for classic confinement
+    - snap: abort install with ctrl+c
+    - cmd/snap: change terms accept URL following UX review
+    - interfaces/apparmor: use distinct apparmor template for classic
+    - snap: add snap size to `snap info`
+    - interfaces: add unconfined access to modem-manager
+    - snap: support for parsing and exposing on snap.Info aliases
+    - debian: disable autopkgtests on ppc64el
+    - snap: disable support for socket activation
+    - tests: fix incorrect restore of the current symlink
+    - asserts: introduce auto-aliases header in snap-declaration
+    - interfaces/seccomp: add support for classic confinement
+    - tests: do not use external snaps
+    - daemon: close the dup()ed file descriptor to not leak it
+    - overlord, daemon, progress: enable building snapd without CGO
+    - daemon, store: let snap info find things in any channel
+    - store: retry tweaks and logging
+    - snap: Improve `snap --help` output as designed by Mark
+    - interfaces/builtin: fix incorrect udev rule in i2c
+    - overlord: increase test timeout and improve failure message
+    - snap: remove unused experimental command
+    - debian: remove unneeded conflict against the "snappy" package
+    - daemon, strutil: move daemon.quotedNames to strutil.Quoted
+    - docs: document SNAP_DEBUG_HTTP in HACKING.md
+    - cmd/snap: have some completers
+    - snap: support "daemon: notify" in snap.yaml
+    - snap: fix try command when daemon linie is added
+    - interfaces: apparmor support for classic confinement
+    - debian/rules: build with -buildoptions=pie
+    - tests: include /boot in saved state (including bootenv and any
+      kernels)
+    - daemon: ensure `snap try` installs core if it's missing
+    - tests: save/restore /snap/core/current symlink
+    - tests: decrease the number of expected featured apps
+    - tests: add set -e to the prepare ssh script
+    - cmd/snap: add tests for section completion; fix bugs.
+    - cmd/snap: document 'snap list --all'
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 08 Dec 2016 16:16:04 +0100
+
+snapd (2.18.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1644625
+    - daemon: fix crash when `snap refresh` contains a single update
+    - fix unhandled error from io.Copy() in download()
+    - interfaces/builtin: fix incorrect udev rule in i2c
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 05 Dec 2016 15:04:13 +0100
+
+snapd (2.18) xenial; urgency=medium
+
+  * New upstream release, LP: #1644625
+    - store: retry on io.EOF
+    - tests: skip pty tests on ppc64el and powerpc
+    - client, cmd/snap: introducing "snap info"
+    - snap: do exit 0 on install/remove if that snap is already
+      installed or already removed
+    - snap: add `snap watch <change-id>` to attach to a running change
+    - store: retry downloads using retry loop
+    - snap: try doesn't require snap-dir when run in snap's directory
+    - daemon: show what will change in the "refresh-all" changes
+    - tests: disable autorefresh for the external backend
+    - snap: add `snap list -a` to show all snaps (even inactive ones)
+    - many: unify boolean env var handling
+    - overlord/ifacestate: don't setup jailmode snaps with devmode
+      confinement
+    - snapstate: do not garbage collect the snaps used by the bootenv
+    - debian: drop hard xdelta dependency for now
+    - snap: make `snap login` ask for email if not given as argument
+    - osutil: fix build on armhf (arm in go-arch) and powerpc (ppc in
+      go-arch)
+    - many: rename DevmodeConfinement to DevModeConfinement
+    - store: resp.Body.Close() missing in ReadyToBuy
+    - many: use ConfinementOptions instead of ConfinementType
+    - snap, daemon, store: fake the channel map in the REST API
+    - misc: run github.com/gordonklaus/ineffassign as part of the static
+      checks
+    - docs: add goreportcard badge and remove coveralls badge
+    - tests: force gofmt -s in static checks
+    - many: run gofmt -s -w on all the code
+    - store: DRY actual retry code
+    - many: fix various errors uncovered by goreportcard.com
+    - interfaces/builtin: allow additional shared memory for webkit
+    - many: some more missing snapState->snapst
+    - asserts: introduce an optional freeform display-name for model
+    - interfaces/builtin: rename usb-raw to raw-usb
+    - progress: init pbar with correct total value
+    - daemon/api.go: add quotedNames() helper
+    - interfaces: add ConfinementOptions type
+    - tests: add a test about the extra bits that prepare-device can
+      specify for device registration
+    - tests: check that gpio device nodes are exported after reboot
+    - tests: parameterize core channel with env var for classic too
+    - many: rename variable "ss" to "snapsup" or "snapst" or "st"
+      (depending on context)
+    - tests: do not use external snaps in spread
+    - store: retry buy request
+    - store: retry store.Find
+    - store: retry assertion store call
+    - store: retry call for snap details
+    - many: use snap.ConfinementType rather than bool devmode
+    - daemon: if a bad snap is posted it is not an internal error but a
+      bad request
+    - client: add "Snap.Screenshots" to the client API
+    - interfaces: update base declaration documentation and policy for
+      on-classic and snap-type
+    - store: check payment method before TOS for a better UX
+    - interfaces: allow sched_setaffinity in process-control
+    - tests: parameterize core channel with env var
+    - tests: ensure that the XDG_ env contains at least XDG_RUNTIME_DIR
+    - interfaces: fcitx also listens on the session bus for Qt apps
+    - store: retry ListRefresh
+    - snap: use "Password of <email>:" in the `snap login`
+    - many: reshuffle how we load/inject tests keys so image doesn't
+      need assertstate anymore
+    - store: use range requests if we have a local file already
+    - dirs,interfaces,overlord,snap,snapenv,test: export per-snap
+      XDG_RUNTIME_DIR per user
+    - osutil: make RealUser only look at SUDO_USER when uid==0
+    - tests: do not use the ppa:snappy-dev/image in the tests
+    - store: retry readyToBuy request
+    - tests: increase `expect` timeouts
+    - static tests: add spell check
+    - tests: add debug to all flaky expect tests
+    - systemd: correct the mount arguments when mounting with squashfuse
+    - interfaces: add avahi-observe
+    - store: bring delta downloads back
+    - interfaces: add alsa
+    - interfaces/builtin: fix a broken test that snuck into master
+    - osutil: add chattr funcs
+    - image: init "snap_mode" on image creation time to avoid ugly
+      messages
+    - tests: test-snapd-fuse-consumer needs python-fuse as a build-
+      package
+    - interfaces/builtin: add i2c interface
+    - interfaces: add ofono interface
+    - tests: do not use hello-world in our tests
+    - snap: add support for classic confinement
+    - interfaces: remove LegacyAutoConnect() from the interfaces
+    - interfaces: miscellaneous policy updates
+    - tests: run autopkgtests in the autopkgtest.ubuntu.com
+      infrastructure
+    - Implement lxd-client interface exposing the lxd snap
+    - asserts: validate optional account username
+    - many: remove unnecessary snap name parameter from buying endpoint
+    - tests: do not hardcode the size of /dev/ram0
+    - tests: add test that ensures the right content for /etc/os-release
+    - spread tests: fix snap mode check
+    - docs: fix path for source files location in HACKING.md
+    - interfaces/builtin/mir: allow slot to make recvfrom syscalls
+    - store: sections/featured snaps store support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 24 Nov 2016 19:43:08 +0100
+
+snapd (2.17.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1637215:
+    - release: os-release on core has changed
+    - tests: /dev/ptmx does not work on powerpc, skip here
+    - docs: moved to github.com/snapcore/snapd/wiki (#2258)
+    - debian: golang is not installable on powerpc, use golang-any
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Nov 2016 18:13:10 +0200
+
+snapd (2.17) xenial; urgency=medium
+
+  * New upstream release, LP: #1637215:
+    - overlord/ifacestate: add unit tests for undo of setup-snap-
+      security (#2243)
+    - daemon,overlord,snap,tests: download to .partial in final dir
+      (#2237)
+    - overlord/state: marshaling tests for lanes (#2245)
+    - overlord/state: introduce state lanes (#2241)
+    - overlord/snapstate: fix revert+refresh (#2224)
+    - interfaces/sytemd: enable/disable generated service units (#2229)
+    - many: fix incorrect security files generation on undo
+    - overlord/snapstate: add dynamic snapdX.Y assumes (#2227)
+    - interfaces: network-manager: give slot full read-write access to
+      /run/NetworkManager
+    - docs: update the name of the command for the cross-build
+    - overlord/snapstate: fix missing argument to Noticef
+    - snapstate: ensure gadget/core/kernel can not be disabled (#2218)
+    - asserts: limit to 1y only if len(models) == 0 (#2219)
+    - debian: only install share/locale if available (missing on
+      powerpc)
+    - overlrod/snapstate: fix revert followed by refresh to old-current
+      (#2214)
+    - interfaces/builtin: network-manager and bluez can change hostname
+      (#2204)
+    - snap: switch the auto-import dir to /run/snapd/auto-import
+    - docs: less details about cloud.cfg as requested in trello (#2206)
+    - spread.yaml: Ensure ubuntu user has passwordless sudo for
+      autopkgtests (#2201)
+    - interfaces/builtin: add dcdbas-control interface
+    - boot: do not set boot to try mode if the revision is unchanged
+    - interfaces: add shutdown interface (#2162)
+    - interfaces: add system-power-control interface
+    - many: use the new systemd backend for configuring GPIOs
+    - overlord/ifacestate: setup security for slots before plugs
+    - snap: spool assertion candidates if snapd is not up yet
+    - store,daemon,overlord: download things to a partials dir
+    - asserts,daemon: implement system-user-authority header/concept
+    - interfaces/builtin: home base declaration rule using on-classic
+      for its policy
+    - interfaces/builtin: finish decl based checks
+    - asserts: bump snap-declaration to allow signing with new-style
+      plugs and slots
+    - overlord: checks for kernel installation/refresh based on model
+      assertion and previous kernel
+    - tests/lib/fakestore: fix logic to distinguish assertion not found
+      errors
+    - client: add a few explicit error types (around the request cycle)
+    - tests/lib/fakestore/cmd/fakestore: make it log, and fix a typo
+    - overlord/snapstate: two bugs for one
+    - snappy: disable auto-import of assertions on classic (#2122)
+    - overlord/snapstate: move trash cleanup to a cleanup handler
+      (#2173)
+    - daemon: make create-user --known fail on classic without --force-
+      managed (#2123)
+    - asserts,interfaces/policy: implement on-classic plug/slot
+      constraints
+    - overlord: check that the first installed gadget matches the model
+      assertion
+    - tests: use the snapd-control-consumer snap from the store
+    - cmd/snap: make snap run not talk to snapd for finding the revision
+    - snap/squashfs: try to hard link instead of copying. Also, switch
+      to osutil.CopyFile for cp invocation.
+    - store: send supported max-format when retrieving assertions
+    - snapstate, devicestate: do not remove seed
+    - boot,image,overlord,partition: read/write boot variables in single
+      operation
+    - tests: reenable ubuntu-core tests on qemu
+    - asserts,interfaces/policy: allow OR-ing of subrule constraints in
+      plug/slot rules
+    - many: move from flags as ints to flags as structs-of-bools (#2156)
+    - many: add supports for keeping and finding assertions with
+      different format iterations
+    - snap: stop using ubuntu-core-launcher, use snap-confine
+    - many: introduce an assertion format iteration concept, refuse to
+      add unsupported assertion
+    - interfaces: tweak wording and comment
+    - spread.yaml: dump apparmor denials on spread failure
+    - tests: unflake ubuntu-core-reboot (#2150)
+    - cmd/snap: tweak unknown command error message (#2139)
+    - client,daemon,cmd: add payment-declined error kind (#2107)
+    - cmd/snap: update remove command help (#2145)
+    - many: removed frameworks target and fixed service files (#2138)
+    - asserts,snap: validate attributes to a JSON-compatible type subset
+      (#2140)
+    - asserts: remove unused serial-proof type
+    - tests: skip auto-import tests on systems without test keys (#2142)
+    - overlord/devicestate: don't spam the debug log on classic (#2141)
+    - cmd/snap: simplify auto-import mountinfo parsing (#2135)
+    - tests: run ubuntu-core upgrades on isolated machine (#2137)
+    - overlord/devicestate: recover seeding from old external approach
+      (#2134)
+    - overlord: merge overlord/boot pkg into overlord/devicestate
+      (#2118)
+    - daemon: add postCreateUserSuite test suite (#2124)
+    - tests: abort tests if an update process is scheduled (#2119)
+    - snapstate: avoid reboots if nothing in the boot setup has changed
+      (#2117)
+    - cmd/snap: do not auto-import from loop or non-dev devices (#2121)
+    - tests: add spread test for `snap auto-import` (#2126)
+    - tests: add test for auto-mount assertion import (#2127)
+    - osutil: add missing unit tests for IsMounted (#2133)
+    - tests: check for failure creating user on managed ubuntu-core
+      systems (#2096)
+    - snap: ignore /dev/loop addings from udev (#2111)
+    - tests: remove snapd.boot-ok reference (#2109)
+    - tests: enable tests related to the home interface in all-snaps
+      (#2106)
+    - snapstate: only import defaults from gadget on install (#2105)
+    - many: move firstboot code into the snapd daemon (#2033)
+    - store: send correct JSON type of string for expected payment
+      amount (#2103)
+    - cmd/snap: rename is-managed to managed and tune (#2102)
+    - interfaces,overlord/ifacestate: initial cleaning up of no arg
+      AutoConnect related bits (#2090)
+    - client, cmd: prompt for password when buying (#2086)
+    - snapstate: fix hanging `snap remove` if snap is no longer mounted
+    - image: support gadget specific cloud.conf file (#2101)
+    - cmd/snap,ctlcmd: fix behavior of snap(ctl) get (#2093)
+    - store: local users download from the anonymous url (#2100)
+    - docs/hooks.md: fix typos (#2099)
+    - many: check installation of slots and plugs against declarations
+    - docs: fix missing "=" in the systemd-active docs
+    - store: do not set store auth for local users (#2092)
+    - interfaces,overlord/ifacestate: use declaration-based checking for
+      auto-connect (#2071)
+    - overlord, daemon, snap: support gadget config defaults (#2082)The
+      main semantic changes are:
+    - tests: fix snap-disconnect tests after core rename (#2088)
+    - client,daemon,overlord,cmd: add /v2/users and create-user on auto-
+      import (#2074)
+    - many: abbreviated forms of disconnect (#2066)
+    - asserts: require lowercase model until insensitive matching is
+      ready (#2076)
+    - cmd/snap: add version command, same as --version (#2075)
+    - all: use "core" by default but allow "ubuntu-core" still (#2070)
+    - overlord/devicestate, docs/hooks.md: nest prepare-device
+      configuration options
+    - daemon: fix login API to return local macaroons (#2078)
+    - daemon: do not hardcode UID in userLookup (#2080)
+    - client, cmd: connect fixes (#2026)
+    - many: preparations for switching most of autoconnect to use the
+      declarationsfor now:
+    - overlord/auth: update CheckMacaroon to verify local snapd
+      macaroons (#2069)
+    - cmd/snap: trivial auto-import and download tweaks (#2067)
+    - interfaces: add repo.ResolveConnect that handles name resolution
+    - interfaces/policy: introduce InstallCandidate and its checks
+    - interfaces/policy,overlord: check connection requests against the
+      declarations in ifacestate
+    - many: setup snapd macaroon for local users (#2051)Next step: do
+      snapd macaroons verification.
+    - interfaces/policy: implement snap-id/publisher-id checks
+    - many: change Connect to take ConnRef instead of strings (#2060)
+    - snap: auto mount block devices and import assertions (#2047)
+    - daemon: add `snap create-user --force-managed` support (#2041)
+    - docs: remove references to removed buying features (#2057)
+    - interfaces,docs: allow sharing SNAP{,_DATA,_COMMON} via content
+      iface (#2063)
+    - interfaces: add Plug/Slot/Connection reference helpers (#2056)
+    - client,daemon,cmd/snap: improve create-user APIs (#2054)
+    - many: introduce snap refresh --ignore-validation <snap> to
+      override refresh validation (#2052)
+    - daemon: add support for `snap create-user --known` (#2040)
+    - interfaces/policy: start of interface policy checking code based
+      on declarations (#2050)
+    - overlord/configstate: support nested configuration (#2039)
+    - asserts,interfaces/builtin,overlord/assertstate: introduce base-
+      declaration (#2037)
+    - interfaces: builtin: Allow writing DHCP lease files to
+      /run/NetworkManager/dhcp (#2049)
+    - many: remove all traces of the /v2/buy/methods endpoint (#2045)
+    - tests: add external spread backend (#1918)
+    - asserts: parse the slot rules in snap-declarations (#2035)
+    - interfaces: allow read of /etc/ld.so.preload by default for armhf
+      on series 16 (#2048)
+    - store: change purchase to order and store clean up first pass
+      (#2043)
+    - daemon, store: switch to new store APIs in snapd (#2036)
+    - many: add email to UserState (#2038)
+    - asserts: support parsing the plugs stanza i.e. plug rules in snap-
+      declarations (#2027)
+    - store: apply deltas if explicitly enabled (#2031)
+    - tests: fix create-key/snap-sign test isolation (#2032)
+    - snap/implicit: don't restrict the camera iface to classic (#2025)
+    - client, cmd: change buy command to match UX document (#2011)
+    - coreconfig: nuke it. Also, ignore po/snappy.pot. (#2030)
+    - store: download deltas if explicitly enabled (#2017)
+    - many: allow use of the system user assertion with create-user
+      (#1990)
+    - asserts,overlord,snap: add prepare-device hook for device
+      registration (#2005)
+    - debian: adjust packaging for trusty/deputy systemd (#2003)
+    - asserts: introduce AttributeConstraints (#2015)
+    - interface/builtin: access system bus on screen-inhibit-control
+    - tests: add firewall-control interface test (#2009)
+    - snapstate: pass errors from ListRefresh in updateInfo (#2018)
+    - README: add links to IRC, mailing list and social media (#2022)
+    - docs: add `configure` hook to hooks list (#2024)LP: #1596629
+    - cmd/snap,configstate: rename apply-config variables to configure.
+      (#2023)
+    - store: retry download on 500 (#2019)
+    - interfaces/builtin: support time and date settings via
+      'org.freedesktop.timedate1 (#1832)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 02 Nov 2016 01:17:36 +0200
+
+snapd (2.16-1) unstable; urgency=medium
+
+  [ Michael Hudson-Doyle ]
+  * New upstream release.
+  * Import gopkg.in/cheggaaa/pb.v1 rather than github.com/cheggaaa/pb.
+  * Switch to unconditional conflict against `snap` (Closes: #826884)
+  * Update Vcs-Git and Vcs-Browser to point to alioth.
+
+  [ Steve Langasek ]
+  * Remove govendor from gbp.conf, and import Ubuntu tarball as our
+    orig.tar.gz (switching our packaging to non-native).
+  * Add Uploaders.
+  * Drop lintian overrides not used in Debian because we dynamically link
+    against golang-yaml.v2.
+  * Bump standards-version, no changes required.
+  * Add/fix various lintian overrides.
+
+ -- Steve Langasek <vorlon@debian.org>  Wed, 02 Nov 2016 12:14:52 +0000
+
+snapd (2.16) xenial; urgency=medium
+
+  * New upstream release, LP: #1628425
+    - overlord/state: prune old empty changes
+    - interfaces: ppp: load needed kernel module (#2007)
+    - interfaces/builtin: add missing rule to allow run-parts to
+      execute all resolvconf scripts
+    - many: rename apply-config hook to configure
+    - tests: use new spread `debug` feature
+    - many: finish `snap set` API.
+    - overlord: fix and simplify configstate.Transaction
+    - assertions: add system-user assertion
+    - snap: add `snap known --remote`
+    - tests: replace systemd-run with on-the-fly generation of units.
+    - overlord/boot: switch to using assertstate.Batch
+    - snap, daemon, store: pass through screenshots from store
+    - image: add meta/gadget.yaml infrastructure
+    - tests: add test benchmark script
+    - daemon: add the actual ssh keys that got added to the create-user
+      response
+    - daemon: add REST API behind `snap get`
+    - debian: re-add golang-github-gosexy-gettext-dev
+    - tests: added install_local function
+    - interfaces/builtin: fix resolvconf permissions for network-manager
+      interface
+    - tests: use apt as compatible with trusty
+    - many: discard preserved namespace after removing snap
+    - daemon, overlord, store: add ReadyToBuy API to snapd
+    - many: add support for installing/removing multiple snaps
+    - progress: use New64 and fix output newline
+    - interfaces/builtin: allow network-manager to access netplan conf
+      files
+    - tests: build once and install test snap from cache
+    - overlord/state: introduce cleanup support
+    - snap: move/clarify Info.Broken
+    - ctlcmd: add snapctl get.
+    - overlord,store: clean up serial-proof plumbing code
+    - interfaces/builtin: add network-setup-observe interface
+    - daemon,overlord/assertstate: support streams of assertions with
+      snap ack
+    - snapd: kmod backend
+    - tests: ensure HOME is also set correctly
+    - configstate,hookstate: add snapctl set
+    - tests: disable broken create-key test
+    - interfaces: adjust bluetooth-control to allow getsockopt (LP:
+      #1613572)
+    - tests: add a test for core about device initialization and device
+      registration and auth
+    - many: show snap name before the download progress bar
+    - interfaces/builtin: add rcvfrom for client connected plugs to mir
+      interface
+    - asserts: support for maps in assertions
+    - tests: increase timeout for key generation in create-key test
+    - many: validate refreshes against validation assertions by gating
+      snaps
+    - interfaces/apparmor: allow 'm' in default policy for snap-exec
+    - many: avoid snap.InfoFromSnapYaml in tests
+    - interfaces/builtin: allow /dev/net/tun with network-control
+    - tests: add spread test for snap create-key/snap sign
+    - tests: add missing quotes in security-device-cgroups/task.yaml
+    - interfaces: drop ErrUnknownSecurity
+    - store: add "ready to buy" method
+    - snap/snapenv, tests: use root's data dirs when running via sudo
+    - interfaces/builtin: add initial docker interface
+    - snap: remove extra newline after progress is done
+    - docs: fix formating of HACKING.md "Testing snapd"
+    - store : add requestOptions.ExtraHeaders so that individual
+      requests can customise headers.
+    - many: use unique plug/slot names in tests
+    - tests: add tests for the classic dimension
+    - many: add vendoring of dependencies by default
+    - tests: use in-tree snap{ctl,-exec} for all tests
+    - many: support snapctl -h
+    - tests: adjust regex after changes in stat output
+    - store,snap: initial support for delta downloads
+    - interfaces/builtin: add run/udev/data paths to mir interface
+    - snap: lessen annoyance of implicit interface tests
+    - tests: ensure http{,s}_proxy is defined inside the fake-store
+    - interfaces: allow xdg-open in unity7, unity7 cleanups
+    - daemon,store: move store login user logic to store
+    - tests: replace realpath with readlink -f for trusty support.
+    - tests: add https_proxy into environment as well
+    - interfaces/builtin: allow mmaping pulseaudio buffers
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 28 Sep 2016 11:09:27 +0200
+
+snapd (2.15.2ubuntu1) xenial; urgency=medium
+
+  * New upstream release, LP: #1623579
+    - snap/snapenv, tests: use root's data dirs when running via sudo
+      (cherry pick PR: #1857)
+    - tests: add https_proxy into environment
+      (cherry pick PR: #1926)
+    - interfaces: allow xdg-open in unity7, unity7 cleanups
+      (cherry pick PR: #1946)
+    - tests: ensure http{,s}_proxy is defined inside the fake-store
+      (cherry pick PR: #1949)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 21 Sep 2016 17:21:12 +0200
+
+snapd (2.15.2) xenial; urgency=medium
+
+  * New upstream release, LP: #1623579
+    - asserts: define a bit less terse Ref.String
+    - interfaces: disable auto-connect in libvirt interface
+    - asserts: check that validation assertions are signed by the
+      publisher of the gating snap
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Sep 2016 10:42:29 +0200
+
+snapd (2.15.1) xenial; urgency=medium
+
+  * New upstream release, LP: #1623579
+    - image: ensure local snaps are put last in seed.yaml
+    - asserts: revert change that made the account-key's name mandatory.
+    - many: refresh all snap decls
+    - interfaces/apparmor: allow reading /etc/environment
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 19 Sep 2016 09:19:44 +0200
+
+snapd (2.15) xenial; urgency=medium
+
+  * New upstream release, LP: #1623579
+    - tests: disable prepare-image-grub test in autopkgtest
+    - interfaces: allow special casing for auto-connect until we have
+      assertions
+    - docs: add a little documentation on hooks.
+    - hookstate,daemon: don't mock HookRunner, mock command.
+    - tests: add http_proxy to /etc/environment in the autopkgtest
+      environment
+    - backends: first bits of kernel-module security backend
+    - tests: ensure openssh-server is installed in autopkgtest
+    - tests: make ubuntu-core tests more robust
+    - many: mostly work to support ABA upgrades
+    - cmd/snap: do runtime linting of descriptions
+    - spread.yaml: don't assume LANG is set
+    - snap: fix SNAP* environment merging in `snap run`
+    - CONTRIBUTING.md: remove integration-tests, include spread
+    - store: don't discard error body from request device session call
+    - docs: add create-user documentation
+    - cmd/snap: match UX document for message when buying without login
+    - firstboot: do not overwrite any existing netplan config
+    - tests: add debug output to ubuntu-core-update-rollback-
+      stresstest:
+    - tests/lib/prepare.sh: test that classic does not setting bootvars
+    - snap: run all tests with gpg2
+    - asserts: basic support for validation assertion and refresh-
+      control
+    - interfaces: miscellaneous policy updates for default, browser-
+      support and camera
+    - snap: (re)add --force-dangerous compat option
+    - tests: ensure SUDO_{USER,GID} is unset in the spread tests
+    - many: clean out left over references to integration tests
+    - overlord/auth,store: fix raciness in updating device/user in state
+      through authcontext and other issuesbonus fixes:
+    - tests: fix spread tests on yakkety
+    - store: refactor auth/refresh tests
+    - asserts: use gpg --fixed-list-mode to be compatible with both gpg1
+      and gpg2
+    - cmd/snap: i18n option descriptions
+    - asserts: required account key name header
+    - tests: add yakkety test host
+    - packaging: make sure debhelper-generated snippet is invoked on
+      postrm
+    - snap,store: capture newest digest from the store, make it
+      DownloadInfo only
+    - tests: add upower-observe spread test
+    - Merge github.com:snapcore/snapd
+    - tests: fixes to actually run the spread tests inside autopkgtest
+    - cmd/snap: make "snap find" error nicer.
+    - tests: get the gadget name from snap list
+    - cmd/snap: tweak help of 'snap download'
+    - cmd/snap,image: teach snap download to download also assertions
+    - interfaces/builtin: tweak opengl interface
+    - interfaces: serial-port use udevUsbDeviceSnippet
+    - store: ensure the payment methods method handles auth failure
+    - overlord/snapstate: support revert flags
+    - many: add snap configuration to REST API
+    - tests: use ubuntu-image for the ubuntu-core-16 image creation
+    - cmd/snap: serialise empty keys list as [] rather than null
+    - cmd/snap,client: add snap set and snap get commands
+    - asserts: update trusted account-key asserts with names
+    - overlord/snapstate: misc fixes/tweaks/cleanups
+    - image: have prepare-image set devmode correctly
+    - overlord/boot: have firstboot support assertion files with
+      multiple assertions
+    - daemon: bail from enable and disable if revision given, and from
+      multi-op if unsupported optons given
+    - osutil: call sync after cp if
+      requested.overlord/snapstate/backend: switch to use osutil instead
+      of another buggy call to cp
+    - cmd/snap: generate account-key-request "since" header in UTC
+    - many: use symlinks instead of wrappers
+    - tests: remove silly [Service] entry from snapd.socket.d/local.conf
+    - store: switch device session to use device-session-request
+      assertion
+    - snap: ensure that plug and slot names are unique
+    - cmd/snap: fix test suite (no Exit(0) on tests!)
+    - interfaces: add interface for hidraw devices
+    - tests: use the real model assertion when creating the core test
+      image
+    - interfaces/builtin: add udisks2 and removable-media interfaces
+    - interface: network_manager: enable resolvconf
+    - interfaces/builtin: usb serial-port support via udev
+    - interfaces/udev: support noneSecurityTag keyed snippets
+    - snap: switch to the new agreed regexp for snap names
+    - tests: adjust test setup after ubuntu user removal
+    - many: start services only after the snap is fully ready (link-snap
+      was run)
+    - asserts: don't have Add/Check panic in the face of unsupported no-
+      authority assertions
+    - asserts: initial support to generate/sign snap-build assertions
+    - asserts: support checking account-key-request assertions
+    - overlord: introduce AuthContext.DeviceSessionRequest with support
+      in devicestate
+    - overlord/state: fix for reloaded task/change crashing on Set if
+      checkpointed w. no custom data  yet
+    - snapd.refresh.service: require snap.socket and /snap/*/current.
+    - many: spell --force-dangerous as just --dangerous, devmode should
+      imply it
+    - overlord/devicestate: try to fetch/refresh the signing key of
+      serial (also in case is not there yet)
+    - image,overlord/boot,snap: metadata from asserts for image snaps
+    - many: automatically restart all-snap devices after os/kernel
+      updates
+    - interfaces: modem-manager: ignore camera
+    - firstboot: only configure en* and eth* interfaces by default
+    - interfaces: fix interface handling on no-app snaps
+    - snap: set user variables even if HOME is unset (like with systemd
+      services)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 16 Sep 2016 07:46:22 +0200
+
+snapd (2.14.2~16.04) xenial; urgency=medium
+
+  * New upstream release: LP: #1618095
+    - tests: use the spread tests with the adhoc interface inside
+      autopkgtest
+    - interfaces: add fwupd interface
+    - asserts,cmd/snap: add "name" header to account-key(-request)
+    - client,cmd/snap: display os-release data only on classic
+    - asserts/tool,cmd/snap: introduce hidden "snap sign"
+    - many: when installing snap file derive metadata from assertions
+      unless --force-dangerous
+    - osutil: tweak the createUserTests a bit and extract common code
+    - debian: umount --lazy before rm on snapd.postrm
+    - interfaces: updates to default policy, browser-support, and x11
+    - store: set initial device session
+    - interfaces: add upower-observe interface (LP: #1595813)
+    - tests: use beta u-d-f in test by default
+    - interfaces/builtin: allow writing on /dev/vhci in bluetooth-
+      control
+    - interfaces/builtin: allow /dev/vhci on bluetooth-control
+    - tests: port integration tests to spread
+    - snapstate: use umount --lazy when removing the mount units
+    - spread: enable halt-timeout, tweak image selection
+    - tests: fix firstboot-assertions to actually be runnable on classic
+      again
+    - asserts: introduce device-session-request
+    - interfaces: add screen-inhibit-control interface (LP: #1604880)
+    - firstboot: change location of netplan config
+    - overlord/devicestate: some cleanups and solving a couple todos
+    - daemon,overlord: add subcommand handling to snapctl
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 01 Sep 2016 18:52:05 +0200
+
+snapd (2.14.1) xenial; urgency=medium
+
+  * New upstream release: LP: #1618095
+    - snap-exec: add support for commands with internal args in snap-
+      exec
+    - store: refresh expired device sessions
+    - debian: re-add ubuntu-core-snapd-units as a transitional package
+    - image: snap assertions into image
+    - overlord/assertstate,asserts/snapasserts: give snap assertions
+      helpers a package, introduce ReconstructSideInfo
+    - docs/interfaces: Add empty line after lxd-support title
+    - README: cover the new /run/snapd-snap.socket
+    - daemon: make socket split backward-compatible.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 30 Aug 2016 16:43:29 +0200
+
+snapd (2.14) xenial; urgency=medium
+
+  * New upstream release: LP: #1618095
+    - cmd: enable SNAP_REEXEC only if it is set to SNAP_REEXEC=1
+    - osutil: fix create-user on classic
+    - firstboot: disable firstboot on classic for now
+    - cmd/snap: add export-key --account= option
+    - many: split public snapd REST API into separate socket.
+    - many: drop ubuntu-core-snapd-units package, use release.OnClassic
+      instead
+    - tests: add content-shareing binary test that excersises snap-
+      confine
+    - snap: use "up to date" instead of "up-to-date"
+    - asserts: add an account-key-request assertion
+    - asserts: fix GPG key generation parameters
+    - tests, integration-tests: implement the cups-control manual test
+      as a spread test
+    - many: clarify/tie down model assertion
+    - cmd/snap: add "snap download" command
+    - integration-tests: remove them in favour of the spread tests
+    - tests: test all snap ubuntu core upgrade
+    - many: support install and remove by revision
+    - overlord/state: prevent change ready => unready
+    - tests: fixes to make the ubuntu-core-16 image usable with
+      -keep/-reuse
+    - asserts: authority-id and brand-id of serial must match
+    - firstboot: generate netplan config rather than ifupdown
+    - store: request device session macaroon from store
+    - tests: add workaround for u-d-f to unblock all-snap image tests
+    - tests: the stable ubuntu-core snap has snap run support now
+    - many: use make StripGlobalRootDir public
+    - asserts: add some stricter checks around format
+    - many: have AuthContext expose device store-id, serial and serial-
+      proof signing to the store
+    - tests: fix "tests/main/ack" to not break if asserts are alreay
+      there
+    - tests/main/ack: fix test/style
+    - snap: add key management commands
+    - firstboot: add firstboot assertions importing
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 29 Aug 2016 17:07:20 +0200
+
+snapd (2.13) xenial; urgency=medium
+
+  * New upstream release: LP: #1616157
+    - many: respect dirs.SnapSnapsDir in tests
+    - tests: update listing test for latest stable image
+    - many: hook in start of code to fetch/check assertions when
+      installing snap from store
+    - boot: add missing udevadm mock to fix FTBFS
+    - interfaces: add lxd-support interface
+    - dirs,snap: handle empty root directory in SetRootDir
+    - dirs,snap: define methods for SNAP_USER_DATA and SNAP_USER_COMMON
+    - tests: spread all-snap test cleanup
+    - tests: add all-snap spread image tests
+    - store,tests: have just one envvar SNAPPY_USE_STAGING_STORE to
+      control talking to staging
+    - overlord/hookstate: use snap run posix parameters.
+    - interfaces/builtin: allow bind in the network interface
+    - asserts,overlord/devicestate: simplify private key/key pairs APIs,
+      they take just key ids
+    - dependencies: update godeps
+    - boot: add support for "devmode: {true,false}" in seed.yaml
+    - many: teach prepare-image to copy the model assertion (and
+      prereqs) into the seed area of the image
+    - tests: start teaching the fakestore about assertions
+    - asserts/sysdb: embed the new format official root/trusted
+      assertions
+    - overlord/devicestate: first pass at device registration logic
+    - tests: add process-control interface spread test
+    - tests: disable unity test
+    - tests: adapt to new spread version
+    - asserts: add serial-proof device assertion
+    - client, cmd/snap: use the new multi-refresh endpoint
+    - many: preparations for image code to fetch model prereqs
+    - debian: add extra checks when debian/snapd.postrm purge is run
+    - overlord/snapstate, daemon: support for multi-snap refresh
+    - tests: do not leave "squashfs-root" around
+    - snap-exec: Fix broken `snap run --shell` and add test
+    - overlord/snapstate: check changes to SnapState for conflicts also.
+    - docs/interfaces: change snappy command to snap
+    - tests: test `snap run --hook` using in-tree snap-exec.
+    - partition: ensure that snap_{kernel,core} is not overridden with an
+      empty value
+    - asserts,overlord/assertstate: introduce an assertstate task
+      handler to fetch snap assertions
+    - spread: disable re-exec to always test development tree.
+    - interfaces: implement a fuse interface
+    - interfaces/hardware-observe.go: re-add /run/udev/data
+    - overlord/assertstate,daemon: reorg how the assert manager exposes
+      the assertion db and adding to it
+    - release: Remove "UBUNTU_CODENAME" from the test data
+    - many: implement snapctl command.
+    - interfaces: mpris updates (fix unconfined introspection, add name
+      attribute)
+    - asserts: export DecodePublicKey
+    - asserts: introduce support for assertions with no authority,
+      implement serial-request
+    - interfaces: bluez: add a few more tests to verify interface
+      connection works
+    - interfaces: bluez: add missing mount security snippet case
+    - interfaces: add kernel-module interface for module insertion.
+    - integration-tests: look for ubuntu-device-flash on PATH before
+      calling sudo
+    - client, cmd, daemon, osutil: support --yaml and --sudoer flags for
+      create-user
+    - spread: use snap-confine from ppa:snappy-dev/image for the tests
+    - many: move to purely hash based key lookup and to new
+      key/signature format (v1)
+    - spread: Use /home/gopath in spread.yaml
+    - tests: base security spread tests
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 24 Aug 2016 14:48:28 +0200
+
+snapd (2.12) xenial; urgency=medium
+
+  * New upstream release: LP: #1612362
+    - many: do not require root for `snap prepare-image`
+    - tests: prevent restore error on test failure
+    - osutil: change escaping for create-user's sudoers
+    - docs: private flag doesn't exist on /v2/find (it's select)
+    - snap: do not sort the result of `snap find`
+    - interfaces/builtin: add gpio interface
+    - partition: fix cleaning of the boot variables on the second good
+      boot
+    - tests: add udev rules spread test
+    - docs: fix references to refresh action
+    - interfaces/udev,osutil: avoid doubled rules and put all in a per
+      snap file
+    - store: minor store improvements from previous reviews
+    - many: support interactive payments in snapd, filter from command
+      line
+    - docs/interfaces.md: improve interfaces documentation
+    - overlord,store: set store device authorization header
+    - store: add device nonce API support
+    - many: various fixes around the `create-user` command
+    - client, osutil: chown the auth file
+    - interfaces/builtin: add transitional browser-support interface
+    - snap: don't load unsupported implicit hooks.
+    - cmd/snap,cmd/snap-exec: support hooks again.
+    - interfaces/builtin: improve pulseaudio interface
+    - asserts: make account-key's `until` optional to represent a never-
+      expiring key
+    - store: refactor newRequest/doRequest to take requestOptions
+    - tests: allow-downgrades on upgrade test to prevent version errors
+    - daemon: stop using group membership as succedaneous of running
+      things with sudo
+    - interfaces: add bluetooth-control interfaces
+    - many: remove integration-test coverage metrics
+    - daemon,docs: drop license docs and error kind
+    - tests: add network-control interface spread test
+    - tests: add hardware-observe spread test
+    - interfaces: add system-trace interface LP: #1600085
+    - boot: use `cp -aLv` instead of `cp -a` (no symlinks on vfat)
+    - store: soft-refresh discharge macaroon from store when required
+    - partition: clear snap_try_{kernel,core} on success
+    - tests: add snapd-control interface spread test
+    - tests: add locale-control write spread test
+    - store: fix buy method after some refactoring broke it
+    - interfaces/builtin: read perms for network devices in network-
+      observe
+    - interfaces: also allow rfkill in network_control
+    - snapstate: remove artifacts from a snap try dir that vanished
+    - client, cmd/snap: better errors for empty snap list result
+    - wrappers: set BAMF_DESKTOP_FILE_HINT for unity
+    - many: cleanup/update rest.md; improve auth errors
+    - interfaces: miscelleneous policy updates for default, log-observe,
+      mount-observe, opengl, pulseaudio, system-observe and unity7
+    - interfaces: add process-control interface (LP: #1598225)
+    - osutil: support both "nobody" and "nogroup" for grpnam tests
+    - cmd: support defaulting to the user's preferred payment method
+    - overlord: actually run hooks.
+    - overlord/state,overlord/ifacestate: define basic infrastructure
+      for and then setting up serialising of interface mgr tasks
+    - asserts: add Assertion.Prerequisites and SigningKey, Ref and
+      FindTrusted
+    - overlord/snapstate: ensure calls to store are done without the
+      state lock held
+    - asserts,client: switch snap-build and snap-revision to be indexed
+      by snap-sha3-384
+    - many: make seed.yaml on firstboot mandatory and include sideInfo
+    - asserts,many: start supporting structured headers using the new
+      parseHeaders
+    - many: update code for the new snap_mode
+    - tests: added spread find private test
+    - store: deal with 404 froms the SSO store properly
+    - snap: remove meta/kernel.yaml again
+    - daemon: always mock release info in tests
+    - snapstate: drop revisions after "current" on refresh
+    - asserts: introduce new parseHeadersThis introduces the new
+      parseHeaders returning map[string]interface{} and capable of
+      accepting:
+    - asserts: remove/disable comma separated lists and their uses
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 11 Aug 2016 19:30:36 +0200
+
+snapd (2.11) xenial; urgency=medium
+
+  * New upstream release: LP: #1605303
+    - increase version number to reflect the nature of the update
+      better
+    - store, daemon, client, cmd/snap, docs/rest.md: adieu search
+      grammar
+    - debian: move snapd.refresh.timer into timers.target
+    - snapstate: add daemon-reload to fix autopkgtest on yakkety
+    - Interfaces: hardware-observe
+    - snap: rework the output after a snap operation
+    - daemon, cmd/snap: refresh --devmode
+    - store, daemon, client, cmd/snap: implement `snap find --private`
+    - tests: add network-observe interface spread test
+    - interfaces/builtin: allow getsockopt for connected x11 plugs
+    - osutil: check for nogrup instead of adm
+    - store: small cleanups (more needed)
+    - snap/squashfs: fix test not to hardcode snap size
+    - client,cmd/snap: cleanup cmd/snap test suite, add extra args
+      testThis cleans up the cmd/snap test suite:
+    - wrappers: map "never" restart condition to "no."
+    - wrappers: run update-desktop-database after add/remove of desktop
+      files
+    - release: work around elementary mistake
+    - many: remove all traces of channel from the buying codepath
+    - store: kill setUbuntuStoreHeaders
+    - docs: add payment methods documentation
+    - many: present user with a choice of payment backends
+    - asserts: add cross checks for snap asserts
+    - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
+    - tests: improve snap run symlink tests
+    - tests: add content sharing interface spread test
+    - store & many: a mechanical branch shortening store names
+    - snappy: remove old snappy pkg
+    - overlord/snapstate: kill flagscompat
+    - overlord/snapstate, daemon, client, cmd/snap: devmode override
+      (aka confined)
+    - tests: extend refresh test to talk to the staging and production
+      stores
+    - asserts,daemon: cross checks for account and account-key
+      assertions
+    - client: existing JSON fixtures uses tabs for indentation
+    - snap-exec: add proper integration test for snap-exec
+    - spread.yaml, tests: replace hello-world with test-snapd-tools
+    - tests: add locale-control interface spread test
+    - tests: add mount-observe interface spread test
+    - tests: add system-observe interface spread test
+    - many: add AuthContext to mediate user updates to the state
+    - store/auth: add helper for the macaroon refresh endpoint
+    - cmd: add buy command
+    - overlord: switch snapstate.Update to use ListRefresh (aka
+      /snaps/metadata)
+    - snap-exec: fix silly off-by-one error
+    - tests: stop using hello-world.echo in the tests
+    - tests: add env command to test-snapd-tools
+    - classic: remove (most of) "classic" mode, this is implemented as a
+      snap now
+    - many: remove snapstate.Candidate and other cleanups
+    - many: removed authenticator, store gets a user instead
+    - asserts: fix minor doc comment typo
+    - snap: ensure unknown arguments to `snap run` are ignored
+    - overlord/auth: add Device/SetDevice to persist device identity in
+      state
+    - overlord: make SyncBoot work again
+    - tests: add -y flag to apt autoremove command in unity task restore
+    - many: migrate SnapSetup and SideInfo to use RealName
+    - daemon: drop auther()
+    - client: improve error from client.do() on json decode failures
+    - tests: readd the fake store tests
+    - many: allow removal of broken snaps, add spread test
+    - overlord: implement &Retry{After: duration} support for handlers
+    - interface: add new interfaces.all.SecurityBackends
+    - integration-tests: remove login tests
+    - cmd,interfaces,snap: implement hook whitelist.
+    - daemon,overlord/auth,store: update macaroon authentication to use
+      the new endpoints
+    - daemon, overlord: add buy endpoint to REST API
+    - tests: use systemd-run for starting and stopping the unity app
+    - tests, integration-tests: port systemd service check test to
+      spread
+    - store: switch search to new snap-specific endpoint
+    - store, many: start using the new details endpoint
+    - tests, integration-tests: port unity test to spread
+    - tests: add spread test for tried snaps removal
+    - tests, integration-tests: port auth errors test to spread
+    - snapstate: rename OfficialName to RealName in the new tests
+    - many: rename SideInfo.OfficialName to SideInfo.RealName
+    - snapstate: use snapstate.Type in backend.RemoveSnapFiles
+    - many: add `snap enable/disable` commands
+    - tests, integration-tests: port refresh all test to spread
+    - snap: add `snap run --shell`
+    - tests: set yaml indentation to 4 spaces
+    - snapstate: cleanup downloaded temp snap files
+    - overlord: make patch1_test more robust
+    - debian: add snapd.postrm that purges
+    - integration-tests: drop already covered refresh app test
+    - many: add concept of "broken" snaps
+    - tests, integration-tests: port remove errors tests to spread
+    - tests, integration-tests: port revert test to spread
+    - debian: fix snapbuild path
+    - overlord: fix access to the state without lock in firstboot.go and
+      add test
+    - snapstate: add very simple garbage collection on upgrade
+    - asserts: introduce assertstest with helpers to test code involving
+      assertions
+    - tests, integration tests: port undone failed install test to
+      spread
+    - snap,store: switch to the new snaps/metadata endpoint, introduce
+      and start capturing DeveloperID
+    - tests, integration-tests: port the op remove retry test to spread
+    - po: remove snappy.pot from git, it will be generated at build time
+    - many: add some missing tests, clarify some things and nitpicks as
+      follow up to `snap revert`
+    - snapstate: when doing snapsate.Update|Install, talk to the store
+      early
+    - tests, integration-tests: port the op remove test to spread
+    - interfaces: allow /usr/bin/locale in default policy
+    - many: add `snap revert`
+    - overlord/auth,store: add macaroon serialization/deserialization
+      helpers
+    - many: embed main store trusted assertions in snapd, way to have
+      test ones, spread tests for ack and known
+    - overlord/snapstate,daemon: clarify active vs current, add
+      SnapState.HasCurrent,CurrentInfo
+    - tests: do not search for a specific snap (we hit 100 items) and
+      pagination kicks in
+    - tests: use printf instead of echo where we need portability
+    - tests: rename and generalize basic-binaries to test-snapd-tools
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 26 Jul 2016 15:49:04 +0200
+
+snapd (2.0.10) xenial; urgency=medium
+
+  *  New upstream release: LP: #1597329
+    - interfaces: also allow @{PROC}/@{pid}/mountinfo and
+      @{PROC}/@{pid}/mountstats
+    - interfaces: allow read access to /etc/machine-id and
+      @{PROC}/@{pid}/smaps
+    - interfaces: miscelleneous policy updates for default, log-observe
+      and system-observe
+    - snapstate: add logging after a successful doLinkSnap
+    - tests, integration-tests: port try tests to spread
+    - store, cmd/snapd: send a basic user-agent to the store
+    - store: add buy method
+    - client: retry on failed GETs
+    - tests: actual refresh test
+    - docs: REST API update
+    - interfaces: add mount support for hooks.
+    - interfaces: add udev support for hooks.
+    - interfaces: add dbus support for hooks.
+    - tests, integration-tests: port refresh test to spread
+    - tests, integration-tests: port change errors test to spread
+    - overlord/ifacestate: don't retry snap security setup
+    - integration-tests: remove unused file
+    - tests: manage the socket unit when reseting state
+    - overlord: improve organization of state patches
+    - tests: wait for snapd listening after reset
+    - interfaces/builtin: allow other sr*/scd* optical devices
+    - systemd: add support for squashfuse
+    - snap: make snaps vanishing less fatal for the system
+    - snap-exec: os.Exec() needs argv0 in the args[] slice too
+    - many: add new `create-user` command
+    - interfaces: auto-connect content interfaces with the same content
+      and developer
+    - snapstate: add Current revision to SnapState
+    - readme: tweak readme blurb
+    - integration-tests: wait for listening port instead of active
+      service reported by systemd
+    - many: rename Current -> {CurrentSideInfo,CurrentInfo}
+    - spread: fix home interface test after suite move
+    - many: name unversioned data.
+    - interfaces: add "content" interface
+    - overlord/snapstate: defaultBackend can go away now
+    - debian: comment to remember why the timer is setup like it is
+    - tests,spread.yaml: introduce an upgrade test, support/split into
+      two suites for this
+    - overlord,overlord/snapstate: ensure we keep snap type in snapstate
+      of each snap
+    - many: rework the firstboot support
+    - integration-tests: fix test failure
+    - spread: keep core on suite restore
+    - tests: temporary fix for state reset
+    - overlord: add infrastructure for simple state format/content
+      migrations
+    - interfaces: add seccomp support for hooks.
+    - interfaces: allow gvfs shares in home and temporarily allow
+      socketcall by default (LP: #1592901, LP: #1594675)
+    - tests, integration-tests: port network-bind interface tests to
+      spread
+    - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
+      and remove MockSnapWithHooks
+    - interfaces: add mpris interface
+    - tests: enable `snap run` on i386
+    - tests, integration-tests: port network interface test to spread
+    - tests, integration-tests: port interfaces cli to spread
+    - tests, integration-tests: port leftover install tests to spread
+    - interfaces: add apparmor support for hooks.
+    - tests, integration-tests: port log-observe interface tests to
+      spread
+    - asserts: improve Decode doc comment about assertion format
+    - tests: moved snaps to lib
+    - many: add the camera interface
+    - many: add optical-drive interface
+    - interfaces: auto-connect home if running on classic
+    - spread: bump gccgo test timeout
+    - interfaces: use security tags to index security snippets.
+    - daemon, overlord/snapstate, store: send confinement header to the
+      store for install
+    - spread: run tests on 16.04 i386 concurrently
+    - tests,integration-tests: port install error tests to spread
+    - interfaces: add a serial-port interface
+    - tests, integration-tests, debian: port sideload install tests to
+      spread
+    - interfaces: add new bind security backend and refactor
+      backendtests
+    - snap: load and validate implicit hooks.
+    - tests: add a build/run test for gccgo in spread
+    - cmd/snap/cmd_login: Adjust message after adding support for wheel
+      group
+    - tests, integration-tests: ported install from store tests to
+      spread
+    - snap: make `snap change <taskid>` show task progress
+    - tests, integration-tests: port search tests to spread
+    - overlord/state,daemon: make abort proceed immediately, fix doc
+      comment, improve tests
+    - daemon: extend privileged access to users in "wheel" group
+    - snap: tweak `snap refresh` and `snap refresh --list` outputTiny
+      branch that does three things:
+    - interfaces: refactor auto-connection candidate check
+    - snap: add support for snap {install,refresh}
+      --{edge,beta,candidate,stable}
+    - release: don't force KDE Neon into devmode.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 29 Jun 2016 21:02:39 +0200
+
+snapd (2.0.9) xenial; urgency=medium
+
+  * New upstream release: LP: #1593201
+    - snap: add the magic redirect part of `snap run`
+    - tests, integration-tests: port server related tests to spread
+    - overlord/snapstate: log restarting in the task
+    - daemon: test restart wiring, fix setup/teardown
+    - cmd: don't show the price if a snap has already been purchased
+    - tests, integration-tests: port listing tests to spread
+    - integration-tests: do not try to kill ubuntu-clock-app.clock (no
+      longer a process)
+    - several: tie up overlord's restart handler into daemon; adjust
+      snap to cope
+    - tests, integration-tests: port abort tests to spread
+    - integration-tests: fix flaky TestRemoveBusyRetries
+    - testutils: refactor/mock exec
+    - snap,cmd: add hook support to snap run.
+    - overlord/snapstate: remove Download from backend
+    - store: use a custom logging transport
+    - overlord/hookstate: implement basic HookManager.
+    - spread: move the suite restore to restore-each
+    - asserts: turn model os into model core field, making it also more
+      like the kernel and gadget fields
+    - asserts: / is not allowed in primary key headers, follow the store
+      in this
+    - release: enable full confinement on Elementary 0.4
+    - integration-tests: fix another i386 autopkgtest failure.
+    - cmd/snap: create SNAP_USER_DATA and common dirs in `snap run`
+    - many: have the installation of the core snap request a restart (on
+      classic)
+    - asserts: allow to load also account assertions into the trusted
+      set
+    - many: install snaps in devmode on distributions without complete
+      apparmor and seccomp support
+    - spread: run on travis
+    - snapenv: do not hardcode amd64 in tests
+    - spread: initial harness and first test
+    - interfaces: miscelleneous policy updates for chromium, x86,
+      opengl, etc
+    - integration-tests: remove daemon to use the log-observe interface
+    - client: remove client.Revision and import snap.Revision instead
+    - integration-tests: wait for network-bind service in try test
+    - many: move over from snappy to snapstate/backend SetupSnap and
+      related code
+    - integration-tests: add interfaces cli tests
+    - snapenv: cleanup snapenv.{Basic,User}
+    - cmd/snap: also print slots that connect to the wanted snap (LP:
+      #1590704)
+    - asserts: error style, use "cannot" instead of "failed to"
+      following the main decided style
+    - integration-tests: wait until the network-bind service is up
+      before testing
+    - many: add new `snap run` command
+    - snappy: unexport snappy.Install and snappy.Overlord.{Un,}Install
+    - many: add some shared testing helpers to snap/snaptest and to
+      boot/boottest
+    - rest-api: support to send apps per snap (LP: #1564076)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 16 Jun 2016 13:56:12 +0200
+
+snapd (2.0.8.1) UNRELEASED; urgency=medium
+
+  * New upstream release
+    - Cherry pick four commits that show snaps as installed in devmode on
+    distributions without full confinement dependencies available:
+
+    25634d3364a46b5e9147e4466932c59b1b572d35
+    53f2e8d5f1b2d7ce13f5b50be4c09fa1de8cf1e0
+    38771f4cc324ad9dd4aa48b03108d13a2c361aad
+    c46e069351c61e45c338c98ab12689a319790bd5
+
+ -- Zygmunt Krynicki <zygmunt.krynicki@canonical.com>  Tue, 14 Jun 2016 15:55:30 +0200
+
+snapd (2.0.8+1) unstable; urgency=medium
+
+  * New upstream release.
+  * Update lintian-overrides for new paths.
+  * debian/copyright: fix a typo (thanks, lintian!)
+
+ -- Steve Langasek <vorlon@debian.org>  Fri, 10 Jun 2016 23:17:22 +0000
+
+snapd (2.0.8) xenial; urgency=medium
+
+  * New upstream release: LP: #1589534
+    - debian: make `snap refresh` times more random (LP: #1537793)
+    - cmd: ExecInCoreSnap looks in "core" snap first, and only in
+      "ubuntu-core" snap if rev>125.
+    - cmd/snap: have 'snap list' display helper message on stderr
+      (LP: #1587445)
+    - snap: make app names more restrictive.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 08 Jun 2016 07:56:58 +0200
+
+snapd (2.0.7) xenial; urgency=medium
+
+  * New upstream release: LP: #1589534
+    - debian: do not ship  /etc/ld.so.conf.d/snappy.conf (LP: #1589006)
+    - debian: fix snapd.refresh.service install and usage (LP: #1588977)
+    - ovlerlord/state: actually support task setting themself as
+      done/undone
+    - snap: do not use "." import in revision_test.go, as this breaks
+      gccgo-6 (fix build failure on powerpc)
+    - interfaces: add fcitx and mozc input methods to unity7
+    - interfaces: add global gsettings interfaces
+    - interfaces: autoconnect home and doc updates (LP: #1588886)
+    - integration-tests: remove
+      abortSuite.TestAbortWithValidIdInDoingStatus
+    - many: adding backward compatible code to upgrade SnapSetup.Flags
+    - overlord/snapstate: handle sideloading over an old sideloaded snap
+      without panicing
+    - interfaces: add socketcall() to the network/network-bind
+      interfaces (LP: #1588100)
+    - overlord/snapstate,snappy: move over CanRemoveThis moves over the
+      CanRemove check to snapstate itself.overlord/snapstate
+    - snappy: move over CanRemove
+    - overlord/snapstate,snappy: move over CopyData and Remove*Data code
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 06 Jun 2016 16:35:50 +0200
+
+snapd (2.0.6) xenial; urgency=medium
+
+  * New upstream release: LP: #1588052:
+    - many: repository moved to snapcore/snapd
+    - debian: add transitional pkg for the github location change
+    - snap: ensure `snap try` work with relative paths
+    - debian: drop run/build dependency on lsb-release
+    - asserts/tool: gpg key pair manager
+    - many: add new snap-exec
+    - many: implement `snap refresh --list` and  `snap refresh`
+    - snap: add parsing support for hooks.
+    - many: add the cups interface
+    - interfaces: misc policy fixes (LP: #1583794)
+    - many: add `snap try`
+    - interfaces: allow using sysctl and scmp_sys_resolver for parsing
+      kernel logs
+    - debian: make snapd get its environ from /etc/environment
+    - daemon,client,snap: revisions are now strings
+    - interfaces: allow access to new ibus abstract socket path
+      LP: #1580463
+    - integration-tests: add remove tests
+    - asserts: stronger crypto choices and follow better latest designs
+    - snappy,daemon: hollow out more of snappy (either removing or not
+      exporting stuff on its way out), snappy/gadget.go is gone
+    - asserts: rename device-serial to serial
+    - asserts: rename identity to account (and username access)
+    - integration-tests: add changes tests
+    - backend: add tests for environment wrapper generation
+    - interfaces/builtin: add location-control interface
+    - overlord/snapstate: move over check snap logic from snappy
+    - release: use os-release instead of lsb-release for cross-distro
+      use
+    - asserts: allow empty snap-name for snap-declaration
+    - interfaces/builtin,docs,snap: add the pulseaudio interface
+    - many: add support for an environment map inside snap.yaml
+    - overlord/snapstate: increase robustness of doLinkSnap/undoLinkSnap
+      with sanity unit tests
+    - snap: parse epoch property
+    - snappy: do nothing in SetNextBoot when running on classic
+    - snap: validate snap type
+    - integration-tests: extend find command tests
+    - asserts: extend tests to cover mandatory and empty headers
+    - tests: stop the update-pot check in run-checks
+    - snap: parse confinement property.
+    - store: change applyUbuntuStoreHeaders to not take accept, and to
+      take a channel
+    - many: struct-based revisions, new representation
+    - interfaces: remove 'audit deny' rules from network_control.go
+    - interfaces: add  com.canonical.UrlLauncher.XdgOpen to unity7
+      interface
+    - interfaces: firewall-control can access xtables lock file
+    - interfaces: allow unity7 AppMenu
+    - interfaces: allow unity7 launcher API
+    - interfaces/builtin: add location-observe interface
+    - snap: fixed snap empty list text LP: #1587445
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 02 Jun 2016 08:23:50 +0200
+
+snapd (2.0.5+1) unstable; urgency=medium
+
+  * Initial Debian upload.  Closes: #824943.
+  * release/release{,_test}.go: use /etc/os-release, which is guaranteed to
+    be part of base-files on both Ubuntu and Debian, instead of
+    /etc/lsb-release which doesn't exist at all on Debian.
+  * drop transitional packages, not needed in Debian.
+  * Add lintian overrides for false-positive detection of embedded libyaml.
+  * Update Vcs-* fields to point at maintainer's branch.
+  * Add a further lintian override for the /snap directory so that the
+    package is not automatically rejected by the NEW queue; this directory
+    location is certainly subject to discussion for Debian, but let's have
+    the discussion rather than blocking the package at the archive level.
+
+ -- Steve Langasek <vorlon@debian.org>  Mon, 23 May 2016 00:36:06 +0000
+
+snapd (2.0.5) xenial; urgency=medium
+
+  * New upstream release: LP: #1583085
+    - interfaces: add dbusmenu, freedesktop and kde notifications to
+      unity7 (LP: #1573188)
+    - daemon: make localSnapInfo return SnapState
+    - cmd: make snap list with no snaps not special
+    - debian: workaround for XDG_DATA_DIRS issues
+    - cmd,po: fix conflicts, apply review from #1154
+    - snap,store: load and store the private flag sent by the store in
+      SideInfo
+    - interfaces/apparmor/template.go: adjust /dev/shm to be more usable
+    - store: use purchase decorator in Snap and FindSnaps
+    - interfaces: first version of the networkmanager interface
+    - snap, snappy: implement the new (minmimal) kernel spec
+    - cmd/snap, debian: move manpage generation to depend on an environ
+      key; also, fix completion
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 19 May 2016 15:29:16 +0200
+
+snapd (2.0.4) xenial; urgency=medium
+
+  * New upstream release:
+    - interfaces: cleanup explicit denies
+    - integration-tests: remove the ancient integration daemon tests
+    - integration-tests: add network-bind interface test
+    - integration-tests: add actual checks for undoing install
+    - integration-tests: add store login test
+    - snap: add certain implicit slots only on classic
+    - integration-tests: add coverage flags to snapd.service ExecStart
+      setting when building from branch
+    - integration-tests: remove the tests for features removed in 16.04.
+    - daemon, overlord/snapstate: "(de)activate" is no longer a thing
+    - docs: update meta.md and security.md for current snappy
+    - debian: always start snapd
+    - integration-tests: add test for undoing failed install
+    - overlord: handle ensureNext being in the past
+    - overlord/snapstate,overlord/snapstate/backend,snappy: start
+      backend porting LinkSnap and UnlinkSnap
+    - debian/tests: add reboot capability to autopkgtest and execute
+      snapPersistsSuite
+    - daemon,snappy,progress: drop license agreement broken logic
+    - daemon,client,cmd/snap: nice access denied message
+      (LP: #1574829)
+    - daemon: add user parameter to all commands
+    - snap, store: rework purchase methods into decorators
+    - many: simplify release package and add OnClassic
+    - interfaces: miscellaneous policy updates
+    - snappy,wrappers: move desktop files handling to wrappers
+    - snappy: remove some obviously dead code
+    - interfaces/builtin: quote apparmor label
+    - many: remove the gadget yaml support from snappy
+    - snappy,systemd,wrappers: move service units generation to wrappers
+    - store: add method to determine if a snap must be bought
+    - store: add methods to read purchases from the store
+    - wrappers,snappy: move binary wrapper generation to new package
+      wrappers
+    - snap: add `snap help` command
+    - integration-tests: remove framework-test data and avoid using
+      config-snap for now
+    - add integration test to verify fix for LP: #1571721
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 13 May 2016 17:19:37 -0700
+
+snapd (2.0.3) xenial; urgency=medium
+
+  * New upstream micro release:
+    - integration-tests, debian/tests: add unity snap autopkg test
+    - snappy: introduce first feature flag for assumes: common-data-dir
+    - timeout,snap: add YAML unmarshal function for timeout.Timeout
+    - many: go into state.Retry state when unmounting a snap fails.
+      (LP: #1571721, #1575399)
+    - daemon,client,cmd/snap: improve output after snap
+      install/refresh/remove (LP: #1574830)
+    - integration-tests, debian/tests: add test for home interface
+    - interfaces,overlord: support unversioned data
+    - interfaces/builtin: improve the bluez interface
+    - cmd: don't include the unit tests when building with go test -c
+      for integration tests
+    - integration-tests: teach some new trick to the fake store,
+      reenable the app refresh test
+    - many: move with some simplifications test snap building to
+      snap/snaptest
+    - asserts: define type for revision related errors
+    - snap/snaptest,daemon,overlord/ifacestate,overlord/snapstate: unify
+      mocking snaps behind MockSnap
+    - snappy: fix openSnapFile's handling of sideInfo
+    - daemon: improve snap sideload form handling
+    - snap: add short and long description to the man-page
+      (LP: #1570280)
+    - snappy: remove unused SetProperty
+    - snappy: use more accurate test data
+    - integration-tests: add a integration test about remove removing
+      all revisions
+    - overlord/snapstate: make "snap remove" remove all revisions of a
+      snap (LP: #1571710)
+    - integration-tests: re-enable a bunch of integration tests
+    - snappy: remove unused dbus code
+    - overlord/ifacestate: fix setup-profiles to use new snap revision
+      for setup (LP: #1572463)
+    - integration-tests: add regression test for auth bug LP:#1571491
+    - client, snap: remove obsolete TypeCore which was used in the old
+      SystemImage days
+    - integration-tests: add apparmor test
+    - cmd: don't perform type assertion when we know error to be nil
+    - client: list correct snap types
+    - intefaces/builtin: allow getsockname on connected x11 plugs
+      (LP: #1574526)
+    - daemon,overlord/snapstate: read name out of sideloaded snap early,
+      improved change summary
+    - overlord: keep tasks unlinked from a change hidden, prune them
+    - integration-tests: snap list on fresh boot is good again
+    - integration-tests: add partial term to the find test
+    - integration-tests: changed default release to 16
+    - integration-tests: add regression test for snaps not present after
+      reboot
+    - integration-tests: network interface
+    - integration-tests: add proxy related environment variables to
+      snapd env file
+    - README.md: snappy => snap
+    - etc: trivial typo fix (LP:#1569892)
+    - debian: remove unneeded /var/lib/snapd/apparmor/additional
+      directory (LP: #1569577)
+    - builtin/unity7.go: allow using gmenu. LP: #1576287
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 03 May 2016 07:51:57 +0200
+
+snapd (2.0.2) xenial; urgency=medium
+
+  * New upstream release:
+    - systemd: add multi-user.target (LP: #1572125)
+    - release: our series is 16
+    - integration-tests: fix snapd binary path for mounting the daemon
+      built from branch
+    - overlord,snap: add firstboot state sync
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 19 Apr 2016 16:02:44 +0200
+
+snapd (2.0.1) xenial; urgency=medium
+
+  * client,daemon,overlord: fix authentication:
+    - fix incorrect authenication check (LP: #1571491)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 18 Apr 2016 07:24:33 +0200
+
+snapd (2.0) xenial; urgency=medium
+
+  * New upstream release:
+    - debian: put snapd in /usr/lib/snapd/
+    - cmd/snap: minor polishing
+    - cmd,client,daemon: add snap abort command
+    - overlord: don't hold locks when callling backends
+    - release,store,daemon: no more default-channel, release=>series
+    - many: drop support for deprecated environment variables
+      (SNAP_APP_*)
+    - many: support individual ids in changes cmd
+    - overlord/state: use numeric change and task ids
+    - overlord/auth,daemon,client,cmd/snap: logout
+    - daemon: don't install ubuntu-core twice
+    - daemon,client,overlord/state,cmd: add changes command
+    - interfaces/dbus: drop superfluous backslash from template
+    - daemon, overlord/snapstate: updates are users too!
+    - cmd/snap,daemon,overlord/ifacestate: add support for developer
+      mode
+    - daemon,overlord/snapstate: on refresh use the remembered channel,
+      default to stable channel otherwise
+    - cmd/snap: improve UX of snap interfaces when there are no results
+    - overlord/state: include time in task log messages
+    - overlord: prune and abort old changes and tasks
+    - overlord/ifacestate: add implicit slots in setup-profiles
+    - daemon,overlord: setup authentication for store downloads
+    - daemon: macaroon-authed users are like root, and sudoers can login
+    - daemon,client,docs: send install options to daemon
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Sat, 16 Apr 2016 22:15:40 +0200
+
+snapd (1.9.4) xenial; urgency=medium
+
+  * New upstream release:
+    - etc: fix desktop file location
+    - overlord/snapstate: stop an update once download sees the revision
+      is already installed
+    - overlord: make SnapState.DevMode a method, store flags
+    - snappy: no more snapYaml in snappy.Snap
+    - daemon,cmd,dirs,lockfile: drop all lockfiles
+    - debian: use sudo in setup of the proxy environment
+    - snap/snapenv,snappy,systemd: expose SNAP_REVISION to app
+      environment
+    - snap: validate similarly to what we did with old snapYaml info
+      from squashfs snaps
+    - daemon,store: plug in authentication for store search/details
+    - overlord/snapstate: fix JSON name of SnapState.Candidate
+    - overlord/snapstate: start using revisions higher than 100000 for
+      local installs (sideloads)
+    - interfaces,overlorf/ifacestate: honor user choice and don't auto-
+      connect disconnected plugs
+    - overlord/auth,daemon,client: hide user ids again
+    - daemon,overlord/snapstate: back /snaps (and so snap list) using
+      state
+    - daemon,client,overlord/auth: rework state auth data
+    - overlord/snapstate: disable Activate and Deactivate
+    - debian: fix silly typo in autopkgtest setup
+    - overlord/ifacestate: remove connection state with discard-conns
+      task, on the removal of last snap
+    - daemon,client: rename API update action to refresh
+    - cmd/snap: rework login to be more resilient
+    - overlord/snapstate: deny two changes on one snap
+    - snappy: fix crash on certain snap.yaml
+    - systemd: use native systemctl enable instead of our own
+      implementation
+    - store: add workaround for misbehaving store
+    - debian: make autopkgtest use the right env vars
+    - state: log do/undo status too when a task is run
+    - docs: update rest.md with price information
+    - daemon: only include price property if the snap is non-free
+    - daemon, client, cmd/snap: connect/disconnect now async
+    - snap,snappy: allow snaps to require system features
+    - integration-tests: fix report of skips in SetUpTest method
+    - snappy: clean out major bits (still using Installed) now
+      unreferenced as cmd/snappy is gone
+    - daemon/api,overlord/auth: add helper to get UserState from a
+      client request
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 15 Apr 2016 23:30:00 +0200
+
+snapd (1.9.3) xenial; urgency=medium
+
+  * New upstream release:
+    - many: prepare for opengl support on classic
+    - interfaces/apparmor: load all apparmor profiles on snap setup
+    - daemon,client: move async resource to change in meta
+    - debian: disable autopilot
+    - snap: add basic progress reporting
+    - client,cmd,daemon,snap,store: show the price of snaps in the cli
+    - state: add minimal taskrunner logging
+    - daemon,snap,overlord/snapstate: in the API get the snap icon using
+      state
+    - client,daemon,overlord: don't guess snap file vs. name
+    - overlord/ifacestate: reload snap connections when setting up
+      security for a given snap
+    - snappy: remove cmd/snappy (superseded in favour of cmd/snap)
+    - interfaecs/apparmor: remove all traces of old-security from
+      apparmor backend
+    - interfaces/builtin: add bluez interface
+    - overlord/ifacestate: don't crash if connection cannot be reloaded
+    - debian: add searchSuite to autopkgtest
+    - client, daemon, cmd/snap: no more tasks; everything is changes
+    - client: send authorization header in client requests
+    - client, daemon: marshal suggested currency over REST
+    - docs, snap: enumerate snap types correctly in docs and comments
+    - many: add store authenticator parameter
+    - overlord/ifacestate,daemon: setup security on conect and
+      disconnect
+    - interfaces/apparmor: remove unused apparmor variables
+    - snapstate: add missing "TaskProgressAdapter.Write()" for working
+      progress reporting
+    - many: clean out snap config related code not for OS
+    - daemon,client,cmd: return snap list from /v2/snaps
+    - docs: update `/v2/snaps` endpoint documentation
+    - interfaces: rename developerMode to devMode
+    - daemon,client,overlord: progress current => done
+    - daemon,client,cmd/snap: move query metadata to top-level doc
+    - interfaces: add TestSecurityBackend
+    - many: replace typographic quotes with ASCII
+    - client, daemon: rework rest changes to export "ready" and "err"
+    - overlord/snapstate,snap,store: track snap-id in side-info and
+      therefore in state
+    - daemon: improve mocking  of interfaces API tests
+    - integration-tests: remove origins in default snap names for udf
+      call
+    - integration-test: use "snap list" in GetCurrentVersion
+    - many: almost no more NewInstalledSnap reading manifest from
+      snapstate and backend
+    - daemon: auto install ubuntu-core if missing
+    - oauth,store: remove OAuth authentication logic
+    - overlord/ifacestate: simplify some tests with implicit manager
+      initialization
+    - store, snappy: move away from hitting details directly
+    - overlord/ifacestate: reload connections when restarting the
+      manager
+    - overlord/ifacestate: increase flexibility of unit tests
+    - overlord: use state to discover all installed snaps
+    - overlord/ifacestate: track connections in the state
+    - many: separate copy-data from unlinking of current snap
+    - overlord/auth,store/auth: add macaroon authenticator to UserState
+    - client: support for /v2/changes and /v2/changes/{id}
+    - daemon/api,overlord/auth: rework authenticated users information
+      in state
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 14 Apr 2016 23:29:43 +0200
+
+snapd (1.9.2) xenial; urgency=medium
+
+  * New upstream release:
+    - cmd/snap,daemon,store: rework login command to use daemon login
+      API
+    - store: cache suggested currency from the store
+    - overlord/ifacestate: modularize and extend tests
+    - integration-tests: reenable failure tests
+    - daemon: include progress in rest changes
+    - daemon, overlord/state: expose individual changes
+    - overlord/ifacestate: drop duplicate package comment
+    - overlord/ifacestate: allow tests to override security backends
+    - cmd/snap: install *.snap and *.snap.* as files too
+    - interfaces/apparmor: replace /var/lib/snap with /var/snap
+    - daemon,overlord/ifacestate: connect REST API to interfaces in the
+      overlord
+    - debian: remove unneeded dependencies from snapd
+    - overlord/state: checkpoint on final progress only
+    - osutil: introduce IsUIDInAny
+    - overlord/snapstate: rename GetSnapState to Get, SetSnapState to
+      Set
+    - daemon: add id to changes json
+    - overlord/snapstate: SetSnapState() needs locks
+    - overlord: fix broken tests
+    - overlord/snapstate,overlord/ifacestate: reimplement SnapInfo (as
+      Info) actually using the state
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Apr 2016 17:27:00 +0200
+
+snapd (1.9.1.1) xenial; urgency=medium
+
+  * debian/tests/control:
+    - add git to make autopkgtest work
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 17:19:19 +0200
+
+snapd (1.9.1) xenial; urgency=medium
+
+  * Add warning about installing ubuntu-core-snapd-units on Desktop systems.
+  * Add ${misc:Depends} to ubuntu-core-snapd-units.
+  * interfaces,overlord: add support for auto-connecting plugs on
+    install
+  * fix sideloading snaps and (re)add tests for this
+  * add `ca-certificates` to the test-dependencies to fix autopkgtest
+    failure on armhf
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 14:39:57 +0200
+
+snapd (1.9) xenial; urgency=medium
+
+  * rename source and binary package to "snapd"
+  * update directory layout to final 16.04 layout
+  * use `snap` command instead of the previous `snappy`
+  * use `interface` based security
+  * use new state engine for install/update/remove
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 12 Apr 2016 01:05:09 +0200
+
+ubuntu-snappy (1.7.3+20160310ubuntu1) xenial; urgency=medium
+
+    - debian: update versionized ubuntu-core-launcher dependency
+    - debian: tweak desktop file dir, ship Xsession.d snip for seamless
+      integration
+    - snappy: fix hw-assign to work with per-app udev tags
+    - snappy: use $snap.$app as per-app udev tag
+    - snap,snappy,systemd: %s/\<SNAP_ORIGIN\>/SNAP_DEVELOPER/g
+    - snappy: add mksquashfs --no-xattrs parameter
+    - snap,snappy,systemd: kill SNAP_FULLNAME
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 10 Mar 2016 09:26:20 +0100
+
+ubuntu-snappy (1.7.3+20160308ubuntu1) xenial; urgency=medium
+
+    - snappy,snap: move icon under meta/gui/
+    - debian: add snap.8 manpage
+    - debian: move snapd to /usr/lib/snappy/snapd
+    - snap,snappy,systemd: remove TMPDIR, TEMPDIR, SNAP_APP_TMPDIR
+    - snappy,dirs: add support to use desktop files from inside snaps
+    - daemon: snapd API events endpoint redux
+    - interfaces/builtin: add "network" interface
+    - overlord/state: do small fixes (typo, id clashes paranoia)
+    - overlord: add first pass of the logic in StateEngine itself
+    - overlord/state: introduce Status/SetStatus on Change
+    - interfaces: support permanent security snippets
+    - overlord/state: introduce Status/SetStatus and
+      Progress/SetProgress on Task
+    - overlord/state: introduce Task and Change.NewTask
+    - many: selectively swap semantics of plugs and slots
+    - client,cmd/snap: remove useless indirection in Interfaces
+    - interfaces: maintain Plug and Slot connection details
+    - client,daemon,cmd/snap: change POST /2.0/interfaces to work with
+      lists
+    - overlord/state: introduce Change and NewChange on state to create
+      them
+    - snappy: bugfix for snap.yaml parsing to be more consistent with
+      the spec
+    - snappy,systemd: remove "ports" from snap.yaml
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 08 Mar 2016 11:24:09 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu4) xenial; urgency=medium
+
+  * rename:
+    debian/golang-snappy-dev.install ->
+       debian/golang-github-ubuntu-core-snappy-dev.install:
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:29:16 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu3) xenial; urgency=medium
+
+  * really fix typo in dependency name
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:21:39 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu2) xenial; urgency=medium
+
+  * fix typo in dependency name
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 12:05:36 +0100
+
+ubuntu-snappy (1.7.3+20160303ubuntu1) xenial; urgency=medium
+
+    - debian: update build-depends for MIR
+    - many: implement new REST API: GET /2.0/interfaces
+    - integration-tests: properly stop snapd from branch
+    - cmd/snap: update tests for go-flags changes
+    - overlord/state: implement Lock/Unlock with implicit checkpointing
+    - overlord: split out the managers and State to their own
+      subpackages of overlord
+    - snappy: rename "migration-skill" to "old-security" and use new
+      interface names instead of skills
+    - client,cmd/snap: clarify name ambiguity in Plug or Slot
+    - overlord: start working on state engine along spec v2, have the
+      main skeleton follow that
+    - classic, oauth: update tests for change in MakeRandomString()
+    - client,cmd/snap: s/add/install/:-(
+    - interfaces,daemon: specialize Name to either Plug or Slot
+    - interfaces,interfaces/types: unify security snippet functions
+    - snapd: close the listener on Stop, to force the http.Serve loop to
+      exit
+    - snappy,daemon,snap/lightweight,cmd/snappy,docs/rest.md: expose
+      explicit channel selection to rest api
+    - interfaces,daemon: rename package holding built-in interfaces
+    - integration-tests: add the first classic dimension tests
+    - client,deaemon,docs: rename skills to interfaces on the wire
+    - asserts: add identity assertion type
+    - integration-tests: add the no_proxy env var
+    - debian: update build-depends for new package names
+    - oauth: fix oauth & quoting in the oauth_signature
+    - integration-tests: remove unused field
+    - integration-tests: add the http proxy argument
+    - interfaces,interfaces/types,deamon: mass internal rename to
+      interfaces
+    - client,cmd/snap: rename skills to interfaces (part 2)
+    - arch: fix missing mapping for powerpc
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 03 Mar 2016 11:00:19 +0100
+
+ubuntu-snappy (1.7.3+20160225ubuntu1) xenial; urgency=medium
+
+    - integration-tests: always use the built snapd when compiling
+      binaries from branch
+    - cmd/snap: rename skills to interfaces
+    - testutil,skills/types,skills,daemon: tweak discovery of know skill
+      types
+    - docs: add docs for arm64 cross building
+    - overlord: implement basic ReadState/WriteState
+    - overlord: implement Get/Set/Copy on State
+    - integration-tests: fix dd output check
+    - integration-tests: add fromBranch config field
+    - integration-tests: use cli pkg methods in hwAssignSuite
+    - debian: do not create the snappypkg user, we don't need it anymore
+    - arch: fix build failure on s390x
+    - classic: cleanup downloaded lxd tarball
+    - cmd/snap,client,integration-tests: rename snap subcmds
+      'assert'=>'ack', 'asserts'=>'known'
+    - skills: fix broken tests builds
+    - skills,skills/types: pass slot to SlotSecuritySnippet()
+    - skills/types: teach bool-file about udev security
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 25 Feb 2016 16:17:19 +0100
+
+ubuntu-snappy (1.7.2+20160223ubuntu1) xenial; urgency=medium
+
+  * New git snapshot:
+    - asserts: introduce snap-declaration
+    - cmd/snap: fix integration tests for the "cmd_asserts"
+    - integration-tests: fix fanctl output check
+    - cmd/snap: fix test failure after merging 23a64e6
+    - cmd/snap: replace skip-help with empty description
+    - docs: update security.md to match current migration-skill
+      semantics
+    - snappy: treat commands with 'daemon' field as services
+    - asserts: use more consistent names for receivers in
+      snap_asserts*.go
+    - debian: add missing golang-websocket-dev build-dependency
+    - classic: if classic fails to get created, undo the bind mounts
+    - snappy: never return nil in NewLocalSnapRepository()
+    - notifications: A simple notification system
+    - snappy: when using staging, authenticate there instead
+    - integration-tests/snapd: fix the start of the test snapd socket
+    - skills/types: use CamelCase for security names
+    - skills: add support for implicit revoke
+    - skills: add security layer
+    - integration-tests: use exec.Command wrapper for updates
+    - cmd/snap: add 'snap skills'
+    - cms/snap: add 'snap revoke'
+    - docs: add docs for skills API
+    - cmd/snap: add 'snap grant'
+    - cmd/snappy, coreconfig, daemon, snappy: move config to always be
+      bytes (in and out)
+    - overlord: start with a skeleton and stubs for Overlord,
+      StateEngine, StateJournal and managers
+    - integration-tests: skip tests affected by LP: #1544507
+    - skills/types: add bool-file
+    - po: refresh translation templates
+    - cmd/snap: add 'snap experimental remove-skill-slot'
+    - asserts: introduce device assertion
+    - cmd/snap: implemented add, remove, purge, refresh, rollback,
+      activate, deactivate
+    - cmd/snap: add 'snap experimental add-skill-slot'
+    - cmd/snap: add 'snap experimental remove-skill'
+    - cmd/snap: add tests for common skills code
+    - cmd/snap: add 'snap experimental add-skill'
+    - asserts: make assertion checkers used by db.Check modular and
+      pluggable
+    - cmd,client,daemon,caps,docs,po: remove capabilities
+    - scripts: move the script to get dependencies to a separate file
+    - asserts: make the disk layout compatible for storing more than one
+      revision
+    - cmd/snap: make the assert command options exported
+    - integration-tests: Remove the target release and channel
+    - asserts: introduce model assertion
+    - integration-tests: add exec.Cmd wrapper
+    - cmd/snap: add client test support methods
+    - cmd/snap: move key=value attribute parsing to commmon
+    - cmd/snap: apply new style consistency to "snap" commands.
+    - cmd/snap: support redirecting the client for testing
+    - cmd/snap: support testing command output
+    - snappy,daemon: remove the meta repositories abstractions
+    - cmd: add support for experimental commands
+    - cmd/snappy,daemon,snap,snappy: remove SetActive from parts
+    - cmd/snappy,daemon,snappy,snap: remove config from parts interface
+    - client: improve test data
+    - cmd: allow to construct a fresh parser
+    - cmd: don't treat help as an error
+    - cmd/snappy,snappy: remove "Details" from the repository interface
+    - asserts: check that primary keys are set when
+      Decode()ing/assembling assertions
+    - snap,snappy: refactor to remove "Install" from the Part interface
+    - client,cmd: make client.New() configurable
+    - client: enable retrieving asynchronous operation information with
+      `Client.Operation`.
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 23 Feb 2016 11:28:18 +0100
+
+ubuntu-snappy (1.7.2+20160204ubuntu1) xenial; urgency=medium
+
+  * New git snapshot:
+    - integration-tests: fix the rollback error messages
+    - integration-test: use the common cli method when trying to install
+      an unexisting snap
+    - integration-tests: rename snap find test
+    - daemon: refactor makeErrorResponder()
+    - integration: add regression test for LP: #1541317
+    - integration-tests: reenable TestRollbackMustRebootToOtherVersion
+    - asserts: introduce "snap asserts" subcmd to show assertions in the
+      system db
+    - docs: fix parameter style
+    - daemon: use underscore in JSON interface
+    - client: add skills API
+    - asserts,docs/rest.md: change Encoder not to add extra newlines at
+      the end of the stream
+    - integration-tests: "snappy search" is no more, its "snap search"
+      now
+    - README, integration-tests/tests: chmod snapd.socket after manual
+      start.
+    - snappy: add default security profile if none is specified
+    - skills,daemon: add REST APIs for skills
+    - cmd/snap, cmd/snappy: move from `snappy search` to `snap find`.
+    - The first step towards REST world domination: search is now done
+      via
+    - debian: remove obsolete /etc/grub.d/09_snappy on upgrade
+    - skills: provide different security snippets for skill and slot
+      side
+    - osutil: make go vet happy again
+    - snappy,systemd: use Type field in systemd.ServiceDescription
+    - skills: add basic grant-revoke methods
+    - client,daemon,asserts: expose the ability to query assertions in
+      the system db
+    - skills: add basic methods for slot handling
+    - snappy,daemon,snap: move "Uninstall" into overlord
+    - snappy: move SnapFile.Install() into Overlord.Install()
+    - integration-tests: re-enable some failover tests
+    - client: remove snaps
+    - asserts: uniform searching across trusted (account keys) and main
+      backstore
+    - asserts: introduce Decoder to parse streams of assertions and
+      Encoder to build them
+    - client: filter snaps with a search query
+    - client: pass query as well as path in client internals
+    - skills: provide different security snippets for skill and slot
+      side
+    - snappy: refactor snapYaml to remove methods on snapYaml type
+    - snappy: remove unused variable from test
+    - skills: add basic methods for skill handing
+    - snappy: remove support for meta/package.yaml and implement new
+      meta/snap.yaml
+    - snappy: add new overlord type responsible for
+      Installed/Install/Uninstall/SetActive and stub it out
+    - skills: add basic methods for type handling
+    - daemon, snappy: add find (aka search)
+    - client: filter snaps by type
+    - skills: tweak valid names and error messages
+    - skills: add special skill type for testing
+    - cmd/snapd,daemon: filter snaps by type
+    - partition: remove obsolete uEnv.txt
+    - skills: add Type interface
+    - integration-tests: fix the bootloader path
+    - asserts: introduce a memory backed assertion backstore
+    - integration-tests: get name of OS snap from bootloader
+    - cmd/snapd,daemon: filter snaps by source
+    - asserts,daemon: bump some copyright years for things that have
+      been touched in the new year
+    - skills: add the initial Repository type
+    - skills: add a name validation function
+    - client: filter snaps by source
+    - snappy: unmount the squashfs snap again if it fails to install
+    - snap: make a copy of the search uri before mutating it
+      Closes: LP#1537005
+    - cmd/snap,client,daemon,asserts: introduce "assert " snap
+      subcommand
+    - cmd/snappy, snappy: fix failover handling of the "active"
+      kernel/os snap
+    - daemon, client, docs/rest.md, snapd integration tests: move to the
+      new error response
+    - asserts: change Backstore interface, backstores can now access
+      primary key names from types
+    - asserts: make AssertionType into a real struct exposing the
+      metadata Name and PrimaryKey
+    - caps: improve bool-file sanitization
+    - asserts: fixup toolbelt to use exposed key ID.
+    - client: return by reference rather than by value
+    - asserts: exported filesystem backstores + explicit backstores
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 04 Feb 2016 16:35:31 +0100
+
+ubuntu-snappy (1.7.2+20160113ubuntu1) xenial; urgency=medium
+
+  * New git snapshot
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 13 Jan 2016 11:25:40 +0100
+
+ubuntu-snappy (1.7.2ubuntu1) xenial; urgency=medium
+
+  * New upstream release:
+    - bin-path integration
+    - assertions/capability work
+    - fix squashfs based snap building
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Fri, 04 Dec 2015 08:46:35 +0100
+
+ubuntu-snappy (1.7.1ubuntu1) xenial; urgency=medium
+
+  * New upstream release:
+    - fix dependencies
+    - fix armhf builds
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 02 Dec 2015 07:46:07 +0100
+
+ubuntu-snappy (1.7ubuntu1) xenial; urgency=medium
+
+  * New upstream release:
+    - kernel/os snap support
+    - squashfs snap support
+    - initial capabilities work
+    - initial assertitions work
+    - rest API support
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 18 Nov 2015 19:59:51 +0100
+
+ubuntu-snappy (1.6ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Fix hwaccess for gpio (LP: #1493389, LP: #1488618)
+    - Fix handleAssets name normalization
+    - Run boot-ok job late (LP: #1476129)
+    - Add support for systemd socket files
+    - Add "snappy service" command
+    - Documentation improvements
+    - Many test improvements (unit and integration)
+    - Override sideload versions
+    - Go1.5 fixes
+    - Add i18n
+    - Add man-page
+    - Add .snapignore
+    - Run services that uses external ports only after the network is up
+    - Bufix in Synbootloader (LP: 1474125)
+    - Use uboot.env for boot state tracking
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 09 Sep 2015 14:20:22 +0200
+
+ubuntu-snappy (1.5ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Use O_TRUNC when copying files
+    - Added path redefinition to include test's binaries location
+    - Don't run update-grub, instead use grub.cfg from the oem
+      package
+    - Do network configuration from first boot
+    - zero size systemd of new partition made executable to
+      prevent unrecoverable boot failure
+    - Close downloaded files
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Mon, 06 Jul 2015 15:14:37 -0300
+
+ubuntu-snappy (1.4ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Allow to run the integration tests using snappy from branch
+    - Add CopyFileOverwrite flag and behaviour to helpers.CopyFile
+    - add a bunch of missing i18n.G() now that we have gettext
+    - Generate only the translators comments that start with
+      TRANSLATORS
+    - Try both clickpkg and snappypkg when dropping privs
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Thu, 02 Jul 2015 16:21:53 -0300
+
+ubuntu-snappy (1.3ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - gettext support
+    - use snappypkg user for the installed snaps
+    - switch to system-image-3.x as the system-image backend
+    - more reliable developer mode detection
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Wed, 01 Jul 2015 10:37:05 +0200
+
+ubuntu-snappy (1.2-0ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Consider the root directory when installing and removing policies
+    - In the uboot TestHandleAssetsNoHardwareYaml, patch the cache dir
+      before creating the partition type
+    - In the PartitionTestSuite, remove the unnecessary patches for
+      defaultCacheDir
+    - Fix the help output of "snappy install -h"
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Wed, 17 Jun 2015 11:42:47 -0300
+
+ubuntu-snappy (1.1.2-0ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Remove compatibility for click-bin-path in generated exec-wrappers
+    - Release the readme.md after parsing it
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Thu, 11 Jun 2015 23:42:49 -0300
+
+ubuntu-snappy (1.1.1-0ubuntu1) wily; urgency=medium
+
+  * New upstream release, including the following changes:
+    - Set all app services to restart on failure
+    - Fixes the missing oauth quoting and makes the code a bit nicer
+    - Added integrate() to set Integration to default values needed for
+      integration
+    - Moved setActivateClick to be a method of SnapPart
+    - Make unsetActiveClick a method of SnapPart
+    - Check the package.yaml for the required fields
+    - Integrate lp:snappy/selftest branch into snappy itself
+    - API to record information about the image and to check if the kernel was
+      sideloaded.
+    - Factor out update from cmd
+    - Continue updating when a sideload error is returned
+
+ -- Ricardo Salveti de Araujo <ricardo.salveti@canonical.com>  Wed, 10 Jun 2015 15:54:12 -0300
+
+ubuntu-snappy (1.1-0ubuntu1) wily; urgency=low
+
+  * New wily upload with fix for go 1.4 syscall.Setgid() breakage
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 09 Jun 2015 10:02:04 +0200
+
+ubuntu-snappy (1.0.1-0ubuntu1) vivid; urgency=low
+
+  * fix symlink unpacking
+  * fix typo in apparmor rules generation
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 23 Apr 2015 16:09:56 +0200
+
+ubuntu-snappy (1.0-0ubuntu1) vivid; urgency=low
+
+  * 15.04 archive upload
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 23 Apr 2015 11:08:22 +0200
+
+ubuntu-snappy (0.1.2-0ubuntu1) vivid; urgency=medium
+
+  * initial ubuntu archive upload
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Mon, 13 Apr 2015 22:48:13 -0500
+
+ubuntu-snappy (0.1.1-0ubuntu1) vivid; urgency=low
+
+  * new snapshot
+
+ -- Michael Vogt <michael.vogt@ubuntu.com>  Thu, 12 Feb 2015 13:51:22 +0100
+
+ubuntu-snappy (0.1-0ubuntu1) vivid; urgency=medium
+
+  * Initial packaging
+
+ -- Sergio Schvezov <sergio.schvezov@canonical.com>  Fri, 06 Feb 2015 02:25:43 -0200
diff --git a/compat b/compat
new file mode 100644
index 00000000..ec635144
--- /dev/null
+++ b/compat
@@ -0,0 +1 @@
+9
diff --git a/control b/control
new file mode 100644
index 00000000..7ce9d356
--- /dev/null
+++ b/control
@@ -0,0 +1,126 @@
+Source: snapd
+Section: devel
+Priority: optional
+Maintainer: Michael Hudson-Doyle <mwhudson@debian.org>
+Uploaders: Steve Langasek <vorlon@debian.org>,
+           Zygmunt Krynicki <me@zygoon.pl>,
+           Luke Faraone <lfaraone@debian.org>,
+           Michael Vogt <mvo@debian.org>
+Build-Depends: autoconf,
+               autoconf-archive,
+               automake,
+               autotools-dev,
+               bash-completion,
+               ca-certificates,
+               dbus,
+               debhelper (>= 9.20160709),
+               dh-apparmor,
+               dh-autoreconf,
+               dh-golang (>=1.7),
+               fakeroot,
+               gcc-multilib [amd64],
+               gettext,
+               gnupg2,
+               golang-dbus-dev,
+               golang-github-boltdb-bolt-dev,
+               golang-github-coreos-go-systemd-dev,
+               golang-github-gorilla-mux-dev,
+               golang-github-jessevdk-go-flags-dev,
+               golang-github-juju-ratelimit-dev,
+               golang-github-kr-pretty-dev,
+               golang-github-mvo5-goconfigparser-dev,
+               golang-github-seccomp-libseccomp-golang-dev,
+               golang-go (>=2:1.18),
+               golang-golang-x-crypto-dev,
+               golang-golang-x-xerrors-dev,
+               golang-gopkg-check.v1-dev,
+               golang-gopkg-macaroon.v1-dev,
+               golang-gopkg-mgo.v2-dev,
+               golang-gopkg-retry.v1-dev,
+               golang-gopkg-tomb.v2-dev (>= 0.0~git20161208.0.d5d1b58),
+               golang-gopkg-tylerb-graceful.v1-dev,
+               golang-gopkg-yaml.v2-dev,
+               golang-gopkg-yaml.v3-dev,
+               grub-common,
+               indent,
+               libapparmor-dev,
+               libcap-dev,
+               libglib2.0-dev,
+               liblzo2-dev,
+               libseccomp-dev,
+               libudev-dev,
+               openssh-client,
+               pkg-config,
+               python3,
+               python3-docutils,
+               python3-markdown,
+               squashfs-tools,
+               tzdata,
+               udev,
+               xfslibs-dev
+Standards-Version: 4.6.0
+Homepage: https://github.com/snapcore/snapd
+Vcs-Browser: https://salsa.debian.org/debian/snapd
+Vcs-Git: https://salsa.debian.org/debian/snapd.git
+XS-Go-Import-Path: github.com/snapcore/snapd
+
+Package: golang-github-snapcore-snapd-dev
+Architecture: all
+Breaks: golang-github-ubuntu-core-snappy-dev (<< 2.0.6),
+        golang-snappy-dev (<< 1.7.3+20160303ubuntu4)
+Replaces: golang-github-ubuntu-core-snappy-dev (<< 2.0.6),
+          golang-snappy-dev (<< 1.7.3+20160303ubuntu4)
+Depends: ${misc:Depends}
+Description: snappy development go packages.
+ Use these to use the snappy API.
+
+Package: snapd
+Architecture: any
+Depends: adduser,
+         apparmor (>= 2.10.95-5),
+         ca-certificates,
+         default-dbus-session-bus | dbus-session-bus,
+         gnupg1 | gnupg,
+         openssh-client,
+         squashfs-tools,
+         systemd,
+         udev,
+         ${misc:Depends},
+         ${shlibs:Depends}
+Replaces: snap-confine (<< 2.23),
+          snapd-xdg-open (<= 0.0.0),
+          ubuntu-core-launcher (<< 2.22),
+          ubuntu-snappy (<< 1.9),
+          ubuntu-snappy-cli (<< 1.9)
+Breaks: snap-confine (<< 2.23),
+        snapd-xdg-open (<= 0.0.0),
+        ubuntu-core-launcher (<< 2.22),
+        ubuntu-snappy (<< 1.9),
+        ubuntu-snappy-cli (<< 1.9),
+        ${snapd:Breaks}
+Recommends: gnupg
+Suggests: zenity | kdialog
+Conflicts: snap (<< 2013-11-29-1ubuntu1)
+Built-Using: ${Built-Using} ${misc:Built-Using}
+Description: Daemon and tooling that enable snap packages
+ Install, configure, refresh and remove snap packages. Snaps are
+ 'universal' packages that work across many different Linux systems,
+ enabling secure distribution of the latest apps and utilities for
+ cloud, servers, desktops and the internet of things.
+ .
+ Start with 'snap list' to see installed snaps.
+
+Package: snap-confine
+Architecture: any
+Section: oldlibs
+Depends: snapd (= ${binary:Version}), ${misc:Depends}
+Description: Transitional package for snapd
+ This is a transitional dummy package. It can safely be removed.
+
+Package: ubuntu-core-launcher
+Architecture: any
+Depends: snapd (= ${binary:Version}), ${misc:Depends}
+Section: oldlibs
+Pre-Depends: dpkg (>= 1.15.7.2)
+Description: Transitional package for snapd
+ This is a transitional dummy package. It can safely be removed.
diff --git a/copyright b/copyright
new file mode 100644
index 00000000..1b8c6a7d
--- /dev/null
+++ b/copyright
@@ -0,0 +1,22 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: snappy
+Source: https://github.com/snapcore/snapd
+
+Files: *
+Copyright: Copyright (C) 2014,2015 Canonical, Ltd.
+License: GPL-3
+ This program is free software: you can redistribute it and/or modify it
+ under the terms of the GNU General Public License version 3, as
+ published by the Free Software Foundation.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranties of
+ MERCHANTABILITY, SATISFACTORY QUALITY or FITNESS FOR A PARTICULAR
+ PURPOSE.  See the applicable version of the GNU Lesser General Public
+ License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ can be found in `/usr/share/common-licenses/GPL-3'
diff --git a/gbp.conf b/gbp.conf
new file mode 100644
index 00000000..2e861e7b
--- /dev/null
+++ b/gbp.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+debian-branch = debian
+export-dir = ../build-area
+upstream-tag = %(version)s
diff --git a/golang-github-snapcore-snapd-dev.install b/golang-github-snapcore-snapd-dev.install
new file mode 100644
index 00000000..1dfbabc8
--- /dev/null
+++ b/golang-github-snapcore-snapd-dev.install
@@ -0,0 +1 @@
+debian/tmp/usr/share/gocode/src/*
diff --git a/not-installed b/not-installed
new file mode 100644
index 00000000..09e38230
--- /dev/null
+++ b/not-installed
@@ -0,0 +1,7 @@
+usr/bin/snap-repair
+usr/bin/snap-failure
+usr/lib/snapd/system-shutdown
+usr/bin/snap-bootstrap
+usr/bin/snap-recovery-chooser
+usr/bin/snap-preseed
+usr/bin/snap-fde-keymgr
diff --git a/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch b/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
new file mode 100644
index 00000000..f6e032a0
--- /dev/null
+++ b/patches/0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
@@ -0,0 +1,45 @@
+From 3b9980d774be5ae8458ed006f712e584ae0ce97d Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Thu, 17 Jan 2019 17:21:22 +0200
+Subject: [PATCH 3/9] cmd/snap-seccomp: skip tests that use -m32
+
+Apparently Debian's amd64 compiler somehow cannot compile -m32 mode
+binaries. The compilation error is:
+
+	multipass@debian-10:~/packaging/snapd/cmd/snap-seccomp$ go test
+	cannot build multi-lib syscall runner: exit status 1
+	In file included from /usr/include/errno.h:25,
+			 from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
+	/usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
+	 #  include <sys/cdefs.h>
+		    ^~~~~~~~~~~~~
+	compilation terminated.
+	OK: 2 passed, 11 skipped
+
+I was unable to resolve this issue, let's disable this test until we can get to
+the bottom of it.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ cmd/snap-seccomp/main_test.go | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: snapd/cmd/snap-seccomp/main_test.go
+===================================================================
+--- snapd.orig/cmd/snap-seccomp/main_test.go
++++ snapd/cmd/snap-seccomp/main_test.go
+@@ -192,6 +192,14 @@ func (s *snapSeccompSuite) SetUpSuite(c
+ 	// Ideally we would build for ppc64el->powerpc and arm64->armhf but
+ 	// it seems tricky to find the right gcc-multilib for this.
+ 	if arch.DpkgArchitecture() == "amd64" && s.canCheckCompatArch {
++		// This test fails on Debian amd64
++		// cannot build multi-lib syscall runner: exit status 1
++		// In file included from /usr/include/errno.h:25,
++		//                  from /tmp/check-3806730340354206876/1/seccomp_syscall_runner.c:3:
++		// /usr/include/features.h:424:12: fatal error: sys/cdefs.h: No such file or directory
++		//  #  include <sys/cdefs.h>
++		//             ^~~~~~~~~~~~~
++		c.Skip(`This test fails to build on Debian amd64`)
+ 		cmd = exec.Command(cmd.Args[0], cmd.Args[1:]...)
+ 		cmd.Args = append(cmd.Args, "-m32")
+ 		for i, k := range cmd.Args {
diff --git a/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch b/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
new file mode 100644
index 00000000..d74edfda
--- /dev/null
+++ b/patches/0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
@@ -0,0 +1,129 @@
+From cc4da7a206ef99064056f29d4882c73684b4af25 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Thu, 17 Jan 2019 17:38:41 +0200
+Subject: [PATCH 4/9] cmd/snap: skip tests depending on text wrapping
+
+Upstream snapd contains tests that check the output of various commands
+along with the --help command-line argument. The output is wrapped to
+match terminal width and for readability. The algorithm for wrapping
+has apparently changed across versions of github.com/jessevdk/go-flags.
+
+Since this test is not critical for anything it can be disabled to let
+the package build.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ cmd/snap/cmd_alias_test.go      | 1 +
+ cmd/snap/cmd_connect_test.go    | 1 +
+ cmd/snap/cmd_disconnect_test.go | 1 +
+ cmd/snap/cmd_info_test.go       | 2 ++
+ cmd/snap/cmd_interface_test.go  | 1 +
+ cmd/snap/cmd_list_test.go       | 1 +
+ cmd/snap/cmd_prefer_test.go     | 1 +
+ cmd/snap/cmd_unalias_test.go    | 1 +
+ 8 files changed, 9 insertions(+)
+
+Index: snapd/cmd/snap/cmd_alias_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_alias_test.go
++++ snapd/cmd/snap/cmd_alias_test.go
+@@ -29,6 +29,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestAliasHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test alias [alias-OPTIONS] <snap.app> <alias>
+ 
+Index: snapd/cmd/snap/cmd_connect_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_connect_test.go
++++ snapd/cmd/snap/cmd_connect_test.go
+@@ -32,6 +32,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestConnectHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test connect [connect-OPTIONS] <snap>:<plug> [<snap>:<slot>]
+ 
+Index: snapd/cmd/snap/cmd_disconnect_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_disconnect_test.go
++++ snapd/cmd/snap/cmd_disconnect_test.go
+@@ -31,6 +31,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestDisconnectHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test disconnect [disconnect-OPTIONS] <snap>:<plug> [<snap>:<slot>]
+ 
+Index: snapd/cmd/snap/cmd_info_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_info_test.go
++++ snapd/cmd/snap/cmd_info_test.go
+@@ -763,6 +763,7 @@ func (s *infoSuite) TestInfoNotFound(c *
+ }
+ 
+ func (s *infoSuite) TestInfoWithLocalNoLicense(c *check.C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	n := 0
+ 	s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) {
+ 		switch n {
+@@ -799,6 +800,7 @@ installed:    2.10 (100) 1kB disabled
+ }
+ 
+ func (s *infoSuite) TestInfoWithChannelsAndLocal(c *check.C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	n := 0
+ 	s.RedirectClientToTestServer(func(w http.ResponseWriter, r *http.Request) {
+ 		switch n {
+Index: snapd/cmd/snap/cmd_interface_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_interface_test.go
++++ snapd/cmd/snap/cmd_interface_test.go
+@@ -32,6 +32,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestInterfaceHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test interface [interface-OPTIONS] [<interface>]
+ 
+Index: snapd/cmd/snap/cmd_list_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_list_test.go
++++ snapd/cmd/snap/cmd_list_test.go
+@@ -29,6 +29,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestListHelp(c *check.C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test list [list-OPTIONS] [<snap>...]
+ 
+Index: snapd/cmd/snap/cmd_prefer_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_prefer_test.go
++++ snapd/cmd/snap/cmd_prefer_test.go
+@@ -29,6 +29,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestPreferHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test prefer [prefer-OPTIONS] <snap>
+ 
+Index: snapd/cmd/snap/cmd_unalias_test.go
+===================================================================
+--- snapd.orig/cmd/snap/cmd_unalias_test.go
++++ snapd/cmd/snap/cmd_unalias_test.go
+@@ -29,6 +29,7 @@ import (
+ )
+ 
+ func (s *SnapSuite) TestUnaliasHelp(c *C) {
++	c.Skip("the rendering of this text depends on the version of go-flags")
+ 	msg := `Usage:
+   snap.test unalias [unalias-OPTIONS] <alias-or-snap>
+ 
diff --git a/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch b/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch
new file mode 100644
index 00000000..b64911f0
--- /dev/null
+++ b/patches/0005-advisor-errtracker-use-upstream-bolt-package.patch
@@ -0,0 +1,33 @@
+From ccb008b459fb1fce6614e33c44ee7faed9a366a2 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Thu, 17 Jan 2019 15:46:00 +0200
+Subject: [PATCH 5/9] advisor,errtracker: use upstream bolt package
+
+Upstream snapd uses a fork of the bolt package that carries additional
+patches for bugs that were discovered by snapd developers. Bolt itself
+appears to be an abandoned project and is not accepting any new patches.
+
+In various distributions the upstream bolt package may or may not have
+been patched but the forked version was definitely not packaged. As
+such, to build snapd in Debian the upstream bolt package name must be
+used.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+---
+ advisor/backend.go       | 2 +-
+ errtracker/errtracker.go | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/advisor/backend.go b/advisor/backend.go
+index d74aa14fe..42a4ba051 100644
+--- a/advisor/backend.go
++++ b/advisor/backend.go
+@@ -25,7 +25,7 @@ import (
+ 	"path/filepath"
+ 	"time"
+ 
+-	"github.com/snapcore/bolt"
++	"github.com/boltdb/bolt"
+ 
+ 	"github.com/snapcore/snapd/dirs"
+ 	"github.com/snapcore/snapd/osutil"
diff --git a/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch b/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
new file mode 100644
index 00000000..ba5c6cc1
--- /dev/null
+++ b/patches/0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
@@ -0,0 +1,291 @@
+From b12169ea4f913574821ceeb19db52b4f679e88d7 Mon Sep 17 00:00:00 2001
+From: Zygmunt Krynicki <me@zygoon.pl>
+Date: Thu, 17 Jan 2019 16:42:35 +0200
+Subject: [PATCH 7/9] i18n: use dummy localizations to avoid dependencies
+
+Upstream snapd uses the github.com/ojii/gettext.go package for access to
+translation catalogs. This package is currently not available in Debian
+and prevents building the package. As such, replace the real
+implementation with a simple dummy one that always uses the English
+input strings.
+
+Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
+Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
+---
+ i18n/i18n.go      |  87 +++-----------------------------
+ i18n/i18n_test.go | 125 ++--------------------------------------------
+ 2 files changed, 11 insertions(+), 201 deletions(-)
+
+diff --git a/i18n/i18n.go b/i18n/i18n.go
+index 352e9a65d3..12885f7149 100644
+--- a/i18n/i18n.go
++++ b/i18n/i18n.go
+@@ -19,76 +19,11 @@
+ 
+ package i18n
+ 
+-//go:generate update-pot
+-
+ import (
+-	"fmt"
+ 	"os"
+-	"path/filepath"
+ 	"strings"
+-
+-	"github.com/snapcore/go-gettext"
+-
+-	"github.com/snapcore/snapd/dirs"
+-	"github.com/snapcore/snapd/osutil"
+ )
+ 
+-// TEXTDOMAIN is the message domain used by snappy; see dgettext(3)
+-// for more information.
+-var (
+-	TEXTDOMAIN   = "snappy"
+-	locale       gettext.Catalog
+-	translations gettext.Translations
+-)
+-
+-func init() {
+-	bindTextDomain(TEXTDOMAIN, "/usr/share/locale")
+-	setLocale("")
+-}
+-
+-func langpackResolver(baseRoot string, locale string, domain string) string {
+-	// first check for the real locale (e.g. de_DE)
+-	// then try to simplify the locale (e.g. de_DE -> de)
+-	locales := []string{locale, strings.SplitN(locale, "_", 2)[0]}
+-	for _, locale := range locales {
+-		r := filepath.Join(locale, "LC_MESSAGES", fmt.Sprintf("%s.mo", domain))
+-
+-		// look into the core snaps first for translations,
+-		// then the main system
+-		candidateDirs := []string{
+-			filepath.Join(dirs.SnapMountDir, "/core/current/", baseRoot),
+-			baseRoot,
+-		}
+-		for _, root := range candidateDirs {
+-			// ubuntu uses /usr/lib/locale-langpack and patches the glibc gettext
+-			// implementation
+-			langpack := filepath.Join(root, "..", "locale-langpack", r)
+-			if osutil.FileExists(langpack) {
+-				return langpack
+-			}
+-
+-			regular := filepath.Join(root, r)
+-			if osutil.FileExists(regular) {
+-				return regular
+-			}
+-		}
+-	}
+-
+-	return ""
+-}
+-
+-func bindTextDomain(domain, dir string) {
+-	translations = gettext.NewTranslations(dir, domain, langpackResolver)
+-}
+-
+-func setLocale(loc string) {
+-	if loc == "" {
+-		loc = localeFromEnv()
+-	}
+-
+-	locale = translations.Locale(simplifyLocale(loc))
+-}
+-
+ func simplifyLocale(loc string) string {
+ 	// de_DE.UTF-8, de_DE@euro all need to get simplified
+ 	loc = strings.Split(loc, "@")[0]
+@@ -106,30 +41,20 @@ func localeFromEnv() string {
+ 	return loc
+ }
+ 
+-// CurrentLocale returns the current locale without encoding or variants.
+ func CurrentLocale() string {
+ 	return simplifyLocale(localeFromEnv())
+ }
+ 
+ // G is the shorthand for Gettext
+ func G(msgid string) string {
+-	return locale.Gettext(msgid)
+-}
+-
+-// https://www.gnu.org/software/gettext/manual/html_node/Plural-forms.html
+-// (search for 1000)
+-func ngn(d int) uint32 {
+-	const max = 1000000
+-	if d < 0 {
+-		d = -d
+-	}
+-	if d > max {
+-		return uint32((d % max) + max)
+-	}
+-	return uint32(d)
++	return msgid
+ }
+ 
+ // NG is the shorthand for NGettext
+ func NG(msgid string, msgidPlural string, n int) string {
+-	return locale.NGettext(msgid, msgidPlural, ngn(n))
++	if n == 1 {
++		return msgid
++	} else {
++		return msgidPlural
++	}
+ }
+diff --git a/i18n/i18n_test.go b/i18n/i18n_test.go
+index b8b0b1ea57..86b59f3b43 100644
+--- a/i18n/i18n_test.go
++++ b/i18n/i18n_test.go
+@@ -20,142 +20,28 @@
+ package i18n
+ 
+ import (
+-	"os"
+-	"os/exec"
+-	"path/filepath"
+ 	"testing"
+ 
+ 	. "gopkg.in/check.v1"
+-
+-	"github.com/snapcore/snapd/dirs"
+ )
+ 
+ // Hook up check.v1 into the "go test" runner
+ func Test(t *testing.T) { TestingT(t) }
+ 
+-var mockLocalePo = []byte(`
+-msgid ""
+-msgstr ""
+-"Project-Id-Version: snappy-test\n"
+-"Report-Msgid-Bugs-To: snappy-devel@lists.ubuntu.com\n"
+-"POT-Creation-Date: 2015-06-16 09:08+0200\n"
+-"Language: en_DK\n"
+-"MIME-Version: 1.0\n"
+-"Content-Type: text/plain; charset=UTF-8\n"
+-"Content-Transfer-Encoding: 8bit\n"
+-"Plural-Forms: nplurals=2; plural=n != 1;>\n"
+-
+-msgid "plural_1"
+-msgid_plural "plural_2"
+-msgstr[0] "translated plural_1"
+-msgstr[1] "translated plural_2"
+-
+-msgid "singular"
+-msgstr "translated singular"
+-`)
+-
+-func makeMockTranslations(c *C, localeDir string) {
+-	fullLocaleDir := filepath.Join(localeDir, "en_DK", "LC_MESSAGES")
+-	err := os.MkdirAll(fullLocaleDir, 0755)
+-	c.Assert(err, IsNil)
+-
+-	po := filepath.Join(fullLocaleDir, "snappy-test.po")
+-	mo := filepath.Join(fullLocaleDir, "snappy-test.mo")
+-	err = os.WriteFile(po, mockLocalePo, 0644)
+-	c.Assert(err, IsNil)
+-
+-	cmd := exec.Command("msgfmt", po, "--output-file", mo)
+-	cmd.Stdout = os.Stdout
+-	cmd.Stderr = os.Stderr
+-	err = cmd.Run()
+-	c.Assert(err, IsNil)
+-}
+-
+-type i18nTestSuite struct {
+-	origLang       string
+-	origLcMessages string
+-}
++type i18nTestSuite struct{}
+ 
+ var _ = Suite(&i18nTestSuite{})
+ 
+-func (s *i18nTestSuite) SetUpTest(c *C) {
+-	// this dir contains a special hand-crafted en_DK/snappy-test.mo
+-	// file
+-	localeDir := c.MkDir()
+-	makeMockTranslations(c, localeDir)
+-
+-	// we use a custom test mo file
+-	TEXTDOMAIN = "snappy-test"
+-
+-	s.origLang = os.Getenv("LANG")
+-	s.origLcMessages = os.Getenv("LC_MESSAGES")
+-
+-	bindTextDomain("snappy-test", localeDir)
+-	os.Setenv("LANG", "en_DK.UTF-8")
+-	setLocale("")
+-}
+-
+-func (s *i18nTestSuite) TearDownTest(c *C) {
+-	os.Setenv("LANG", s.origLang)
+-	os.Setenv("LC_MESSAGES", s.origLcMessages)
+-}
+-
+ func (s *i18nTestSuite) TestTranslatedSingular(c *C) {
+ 	// no G() to avoid adding the test string to snappy-pot
+ 	var Gtest = G
+-	c.Assert(Gtest("singular"), Equals, "translated singular")
++	c.Assert(Gtest("singular"), Equals, "singular")
+ }
+ 
+ func (s *i18nTestSuite) TestTranslatesPlural(c *C) {
+ 	// no NG() to avoid adding the test string to snappy-pot
+ 	var NGtest = NG
+-	c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "translated plural_1")
+-}
+-
+-func (s *i18nTestSuite) TestTranslatedMissingLangNoCrash(c *C) {
+-	setLocale("invalid")
+-
+-	// no G() to avoid adding the test string to snappy-pot
+-	var Gtest = G
+-	c.Assert(Gtest("singular"), Equals, "singular")
+-}
+-
+-func (s *i18nTestSuite) TestInvalidTextDomainDir(c *C) {
+-	bindTextDomain("snappy-test", "/random/not/existing/dir")
+-	setLocale("invalid")
+-
+-	// no G() to avoid adding the test string to snappy-pot
+-	var Gtest = G
+-	c.Assert(Gtest("singular"), Equals, "singular")
+-}
+-
+-func (s *i18nTestSuite) TestLangpackResolverFromLangpack(c *C) {
+-	root := c.MkDir()
+-	localeDir := filepath.Join(root, "/usr/share/locale")
+-	err := os.MkdirAll(localeDir, 0755)
+-	c.Assert(err, IsNil)
+-
+-	d := filepath.Join(root, "/usr/share/locale-langpack")
+-	makeMockTranslations(c, d)
+-	bindTextDomain("snappy-test", localeDir)
+-	setLocale("")
+-
+-	// no G() to avoid adding the test string to snappy-pot
+-	var Gtest = G
+-	c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d))
+-}
+-
+-func (s *i18nTestSuite) TestLangpackResolverFromCore(c *C) {
+-	origSnapMountDir := dirs.SnapMountDir
+-	defer func() { dirs.SnapMountDir = origSnapMountDir }()
+-	dirs.SnapMountDir = c.MkDir()
+-
+-	d := filepath.Join(dirs.SnapMountDir, "/core/current/usr/share/locale")
+-	makeMockTranslations(c, d)
+-	bindTextDomain("snappy-test", "/usr/share/locale")
+-	setLocale("")
+-
+-	// no G() to avoid adding the test string to snappy-pot
+-	var Gtest = G
+-	c.Assert(Gtest("singular"), Equals, "translated singular", Commentf("test with %q failed", d))
++	c.Assert(NGtest("plural_1", "plural_2", 0), Equals, "plural_2")
++	c.Assert(NGtest("plural_1", "plural_2", 1), Equals, "plural_1")
++	c.Assert(NGtest("plural_1", "plural_2", 2), Equals, "plural_2")
+ }
+-- 
+2.31.1
+
diff --git a/patches/0010-man-page-sections.patch b/patches/0010-man-page-sections.patch
new file mode 100644
index 00000000..dc865598
--- /dev/null
+++ b/patches/0010-man-page-sections.patch
@@ -0,0 +1,22 @@
+--- a/cmd/snap-discard-ns/snap-discard-ns.rst
++++ b/cmd/snap-discard-ns/snap-discard-ns.rst
+@@ -10,7 +10,7 @@
+ :Date:   2018-10-17
+ :Copyright: Canonical Ltd.
+ :Version: 2.36
+-:Manual section: 5
++:Manual section: 8
+ :Manual group: snappy
+ 
+ SYNOPSIS
+--- a/cmd/snapd-env-generator/snapd-env-generator.rst
++++ b/cmd/snapd-env-generator/snapd-env-generator.rst
+@@ -10,7 +10,7 @@
+ :Date:   2018-08-31
+ :Copyright: Canonical Ltd.
+ :Version: 2.35
+-:Manual section: 7
++:Manual section: 8
+ :Manual group: snappy
+ 
+ SYNOPSIS
diff --git a/patches/series b/patches/series
new file mode 100644
index 00000000..7ab6760a
--- /dev/null
+++ b/patches/series
@@ -0,0 +1,5 @@
+0003-cmd-snap-seccomp-skip-tests-that-use-m32.patch
+0004-cmd-snap-skip-tests-depending-on-text-wrapping.patch
+0005-advisor-errtracker-use-upstream-bolt-package.patch
+0007-i18n-use-dummy-localizations-to-avoid-dependencies.patch
+0010-man-page-sections.patch
diff --git a/rules b/rules
new file mode 100755
index 00000000..17661677
--- /dev/null
+++ b/rules
@@ -0,0 +1,286 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+#
+# These rules should work for any debian-ish distro that uses systemd
+# as init.  That does _not_ include Ubuntu 14.04 ("trusty"); look for
+# its own special rule file.
+#
+# Please keep the diff between that and this relatively small, even if
+# it means having suboptimal code; these need to be kept in sync by
+# sentient bags of meat.
+
+#export DH_VERBOSE=1
+export DH_OPTIONS
+export DH_GOPKG := github.com/snapcore/snapd
+#export DEB_BUILD_OPTIONS=nocheck
+export DH_GOLANG_EXCLUDES=tests
+# skip Go generate, all source code should have been committed
+export DH_GOLANG_GO_GENERATE=0
+
+export PATH:=${PATH}:${CURDIR}
+# GOCACHE is needed by go-1.13+
+export GOCACHE:=/tmp/go-build
+
+include /etc/os-release
+
+# On 18.04 the released version of apt (1.6.1) has a bug that causes
+# problem on "apt purge snapd". To ensure this won't happen add the
+# right dependency on 18.04.
+ifeq (${VERSION_ID},"18.04")
+	SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.6.3)"
+endif
+# Same as above for 18.10 just a different version.
+ifeq (${VERSION_ID},"18.10")
+	SUBSTVARS = -Vsnapd:Breaks="apt (<< 1.7.0~alpha2)"
+endif
+
+# this is overridden in the ubuntu/14.04 release branch
+SYSTEMD_UNITS_DESTDIR="lib/systemd/system/"
+
+# The go tool does not fully support vendoring with gccgo, but we can
+# work around that by constructing the appropriate -I flag by hand.
+GCCGO := $(shell go tool dist env > /dev/null 2>&1 && echo no || echo yes)
+
+# Disable -buildmode=pie mode on i386 as can panics in spectacular
+# ways (LP: #1711052).
+# See also https://forum.snapcraft.io/t/artful-i386-panics/
+# Note while the panic is only on artful, that's because artful
+# detects it; the issue potentially there on older things.
+BUILDFLAGS:=-pkgdir=$(CURDIR)/_build/std
+ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),i386)
+BUILDFLAGS+= -buildmode=pie
+endif
+
+GCCGOFLAGS=
+ifeq ($(GCCGO),yes)
+GOARCH := $(shell go env GOARCH)
+GOOS := $(shell go env GOOS)
+BUILDFLAGS:=
+GCCGOFLAGS=-gccgoflags="-I $(CURDIR)/_build/pkg/gccgo_$(GOOS)_$(GOARCH)/$(DH_GOPKG)/vendor"
+export DH_GOLANG_GO_GENERATE=0
+# workaround for https://github.com/golang/go/issues/23721
+export GOMAXPROCS=2
+endif
+
+# check if we need to include the testkeys in the binary
+# TAGS are the go build tags for all binaries, SNAP_TAGS are for snap
+# build only.
+TAGS=nosecboot nobolt
+SNAP_TAGS=nosecboot nomanagers nobolt
+ifneq (,$(filter testkeys,$(DEB_BUILD_OPTIONS)))
+	TAGS+= withtestkeys
+	SNAP_TAGS+= withtestkeys
+endif
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+
+BUILT_USING_PACKAGES=
+# export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+# DPKG_EXPORT_BUILDFLAGS = 1
+# include /usr/share/dpkg/buildflags.mk
+
+# Currently, we enable confinement for Ubuntu only, not for derivatives,
+# because derivatives may have different kernels that don't support all the
+# required confinement features and we don't to mislead anyone about the
+# security of the system.  Discuss a proper approach to this for downstreams
+# if and when they approach us.
+ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu)
+    # On Ubuntu 16.04 we need to produce a build that can be used on wide
+    # variety of systems. As such we prefer static linking over dynamic linking
+    # for stability, predicability and easy of deployment. We need to link some
+    # things dynamically though: udev has no stable IPC protocol between
+    # libudev and udevd so we need to link with it dynamically.
+    VENDOR_ARGS=--enable-nvidia-multiarch --enable-static-libcap --enable-static-libapparmor --enable-static-libseccomp --with-host-arch-triplet=$(DEB_HOST_MULTIARCH)
+ifeq ($(shell dpkg-architecture -qDEB_HOST_ARCH),amd64)
+		VENDOR_ARGS+= --with-host-arch-32bit-triplet=$(shell dpkg-architecture -f -ai386 -qDEB_HOST_MULTIARCH)
+endif
+    BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
+else
+ifeq ($(shell dpkg-vendor --query Vendor),Debian)
+    VENDOR_ARGS=--enable-nvidia-multiarch
+    BUILT_USING_PACKAGES=libcap-dev
+else
+    VENDOR_ARGS=--disable-apparmor
+endif
+endif
+BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W $(BUILT_USING_PACKAGES))
+
+%:
+	dh $@ --buildsystem=golang --with=golang --fail-missing --with systemd --builddirectory=_build
+
+override_dh_fixperms:
+	dh_fixperms -Xusr/lib/snapd/snap-confine
+
+
+# The .real profile is a workaround for a bug in dpkg LP: #1673247 that causes
+# ubiquity to crash. It allows us to "move" the snap-confine profile from
+# snap-confine into snapd in a way that works with old dpkg that is in the live
+# CD image.
+#
+# Because both the usual and the .real profile describe the same binary the
+# .real profile takes priority (as it is loaded later).
+override_dh_installdeb:
+	dh_apparmor --profile-name=usr.lib.snapd.snap-confine.real -psnapd
+	dh_installdeb
+
+override_dh_clean:
+	dh_clean
+	$(MAKE) -C data clean
+	# XXX: hacky
+	$(MAKE) -C cmd distclean || true
+
+override_dh_auto_build:
+	# usually done via `go generate` but that is not supported on powerpc
+	GO_GENERATE_BUILDDIR=_build/src/$(DH_GOPKG) GO111MODULE=off GOPATH=$$(pwd)/_build ./mkversion.sh
+	# Build golang bits
+	mkdir -p _build/src/$(DH_GOPKG)/cmd/snap/test-data
+	cp -a cmd/snap/test-data/*.gpg _build/src/$(DH_GOPKG)/cmd/snap/test-data/
+	cp -a bootloader/assets/data _build/src/$(DH_GOPKG)/bootloader/assets
+
+	# exclude certain parts that won't be used by debian
+	find _build/src/$(DH_GOPKG)/cmd/snap-bootstrap -name "*.go" | xargs rm -f
+	find _build/src/$(DH_GOPKG)/cmd/snap-fde-keymgr -name "*.go" | xargs rm -f
+	find _build/src/$(DH_GOPKG)/gadget/install -name "*.go" | grep -vE '(params\.go|install_dummy\.go)'| xargs rm -f
+	# XXX: once dh-golang understands go build tags this would not be needed
+	find _build/src/$(DH_GOPKG)/secboot/ -name "*.go" | grep -E '(.*_sb(_test)?\.go|.*_tpm(_test)?\.go|secboot_hooks.go|keymgr/)' | xargs rm -f
+	# and build, we cannot use modules as packaging on Debian requires us to use
+	# dependencies from the distro, and this would require further updates to the
+	# go.mod file
+	GO111MODULE=off dh_auto_build -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS)
+
+	(cd _build/bin && GO111MODULE=off GOPATH=$$(pwd)/.. go build $(BUILDFLAGS) $(GCCGOFLAGS) -tags "$(SNAP_TAGS)" $(DH_GOPKG)/cmd/snap)
+
+	# (static linking on powerpc with cgo is broken)
+ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc)
+	# Generate static snap-exec, snapctl and snap-update-ns - it somehow includes CGO so
+	# we must force a static build here. We need a static snap-{exec,update-ns}
+	# inside the core snap because not all bases will have a libc
+	(cd _build/bin && GO111MODULE=off GOPATH=$$(pwd)/.. CGO_ENABLED=0 go build -tags "$(TAGS)" $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-exec)
+	(cd _build/bin && GO111MODULE=off GOPATH=$$(pwd)/.. CGO_ENABLED=0 go build -tags "$(TAGS)" $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snapctl)
+	(cd _build/bin && GO111MODULE=off GOPATH=$$(pwd)/.. go build -tags "$(TAGS)" --ldflags '-extldflags "-static"' $(GCCGOFLAGS) -pkgdir=$$(pwd)/std $(DH_GOPKG)/cmd/snap-update-ns)
+
+	# ensure we generated a static build
+	$(shell	if ldd _build/bin/snap-exec; then false "need static build"; fi)
+	$(shell	if ldd _build/bin/snap-update-ns; then false "need static build"; fi)
+	$(shell	if ldd _build/bin/snapctl; then false "need static build"; fi)
+endif
+
+	# ensure snap-seccomp is build with a static libseccomp on Ubuntu
+ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu)
+	# (static linking on powerpc with cgo is broken)
+ ifneq ($(shell dpkg-architecture -qDEB_HOST_ARCH),powerpc)
+	sed -i "s|#cgo LDFLAGS:|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go
+	(cd _build/bin && GOPATH=$$(pwd)/.. CGO_LDFLAGS_ALLOW="/.*/libseccomp.a" go build -tags "$(TAGS)" $(GCCGOFLAGS) $(DH_GOPKG)/cmd/snap-seccomp)
+	# ensure that libseccomp is not dynamically linked
+	ldd _build/bin/snap-seccomp
+	test "$$(ldd _build/bin/snap-seccomp | grep libseccomp)" = ""
+	# revert again so that the subsequent tests work
+	sed -i "s|#cgo LDFLAGS: /usr/lib/$(shell dpkg-architecture -qDEB_TARGET_MULTIARCH)/libseccomp.a|#cgo LDFLAGS:|" _build/src/$(DH_GOPKG)/cmd/snap-seccomp/main.go
+ endif
+endif
+
+	# Build C bits, sadly manually
+	cd cmd && ( autoreconf -i -f )
+	cd cmd && ( ./configure --prefix=/usr --libexecdir=/usr/lib/snapd $(VENDOR_ARGS))
+	$(MAKE) -C cmd all
+
+	# Generate the real systemd/dbus/env config files
+	$(MAKE) -C data all
+
+override_dh_auto_test:
+	SNAPD_SKIP_SLOW_TESTS=true GO111MODULE=off dh_auto_test -- $(BUILDFLAGS) -tags "$(TAGS)" $(GCCGOFLAGS) $(DH_GOPKG)/...
+# a tested default (production) build should have no test keys
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+	# check that only the main trusted account-keys are included
+	[ $$(strings _build/bin/snapd|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 2 ]
+	strings _build/bin/snapd|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$"
+	strings _build/bin/snapd|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$"
+	# same for snap-repair
+	[ $$(strings _build/bin/snap-repair|grep -c -E "public-key-sha3-384: [a-zA-Z0-9_-]{64}") -eq 3 ]
+	# common with snapd
+	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: -CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk$$"
+	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: d-JcZF9nD9eBw7bwMnH61x-bklnQOhQud1Is6o_cn2wTj8EYDi9musrIT9z2MdAa$$"
+	# repair-root
+	strings _build/bin/snap-repair|grep -c "^public-key-sha3-384: nttW6NfBXI_E-00u38W-KH6eiksfQNXuI7IiumoV49_zkbhM0sYTzSnFlwZC-W4t$$"
+endif
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+	# run the snap-confine tests
+	$(MAKE) -C cmd check
+endif
+
+override_dh_install-indep:
+	# we do not need this in the package, its just needed during build
+	rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go
+	# toolbelt is not shippable
+	rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt
+	# we do not like /usr/bin/snappy anymore
+	rm -f ${CURDIR}/debian/tmp/usr/bin/snappy
+	# chrorder generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder
+	# bootloader assets generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/genasset
+	# asserts/info
+	rm -f ${CURDIR}/debian/tmp/usr/bin/info
+	# docs generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/docs
+
+	dh_install
+
+override_dh_install-arch:
+	# we do not need this in the package, its just needed during build
+	rm -rf ${CURDIR}/debian/tmp/usr/bin/xgettext-go
+	# toolbelt is not shippable
+	rm -f ${CURDIR}/debian/tmp/usr/bin/toolbelt
+	# we do not like /usr/bin/snappy anymore
+	rm -f ${CURDIR}/debian/tmp/usr/bin/snappy
+	# i18n stuff
+	mkdir -p debian/snapd/usr/share
+	if [ -d share/locale ]; then \
+		cp -R share/locale debian/snapd/usr/share; \
+	fi
+	# chrorder generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/chrorder
+	# bootloader assets generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/genasset
+	# asserts/info
+	rm -f ${CURDIR}/debian/tmp/usr/bin/info
+	# docs generator
+	rm -f ${CURDIR}/debian/tmp/usr/bin/docs
+
+	# Install snapd's systemd units / upstart jobs, done
+	# here instead of debian/snapd.install because the
+	# ubuntu/14.04 release branch adds/changes bits here
+	$(MAKE) -C data install DESTDIR=$(CURDIR)/debian/snapd/ \
+		SYSTEMDSYSTEMUNITDIR=$(SYSTEMD_UNITS_DESTDIR)
+	# We called this apps-bin-path.sh instead of snapd.sh, and
+	# it's a conf file so we're stuck with it
+	mv debian/snapd/etc/profile.d/snapd.sh debian/snapd/etc/profile.d/apps-bin-path.sh
+
+	$(MAKE) -C cmd install DESTDIR=$(CURDIR)/debian/tmp
+
+	# Rename the apparmor profile, see dh_apparmor call above for an explanation.
+	mv $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine $(CURDIR)/debian/tmp/etc/apparmor.d/usr.lib.snapd.snap-confine.real
+
+	# Ouside of core we don't need to install the following files:
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.autoimport.service
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.core-fixup.service
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.failure.service
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.service
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.snap-repair.timer
+	rm $(CURDIR)/debian/snapd/$(SYSTEMD_UNITS_DESTDIR)/snapd.system-shutdown.service
+	rm $(CURDIR)/debian/snapd/usr/lib/snapd/snapd.run-from-snap
+
+	dh_install
+
+override_dh_auto_install: snap.8
+	dh_auto_install -O--buildsystem=golang
+
+snap.8:
+	$(CURDIR)/_build/bin/snap help --man > $@
+
+override_dh_auto_clean:
+	dh_auto_clean -O--buildsystem=golang
+	rm -vf snap.8
+
+override_dh_gencontrol:
+	dh_gencontrol -- -VBuilt-Using="$(BUILT_USING)"
diff --git a/snap-confine.maintscript b/snap-confine.maintscript
new file mode 100644
index 00000000..16bc8774
--- /dev/null
+++ b/snap-confine.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~
diff --git a/snapd.autoimport.udev b/snapd.autoimport.udev
new file mode 100644
index 00000000..f06a9f3e
--- /dev/null
+++ b/snapd.autoimport.udev
@@ -0,0 +1,3 @@
+# probe for assertions, must run before udisks2
+ACTION=="add", SUBSYSTEM=="block" \
+    RUN+="/usr/bin/unshare -m /usr/bin/snap auto-import --mount=/dev/%k"
diff --git a/snapd.dirs b/snapd.dirs
new file mode 100644
index 00000000..f23e218c
--- /dev/null
+++ b/snapd.dirs
@@ -0,0 +1,15 @@
+snap
+usr/lib/snapd
+var/cache/snapd
+var/lib/snapd/apparmor/snap-confine
+var/lib/snapd/auto-import
+var/lib/snapd/desktop
+var/lib/snapd/environment
+var/lib/snapd/firstboot
+var/lib/snapd/inhibit
+var/lib/snapd/lib/gl
+var/lib/snapd/lib/gl32
+var/lib/snapd/lib/vulkan
+var/lib/snapd/snaps/partial
+var/lib/snapd/void
+var/snap
diff --git a/snapd.install b/snapd.install
new file mode 100644
index 00000000..a97af759
--- /dev/null
+++ b/snapd.install
@@ -0,0 +1,35 @@
+# apt hook
+data/apt/20snapd.conf /etc/apt/apt.conf.d/
+data/completion/bash/complete.sh /usr/lib/snapd/
+data/completion/bash/etelpmoc.sh /usr/lib/snapd/
+# bash completion
+data/completion/bash/snap /usr/share/bash-completion/completions
+# zsh completion
+data/completion/zsh/_snap /usr/share/zsh/vendor-completions
+# snap/snapd version information
+data/info /usr/lib/snapd/
+# polkit actions
+data/polkit/io.snapcraft.snapd.policy /usr/share/polkit-1/actions/
+# snap-confine stuff
+etc/apparmor.d/usr.lib.snapd.snap-confine.real
+usr/bin/snap
+usr/bin/snap-exec /usr/lib/snapd/
+usr/bin/snap-seccomp /usr/lib/snapd/
+usr/bin/snap-update-ns /usr/lib/snapd/
+usr/bin/snapctl /usr/lib/snapd/
+usr/bin/snapd /usr/lib/snapd/
+usr/bin/snapd-apparmor /usr/lib/snapd/
+# for compatibility with ancient snap installs that wrote the shell based
+# wrapper scripts instead of the modern symlinks
+usr/bin/ubuntu-core-launcher
+usr/lib/snapd/snap-confine
+usr/lib/snapd/snap-device-helper
+usr/lib/snapd/snap-discard-ns
+# gdb helper
+usr/lib/snapd/snap-gdb-shim
+usr/lib/snapd/snap-gdbserver-shim
+usr/lib/snapd/snap-mgmt
+# use "usr/lib" here because apparently systemd looks only there
+usr/lib/systemd/system-environment-generators
+usr/lib/systemd/system-generators
+usr/share/man/
diff --git a/snapd.links b/snapd.links
new file mode 100644
index 00000000..9af14cb0
--- /dev/null
+++ b/snapd.links
@@ -0,0 +1,5 @@
+/usr/lib/snapd/snap-device-helper  /lib/udev/snappy-app-dev
+# This should be removed once we can rely on debhelper >= 11.5:
+#     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764678
+/usr/lib/systemd/user/snapd.session-agent.socket /usr/lib/systemd/user/sockets.target.wants/snapd.session-agent.socket
+usr/lib/snapd/snapctl usr/bin/snapctl
diff --git a/snapd.lintian-overrides b/snapd.lintian-overrides
new file mode 100644
index 00000000..b5be2587
--- /dev/null
+++ b/snapd.lintian-overrides
@@ -0,0 +1,13 @@
+# Up for discussion whether we should use this directory on Debian, or
+# patch snap to use some different mountpoint; in the meantime, override to
+# pass the NEW queue.
+snapd: non-standard-toplevel-dir snap/
+# Up for discussion whether we should use this directory on Debian, or
+# patch snap to use some different mountpoint; in the meantime, override.
+snapd: non-standard-dir-in-var var/snap/
+# snapd is a very special case which needs to tear out its self-managed
+# units on purge, we certainly would not be able to use the Debian
+# abstractions for this
+snapd: maintainer-script-calls-systemctl postrm:9
+# fortify functions aren't here because we use none of the libc functions.
+snapd: hardening-no-fortify-functions *
diff --git a/snapd.maintscript b/snapd.maintscript
new file mode 100644
index 00000000..613ac0de
--- /dev/null
+++ b/snapd.maintscript
@@ -0,0 +1,6 @@
+rm_conffile /etc/apparmor.d/usr.lib.snapd.snap-confine 2.23.6~ snap-confine
+# keep mount point busy
+# we used to ship a custom grub config that is no longer needed
+rm_conffile /etc/grub.d/09_snappy 1.7.3ubuntu1
+rm_conffile /etc/ld.so.conf.d/snappy.conf 2.0.7~
+rm_conffile /etc/sudoers.d/99-snapd.conf 2.50~
diff --git a/snapd.manpages b/snapd.manpages
new file mode 100644
index 00000000..b383785e
--- /dev/null
+++ b/snapd.manpages
@@ -0,0 +1 @@
+snap.8
diff --git a/snapd.postinst b/snapd.postinst
new file mode 100644
index 00000000..ac9a4d50
--- /dev/null
+++ b/snapd.postinst
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+
+case "$1" in
+    configure)
+        # ensure /var/lib/snapd/lib/gl is cleared
+        if dpkg --compare-versions "$2" lt-nl "2.0.7"; then
+            ldconfig
+        fi
+
+        # Ensure that we undo the damage done by the snap.mount unit that was present
+        # in snapd 2.31.
+        #
+        # We found that update scripts make systemd stop inactive mount units and this
+        # in turn stops all the units that depend on it so when the snap.mount unit is
+        # stopped all the per-snap mount units gets stopped along with them.  The 2.31
+        # release was only out briefly in xenial-proposed and bionic but to keep the
+        # affected users safe let's start all the per-snap mount units so that snaps no
+        # longer appear as broken after update.
+        if dpkg --compare-versions "$2" ge-nl "2.31" && \
+                dpkg --compare-versions "$2" lt-nl "2.32"; then
+            units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
+            mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true)
+            for unit in $mounts; do
+                # ensure its really a snap mount unit or systemd unit
+                if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
+                    echo "Skipping non-snapd systemd unit $unit"
+                    continue
+                fi
+
+                echo "Starting $unit"
+                deb-systemd-invoke start "$unit" || true
+            done
+        fi
+        # Ensure that the void directory has correct permissions.
+        chmod 111 /var/lib/snapd/void
+esac
+
+#DEBHELPER#
diff --git a/snapd.postrm b/snapd.postrm
new file mode 100644
index 00000000..cae1fee5
--- /dev/null
+++ b/snapd.postrm
@@ -0,0 +1,149 @@
+#!/bin/sh
+
+set -e
+
+systemctl_stop() {
+    unit="$1"
+
+    echo "Stopping unit $unit"
+    systemctl stop -q "$unit" || true
+
+    for i in $(seq 20); do
+        echo "Waiting until unit $unit is stopped [attempt $i]"
+        if ! systemctl is-active -q "$unit"; then
+            echo "$unit is stopped."
+            return
+        fi
+        sleep .1
+    done
+}
+
+if [ "$1" = "purge" ]; then
+    # Undo any bind mounts to ${SNAP_MOUNT_DIR} or /var/snap done by parallel
+    # installs or LP:#1668659
+    for mp in /snap /var/snap; do
+        if grep -q " $mp $mp" /proc/self/mountinfo; then
+            umount -l "$mp" || true
+        fi
+    done
+
+    units=$(systemctl list-unit-files --full | grep '^snap[-.]' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
+    mounts=$(echo "$units" | grep '^snap[-.].*\.mount$' || true)
+    services=$(echo "$units" | grep '^snap[-.].*\.service$' || true)
+    slices=$(echo "$units" | grep '^snap[-.].*\.slice$' || true)
+
+    for unit in $services $mounts $slices; do
+        # ensure its really a snap mount unit or systemd unit
+        if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
+            echo "Skipping non-snapd systemd unit $unit"
+            continue
+        fi
+
+        echo "Stopping $unit"
+        systemctl_stop "$unit"
+
+        # if it is a mount unit, we can find the snap name in the mount
+        # unit (we just ignore unit files)
+        snap=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f3 -d/)
+        rev=$(grep 'Where=/snap/' "/etc/systemd/system/$unit"|cut -f4 -d/)
+        if [ -n "$snap" ]; then
+            echo "Removing snap $snap and revision $rev"
+            # aliases
+            if [ -d /snap/bin ]; then
+                find /snap/bin -maxdepth 1 -lname "$snap" -delete
+                find /snap/bin -maxdepth 1 -lname "$snap.*" -delete
+            fi
+            # generated binaries
+            rm -f "/snap/bin/$snap"
+            rm -f "/snap/bin/$snap".*
+            # snap mount dir
+            # we pass -d (clean up loopback devices) for trusty compatibility
+            umount -d -l "/snap/$snap/$rev" 2> /dev/null || true
+            rm -rf "/snap/$snap/$rev"
+            rm -f "/snap/$snap/current"
+            # snap data dir
+            rm -rf "/var/snap/$snap/$rev"
+            rm -rf "/var/snap/$snap/common"
+            rm -f "/var/snap/$snap/current"
+            # opportunistic remove (may fail if there are still revisions left
+            for d in "/snap/$snap" "/var/snap/$snap"; do
+                if [ -d "$d" ]; then
+                    rmdir --ignore-fail-on-non-empty "$d" || true
+                fi
+            done
+            # udev rules
+            find /etc/udev/rules.d -name "*-snap.${snap}.rules" -execdir rm -f "{}" \;
+            # dbus policy files
+            if [ -d /etc/dbus-1/system.d ]; then
+                find /etc/dbus-1/system.d -name "snap.${snap}.*.conf" -execdir rm -f "{}" \;
+            fi
+            # modules
+            rm -f "/etc/modules-load.d/snap.${snap}.conf"
+            rm -f "/etc/modprobe.d/snap.${snap}.conf"
+            # timer and socket units
+            find /etc/systemd/system -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" | while read -r f; do
+                systemctl_stop "$(basename "$f")"
+                rm -f "$f"
+            done
+            # user services, sockets, and timers - we make no attempt to stop any of them.
+            # TODO: ask snapd to ask each snapd.session-agent.service to stop snaps
+            # user-session services and stop itself.
+            find /etc/systemd/user -name "snap.${snap}.*.timer" -o -name "snap.${snap}.*.socket" -o -name "snap.${snap}.*.service" | while read -r f; do
+                rm -f "$f"
+            done
+        fi
+
+        echo "Removing $unit"
+        rm -f "/etc/systemd/system/$unit"
+        rm -f "/etc/systemd/system/multi-user.target.wants/$unit"
+    done
+    # Units may have been removed do a reload
+    systemctl -q daemon-reload || true
+
+    # snapd session-agent
+    rm -f /etc/systemd/user/snapd.session-agent.socket
+    rm -f /etc/systemd/user/snapd.session-agent.service
+    rm -f /etc/systemd/user/sockets.target.wants/snapd.session-agent.socket
+
+    # generated readme files
+    rm -f "/snap/README"
+
+    echo "Discarding preserved snap namespaces"
+    # opportunistic as those might not be actually mounted
+    if [ -d /run/snapd/ns ]; then
+        if [ "$(find /run/snapd/ns/ -name "*.mnt" | wc -l)" -gt 0 ]; then
+            for mnt in /run/snapd/ns/*.mnt; do
+                umount -l "$mnt" || true
+                rm -f "$mnt"
+            done
+        fi
+        find /run/snapd/ns/ \( -name '*.fstab' -o -name '*.user-fstab' -o -name '*.info' \) -delete
+        umount -l /run/snapd/ns/ || true
+    fi
+
+    # inside containers we have a generator that creates a bind mount to /snap
+    if [ -e /run/systemd/container ]; then
+        echo "Unmount /snap inside a container"
+        umount /snap || true
+    fi
+
+    echo "Final directory cleanup"
+    for d in "/snap/bin" "/snap" "/var/snap"; do
+        # Force remove due to directories for old revisions could still exist
+        rm -rf "$d"
+        if [ -d "$d" ]; then
+            echo "Cannot remove directory $d"
+        fi
+    done
+
+    echo "Removing extra snap-confine apparmor rules"
+    rm -f /etc/apparmor.d/snap.core.*.usr.lib.snapd.snap-confine
+
+    echo "Removing snapd cache"
+    rm -rf /var/cache/snapd/*
+
+    echo "Removing snapd state"
+    rm -rf /var/lib/snapd
+fi
+
+#DEBHELPER#
diff --git a/snapd.prerm b/snapd.prerm
new file mode 100755
index 00000000..63824a2b
--- /dev/null
+++ b/snapd.prerm
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+systemctl_stop() {
+    unit="$1"
+
+    echo "Stopping unit $unit"
+    systemctl stop -q "$unit" || true
+
+    for i in $(seq 20); do
+        echo "Waiting until unit $unit is stopped [attempt $i]"
+        if ! systemctl is-active -q "$unit"; then
+            echo "$unit is stopped."
+            return
+        fi
+        sleep .1
+    done
+}
+
+if [ "$1" = "remove" ]; then
+    units=$(systemctl list-unit-files --full | grep '^snap\.' | cut -f1 -d ' ' | grep -vF snap.mount.service || true)
+    tostop=$(echo "$units" | grep -E '^snap\..*\.(service|timer|socket)$' || true)
+
+    for unit in $tostop; do
+        # ensure it's really a snap mount unit or systemd unit
+        if  ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
+            echo "Skipping non-snapd systemd unit $unit"
+            continue
+        fi
+
+        echo "Stopping $unit"
+        systemctl_stop "$unit"
+    done
+fi
+
+#DEBHELPER#
diff --git a/source/format b/source/format
new file mode 100644
index 00000000..163aaf8d
--- /dev/null
+++ b/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/source/options b/source/options
new file mode 100644
index 00000000..8a90ced6
--- /dev/null
+++ b/source/options
@@ -0,0 +1 @@
+include-removal
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 00000000..c32e6db3
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,10 @@
+## Autopkgtest
+
+In order to run the autopkgtest suite locally you need first to generate an image:
+
+    $ adt-buildvm-ubuntu-cloud -a amd64 -r xenial -v
+
+This will create a `adt-xenial-amd64-cloud.img` file, then you can run the tests from
+the project's root with:
+
+    $ adt-run --unbuilt-tree . --- qemu ./adt-xenial-amd64-cloud.img
diff --git a/tests/control b/tests/control
new file mode 100644
index 00000000..9b2b367a
--- /dev/null
+++ b/tests/control
@@ -0,0 +1,12 @@
+Tests: integrationtests
+Restrictions: allow-stderr, rw-build-tree, needs-root, breaks-testbed, isolation-machine
+Depends: bzr,
+         ca-certificates,
+         git,
+         golang-golang-x-net-dev,
+         locales,
+         net-tools,
+         netcat-openbsd,
+         openssh-server,
+         snapd,
+         @builddeps@
diff --git a/tests/integrationtests b/tests/integrationtests
new file mode 100644
index 00000000..7f9b2728
--- /dev/null
+++ b/tests/integrationtests
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -ex
+
+# required for the debian adt host
+mkdir -p /etc/systemd/system/snapd.service.d/
+if [ "${http_proxy:-}" != "" ]; then
+    cat <<EOF | tee /etc/systemd/system/snapd.service.d/proxy.conf
+[Service]
+Environment=http_proxy=$http_proxy
+Environment=https_proxy=$http_proxy
+EOF
+
+    # ensure environment is updated
+    echo "http_proxy=$http_proxy" >> /etc/environment
+    echo "https_proxy=$http_proxy" >> /etc/environment
+fi
+systemctl daemon-reload
+
+# ensure we are not get killed too easily
+printf '%s\n' "-950" > /proc/$$/oom_score_adj
+
+# see what mem we have (for debugging)
+cat /proc/meminfo
+
+# ensure we can do a connect to localhost
+echo ubuntu:ubuntu|chpasswd
+sed -i 's/\(PermitRootLogin\|PasswordAuthentication\)\>.*/\1 yes/' /etc/ssh/sshd_config
+systemctl reload ssh.service
+
+# Map snapd deb package pockets to core snap channels. This is intended to cope
+# with the autopkgtest execution when testing packages from the different pockets
+if apt -qq list snapd | grep -q -- -proposed; then
+    export SPREAD_CORE_CHANNEL=candidate
+elif apt -qq list snapd | grep -q -- -updates; then
+    export SPREAD_CORE_CHANNEL=stable
+fi
+
+# Spread will only buid with recent go
+snap install --classic go
+
+# and now run spread against localhost
+# shellcheck disable=SC1091
+. /etc/os-release
+export GOPATH=/tmp/go
+/snap/bin/go get -u github.com/snapcore/spread/cmd/spread
+/tmp/go/bin/spread -v "autopkgtest:${ID}-${VERSION_ID}-$(dpkg --print-architecture)":tests/smoke/
+
+# store journal info for inspectsion
+journalctl --sync
+journalctl -ab > "$ADT_ARTIFACTS"/journal.txt
diff --git a/tests/testconfig.json b/tests/testconfig.json
new file mode 100644
index 00000000..c1669d09
--- /dev/null
+++ b/tests/testconfig.json
@@ -0,0 +1,3 @@
+{
+    "FromBranch": false
+}
diff --git a/watch b/watch
new file mode 100644
index 00000000..f24cda73
--- /dev/null
+++ b/watch
@@ -0,0 +1,4 @@
+version=3
+opts=filenamemangle=s/.+\/snapd_(\d\S*)\.no-vendor\.tar\.xz/snapd-\$1\.tar\.gz/,\
+uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/ \
+  https://github.com/snapcore/snapd/releases .*/snapd_(\d\S*)\.no-vendor\.tar\.xz
-- 
2.30.2