snapd (2.72+ubuntu24.04) noble; urgency=medium
* New upstream release, LP: #2124239
- FDE: support replacing TPM protected keys at runtime via the
/v2/system-volumes endpoint
- FDE: support secboot preinstall check fix actions for 25.10+
hybrid installs via the /v2/system/{label} endpoint
- FDE: tweak polkit message to remove jargon
- FDE: ensure proper sealing with kernel command line defaults
- FDE: provide generic reseal function
- FDE: support using OPTEE for protecting keys, as an alternative to
existing fde-setup hooks (Ubuntu Core only)
- Confdb: 'snapctl get --view' supports passing default values
- Confdb: content sub-rules in confdb-schemas inherit their parent
rule's "access"
- Confdb: make confdb error kinds used in API more generic
- Confdb: fully support lists and indexed paths (including unset)
- Prompting: add notice backend for prompting types (unused for now)
- Prompting: include request cgroup in prompt
- Prompting: handle unsupported xattrs
- Prompting: add permission mapping for the camera interface
- Notices: read notices from state without state lock
- Notices: add methods to get notice fields and create, reoccur, and
deepcopy notice
- Notices: add notice manager to coordinate separate notice backends
- Notices: support draining notices from state when notice backend
registered as producer of a particular notice type
- Notices: query notice manager from daemon instead of querying
state for notices directly
- Packaging: Ubuntu | ignore .git directory
- Packaging: FIPS | bump deb Go FIPS to 1.23
- Packaging: snap | bump FIPS toolchain to 1.23
- Packaging: debian | sync most upstream changes
- Packaging: debian-sid | depends on libcap2-bin for postint
- Packaging: Fedora | drop fakeroot
- Packaging: snap | modify snapd.mk to pass build tags when running
unit tests
- Packaging: snap | modify snapd.mk to pass nooptee build tag
- Packaging: modify Makefile.am to fix snap-confine install profile
with 'make hack'
- Packaging: modify Makefile.am to fix out-of-tree use of 'make
hack'
- LP: #2122054 Snap installation: skip snap icon download when
running in a cloud or using a proxy store
- Snap installation: add timeout to http client when downloading
snap icon
- Snap installation: use http(s) proxy for icon downloads
- LP: #2117558 snap-confine: fix error message with /root/snap not
accessible
- snap-confine: fix non-suid limitation by switching to root:root to
operate v1 freezer
- core-initrd: do not use writable-paths when not available
- core-initrd: remove debian folder
- LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
interface now with the more robust gpio-aggregator configfs kernel
interface
- Interfaces: gpio-chardev | exclusive snap connections, raise a
conflict when both gpio-chardev and gpio are connected
- Interfaces: gpio-chardev | fix gpio-aggregator module load order
- Interfaces: ros-snapd-support | grant access to /v2/changes
- Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,
opengl-driver-libs, opengles-driver-libs | new interfaces to
support nvidia driver components
- Interfaces: microstack-support | allow DPDK (hugepage related
permissions)
- Interfaces: system-observe | allow reading additional files in
/proc, needed by node-exporter
- Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key
and Kensington VeriMark DT Fingerprint Key to device list
- Interfaces: snap-interfaces-requests-control | allow shell API
control
- Interfaces: fwupd | allow access to Intel CVS sysfs
- Interfaces: hardware-observe | allow read access to Kernel
Samepage Merging (KSM)
- Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP
- Interfaces: spi | relax sysfs permission rules to allow access to
SPI device node attributes
- Interfaces: content | introduce compatibility label
- LP: #2121238 Interfaces: do not expose Kerberos tickets for
classic snaps
- Interfaces: ssh-public-keys | allow ro access to public host keys
with ssh-key
- Interfaces: Modify AppArmor template to allow listing systemd
credentials and invoking systemd-creds
- Interfaces: modify AppArmor template with workarounds for Go 1.35
cgroup aware GOMAXPROCS
- Interfaces: modify seccomp template to allow landlock_*
- Prevent snap hooks from running while relevant snaps are unlinked
- Make refreshes wait before unlinking snaps if running hooks can be
affected
- Fix systemd unit generation by moving "WantedBy=" from section
"unit" to "install"
- Add opt-in logging support for snap-update-ns
- Unhide 'snap help' sign and export-key under Development category
- LP: #2117121 Cleanly support socket activation for classic snap
- Add architecture to 'snap version' output
- Add 'snap debug api' option to disable authentication through
auth.json
- Show grade in notes for 'snap info --verbose'
- Fix preseeding failure due to scan-disk issue on RPi
- Support 'snap debug api' queries to user session agents
- LP: #2112626 Improve progress reporting for snap install/refresh
- Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files
- Fix /v2/apps error for root user when user services are present
- LP: #2114704 Extend output to indicate when snap data snapshot was
created during remove
- Improve how we handle emmc volumes
- Improve handling of system-user extra assertions
-- Ernest Lotter <ernest.lotter@canonical.com> Thu, 18 Sep 2025 10:00:54 +0200
snapd (2.71+ubuntu24.04) noble; urgency=medium
* New upstream release, LP: #2118396
- FDE: auto-repair when recovery key is used
- FDE: revoke keys on shim update
- FDE: revoke old TPM keys when dbx has been updated
- FDE: do not reseal FDE hook keys every time
- FDE: store keys in the kernel keyring when installing from initrd
- FDE: allow disabled DMA on Core
- FDE: snap-bootstrap: do not check for partition in scan-disk on
CVM
- FDE: support secboot preinstall check for 25.10+ hybrid installs
via the /v2/system/{label} endpoint
- FDE: support generating recovery key at install time via the
/v2/systems/{label} endpoint
- FDE: update passphrase quality check at install time via the
/v2/systems/{label} endpoint
- FDE: support replacing recovery key at runtime via the new
/v2/system-volumes endpoint
- FDE: support checking recovery keys at runtime via the /v2/system-
volumes endpoint
- FDE: support enumerating keyslots at runtime via the /v2/system-
volumes endpoint
- FDE: support changing passphrase at runtime via the /v2/system-
volumes endpoint
- FDE: support passphrase quality check at runtime via the
/v2/system-volumes endpoint
- FDE: update secboot to revision 3e181c8edf0f
- Confdb: support lists and indexed paths on read and write
- Confdb: alias references must be wrapped in brackets
- Confdb: support indexed paths in confdb-schema assertion
- Confdb: make API errors consistent with options
- Confdb: fetch confdb-schema assertion on access
- Confdb: prevent --previous from being used in read-side hooks
- Components: fix snap command with multiple components
- Components: set revision of seed components to x1
- Components: unmount extra kernel-modules components mounts
- AppArmor Prompting: add lifespan "session" for prompting rules
- AppArmor Prompting: support restoring prompts after snapd restart
- AppArmor Prompting: limit the extra information included in probed
AppArmor features and system key
- Notices: refactor notice state internals
- SELinux: look for restorecon/matchpathcon at all known locations
rather than current PATH
- SELinux: update policy to allow watching cgroups (for RAA), and
talking to user session agents (service mgmt/refresh)
- Refresh App Awareness: Fix unexpected inotify file descriptor
cleanup
- snap-confine: workaround for glibc fchmodat() fallback and handle
ENOSYS
- snap-confine: add support for host policy for limiting users able
to run snaps
- LP: #2114923 Reject system key mismatch advise when not yet seeded
- Use separate lanes for essential and non-essential snaps during
seeding and allow non-essential installs to retry
- Fix bug preventing remodel from core18 to core18 when snapd snap
is unchanged
- LP: #2112551 Make removal of last active revision of a snap equal
to snap remove
- LP: #2114779 Allow non-gpt in fallback mode to support RPi
- Switch from using systemd LogNamespace to manually controlled
journal quotas
- Change snap command trace logging to only log the command names
- Grant desktop-launch access to /v2/snaps
- Update code for creating the snap journal stream
- Switch from using core to snapd snap for snap debug connectivity
- LP: #2112544 Fix offline remodel case where we switched to a
channel without an actual refresh
- LP: #2112332 Exclude snap/snapd/preseeding when generating preseed
tarball
- LP: #1952500 Fix snap command progress reporting
- LP: #1849346 Interfaces: kerberos-tickets | add new interface
- Interfaces: u2f | add support for Thetis Pro
- Interfaces: u2f | add OneSpan device and fix older device
- Interfaces: pipewire, audio-playback | support pipewire as system
daemon
- Interfaces: gpg-keys | allow access to GPG agent sockets
- Interfaces: usb-gadget | add new interface
- Interfaces: snap-fde-control, firmware-updater-support | add new
interfaces to support FDE
- Interfaces: timezone-control | extend to support timedatectl
varlink
- Interfaces: cpu-control | fix rules for accessing IRQ sysfs and
procfs directories
- Interfaces: microstack-support | allow SR-IOV attachments
- Interfaces: modify AppArmor template to allow snaps to read their
own systemd credentials
- Interfaces: posix-mq | allow stat on /dev/mqueue
- LP: #2098780 Interfaces: log-observe | add capability
dac_read_search
- Interfaces: block-devices | allow access to ZFS pools and datasets
- LP: #2033883 Interfaces: block-devices | opt-in access to
individual partitions
- Interfaces: accel | add new interface to support accel kernel
subsystem
- Interfaces: shutdown | allow client to bind on its side of dbus
socket
- Interfaces: modify seccomp template to allow pwritev2
- Interfaces: modify AppArmor template to allow reading
/proc/sys/fs/nr_open
- Packaging: drop snap.failure service for openSUSE
- Packaging: add SELinux support for openSUSE
- Packaging: disable optee when using nooptee build tag
- Packaging: add support for static PIE builds in snapd.mk, drop
pie.patch from openSUSE
- Packaging: add libcap2-bin runtime dependency for ubuntu-16.04
- Packaging: use snapd.mk for packaging on Fedora
- Packaging: exclude .git directory
- Packaging: fix DPKG_PARSECHANGELOG assignment
- Packaging: fix building on Fedora with dpkg installed
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 25 Jul 2025 13:18:47 +0200
snapd (2.70) xenial; urgency=medium
* New upstream release, LP: #2112209
- FDE: Fix reseal with v1 hook key format
- FDE: set role in TPM keys
- AppArmor prompting (experimental): add handling for expired
requests or listener in the kernel
- AppArmor prompting: log the notification protocol version
negotiated with the kernel
- AppArmor prompting: implement notification protocol v5 (manually
disabled for now)
- AppArmor prompting: register listener ID with the kernel and
resend notifications after snapd restart (requires protocol v5+)
- AppArmor prompting: select interface from metadata tags and set
request interface accordingly (requires protocol v5+)
- AppArmor prompting: include request PID in prompt
- AppArmor prompting: move the max prompt ID file to a subdirectory
of the snap run directory
- AppArmor prompting: avoid race between closing/reading socket fd
- Confdb (experimental): make save/load hooks mandatory if affecting
ephemeral
- Confdb: clear tx state on failed load
- Confdb: modify 'snap sign' formats JSON in assertion bodies (e.g.
confdb-schema)
- Confdb: add NestedEphemeral to confdb schemas
- Confdb: add early concurrency checks
- Simplify building Arch package
- Enable snapd.apparmor on Fedora
- Build snapd snap with libselinux
- Emit snapd.apparmor warning only when using apparmor backend
- When running snap, on system key mismatch e.g. due to network
attached HOME, trigger and wait for a security profiles
regeneration
- Avoid requiring state lock to get user, warnings, or pending
restarts when handling API requests
- Start/stop ssh.socket for core24+ when enabling/disabling the ssh
service
- Allow providing a different base when overriding snap
- Modify snap-bootstrap to mount snapd snap directly to /snap
- Modify snap-bootstrap to mount /lib/{modules,firmware} from snap
as fallback
- Modify core-initrd to use systemctl reboot instead of /sbin/reboot
- Copy the initramfs 'manifest-initramfs.yaml' to initramfs file
creation directory so it can be copied to the kernel snap
- Build the early initrd from installed ucode packages
- Create drivers tree when remodeling from UC20/22 to UC24
- Load gpio-aggregator module before the helper-service needs it
- Run 'systemctl start' for mount units to ensure they are run also
when unchanged
- Update godbus version to 'v5 v5.1.0'
- Add support for POST to /v2/system-info with system-key-mismatch
indication from the client
- Add 'snap sign --update-timestamp' flag to update timestamp before
signing
- Add vfs support for snap-update-ns to use to simulate and evaluate
mount sequences
- Add refresh app awareness debug logging
- Add snap-bootstrap scan-disk subcommand to be called from udev
- Add feature to inject proxy store assertions in build image
- Add OP-TEE bindings, enable by default in ARM and ARM64 builds
- Fix systemd dependency options target to go under 'unit' section
- Fix snap-bootstrap reading kernel snap instead of base resulting
in bad modeenv
- Fix a regression during seeding when using early-config
- LP: #2107443 reset SHELL to /bin/bash in non-classic snaps
- Make Azure kernels reboot upon panic
- Fix snap-confine to not drop capabilities if the original user is
already root
- Fix data race when stopping services
- Fix task dependency issue by temporarily disable re-refresh on
prerequisite updates
- Fix compiling against op-tee on armhf
- Fix dbx update when not using FDE
- Fix potential validation set deadlock due to bases waiting on
snaps
- LP: #2104066 Only cancel notices requests on stop/shutdown
- Interfaces: bool-file | fix gpio glob pattern as required for
'[XXXX]*' format
- Interfaces: system-packages-doc | allow access to
/usr/local/share/doc
- Interfaces: ros-snapd-support interface | added new interface
- Interfaces: udisks2 | allow chown capability
- Interfaces: system-observe | allow reading cpu.max
- Interfaces: serial-port | add ttyMAXX to allowed list
- Interfaces: modified seccomp template to disallow
'O_NOTIFICATION_PIPE'
- Interfaces: fwupd | add support for modem-manager plugin
- Interfaces: gpio-chardev | make unsupported and remove
experimental flag to hide this feature until gpio-aggregator is
available
- Interfaces: hardware-random | fix udev match rule
- Interfaces: timeserver-control | extend to allow timedatectl
timesync commands
- Interfaces: add symlinks backend
- Interfaces: system key mismatch handling
-- Ernest Lotter <ernest.lotter@canonical.com> Tue, 03 Jun 2025 11:46:44 +0200
snapd (2.69) xenial; urgency=medium
* New upstream release, LP: #2105854
- FDE: re-factor listing of the disks based on run mode model and
model to correctly resolve paths
- FDE: run snapd from snap-failure with the correct keyring mode
- Snap components: allow remodeling back to an old snap revision
that includes components
- Snap components: fix remodel to a kernel snap that is already
installed on the system, but not the current kernel due to a
previous remodel.
- Snap components: fix for snapctl inputs that can crash snapd
- Confdb (experimental): load ephemeral data when reading data via
snapctl get
- Confdb (experimental): load ephemeral data when reading data via
snap get
- Confdb (experimental): rename {plug}-view-changed hook to observe-
view-{plug}
- Confdb (experimental): rename confdb assertion to confdb-schema
- Confdb (experimental): change operator grouping in confdb-control
assertion
- Confdb (experimental): add confdb-control API
- AppArmor: extend the probed features to include the presence of
files, as well as directories
- AppArmor prompting (experimental): simplify the listener
- AppArmor metadata tagging (disabled): probe parser support for
tags
- AppArmor metadata tagging (disabled): implement notification
protocol v5
- Confidential VMs: sysroot.mount is now dynamically created by
snap-bootstrap instead of being a static file in the initramfs
- Confidential VMs: Add new implementation of snap integrity API
- Non-suid snap-confine: first phase to replace snap-confine suid
with capabilities to achieve the required permissions
- Initial changes for dynamic security profiles updates
- Provide snap icon fallback for /v2/icons without requiring network
access at runtime
- Add eMMC gadget update support
- Support reexec when using /usr/libexec/snapd on the host (Arch
Linux, openSUSE)
- Auto detect snap mount dir location on unknown distributions
- Modify snap-confine AppArmor template to allow all glibc HWCAPS
subdirectories to prevent launch errors
- LP: #2102456 update secboot to bf2f40ea35c4 and modify snap-
bootstrap to remove usage of go templates to reduce size by 4MB
- Fix snap-bootstrap to mount kernel snap from
/sysroot/writable/system-data
- LP: #2106121 fix snap-bootstrap busy loop
- Fix encoding of time.Time by using omitzero instead of omitempty
(on go 1.24+)
- Fix setting snapd permissions through permctl for openSUSE
- Fix snap struct json tags typo
- Fix snap pack configure hook permissions check incorrect file mode
- Fix gadget snap reinstall to honor existing sizes of partitions
- Fix to update command line when re-executing a snapd tool
- Fix 'snap validate' of specific missing newline and add error on
missed case of 'snap validate --refresh' without another action
- Workaround for snapd-confine time_t size differences between
architectures
- Disallow pack and install of snapd, base and os with specific
configure hooks
- Drop udev build dependency that is no longer required and add
missing systemd-dev dependency
- Build snap-bootstrap with nomanagers tag to decrease size by 1MB
- Interfaces: polkit | support custom polkit rules
- Interfaces: opengl | LP: #2088456 fix GLX on nvidia when xorg is
confined by AppArmor
- Interfaces: log-observe | add missing udev rule
- Interfaces: hostname-control | fix call to hostnamectl in core24
- Interfaces: network-control | allow removing created network
namespaces
- Interfaces: scsi-generic | re-enable base declaration for scsi-
generic plug
- Interfaces: u2f | add support for Arculus AuthentiKey
-- Ernest Lotter <ernest.lotter@canonical.com> Tue, 08 Apr 2025 12:53:39 +0200
snapd (2.68.5) xenial; urgency=medium
* New upstream release, LP: #2098137
- LP: #2109843 fix missing preseed files when running in a container
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 21 May 2025 17:46:09 +0200
snapd (2.68.4) xenial; urgency=medium
* New upstream release, LP: #2098137
- Snap components: LP: #2104933 workaround for classic 24.04/24.10
models that incorrectly specify core22 instead of core24
- Update build dependencies
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 02 Apr 2025 19:48:25 +0200
snapd (2.68.3) xenial; urgency=medium
* New upstream release, LP: #2098137
- FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to
old keyring path
- Fix Plucky snapd deb build issue related to /var/lib/snapd/void
permissions
- Fix snapd deb build complaint about ifneq with extra bracket
-- Ernest Lotter <ernest.lotter@canonical.com> Mon, 10 Mar 2025 20:13:38 +0200
snapd (2.68.2) xenial; urgency=medium
* New upstream release, LP: #2098137
- FDE: use boot mode for FDE hooks
- FDE: add snap-bootstrap compatibility check to prevent image
creation with incompatible snapd and kernel snap
- FDE: add argon2 out-of-process KDF support
- FDE: have separate mutex for the sections writing a fresh modeenv
- FDE: LP: #2099709 update secboot to e07f4ae48e98
- Confdb: support pruning ephemeral data and process alternative
types in order
- core-initrd: look at env to mount directly to /sysroot
- core-initrd: prepare for Plucky build and split out 24.10
(Oracular)
- Fix missing primed packages in snapd snap manifest
- Interfaces: posix-mq | fix incorrect clobbering of global variable
and make interface more precise
- Interfaces: opengl | add more kernel fusion driver files
-- Ernest Lotter <ernest.lotter@canonical.com> Thu, 27 Feb 2025 09:56:20 +0200
snapd (2.68.1) xenial; urgency=medium
* New upstream release, LP: #2098137
- Fix snap-confine type specifier type mismatch on armhf
-- Ernest Lotter <ernest.lotter@canonical.com> Mon, 24 Feb 2025 10:31:49 +0200
snapd (2.68) xenial; urgency=medium
* New upstream release, LP: #2098137
- FDE: add support for new and more extensible key format that is
unified between TPM and FDE hook
- FDE: add support for adding passphrases during installation
- FDE: update secboot to 30317622bbbc
- Snap components: make kernel components available on firstboot
after either initramfs or ephemeral rootfs style install
- Snap components: mount drivers tree from initramfs so kernel
modules are available in early boot stages
- Snap components: support remodeling to models that contain
components
- Snap components: support offline remodeling to models that contain
components
- Snap components: support creating new recovery systems with
components
- Snap components: support downloading components with 'snap
download' command
- Snap components: support sideloading asserted components
- AppArmor Prompting(experimental): improve version checks and
handling of listener notification protocol for communication with
kernel AppArmor
- AppArmor Prompting(experimental): make prompt replies idempotent,
and have at most one rule for any given path pattern, with
potentially mixed outcomes and lifespans
- AppArmor Prompting(experimental): timeout unresolved prompts after
a period of client inactivity
- AppArmor Prompting(experimental): return an error if a patch
request to the API would result in a rule without any permissions
- AppArmor Prompting(experimental): warn if there is no prompting
client present but prompting is enabled, or if a prompting-related
error occurs during snapd startup
- AppArmor Prompting(experimental): do not log error when converting
empty permissions to AppArmor permissions
- Confdb(experimental): rename registries to confdbs (including API
/v2/registries => /v2/confdb)
- Confdb(experimental): support marking confdb schemas as ephemeral
- Confdb(experimental): add confdb-control assertion and feature
flag
- Refresh App Awareness(experimental): LP: #2089195 prevent
possibility of incorrect notification that snap will quit and
update
- Confidential VMs: snap-bootstrap support for loading partition
information from a manifest file for cloudimg-rootfs mode
- Confidential VMs: snap-bootstrap support for setting up cloudimg-
rootfs as an overlayfs with integrity protection
- dm-verity for essential snaps: add support for snap-integrity
assertion
- Interfaces: modify AppArmor template to allow owner read on
@{PROC}/@{pid}/fdinfo/*
- Interfaces: LP: #2072987 modify AppArmor template to allow using
setpriv to run daemon as non-root user
- Interfaces: add configfiles backend that ensures the state of
configuration files in the filesystem
- Interfaces: add ldconfig backend that exposes libraries coming
from snaps to either the rootfs or to other snaps
- Interfaces: LP: #1712808 LP: 1865503 disable udev backend when
inside a container
- Interfaces: add auditd-support interface that grants audit_control
capability and required paths for auditd to function
- Interfaces: add checkbox-support interface that allows
unrestricted access to all devices
- Interfaces: fwupd | allow access to dell bios recovery
- Interfaces: fwupd | allow access to shim and fallback shim
- Interfaces: mount-control | add mount option validator to detect
mount option conflicts early
- Interfaces: cpu-control | add read access to /sys/kernel/irq/
- Interfaces: locale-control | changed to be implicit on Ubuntu Core
Desktop
- Interfaces: microstack-support | support for utilizing of AMD SEV
capabilities
- Interfaces: u2f | added missing OneSpan device product IDs
- Interfaces: auditd-support | grant seccomp setpriority
- Interfaces: opengl interface | enable parsing of nvidia driver
information files
- Allow mksquashfs 'xattrs' when packing snap types os, core, base
and snapd as part of work to support non-root snap-confine
- Upstream/downstream packaging changes and build updates
- Improve error logs for malformed desktop files to also show which
desktop file is at fault
- Provide more precise error message when overriding channels with
grade during seed creation
- Expose 'snap prepare-image' validation parameter
- Add snap-seccomp 'dump' command that dumps the filter rules from a
compiled profile
- Add fallback release info location /etc/initrd-release
- Added core-initrd to snapd repo and fixed issues with ubuntu-core-
initramfs deb builds
- Remove stale robust-mount-namespace-updates experimental feature
flag
- Remove snapd-snap experimental feature (rejected) and it's feature
flag
- Changed snap-bootstrap to mount base directly on /sysroot
- Mount ubuntu-seed mounted as no-{suid,exec,dev}
- Mapping volumes to disks: add support for volume-assignments in
gadget
- Fix silently broken binaries produced by distro patchelf 0.14.3 by
using locally build patchelf 0.18
- Fix mismatch between listed refresh candidates and actual refresh
due to outdated validation sets
- Fix 'snap get' to produce compact listing for tty
- Fix missing store-url by keeping it as part of auxiliary store
info
- Fix snap-confine attempting to retrieve device cgroup setup inside
container where it is not available
- Fix 'snap set' and 'snap get' panic on empty strings with early
error checking
- Fix logger debug entries to show correct caller and file
information
- Fix issue preventing hybrid systems from being seeded on first
boot
- LP: #1966203 remove auto-import udev rules not required by deb
package to avoid unwanted syslog errors
- LP: #1886414 fix progress reporting when stdout is on a tty, but
stdin is not
-- Ernest Lotter <ernest.lotter@canonical.com> Thu, 13 Feb 2025 12:42:09 +0200
snapd (2.67.1) xenial; urgency=medium
* New upstream release, LP: #2089691
- Fix apparmor permissions to allow snaps access to kernel modules
and firmware on UC24, which also fixes the kernel-modules-control
interface on UC24
- AppArmor prompting (experimental): disallow /./ and /../ in path
patterns
- Fix 'snap run' getent based user lookup in case of bad PATH
- Fix snapd using the incorrect AppArmor version during undo of an
refresh for regenerating snap profiles
- Add new syscalls to base templates
- hardware-observe interface: allow riscv_hwprobe syscall
- mount-observe interface: allow listmount and statmount syscalls
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 15 Jan 2025 22:02:37 +0200
snapd (2.67) xenial; urgency=medium
* New upstream release, LP: #2089691
- AppArmor prompting (experimental): allow overlapping rules
- Registry view (experimental): Changes to registry data (from both
users and snaps) can be validated and saved by custodian snaps
- Registry view (experimental): Support 'snapctl get --pristine' to
read the registry data excluding staged transaction changes
- Registry view (experimental): Put registry commands behind
experimental feature flag
- Components: Make modules shipped/created by kernel-modules
components available right after reboot
- Components: Add tab completion for local component files
- Components: Allow installing snaps and components from local files
jointly on the CLI
- Components: Allow 'snapctl model' command for gadget and kernel
snaps
- Components: Add 'snap components' command
- Components: Bug fixes
- eMMC gadget updates (WIP): add syntax support in gadget.yaml for
eMMC schema
- Support for ephemeral recovery mode on hybrid systems
- Support for dm-verity options in snap-bootstrap
- Support for overlayfs options and allow empty what argument for
tmpfs
- Enable ubuntu-image to determine the size of the disk image to
create
- Expose 'snap debug' commands 'validate-seed' and 'seeding'
- Add debug API option to use dedicated snap socket /run/snapd-
snap.socket
- Hide experimental features that are no longer required
(accepted/rejected)
- Mount ubuntu-save partition with no{exec,dev,suid} at install, run
and factory-reset
- Improve memory controller support with cgroup v2
- Support ssh socket activation configurations (used by ubuntu
22.10+)
- Fix generation of AppArmor profile with incorrect revision during
multi snap refresh
- Fix refresh app awareness related deadlock edge case
- Fix not caching delta updated snap download
- Fix passing non root uid, guid to initial tmpfs mount
- Fix ignoring snaps in try mode when amending
- Fix reloading of service activation units to avoid systemd errors
- Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
updates PPA
- Make killing of snap apps best effort to avoid possibility of
malicious failure loop
- Alleviate impact of auto-refresh failure loop with progressive
delay
- Dropped timedatex in selinux-policy to avoid runtime issue
- Fix missing syscalls in seccomp profile
- Modify AppArmor template to allow using SNAP_REEXEC on arch
systems
- Modify AppArmor template to allow using vim.tiny (available in
base snaps)
- Modify AppArmor template to add read-access to debian_version
- Modify AppArmor template to allow owner to read
@{PROC}/@{pid}/sessionid
- {common,personal,system}-files interface: prohibit trailing @ in
filepaths
- {desktop,shutdown,system-observe,upower-observe} interface:
improve for Ubuntu Core Desktop
- custom-device interface: allow @ in custom-device filepaths
- desktop interface: improve launch entry and systray integration
with session
- desktop-legacy interface: allow DBus access to
com.canonical.dbusmenu
- fwupd interface: allow access to nvmem for thunderbolt plugin
- mpris interface: add plasmashell as label
- mount-control interface: add support for nfs mounts
- network-{control,manager} interface: add missing dbus link rules
- network-manager-observe interface: add getDevices methods
- opengl interface: add Kernel Fusion Driver access to opengl
- screen-inhibit-control interface: improve screen inhibit control
for use on core
- udisks2 interface: allow ping of the UDisks2 service
- u2f-devices interface: add Nitrokey Passkey
-- Ernest Lotter <ernest.lotter@canonical.com> Mon, 02 Dec 2024 23:14:24 +0200
snapd (2.66.1) xenial; urgency=medium
* New upstream release, LP: #2083490
- AppArmor prompting (experimental): Fix kernel prompting support
check
- Allow kernel snaps to have content slots
- Fix ignoring snaps in try mode when amending
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 11 Oct 2024 10:05:46 +0200
snapd (2.66) xenial; urgency=medium
* New upstream release, LP: #2083490
- AppArmor prompting (experimental): expand kernel support checks
- AppArmor prompting (experimental): consolidate error messages and
add error kinds
- AppArmor prompting (experimental): grant /v2/snaps/{name} via
snap-interfaces-requests-control
- AppArmor prompting (experimental): add checks for duplicate
pattern variants
- Registry views (experimental): add handlers that commit (and
cleanup) registry transactions
- Registry views (experimental): add a snapctl fail command for
rejecting registry transactions
- Registry views (experimental): allow custodian snaps to implement
registry hooks that modify and save registry data
- Registry views (experimental): run view-changed hooks only for
snaps plugging views affected by modified paths
- Registry views (experimental): make registry transactions
serialisable
- Snap components: handle refreshing components to revisions that
have been on the system before
- Snap components: enable creating Ubuntu Core images that contain
components
- Snap components: handle refreshing components independently of
snaps
- Snap components: handle removing components when refreshing a snap
that no longer defines them
- Snap components: extend snapd Ubuntu Core installation API to
allow for picking optional snaps and components to install
- Snap components: extend kernel.yaml with "dynamic-modules",
allowing kernel to define a location for kmods from component
hooks
- Snap components: renamed component type "test" to "standard"
- Desktop IDs: support installing desktop files with custom names
based on desktop-file-ids desktop interface plug attr
- Auto-install snapd on classic systems as prerequisite for any non-
essential snap install
- Support loading AppArmor profiles on WSL2 with non-default kernel
and securityfs mounted
- Debian/Fedora packaging updates
- Add snap debug command for investigating execution aspects of the
snap toolchain
- Improve snap pack error for easier parsing
- Add support for user services when refreshing snaps
- Add snap remove --terminate flag for terminating running snap
processes
- Support building FIPS complaint snapd deb and snap
- Fix to not use nss when looking up for users/groups from snapd
snap
- Fix ordering in which layout changes are saved
- Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and
related variables
- Fix libexec dir for openSUSE Slowroll
- Fix handling of the shared snap directory for parallel installs
- Allow writing to /run/systemd/journal/dev-log by default
- Avoid state lock during snap removal to avoid delaying other snapd
operations
- Add nomad-support interface to enable running Hashicorp Nomad
- Add intel-qat interface
- u2f-devices interface: add u2f trustkey t120 product id and fx
series fido u2f devices
- desktop interface: improve integration with xdg-desktop-portal
- desktop interface: add desktop-file-ids plug attr to desktop
interface
- unity7 interface: support desktop-file-ids in desktop files rule
generation
- desktop-legacy interface: support desktop-file-ids in desktop
files rule generation
- desktop-legacy interface: grant access to gcin socket location
- login-session-observe interface: allow introspection
- custom-device interface: allow to explicitly identify matching
device in udev tagging block
- system-packages-doc interface: allow reading /usr/share/javascript
- modem-manager interface: add new format of WWAN ports
- pcscd interface: allow pcscd to read opensc.conf
- cpu-control interface: add IRQ affinity control to cpu_control
- opengl interface: add support for cuda workloads on Tegra iGPU in
opengl interface
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 04 Oct 2024 14:22:03 +0200
snapd (2.65.3) xenial; urgency=medium
* New upstream release, LP: #2077473
- Fix missing aux info from store on snap setup
-- Ernest Lotter <ernest.lotter@canonical.com> Thu, 12 Sep 2024 09:40:17 +0200
snapd (2.65.2) xenial; urgency=medium
* New upstream release, LP: #2077473
- Bump squashfuse from version 0.5.0 to 0.5.2 (used in snapd deb
only)
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 06 Sep 2024 17:08:45 +0200
snapd (2.65.1) xenial; urgency=medium
* New upstream release, LP: #2077473
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to latest 4.0.2 release
- AppArmor: enable using ABI 4.0 from host parser
- AppArmor: fix parser lookup
- AppArmor: support AppArmor snippet priorities
- AppArmor: allow reading cgroup memory.max file
- AppArmor: allow using snap-exec coming from the snapd snap when
starting a confined process with jailmode
- AppArmor prompting (experimental): add checks for prompting
support, include prompting status in system key, and restart snapd
if prompting flag changes
- AppArmor prompting (experimental): include prompt prefix in
AppArmor rules if prompting is supported and enabled
- AppArmor prompting (experimental): add common types, constraints,
and mappings from AppArmor permissions to abstract permissions
- AppArmor prompting (experimental): add path pattern parsing and
matching
- AppArmor prompting (experimental): add path pattern precedence
based on specificity
- AppArmor prompting (experimental): add packages to manage
outstanding request prompts and rules
- AppArmor prompting (experimental): add prompting API and notice
types, which require snap-interfaces-requests-control interface
- AppArmor prompting (experimental): feature flag can only be
enabled if prompting is supported, handler service connected, and
the service can be started
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views and
setting/unsetting registry data using snapctl
- Registry views (experimental): fetch and refresh registry
assertions as needed
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store
- Snap components: support removing components individually and
during snap removal
- Snap components: support kernel modules as components
- Snap components: support for component install, pre-refresh and
post-refresh hooks
- Snap components: initial support for building systems that contain
components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Improve snap-confine compatibility with nvidia drivers
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Allow mixing revision and channel on snap install
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug API command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Add options system.coredump.enable and system.coredump.maxuse to
support using systemd-coredump on Ubuntu Core
- Provide documentation URL for 'snap interface '
- Fix snapd riscv64 build
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Fix parsing /proc/PID/mounts with spaces
- Add registry interface that provides snaps access to a particular
registry view
- Add snap-interfaces-requests-control interface to enable prompting
client snaps
- steam-support interface: remove all AppArmor and seccomp
restrictions to improve user experience
- opengl interface: improve compatibility with nvidia drivers
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
- network-control interface: allow wpa_supplicant dbus api
- gpio-control interface: support gpiochip* devices
- polkit interface: fix "rw" mount option check
- u2f-devices interface: enable additional security keys
- desktop interface: enable kde theming support
-- Ernest Lotter <ernest.lotter@canonical.com> Sat, 24 Aug 2024 10:31:20 +0200
snapd (2.65) xenial; urgency=medium
* New upstream release, LP: #2077473
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to latest 4.0.2 release
- AppArmor: enable using ABI 4.0 from host parser
- AppArmor: fix parser lookup
- AppArmor: support AppArmor snippet priorities
- AppArmor: allow reading cgroup memory.max file
- AppArmor: allow using snap-exec coming from the snapd snap when
starting a confined process with jailmode
- AppArmor prompting (experimental): add checks for prompting
support, include prompting status in system key, and restart snapd
if prompting flag changes
- AppArmor prompting (experimental): include prompt prefix in
AppArmor rules if prompting is supported and enabled
- AppArmor prompting (experimental): add common types, constraints,
and mappings from AppArmor permissions to abstract permissions
- AppArmor prompting (experimental): add path pattern parsing and
matching
- AppArmor prompting (experimental): add path pattern precedence
based on specificity
- AppArmor prompting (experimental): add packages to manage
outstanding request prompts and rules
- AppArmor prompting (experimental): add prompting API and notice
types, which require snap-interfaces-requests-control interface
- AppArmor prompting (experimental): feature flag can only be
enabled if prompting is supported, handler service connected, and
the service can be started
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views and
setting/unsetting registry data using snapctl
- Registry views (experimental): fetch and refresh registry
assertions as needed
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store
- Snap components: support removing components individually and
during snap removal
- Snap components: support kernel modules as components
- Snap components: support for component install, pre-refresh and
post-refresh hooks
- Snap components: initial support for building systems that contain
components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Improve snap-confine compatibility with nvidia drivers
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Allow mixing revision and channel on snap install
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug API command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Add options system.coredump.enable and system.coredump.maxuse to
support using systemd-coredump on Ubuntu Core
- Provide documentation URL for 'snap interface '
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Fix parsing /proc/PID/mounts with spaces
- Add registry interface that provides snaps access to a particular
registry view
- Add snap-interfaces-requests-control interface to enable prompting
client snaps
- steam-support interface: remove all AppArmor and seccomp
restrictions to improve user experience
- opengl interface: improve compatibility with nvidia drivers
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
- network-control interface: allow wpa_supplicant dbus api
- gpio-control interface: support gpiochip* devices
- polkit interface: fix "rw" mount option check
- u2f-devices interface: enable additional security keys
- desktop interface: enable kde theming support
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 23 Aug 2024 08:49:28 +0200
snapd (2.64) xenial; urgency=medium
* New upstream release, LP: #2072986
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to AppArmor 4.0.1
- AppArmor: support AppArmor snippet priorities
- AppArmor prompting: add checks for prompting support, include
prompting status in system key, and restart snapd if prompting
flag changes
- AppArmor prompting: include prompt prefix in AppArmor rules if
prompting is supported and enabled
- AppArmor prompting: add common types, constraints, and mappings
from AppArmor permissions to abstract permissions
- AppArmor prompting: add path pattern parsing and matching
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views
using snapctl
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store (no
REST API/CLI)
- Snap components: support removing components (REST API, no CLI)
- Snap components: started support for component hooks
- Snap components: support kernel modules as components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug api command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Add registry interface that provides snaps access to a particular
registry view
- steam-support interface: relaxed AppArmor and seccomp restrictions
to improve user experience
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 24 Jul 2024 21:11:59 +0200
snapd (2.63) xenial; urgency=medium
* New upstream release, LP: #2061179
- Support for snap services to show the current status of user
services (experimental)
- Refresh app awareness: record snap-run-inhibit notice when
starting app from snap that is busy with refresh (experimental)
- Refresh app awareness: use warnings as fallback for desktop
notifications (experimental)
- Aspect based configuration: make request fields in the aspect-
bundle's rules optional (experimental)
- Aspect based configuration: make map keys conform to the same
format as path sub-keys (experimental)
- Aspect based configuration: make unset and set behaviour similar
to configuration options (experimental)
- Aspect based configuration: limit nesting level for setting value
(experimental)
- Components: use symlinks to point active snap component revisions
- Components: add model assertion support for components
- Components: fix to ensure local component installation always gets
a new revision number
- Add basic support for a CIFS remote filesystem-based home
directory
- Add support for AppArmor profile kill mode to avoid snap-confine
error
- Allow more than one interface to grant access to the same API
endpoint or notice type
- Allow all snapd service's control group processes to send systemd
notifications to prevent warnings flooding the log
- Enable not preseeded single boot install
- Update secboot to handle new sbatlevel
- Fix to not use cgroup for non-strict confined snaps (devmode,
classic)
- Fix two race conditions relating to freedesktop notifications
- Fix missing tunables in snap-update-ns AppArmor template
- Fix rejection of snapd snap udev command line by older host snap-
device-helper
- Rework seccomp allow/deny list
- Clean up files removed by gadgets
- Remove non-viable boot chains to avoid secboot failure
- posix_mq interface: add support for missing time64 mqueue syscalls
mq_timedreceive_time64 and mq_timedsend_time64
- password-manager-service interface: allow kwalletd version 6
- kubernetes-support interface: allow SOCK_SEQPACKET sockets
- system-observe interface: allow listing systemd units and their
properties
- opengl interface: enable use of nvidia container toolkit CDI
config generation
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 24 Apr 2024 02:00:39 +0200
snapd (2.62) xenial; urgency=medium
* New upstream release, LP: #2058277
- Aspects based configuration schema support (experimental)
- Refresh app awareness support for UI (experimental)
- Support for user daemons by introducing new control switches
--user/--system/--users for service start/stop/restart
(experimental)
- Add AppArmor prompting experimental flag (feature currently
unsupported)
- Installation of local snap components of type test
- Packaging of components with snap pack
- Expose experimental features supported/enabled in snapd REST API
endpoint /v2/system-info
- Support creating and removing recovery systems for use by factory
reset
- Enable API route for creating and removing recovery systems using
/v2/systems with action create and /v2/systems/{label} with action
remove
- Lift requirements for fde-setup hook for single boot install
- Enable single reboot gadget update for UC20+
- Allow core to be removed on classic systems
- Support for remodeling on hybrid systems
- Install desktop files on Ubuntu Core and update after snapd
upgrade
- Upgrade sandbox features to account for cgroup v2 device filtering
- Support snaps to manage their own cgroups
- Add support for AppArmor 4.0 unconfined profile mode
- Add AppArmor based read access to /etc/default/keyboard
- Upgrade to squashfuse 0.5.0
- Support useradd utility to enable removing Perl dependency for
UC24+
- Support for recovery-chooser to use console-conf snap
- Add support for --uid/--gid using strace-static
- Add support for notices (from pebble) and expose via the snapd
REST API endpoints /v2/notices and /v2/notice
- Add polkit authentication for snapd REST API endpoints
/v2/snaps/{snap}/conf and /v2/apps
- Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
- Add refresh-inhibited select query to REST API endpoint /v2/snaps
- Take into account validation sets during remodeling
- Improve offline remodeling to use installed revisions of snaps to
fulfill the remodel revision requirement
- Add rpi configuration option sdtv_mode
- When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
present on host
- Fix gadget zero-sized disk mapping caused by not ignoring zero
sized storage traits
- Fix gadget install case where size of existing partition was not
correctly taken into account
- Fix trying to unmount early kernel mount if it does not exist
- Fix restarting mount units on snapd start
- Fix call to udev in preseed mode
- Fix to ensure always setting up the device cgroup for base bare
and core24+
- Fix not copying data from newly set homedirs on revision change
- Fix leaving behind empty snap home directories after snap is
removed (resulting in broken symlink)
- Fix to avoid using libzstd from host by adding to snapd snap
- Fix autorefresh to correctly handle forever refresh hold
- Fix username regex allowed for system-user assertion to not allow
'+'
- Fix incorrect application icon for notification after autorefresh
completion
- Fix to restart mount units when changed
- Fix to support AppArmor running under incus
- Fix case of snap-update-ns dropping synthetic mounts due to
failure to match desired mount dependencies
- Fix parsing of base snap version to enable pre-seeding of Ubuntu
Core Desktop
- Fix packaging and tests for various distributions
- Add remoteproc interface to allow developers to interact with
Remote Processor Framework which enables snaps to load firmware to
ARM Cortex microcontrollers
- Add kernel-control interface to enable controlling the kernel
firmware search path
- Add nfs-mount interface to allow mounting of NFS shares
- Add ros-opt-data interface to allow snaps to access the host
/opt/ros/ paths
- Add snap-refresh-observe interface that provides refresh-app-
awareness clients access to relevant snapd API endpoints
- steam-support interface: generalize Pressure Vessel root paths and
allow access to driver information, features and container
versions
- steam-support interface: make implicit on Ubuntu Core Desktop
- desktop interface: improved support for Ubuntu Core Desktop and
limit autoconnection to implicit slots
- cups-control interface: make autoconnect depend on presence of
cupsd on host to ensure it works on classic systems
- opengl interface: allow read access to /usr/share/nvidia
- personal-files interface: extend to support automatic creation of
missing parent directories in write paths
- network-control interface: allow creating /run/resolveconf
- network-setup-control and network-setup-observe interfaces: allow
busctl bind as required for systemd 254+
- libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
ro and read access to /var/lib/libvirt/dnsmasq/**
- fwupd interface: allow access to IMPI devices (including locking
of device nodes), sysfs attributes needed by amdgpu and the COD
capsule update directory
- uio interface: allow configuring UIO drivers from userspace
libraries
- serial-port interface: add support for NXP Layerscape SoC
- lxd-support interface: add attribute enable-unconfined-mode to
require LXD to opt-in to run unconfined
- block-devices interface: add support for ZFS volumes
- system-packages-doc interface: add support for reading jquery and
sphinx documentation
- system-packages-doc interface: workaround to prevent autoconnect
failure for snaps using base bare
- microceph-support interface: allow more types of block devices to
be added as an OSD
- mount-observe interface: allow read access to
/proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
- polkit interface: changed to not be implicit on core because
installing policy files is not possible
- upower-observe interface: allow stats refresh
- gpg-public-keys interface: allow creating lock file for certain
gpg operations
- shutdown interface: allow access to SetRebootParameter method
- media-control interface: allow device file locking
- u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
Kensington VeriMark Guard, RSA DS100, Google Titan v2
-- Ernest Lotter <ernest.lotter@canonical.com> Thu, 21 Mar 2024 22:06:09 +0200
snapd (2.61.3) xenial; urgency=medium
* New upstream release, LP: #2039017
- Install systemd files in correct location for 24.04
-- Ernest Lotter <ernest.lotter@canonical.com> Wed, 06 Mar 2024 23:18:11 +0200
snapd (2.61.2) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix to enable plug/slot sanitization for prepare-image
- Fix panic when device-service.access=offline
- Support offline remodeling
- Allow offline update only remodels without serial
- Fail early when remodeling to old model revision
- Fix to enable plug/slot sanitization for validate-seed
- Allow removal of core snap on classic systems
- Fix network-control interface denial for file lock on /run/netns
- Add well-known core24 snap-id
- Fix remodel snap installation order
- Prevent remodeling from UC18+ to UC16
- Fix cups auto-connect on classic with cups snap installed
- u2f-devices interface support for GoTrust Idem Key with USB-C
- Fix to restore services after unlink failure
- Add libcudnn.so to Nvidia libraries
- Fix skipping base snap download due to false snapd downgrade
conflict
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 16 Feb 2024 20:22:23 +0200
snapd (2.61.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- Stop requiring default provider snaps on image building and first
boot if alternative providers are included and available
- Fix auth.json access for login as non-root group ID
- Fix incorrect remodelling conflict when changing track to older
snapd version
- Improved check-rerefresh message
- Fix UC16/18 kernel/gadget update failure due volume mismatch with
installed disk
- Stop auto-import of assertions during install modes
- Desktop interface exposes GetIdletime
- Polkit interface support for new polkit versions
- Fix not applying snapd snap changes in tracked channel when remodelling
-- Ernest Lotter <ernest.lotter@canonical.com> Fri, 24 Nov 2023 10:22:55 +0200
snapd (2.61) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix control of activated services in 'snap start' and 'snap stop'
- Correctly reflect activated services in 'snap services'
- Disabled services are no longer enabled again when snap is
refreshed
- interfaces/builtin: added support for Token2 U2F keys
- interfaces/u2f-devices: add Swissbit iShield Key
- interfaces/builtin: update gpio apparmor to match pattern that
contains multiple subdirectories under /sys/devices/platform
- interfaces: add a polkit-agent interface
- interfaces: add pcscd interface
- Kernel command-line can now be edited in the gadget.yaml
- Only track validation-sets in run-mode, fixes validation-set
issues on first boot.
- Added support for using store.access to disable access to snap
store
- Support for fat16 partition in gadget
- Pre-seed authority delegation is now possible
- Support new system-user name daemon
- Several bug fixes and improvements around remodelling
- Offline remodelling support
-- Philip Meulengracht <philip.meulengracht@canonical.com> Fri, 13 Oct 2023 13:06:02 +0200
snapd (2.60.4) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 15 Sep 2023 20:46:59 +0200
snapd (2.60.3) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/shared-memory: handle "private" plug attribute in shared-
memory interface correctly
- i/apparmor: support for home.d tunables from /etc/
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 25 Aug 2023 18:36:50 +0200
snapd (2.60.2) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Aug 2023 12:14:04 +0200
snapd (2.60.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include "modprobe.d" and "modules-load.d" in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using `-O no-expr-simplify` in apparmor_parser
- go.mod: update secboot to latest uc22 branch
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 04 Jul 2023 21:21:48 +0200
snapd (2.60) xenial; urgency=medium
* New upstream release, LP: #2024007
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New `snap sign --chain` flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new "min-size" field in gadget.yaml
- New interface: "userns"
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 15 Jun 2023 17:14:31 +0200
snapd (2.59.5) xenial; urgency=medium
* New upstream release, LP: #2009946
- Explicitly disallow the use of ioctl + TIOCLINUX
This fixes CVE-2023-1523.
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 27 May 2023 09:44:43 +0200
snapd (2.59.4) xenial; urgency=medium
* New upstream release, LP: #2009946
- Retry when looking for disk label on non-UEFI systems
(LP: #2018977)
- Fix remodel from UC20 to UC22
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 12 May 2023 10:15:57 +0200
snapd (2.59.3) xenial; urgency=medium
* New upstream release, LP: #2009946
- Fix quiet boot
- i/b/physical_memory_observe: allow reading virt-phys page mappings
- gadget: warn instead of returning error if overlapping with GPT
header
- overlord,wrappers: restart always enabled units
- go.mod: update github.com/snapcore/secboot to latest uc22
- boot: make sure we update assets for the system-seed-null role
- many: ignore case for vfat partitions when validating
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 03 May 2023 12:31:00 +0200
snapd (2.59.2) xenial; urgency=medium
* New upstream release, LP: #2009946
- Notify users when a user triggered auto refresh finished
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 18 Apr 2023 19:46:10 +0200
snapd (2.59.1) xenial; urgency=medium
* New upstream release, LP: #2009946
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 28 Mar 2023 20:58:44 +0200
snapd (2.59) xenial; urgency=medium
* New upstream release, LP: #2009946
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list
- Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of
the snap when all apps are closed
- New microovn interface
- Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`
- Make "snap-preseed --reset" re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
`SNAPD_CLIENT_DEBUG_HTTP` environment variable
- Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into
the image, including in the kernel initrd, to fetch supported
assertion formats
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Mar 2023 12:51:26 +0100
snapd (2.58.3) xenial; urgency=medium
* New upstream release, LP: #1998462
- interfaces/screen-inhibit-control: Add support for xfce-power-
manager
- interfaces/network-manager: do not show ptrace read
denials
- interfaces: relax rules for mount-control `what` for functionfs
- cmd/snap-bootstrap: add support for snapd_system_disk
- interfaces/modem-manager: add net_admin capability
- interfaces/network-manager: add permission for OpenVPN
- httputil: fix checking x509 certification error on go 1.20
- i/b/fwupd: allow reading host os-release
- boot: on classic+modes `MarkBootSuccessfull` does not need a base
- boot: do not include `base=` in modeenv for classic+modes installs
- tests: add spread test that validates revert on boot for core does
not happen on classic+modes
- snapstate: only take boot participants into account in
UpdateBootRevisions
- snapstate: refactor UpdateBootRevisions() to make it easier to
check for boot.SnapTypeParticipatesInBoot()
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 21 Feb 2023 17:14:50 +0100
snapd (2.58.2) xenial; urgency=medium
* New upstream release, LP: #1998462
- bootloader: fix dirty build by hardcoding copyright year
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 25 Jan 2023 20:02:08 +0100
snapd (2.58.1) xenial; urgency=medium
* New upstream release, LP: #1998462
- secboot: detect lockout mode in CheckTPMKeySealingSupported
- cmd/snap-update-ns: prevent keeping unneeded mountpoints
- o/snapstate: do not infinitely retry when an update fails during
seeding
- interfaces/modem-manager: add permissions for NETLINK_ROUTE
- systemd/emulation.go: use `systemctl --root` to enable/disable
- snap: provide more error context in `NotSnapError`
- interfaces: add read access to /run for cryptsetup
- boot: avoid reboot loop if there is a bad try kernel
- devicestate: retry serial acquire on time based certificate
errors
- o/devicestate: run systemctl daemon-reload after install-device
hook
- cmd/snap,daemon: add 'held' to notes in 'snap list'
- o/snapshotstate: check snapshots are self-contained on import
- cmd/snap: show user+gating hold info in 'snap info'
- daemon: expose user and gating holds at /v2/snaps/{name}
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 23 Jan 2023 18:03:40 +0100
snapd (2.58) xenial; urgency=medium
* New upstream release, LP: #1998462
- many: Use /tmp/snap-private-tmp for per-snap private tmps
- data: Add systemd-tmpfiles configuration to create private tmp dir
- cmd/snap: test allowed and forbidden refresh hold values
- cmd/snap: be more consistent in --hold help and err messages
- cmd/snap: error on refresh holds that are negative or too short
- o/homedirs: make sure we do not write to /var on build time
- image: make sure file customizations happen also when we have
defaultscause
- tests/fde-on-classic: set ubuntu-seed label in seed partitions
- gadget: system-seed-null should also have fs label ubuntu-seed
- many: gadget.HasRole, ubuntu-seed can come also from system-seed-
null
- o/devicestate: fix paths for retrieving recovery key on classic
- cmd/snap-confine: do not discard const qualifier
- interfaces: allow python3.10+ in the default template
- o/restart: fix PendingForSystemRestart
- interfaces: allow wayland slot snaps to access shm files created
by Firefox
- o/assertstate: add Sequence() to val set tracking
- o/assertstate: set val set 'Current' to pinned sequence
- tests: tweak the libvirt interface test to work on 22.10
- tests: use system-seed-null role on classic with modes tests
- boot: add directory for data on install
- o/devicestate: change some names from esp to seed/seed-null
- gadget: add system-seed-null role
- o/devicestate: really add error to new error message
- restart,snapstate: implement reboot-required notifications on
classic
- many: avoid automatic system restarts on classic through new
overlord/restart logic
- release: Fix WSL detection in LXD
- o/state: introduce WaitStatus
- interfaces: Fix desktop interface rules for document portal
- client: remove classic check for `snap recovery --show-
keys`
- many: create snapd.mounts targets to schedule mount units
- image: enable sysfs overlay for UC preseeding
- i/b/network-control: add permissions for using AF_XDP
- i/apparmor: move mocking of home and overlay conditions to osutil
- tests/main/degraded: ignore man-db update failures in CentOS
- cmd/snap: fix panic when running snap w/ flag but w/o subcommand
- tests: save snaps generated during image preaparation
- tests: skip building snapd based on new env var
- client: remove misleading comments in ValidateApplyOptions
- boot/seal: add debug traces for bootchains
- bootloader/assets: fix grub.cfg when there are no labels
- cmd/snap: improve refresh hold's output
- packaging: enable BPF in RHEL9
- packaging: do not traverse filesystems in postrm script
- tests: get microk8s from another branch
- bootloader: do not specify Core version in grub entry
- many: refresh --hold follow-up
- many: support refresh hold/unhold to API and CLI
- many: expand fully handling links mapping in all components, in
the API and in snap info
- snap/system_usernames,tests: Azure IoT Edge system usernames
- interface: Allow access to
org.freedesktop.DBus.ListActivatableNames via system-observe
interface
- o/devicestate,daemon: use the expiration date from the assertion
in user-state and REST api (user-removal 4/n)
- gadget: add unit tests for new install functions for FDE on
classic
- cmd/snap-seccomp: fix typo in AF_XDP value
- tests/connected-after-reboot-revert: run also on UC16
- kvm: allow read of AMD-SEV parameters
- data: tweak apt integration config var
- o/c/configcore: add faillock configuration
- tests: use dbus-daemon instead of dbus-launch
- packaging: remove unclean debian-sid patch
- asserts: add keyword 'user-presence' keyword in system-user
assertion (auto-removal 3/n)
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- aspects: initial code
- overlord: process auto-import assertion at first boot
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- tests: fix lxd-mount-units in ubuntu kinetic
- tests: new variable used to configure the kernel command line in
nested tests
- go.mod: update to newer secboot/uc22 branch
- autopkgtests: fix running autopkgtest on kinetic
- tests: remove squashfs leftovers in fakeinstaller
- tests: create partition table in fakeinstaller
- o/ifacestate: introduce DebugAutoConnectCheck hook
- tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested
helper
- interfaces/polkit: do not require polkit directory if no file is
needed
- o/snapstate: be consistent not creating per-snap save dirs for
classic models
- inhibit: use hintFile()
- tests: use `snap prepare-image` in fde-on-classic mk-image.sh
- interfaces: add microceph interface
- seccomp: allow opening XDP sockets
- interfaces: allow access to icon subdirectories
- tests: add minimal-smoke test for UC22 and increase minimal RAM
- overlord: introduce hold levels in the snapstate.Hold* API
- o/devicestate: support mounting ubuntu-save also on classic with
modes
- interfaces: steam-support allow additional mounts
- fakeinstaller: format SystemDetails result with %+v
- cmd/libsnap-confine-private: do not panic on chmod failure
- tests: ensure that fakeinstaller put the seed into the right place
- many: add stub services for prompting
- tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies
- o/snapstate: fix snaps-hold pruning/reset in the presence of
system holding
- many: add support for setting up encryption from installer
- many: support classic snaps in the context of classic and extended
models
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate limit
- boot,o/devicestate: extend HasFDESetupHook to consider unrelated
kernels
- cmd/snap: validation set refresh-enforce CLI support + spread test
- many: fix filenames written in modeenv for base/gadget plus drive-
by TODO
- seed: fix seed test to use a pseudo-random byte sequence
- cmd/snap-confine: remove setuid calls from cgroup init code
- boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem
- devicestate,boot,tests: make `fakeinstaller` test work
- store: send Snap-Device-Location header with cloud information
- overlord: fix unit tests after merging master in
- o/auth: move HasUserExpired into UserState and name it HasExpired,
and add unit tests for this
- o/auth: rename NewUserData to NewUserParams
- many: implementation of finish install step handlers
- overlord: auto-resolve validation set enforcement constraints
- i/backends,o/ifacestate: cleanup backends.All
- cmd/snap-confine: move bind-mount setup into separate function
- tests/main/mount-ns: update namespace for 18.04
- o/state: Hold pseudo-error for explicit holding, concept of
pending changes in prune logic
- many: support extended classic models that omit kernel/gadget
- data/selinux: allow snapd to detect WSL
- overlord: add code to remove users that has an expiration date set
- wrappers,snap/quota: clear LogsDirectory= in the service unit for
journal namespaces
- daemon: move user add, remove operations to overlord device state
- gadget: implement write content from gadget information
- {device,snap}state: fix ineffectual assignments
- daemon: support validation set refresh+enforce in API
- many: rename AddAffected* to RegisterAffected*, add
Change|State.Has, fix a comment
- many: reset store session when setting proxy.store
- overlord/ifacestate: fix conflict detection of auto-connection
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- many: don't concatenate non-constant format strings
- o/devicestate: fix non-compiling test
- release, snapd-apparmor: fixed outdated WSL detection
- many: add todos discussed in the review in
tests/nested/manual/fde-on-classic, snapstate cleanups
- overlord: run install-device hook during factory reset
- i/b/mount-control: add optional `/` to umount rules
- gadget/install: split Run in several functions
- o/devicestate: refactor some methods as preparation for install
steps implementation
- tests: fix how snaps are cached in uc22
- tests/main/cgroup-tracking-failure: fix rare failure in Xenial and
Bionic
- many: make {Install,Initramfs}{{,Host},Writable}Dir a function
- tests/nested/manual/core20: fix manual test after changes to
'tests.nested exec'
- tests: move the unit tests system to 22.04 in github actions
workflow
- tests: fix nested errors uc20
- boot: rewrite switch in SnapTypeParticipatesInBoot()
- gadget: refactor to allow usage from the installer
- overlord/devicestate: support for mounting ubuntu-save before the
install-device hook
- many: allow to install/update kernels/gadgets on classic with
modes
- tests: fix issues related to dbus session and localtime in uc18
- many: support home dirs located deeper under /home
- many: refactor tests to use explicit strings instead of
boot.Install{Initramfs,Host}{Writable,FDEData}Dir
- boot: add factory-reset cases for boot-flags
- tests: disable quota tests on arm devices using ubuntu core
- tests: fix unbound SPREAD_PATH variable on nested debug session
- overlord: start turning restart into a full state manager
- boot: apply boot logic also for classic with modes boot snaps
- tests: fix snap-env test on debug section when no var files were
created
- overlord,daemon: allow returning errors when requesting a restart
- interfaces: login-session-control: add further D-Bus interfaces
- snapdenv: added wsl to userAgent
- o/snapstate: support running multiple ops transactionally
- store: use typed valset keys in store package
- daemon: add `ensureStateSoon()` when calling systems POST api
- gadget: add rules for validating classic with modes gadget.yaml
files
- wrappers: journal namespaces did not honor journal.persistent
- many: stub devicestate.Install{Finish,SetupStorageEncryption}()
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- seed: add support to load auto import assertion
- tests: fix preseed tests for arm systems
- include/lk: update LK recovery environment definition to include
device lock state used by bootloader
- daemon: return `storage-encryption` in /systems/<label> reply
- tests: start using remote tools from snapd-testing-tools project
in nested tests
- tests: fix non mountable filesystem error in interfaces-udisks2
- client: clarify what InstallStep{SetupStorageEncryption,Finish} do
- client: prepare InstallSystemOptions for real use
- usersession: Remove duplicated struct
- o/snapstate: support specific revisions in UpdateMany/InstallMany
- i/b/system_packages_doc: restore access to Libreoffice
documentation
- snap/quota,wrappers: allow using 0 values for the journal rate
limit
- tests: add kinetic images to the gce bucket for preseed test
- multiple: clear up naming convention for thread quota
- daemon: implement stub `"action": "install"`
- tests/main/snap-quota-{install/journal}: fix unstable spread tests
- tests: remove code for old systems not supported anymore
- tests: third part of the nested helper cleanup
- image: clean snapd mount after preseeding
- tests: use the new ubuntu kinetic image
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- tests: restore microk8s test on 16.04
- tests: run spread tests on arm64 instances in google cloud
- tests: skip interfaces-udisks2 in fedora
- asserts,boot,secboot: switch to a secboot version measuring
classic
- client: add API for GET /systems/<label>
- overlord: frontend for --quota-group support (2/2)
- daemon: add GET support for `/systems/<seed-label>`
- i/b/system-observe: allow reading processes security label
- many: support '--purge' when removing multiple snaps
- snap-confine: remove obsolete code
- interfaces: rework logic of unclashMountEntries
- data/systemd/Makefile: add comment warning about "snapd." prefix
- interfaces: grant access to speech-dispatcher socket (bug 1787245)
- overlord/servicestate: disallow removal of quota group with any
limits set
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- multiple: clear up naming convention for cpu-set quota
- tests: improve and standardize debug section on tests
- device: add new DeviceManager.encryptionSupportInfo()
- tests: check snap download with snapcraft v7+ export-login auth
data
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- tests: fix debug section for test uc20-create-partitions
- overlord: --quota-group support (1/2)
- asserts,cmd/snap-repair: drop not pursued
AuthorityDelegation/signatory-id
- snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode
- interfaces: make polkit implicit on core if /usr/libexec/polkitd
exists
- multiple: move arguments for auth.NewUser into a struct (auto-
removal 1/n)
- overlord: track security profiles for non-active snaps
- tests: remove NESTED_IMAGE_ID from nested manual tests
- tests: add extra space to ubuntu bionic
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- overlord: allow seeding in the case of classic with modes system
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: rework snap-logs-journal test and add missing cleanup
- tests: add spread test for journal quotas
- tests: run spread tests in ubuntu kinetic
- o/snapstate: extend support for holding refreshes
- devicestate: return an error in checkEncryption() if KernelInfo
fails
- tests: fix sbuild test on debian sid
- o/devicestate: do not run tests in this folder twice
- sandbox/apparmor: remove duplicate hook into testing package
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data/selinux: allow snaps to read certificates
- many: add Is{Core,Classic}Boot() to DeviceContext
- o/assertstate: don't refresh enforced validation sets during check
- go.mod: replace maze.io/x/crypto with local repo
- many: fix unnecessary use of fmt.Sprintf
- bootloader,systemd: fix `don't use Yoda conditions (ST1017)`
- HACKING.md: extend guidelines with common review comments
- many: progress bars should use the overridable stdouts
- tests: remove ubuntu 21.10 from sru validation
- tests: import remote tools
- daemon,usersession: switch from HeaderMap to Header in tests
- asserts: add some missing `c.Check()` in the asserts test
- strutil: fix VersionCompare() to allow multiple `-` in the version
- testutil: remove unneeded `fmt.Sprintf`
- boot: remove some unneeded `fmt.Sprintf()` calls
- tests: implement prepare_gadget and prepare_base and unify all the
version
- o/snapstate: refactor managed refresh schedule logic
- o/assertstate, snapasserts: implementation of
assertstate.TryEnforceValidationSets function
- interfaces: add kconfig paths to system-observe
- dbusutil: move debian patch into dbustest
- many: change name and input of CheckProvenance to clarify usage
- tests: Fix a missing parameter in command to wait for device
- tests: Work-around non-functional --wait on systemctl
- tests: unify the way the snapd/core and kernel are repacked in
nested helper
- tests: skip interfaces-ufisks2 on centos-9
- i/b/mount-control: allow custom filesystem types
- interfaces,metautil: make error handling in getPaths() more
targeted
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- tests: fix pc-kernel repacking
- systemd: add `WantedBy=default.target` to snap mount units
- tests: disable microk8s test on 16.04
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 01 Dec 2022 09:52:23 +0100
snapd (2.57.6) xenial; urgency=medium
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Fix race condition in snap-confine when preparing a
private tmp mount namespace for a snap
- CVE-2022-3328
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Nov 2022 16:13:59 +0100
snapd (2.57.5) xenial; urgency=medium
* New upstream release, LP: #1983035
- image: clean snapd mount after preseeding
- wrappers,snap/quota: clear LogsDirectory= in the service unit
for journal namespaces
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate-limit
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- o/ifacestate: introduce DebugAutoConnectCheck hook
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- autopkgtests: fix running autopkgtest on kinetic
- interfaces: add microceph interface
- interfaces: steam-support allow additional mounts
- many: add stub services
- interfaces: add kconfig paths to system-observe
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- interfaces: grant access to speech-dispatcher socket
- interfaces: rework logic of unclashMountEntries
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 17 Oct 2022 18:25:18 +0200
snapd (2.57.4) xenial; urgency=medium
* New upstream release, LP: #1983035
- release, snapd-apparmor: fixed outdated WSL detection
- overlord/ifacestate: fix conflict detection of auto-connection
- overlord: run install-device hook during factory reset
- image/preseed/preseed_linux: add missing new line
- boot: add factory-reset cases for boot-flags.
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- snapdenv: added wsl to userAgent
- tests: fix restore section for persistent-journal-namespace
- i/b/mount-control: add optional `/` to umount rules
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- cmd/snap-bootstrap: add CVM mode
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 29 Sep 2022 09:54:21 +0200
snapd (2.57.3) xenial; urgency=medium
* New upstream release, LP: #1983035
- wrappers: journal namespaces did not honor journal.persistent
- snap/quota,wrappers: allow using 0 values for the journal rate to
override the system default values
- multiple: clear up naming convention for cpu-set quota
- i/b/mount-control: allow custom filesystem types
- i/b/system-observe: allow reading processes security label
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- asserts,boot,secboot: switch to a secboot version measuring
classic
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 15 Sep 2022 12:37:30 +0200
snapd (2.57.2) xenial; urgency=medium
* New upstream release, LP: #1983035
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: check snap download with snapcraft v7+ export-login auth
data
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- many: progress bars should use the overridable stdouts
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- overlord: track security profiles for non-active snaps
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 02 Sep 2022 17:56:46 +0200
snapd (2.57.1) xenial; urgency=medium
* New upstream release, LP: #1983035
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- cmd/snap-update-ns: print current mount entries
- cmd/snap-update-ns: check the unused mounts with a cleaned path
- snap-confine: disable -Werror=array-bounds in __overflow tests to
fix build error on Ubuntu 22.10
- systemd: add `WantedBy=default.target` to snap mount units
(LP: #1983528)
-- Samuele Pedroni (Canonical Services Ltd.) <samuele.pedroni@canonical.com> Wed, 10 Aug 2022 09:30:50 +0300
snapd (2.57) xenial; urgency=medium
* New upstream release, LP: #1983035
- tests: Fix calls to systemctl is-system-running
- osutil/disks: handle GPT for 4k disk and too small tables
- packaging: import change from the 2.54.3-1.1 upload
- many: revert "features: disable refresh-app-awarness by default
again"
- tests: improve robustness of preparation for regression/lp-1803542
- tests: get the ubuntu-image binary built with test keys
- tests: remove commented code from lxd test
- interfaces/builtin: add more permissions for steam-support
- tests: skip interfaces-network-control on i386
- tests: tweak the "tests/nested/manual/connections" test
- interfaces: posix-mq: allow specifying message queue paths as an
array
- bootloader/assets: add ttyS0,115200n8 to grub.cfg
- i/b/desktop,unity7: remove name= specification on D-Bus signals
- tests: ensure that microk8s does not produce DENIED messages
- many: support non-default provenance snap-revisions in
DeriveSideInfo
- tests: fix `core20-new-snapd-does-not-break-old-initrd` test
- many: device and provenance revision authority cross checks
- tests: fix nested save-data test on 22.04
- sandbox/cgroup: ignore container slices when tracking snaps
- tests: improve 'ignore-running' spread test
- tests: add `debug:` section to `tests/nested/manual/connections`
- tests: remove leaking `pc-kernel.snap` in `repack_kernel_snap`
- many: preparations for revision authority cross checks including
device scope
- daemon,overlord/servicestate: followup changes from PR #11960 to
snap logs
- cmd/snap: fix visual representation of 'AxB%' cpu quota modifier.
- many: expose and support provenance from snap.yaml metadata
- overlord,snap: add support for per-snap storage on ubuntu-save
- nested: fix core-early-config nested test
- tests: revert lxd change to support nested lxd launch
- tests: add invariant check for leftover cgroup scopes
- daemon,systemd: introduce support for namespaces in 'snap logs'
- cmd/snap: do not track apps that wish to stay outside of the life-
cycle system
- asserts: allow classic + snaps models and add distribution to
model
- cmd/snap: add snap debug connections/connection commands
- data: start snapd after time-set.target
- tests: remove ubuntu 21.10 from spread tests due to end of life
- tests: Update the whitebox word to avoid inclusive naming issues
- many: mount gadget in run folder
- interfaces/hardware-observe: clean up reading access to sysfs
- tests: use overlayfs for interfaces-opengl-nvidia test
- tests: update fake-netplan-apply test for 22.04
- tests: add executions for ubuntu 22.04
- tests: enable centos-9
- tests: make more robust the files check in preseed-core20 test
- bootloader/assets: add fallback entry to grub.cfg
- interfaces/apparmor: add permissions for per-snap directory on
ubuntu-save partition
- devicestate: add more path to `fixupWritableDefaultDirs()`
- boot,secboot: reset DA lockout counter after successful boot
- many: Revert "overlord,snap: add support for per-snap storage on
ubuntu-save"
- overlord,snap: add support for per-snap storage on ubuntu-save
- tests: exclude centos-7 from kernel-module-load test
- dirs: remove unused SnapAppArmorAdditionalDir
- boot,device: extract SealedKey helpers from boot to device
- boot,gadget: add new `device.TpmLockoutAuthUnder()` and use it
- interfaces/display-control: allow changing brightness value
- asserts: add more context to key expiry error
- many: introduce IsUndo flag in LinkContext
- i/apparmor: allow calling which.debianutils
- tests: new profile id for apparmor in test preseed-core20
- tests: detect 403 in apt-hooks and skip test in this case
- overlord/servicestate: restart the relevant journald service when
a journal quota group is modified
- client,cmd/snap: add journal quota frontend (5/n)
- gadget/device: introduce package which provides helpers for
locations of things
- features: disable refresh-app-awarness by default again
- many: install bash completion files in writable directory
- image: fix handling of var/lib/extrausers when preseeding
uc20
- tests: force version 2.48.3 on xenial ESM
- tests: fix snap-network-erros on uc16
- cmd/snap-confine: be compatible with a snap rootfs built as a
tmpfs
- o/snapstate: allow install of unasserted gadget/kernel on
dangerous models
- interfaces: dynamic loading of kernel modules
- many: add optional primary key provenance to snap-revision, allow
delegating via snap-declaration revision-authority
- tests: fix boringcripto errors in centos7
- tests: fix snap-validate-enforce in opensuse-tumbleweed
- test: print User-Agent on failed checks
- interfaces: add memory stats to system_observe
- interfaces/pwm: Remove implicitOnCore/implicitOnClassic
- spread: add openSUSE Leap 15.4
- tests: disable core20-to-core22 nested test
- tests: fix nested/manual/connections test
- tests: add spread test for migrate-home command
- overlord/servicestate: refresh security profiles when services are
affected by quotas
- interfaces/apparmor: add missing apparmor rules for journal
namespaces
- tests: add nested test variant that adds 4k sector size
- cmd/snap: fix test failing due to timezone differences
- build-aux/snap: build against the snappy-dev/image PPA
- daemon: implement api handler for refresh with enforced validation
sets
- preseed: suggest to install "qemu-user-static"
- many: add migrate-home debug command
- o/snapstate: support passing validation sets to storehelpers via
RevisionOptions
- cmd/snapd-apparmor: fix unit tests on distros which do not support
reexec
- o/devicestate: post factory reset ensure, spread test update
- tests/core/basic20: Enable on uc22
- packaging/arch: install snapd-apparmor
- o/snapstate: support migrating snap home as change
- tests: enable snapd.apparmor service in all the opensuse systems
- snapd-apparmor: add more integration-ish tests
- asserts: store required revisions for missing snaps in
CheckInstalledSnaps
- overlord/ifacestate: fix path for journal redirect
- o/devicestate: factory reset with encryption
- cmd/snapd-apparmor: reimplement snapd-apparmor in Go
- squashfs: improve error reporting when `unsquashfs` fails
- o/assertstate: support multiple extra validation sets in
EnforcedValidationSets
- tests: enable mount-order-regression test for arm devices
- tests: fix interfaces network control
- interfaces: update AppArmor template to allow read the memory …
- cmd/snap-update-ns: add /run/systemd to unrestricted paths
- wrappers: fix LogNamespace being written to the wrong file
- boot: release the new PCR handles when sealing for factory reset
- tests: add support fof uc22 in test uboot-unpacked-assets
- boot: post factory reset cleanup
- tests: add support for uc22 in listing test
- spread.yaml: add ubuntu-22.04-06 to qemu-nested
- gadget: check also mbr type when testing for implicit data
partition
- interfaces/system-packages-doc: allow read-only access to
/usr/share/cups/doc-root/ and /usr/share/gimp/2.0/help/
- tests/nested/manual/core20-early-config: revert changes that
disable netplan checks
- o/ifacestate: warn if the snapd.apparmor service is disabled
- tests: add spread execution for fedora 36
- overlord/hookstate/ctlcmd: fix timestamp coming out of sync in
unit tests
- gadget/install: do not assume dm device has same block size as
disk
- interfaces: update network-control interface with permissions
required by resolvectl
- secboot: stage and transition encryption keys
- secboot, boot: support and use alternative PCR handles during
factory reset
- overlord/ifacestate: add journal bind-mount snap layout when snap
is in a journal quota group (4/n)
- secboot/keymgr, cmd/snap-fde-keymgr: two step encryption key
change
- cmd/snap: cleanup and make the code a bit easier to read/maintain
for quota options
- overlord/hookstate/ctlcmd: add 'snapctl model' command (3/3)
- cmd/snap-repair: fix snap-repair tests silently failing
- spread: drop openSUSE Leap 15.2
- interfaces/builtin: remove the name=org.freedesktop.DBus
restriction in cups-control AppArmor rules
- wrappers: write journald config files for quota groups with
journal quotas (3/n)
- o/assertstate: auto aliases for apps that exist
- o/state: use more detailed NoStateError in state
- tests/main/interfaces-browser-support: verify jupyter notebooks
access
- o/snapstate: exclude services from refresh app awareness hard
running check
- tests/main/nfs-support: be robust against umount failures
- tests: update centos images and add new centos 9 image
- many: print valid/invalid status on snap validate --monitor
- secboot, boot: TPM provisioning mode enum, introduce
reprovisioning
- tests: allow to re-execute aborted tests
- cmd/snapd-apparmor: add explicit WSL detection to
is_container_with_internal_policy
- tests: avoid launching lxd inside lxd on cloud images
- interfaces: extra htop apparmor rules
- gadget/install: encrypted system factory reset support
- secboot: helpers for dealing with PCR handles and TPM resources
- systemd: improve error handling for systemd-sysctl command
- boot, secboot: separate the TPM provisioning and key sealing
- o/snapstate: fix validation sets restoring and snap revert on
failed refresh
- interfaces/builtin/system-observe: extend access for htop
- cmd/snap: support custom apparmor features dir with snap prepare-
image
- interfaces/mount-observe: Allow read access to /run/mount/utab
- cmd/snap: add help strings for set-quota options
- interfaces/builtin: add README file
- cmd/snap-confine: mount support cleanups
- overlord: execute snapshot cleanup in task
- i/b/accounts_service: fix path of introspectable objects
- interfaces/opengl: update allowed PCI accesses for RPi
- configcore: add core.system.ctrl-alt-del-action config option
- many: structured startup timings
- spread: switch back to building ubuntu-image from source
- many: optional recovery keys
- tests/lib/nested: fix unbound variable
- run-checks: fail on equality checks w/ ErrNoState
- snap-bootstrap: Mount as private
- tests: Test for gadget connections
- tests: set `br54.dhcp4=false` in the netplan-cfg test
- tests: core20 preseed/nested spread test
- systemd: remove the systemctl stop timeout handling
- interfaces/shared-memory: Update AppArmor permissions for
mmap+link
- many: replace ErrNoState equality checks w/ errors.Is()
- cmd/snap: exit w/ non-zero code on missing snap
- systemd: fix snapd systemd-unit stop progress notifications
- .github: Trigger daily riscv64 snapd edge builds
- interfaces/serial-port: add ttyGS to serial port allow list
- interfaces/modem-manager: Don't generate DBus plug policy
- tests: add spread test to test upgrade from release snapd to
current
- wrappers: refactor EnsureSnapServices
- testutil: add ErrorIs test checker
- tests: import spread shellcheck changes
- cmd/snap-fde-keymgr: best effort idempotency of add-recovery-key
- interfaces/udev: refactor handling of udevadm triggers for input
- secboot: support for changing encryption keys via keymgr
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 28 Jul 2022 16:59:39 +0200
snapd (2.56.3) xenial; urgency=medium
* New upstream release, LP: #1974147
- devicestate: add more path to `fixupWritableDefaultDirs()`
- many: introduce IsUndo flag in LinkContext
- i/apparmor: allow calling which.debianutils
- interfaces: update AppArmor template to allow reading snap's
memory statistics
- interfaces: add memory stats to system_observe
- i/b/{mount,system}-observe: extend access for htop
- features: disable refresh-app-awarness by default again
- image: fix handling of var/lib/extrausers when preseeding
uc20
- interfaces/modem-manager: Don't generate DBus policy for plugs
- interfaces/modem-manager: Only generate DBus plug policy on
Core
- interfaces/serial_port_test: fix static-checks errors
- interfaces/serial-port: add USB gadget serial devices (ttyGSX) to
allowed list
- interface/serial_port_test: adjust variable IDs
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 13 Jul 2022 09:26:57 +0200
snapd (2.56.2) xenial; urgency=medium
* New upstream release, LP: #1974147
- o/snapstate: exclude services from refresh app awareness hard
running check
- cmd/snap: support custom apparmor features dir with snap
prepare-image
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 15 Jun 2022 14:22:31 +0200
snapd (2.56.1) xenial; urgency=medium
* New upstream release, LP: #1974147
- gadget/install: do not assume dm device has same block size as
disk
- gadget: check also mbr type when testing for implicit data
partition
- interfaces: update network-control interface with permissions
required by resolvectl
- interfaces/builtin: remove the name=org.freedesktop.DBus
restriction in cups-control AppArmor rules
- many: print valid/invalid status on snap validate --monitor ...
- o/snapstate: fix validation sets restoring and snap revert on
failed refresh
- interfaces/opengl: update allowed PCI accesses for RPi
- interfaces/shared-memory: Update AppArmor permissions for
mmap+linkpaths
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 15 Jun 2022 09:57:54 +0200
snapd (2.56) xenial; urgency=medium
* New upstream release, LP: #1974147
- portal-info: Add CommonID Field
- asserts/info,mkversion.sh: capture max assertion formats in
snapd/info
- tests: improve the unit testing workflow to run in parallel
- interfaces: allow map and execute permissions for files on
removable media
- tests: add spread test to verify that connections are preserved if
snap refresh fails
- tests: Apparmor sandbox profile mocking
- cmd/snap-fde-keymgr: support for multiple devices and
authorizations for add/remove recovery key
- cmd/snap-bootstrap: Listen to keyboard added after start and
handle switch root
- interfaces,overlord: add support for adding extra mount layouts
- cmd/snap: replace existing code for 'snap model' to use shared
code in clientutil (2/3)
- interfaces: fix opengl interface on RISC-V
- interfaces: allow access to the file locking for cryptosetup in
the dm-crypt interface
- interfaces: network-manager: add AppArmor rule for configuring
bridges
- i/b/hardware-observe.go: add access to the thermal sysfs
- interfaces: opengl: add rules for NXP i.MX GPU drivers
- i/b/mount_control: add an optional "/" to the mount target rule
- snap/quota: add values for journal quotas (journal quota 2/n)
- tests: spread test for uc20 preseeding covering snap prepare-image
- o/snapstate: remove deadcode breaking static checks
- secboot/keymgr: extend unit tests, add helper for identify keyslot
used error
- tests: use new snaps.name and snaps.cleanup tools
- interfaces: tweak getPath() slightly and add some more tests
- tests: update snapd testing tools
- client/clientutil: add shared code for printing model assertions
as yaml or json (1/3)
- debug-tools: list all snaps
- cmd/snap: join search terms passed in the command line
- osutil/disks: partition UUID lookup
- o/snapshotstate: refactor snapshot read/write logic
- interfaces: Allow locking in block-devices
- daemon: /v2/system-recovery-keys remove API
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- tests: run failed tests by default
- o/snapshotstate: check installed snaps before running 'save' tasks
- secboot/keymgr: remove recovery key, authorize with existing key
- deps: bump libseccomp to include build fixes, run unit tests using
CC=clang
- cmd/snap-seccomp: only compare the bottom 32-bits of the flags arg
of copy_file_range
- osutil/disks: helper for obtaining the UUID of a partition which
is a mount point source
- image/preseed: umount the base snap last after writable paths
- tests: new set of nested tests for uc22
- tests: run failed tests on nested suite
- interfaces: posix-mq: add new interface
- tests/main/user-session-env: remove openSUSE-specific tweaks
- tests: skip external backend in mem-cgroup-disabled test
- snap/quota: change the journal quota period to be a time.Duration
- interfaces/apparmor: allow executing /usr/bin/numfmt in the base
template
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- snap-bootstrap, o/devicestate: use seed parallelism
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- tests: install snapd while restoring in snap-mgmt
- .github: skip misspell and ineffassign on go 1.13
- many: use UC20+/pre-UC20 in user messages as needed
- o/devicestate: use snap handler for copying and checksuming
preseeded snaps
- image, cmd/snap-preseed: allow passing custom apparmor features
path
- o/assertstate: fix handling of validation set tracking update in
enforcing mode
- packaging: restart our units only after the upgrade
- interfaces: add a steam-support interface
- gadget/install, o/devicestate: do not create recovery and
reinstall keys during installation
- many: move recovery key responsibility to devicestate/secboot,
prepare for a future with just optional recovery key
- tests: do not run mem-cgroup-disabled on external backends
- snap: implement "star" developers
- o/devicestate: fix install tests on systems with
/var/lib/snapd/snap
- cmd/snap-fde-keymgr, secboot: followup cleanups
- seed: let SnapHandler provided a different final path for snaps
- o/devicestate: implement maybeApplyPreseededData function to apply
preseed artifact
- tests/lib/tools: add piboot to boot_path()
- interfaces/builtin: shared-memory drop plugs allow-installation:
true
- tests/main/user-session-env: for for opensuse
- cmd/snap-fde-keymgr, secboot: add a tiny FDE key manager
- tests: re-execute the failed tests when "Run failed" label is set
in the PR
- interfaces/builtin/custom-device: fix unit tests on hosts with
different libexecdir
- sandbox: move profile load/unload to sandbox/apparmor
- cmd/snap: handler call verifications for cmd_quota_tests
- secboot/keys: introduce a package for secboot key types, use the
package throughout the code base
- snap/quota: add journal quotas to resources.go
- many: let provide a SnapHandler to Seed.Load*Meta*
- osutil: allow setting desired mtime on the AtomicFile, preserve
mtime on copy
- systemd: add systemd.Run() wrapper for systemd-run
- tests: test fresh install of core22-based snap (#11696)
- tests: initial set of tests to uc22 nested execution
- o/snapstate: migration overwrites existing snap dir
- tests: fix interfaces-location-control tests leaking provider.py
process
- tests/nested: fix custom-device test
- tests: test migration w/ revert, refresh and XDG dir creation
- asserts,store: complete support for optional primary key headers
for assertions
- seed: support parallelism when loading/verifying snap metadata
- image/preseed, cmd/snap-preseed: create and sign preseed assertion
- tests: Initial changes to run nested tests on uc22
- o/snapstate: fix TestSnapdRefreshTasks test after two r-a-a PRs
- interfaces: add ACRN hypervisor support
- o/snapstate: exclude TypeSnapd and TypeOS snaps from refresh-app-
awareness
- features: enable refresh-app-awareness by default
- libsnap-confine-private: show proper error when aa_change_onexec()
fails
- i/apparmor: remove leftover comment
- gadget: drop unused code in unit tests
- image, store: move ToolingStore to store/tooling package
- HACKING: update info for snapcraft remote build
- seed: return all essential snaps found if no types are given to
LoadEssentialMeta
- i/b/custom_device: fix generation of udev rules
- tests/nested/manual/core20-early-config: disable netplan checks
- bootloader/assets, tests: add factory-reset mode, test non-
encrypted factory-reset
- interfaces/modem-manager: add support for Cinterion modules
- gadget: fully support multi-volume gadget asset updates in
Update() on UC20+
- i/b/content: use slot.Lookup() as suggested by TODO comment
- tests: install linux-tools-gcp on jammy to avoid bpftool
dependency error
- tests/main: add spread tests for new cpu and thread quotas
- snap-debug-info: print validation sets and validation set
assertions
- many: renaming related to inclusive language part 2
- c/snap-seccomp: update syscalls to match libseccomp 2657109
- github: cancel workflows when pushing to pull request branches
- .github: use reviewdog action from woke tool
- interfaces/system-packages-doc: allow read-only access to
/usr/share/gtk-doc
- interfaces: add max_map_count to system-observe
- o/snapstate: print pids of running processes on BusySnapError
- .github: run woke tool on PR's
- snapshots: follow-up on exclusions PR
- cmd/snap: add check switch for snap debug state
- tests: do not run mount-order-regression test on i386
- interfaces/system-packages-doc: allow read-only access to
/usr/share/xubuntu-docs
- interfaces/hardware_observe: add read access for various devices
- packaging: use latest go to build spread
- tests: Enable more tests for UC22
- interfaces/builtin/network-control: also allow for mstp and bchat
devices too
- interfaces/builtin: update apparmor profile to allow creating
mimic over /usr/share*
- data/selinux: allow snap-update-ns to mount on top of /var/snap
inside the mount ns
- interfaces/cpu-control: fix apparmor rules of paths with CPU ID
- tests: remove the file that configures nm as default
- tests: fix the change done for netplan-cfg test
- tests: disable netplan-cfg test
- cmd/snap-update-ns: apply content mounts before layouts
- overlord/state: add a helper to detect cyclic dependencies between
tasks in change
- packaging/ubuntu-16.04/control: recommend `fuse3 | fuse`
- many: change "transactional" flag to a "transaction" option
- b/piboot.go: check EEPROM version for RPi4
- snap/quota,spread: raise lower memory quota limit to 640kb
- boot,bootloader: add missing grub.cfg assets mocks in some tests
- many: support --ignore-running with refresh many
- tests: skip the test interfaces-many-snap-provided in
trusty
- o/snapstate: rename XDG dirs during HOME migration
- cmd/snap,wrappers: fix wrong implementation of zero count cpu
quota
- i/b/kernel_module_load: expand $SNAP_COMMON in module options
- interfaces/u2f-devices: add Solo V2
- overlord: add missing grub.cfg assets mocks in manager_tests.go
- asserts: extend optional primary keys support to the in-memory
backend
- tests: update the lxd-no-fuse test
- many: fix failing golangci checks
- seed,many: allow to limit LoadMeta to snaps of a precise mode
- tests: allow ubuntu-image to be built with a compatible snapd tree
- o/snapstate: account for repeat migration in ~/Snap undo
- asserts: start supporting optional primary keys in fs backend,
assemble and signing
- b/a: do not set console in kernel command line for arm64
- tests/main/snap-quota-groups: fix spread test
- sandbox,quota: ensure cgroup is available when creating mem
quotas
- tests: add debug output what keeps `/home` busy
- sanity: rename "sanity.Check" to "syscheck.CheckSystem"
- interfaces: add pkcs11 interface
- o/snapstate: undo migration on 'snap revert'
- overlord: snapshot exclusions
- interfaces: add private /dev/shm support to shared-memory
interface
- gadget/install: implement factory reset for unencrypted system
- packaging: install Go snap from 1.17 channel in the integration
tests
- snap-exec: fix detection if `cups` interface is connected
- tests: extend gadget-config-defaults test with refresh.retain
- cmd/snap,strutil: move lineWrap to WordWrapPadded
- bootloader/piboot: add support for armhf
- snap,wrappers: add `sigint{,-all}` to supported stop-modes
- packaging/ubuntu-16.04/control: depend on fuse3 | fuse
- interfaces/system-packages-doc: allow read-only access to
/usr/share/libreoffice/help
- daemon: add a /v2/accessories/changes/{ID} endpoint
- interfaces/appstream-metadata: Re-create app-info links to
swcatalog
- debug-tools: add script to help debugging GCE instances which fail
to boot
- gadget/install, kernel: more ICE helpers/support
- asserts: exclude empty snap id from duplicates lookup with preseed
assert
- cmd/snap, signtool: move key-manager related helpers to signtool
package
- tests/main/snap-quota-groups: add 219 as possible exit code
- store: set validation-sets on actions when refreshing
- github/workflows: update golangci-lint version
- run-check: use go install instead of go get
- tests: set as manual the interfaces-cups-control test
- interfaces/appstream-metadata: Support new swcatalog directory
names
- image/preseed: migrate tests from cmd/snap-preseed
- tests/main/uc20-create-partitions: update the test for new Go
versions
- strutil: move wrapGeneric function to strutil as WordWrap
- many: small inconsequential tweaks
- quota: detect/error if cpu-set is used with cgroup v1
- tests: moving ubuntu-image to candidate to fix uc16 tests
- image: integrate UC20 preseeding with image.Prepare
- cmd/snap,client: frontend for cpu/thread quotas
- quota: add test for `Resource.clone()`
- many: replace use of "sanity" with more inclusive naming (part 2)
- tests: switch to "test-snapd-swtpm"
- i/b/network-manager: split rule with more than one peers
- tests: fix restore of the BUILD_DIR in failover test on uc18
- cmd/snap/debug: sort changes by their spawn times
- asserts,interfaces/policy: slot-snap-id allow-installation
constraints
- o/devicestate: factory reset mode, no encryption
- debug-tools/snap-debug-info.sh: print message if no gadget snap
found
- overlord/devicestate: install system cleanups
- cmd/snap-bootstrap: support booting into factory-reset mode
- o/snapstate, ifacestate: pass preseeding flag to
AddSnapdSnapServices
- o/devicestate: restore device key and serial when assertion is
found
- data: add static preseed.json file
- sandbox: improve error message from `ProbeCgroupVersion()`
- tests: fix the nested remodel tests
- quota: add some more unit tests around Resource.Change()
- debug-tools/snap-debug-info.sh: add debug script
- tests: workaround lxd issue lp:10079 (function not implemented) on
prep-snapd-in-lxd
- osutil/disks: blockdev need not be available in the PATH
- cmd/snap-preseed: address deadcode linter
- tests/lib/fakestore/store: return snap base in details
- tests/lib/nested.sh: rm core18 snap after download
- systemd: do not reload system when enabling/disabling services
- i/b/kubernetes_support: add access to Java certificates
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 May 2022 09:57:33 +0200
snapd (2.55.5) xenial; urgency=medium
* New upstream release, LP: #1965808
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- cmd/snap-seccomp: add copy_file_range to
syscallsWithNegArgsMaskHi32
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- .github: Skip misspell and ineffassign on go 1.13
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- interfaces: posix-mq: add new interface
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 11 May 2022 06:38:24 +0200
snapd (2.55.4) xenial; urgency=medium
* New upstream release, LP: #1965808
- tests: do not run mount-order-regression test on i386
- c/snap-seccomp: update syscalls
- o/snapstate: overwrite ~/.snap subdir when migrating
- o/assertstate: fix handling of validation set tracking update in
enforcing mode
- packaging: restart our units only after the upgrade
- interfaces: add a steam-support interface
- features: enable refresh-app-awareness by default
- i/b/custom_device: fix generation of udev rules
- interfaces/system-packages-doc: allow read-only access to
/usr/share/gtk-doc
- interfaces/system-packages-doc: allow read-only access to
/usr/share/xubuntu-docs
- interfaces/builtin/network-control: also allow for mstp and bchat
devices too
- interfaces/builtin: update apparmor profile to allow creating
mimic over /usr/share
- data/selinux: allow snap-update-ns to mount on top of /var/snap
inside the mount ns
- interfaces/cpu-control: fix apparmor rules of paths with CPU ID
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 30 Apr 2022 10:04:39 +0200
snapd (2.55.3) xenial; urgency=medium
* New upstream release, LP: #1965808
- cmd/snap-update-ns: apply content mounts before layouts
- many: change "transactional" flag to a "transaction" option
- b/piboot.go: check EEPROM version for RPi4
- snap/quota,spread: raise lower memory quota limit to 640kb
- boot,bootloader: add missing grub.cfg assets mocks in some
tests
- many: support --ignore-running with refresh many
- cmd/snap,wrappers: fix wrong implementation of zero count cpu
quota
- quota: add some more unit tests around Resource.Change()
- quota: detect/error if cpu-set is used with cgroup v1
- quota: add test for `Resource.clone()
- cmd/snap,client: frontend for cpu/thread quotas
- tests: update spread test to check right XDG dirs
- snap: set XDG env vars to new dirs
- o/snapstate: initialize XDG dirs in HOME migration
- i/b/kernel_module_load: expand $SNAP_COMMON in module options
- overlord: add missing grub.cfg assets mocks in manager_tests.go
- o/snapstate: account for repeat migration in ~/Snap undo
- b/a: do not set console in kernel command line for arm64
- sandbox: improve error message from `ProbeCgroupVersion()`
- tests/main/snap-quota-groups: fix spread test
- interfaces: add pkcs11 interface
- o/snapstate: undo migration on 'snap revert'
- overlord: snapshot exclusions
- interfaces: add private /dev/shm support to shared-memory
interface
- packaging: install Go snap from 1.17 channel in the integration
tests
- snap-exec: fix detection if `cups` interface is connected
- bootloader/piboot: add support for armhf
- interfaces/system-packages-doc: allow read-only access to
/usr/share/libreoffice/help
- daemon: add a /v2/accessories/changes/{ID} endpoint
- interfaces/appstream-metadata: Re-create app-info links to
swcatalog
- tests/main/snap-quota-groups: add 219 as possible exit code
- store: set validation-sets on actions when refreshing
- interfaces/appstream-metadata: Support new swcatalog directory
names
- asserts,interfaces/policy: slot-snap-id allow-installation
constraints
- i/b/network-manager: change rule for ResolveAddress to check only
label
- cmd/snap-bootstrap: support booting into factory-reset mode
- systemd: do not reload system when enabling/disabling services
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 08 Apr 2022 16:48:35 +0200
snapd (2.55.2) xenial; urgency=medium
* New upstream release, LP: #1965808
- cmd/snap-update-ns: actually use entirely non-existent dirs
-- Ian Johnson <ian.johnson@canonical.com> Mon, 21 Mar 2022 22:16:54 -0500
snapd (2.55.1) xenial; urgency=medium
* New upstream release, LP: #1965808
- cmd/snap-update-ns/change_test.go: use non-exist name foo-runtime
instead
-- Ian Johnson <ian.johnson@canonical.com> Mon, 21 Mar 2022 20:45:56 -0500
snapd (2.55) xenial; urgency=medium
* New upstream release, LP: #1965808
- kernel/fde: add PartitionName to various structs
- osutil/disks: calculate the last usable LBA instead of reading it
- snap/quota: additional validation in resources.go
- o/snapstate: avoid setting up single reboot when update includes
base, kernel and gadget
- overlord/state: add helper for aborting unready lanes
- snap-bootstrap: Partially revert simplifications of mount
dependencies
- cmd/snap-update-ns/change.go: sort needed, desired and not reused
mount entries
- cmd/snap-preseed, image: move preseeding code to image/preseed
- interfaces/docker-support: make generic rules not conflict with
snap-confine
- i/b/modem-manager: provide access to ObjectManager
- i/b/network_{control,manager}.go: add more access to resolved
- overlord/state: drop unused lanes field
- cmd/snap: make 1.18 vet happy
- o/snapstate: allow installing the snapd-desktop-integration snap
even if the user-daemons feature is otherwise disabled
- snap/quota: fix bug in quota group tree validation code
- o/snapstate: make sure that snapd is a prerequisite for updating
base snaps
- bootloader: add support for piboot
- i/seccomp/template.go: add close_range to the allowed syscalls
- snap: add new cpu quotas
- boot: support factory-reset when sealing and resealing
- tests: fix test to avoid editing the test-snapd-tools snap.yaml
file
- dirs: remove unused SnapMetaDir variable
- overlord: extend single reboot test to include a non-base, non-
kernel snap
- github: replace "sanity check" with "quick check" in workflow
- fde: add new DeviceUnlock() call
- many: replace use of "sanity" with more inclusive naming in
comments
- asserts: minimal changes to disable authority-delegation before
full revert
- tests: updating the test-snapd-cups-control-consumer snap to
core20 based
- many: replace use of "sanity" for interface implementation checks
- cmd/snap-preseed: support for core20 preseeding
- cmd: set core22 migration related env vars and update spread test
- interface/opengl: allow read on
/proc/sys/dev/i915/perf_stream_paranoid
- tests/lib/tools/report-mongodb: fix typo in help text
- tests: Include the source github url as part of the mongo db
issues
- o/devicestate: split mocks to separate calls for creating a model
and a gadget
- snap: Add missing zlib
- cmd/snap: add support for rebooting to factory-reset
- interfaces/apparmor: Update base template for systemd-machined
- i/a/template.go: add ld path for jammy
- o/devicestate, daemon: introduce factory-reset mode, allow
switching
- o/state: fix undo with independent tasks in same change and lane
- tests: validate tests tools just on google and qemu backends
- tests/lib/external/snapd-testing-tools: update from upstream
- tests: skip interfaces-cups-control from debian-sid
- Increase the times in snapd-sigterm for arm devices
- interfaces/browser-support: allow RealtimeKit's
MakeThreadRealtimeWithPID
- cmd: misc analyzer fixes
- interfaces/builtin/account-control: allow to execute pam_tally2
- tests/main/user-session-env: special case bash profile on
Tumbleweed
- o/snapstate: implement transactional lanes for prereqs
- o/snapstate: add core22 migration logic
- tests/main/mount-ns: unmount /run/qemu
- release: 2.54.4 changelog to master
- gadget: add buildVolumeStructureToLocation,
volumeStructureToLocationMap
- interfaces/apparmor: add missing unit tests for special devmode
rules/behavior
- cmd/snap-confine: coverity fixes
- interfaces/systemd: use batch systemd operations
- tests: small adjustments to fix vuln spread tests
- osutil/disks: trigger udev on the partition device node
- interfaces/network-control: add D-Bus rules for resolved too
- interfaces/cpu-control: add extra idleruntime data/reset files to
cpu-control
- packaging/ubuntu-16.04/rules: don't run unit tests on riscv64
- data/selinux: allow the snap command to run systemctl
- boot: mock amd64 arch for mabootable 20 suite
- testutil: add Backup helper to save/restore values, usually for
mocking
- tests/nested/core/core20-reinstall-partitions: update test summary
- asserts: return an explicit error when key cannot be found
- interfaces: custom-device
- Fix snap-run-gdbserver test by retrying the check
- overlord, boot: fix unit tests on arches other than amd64
- Get lxd snap from candidate channel
- bootloader: allow different names for the grub binary in different
archs
- cmd/snap-mgmt, packaging: trigger daemon reload after purging unit
files
- tests: add test to ensure consecutive refreshes do garbage
collection of old revs
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- seed,image: changes necessary for ubuntu-image to support
preseeding extra snaps in classic images
- tests: add debugging to snap-confine-tmp-mount
- o/snapstate: add ~/Snap init related to backend
- data/env: cosmetic tweak for fish
- tests: include new testing tools and utils
- wrappers: do not reload the deamon or restart snapd services when
preseeding on core
- Fix smoke/install test for other architectures than pc
- tests: skip boot loader check during testing preparation on s390x
- t/m/interfaces-network-manager: use different channel depending on
system
- o/devicestate: pick system from seed systems/ for preseeding (1/N)
- asserts: add preseed assertion type
- data/env: more workarounds for even older fish shells, provide
reasonable defaults
- tests/main/snap-run-devmode-classic: reinstall snapcraft to clean
up
- gadget/update.go: add buildNewVolumeToDeviceMapping for existing
devices
- tests: allow run spread tests using a private ppaTo validate it
- interfaces/{cpu,power}-control: add more accesses for commercial
device tuning
- gadget: add searchForVolumeWithTraits + tests
- gadget/install: measure and save disk volume traits during
install.Run()
- tests: fix "undo purging" step in snap-run-devmode-classic
- many: move call to shutdown to the boot package
- spread.yaml: add core22 version of rsync to skip
- overlord, o/snapstate: fix mocking on systems without /snap
- many: move boot.Device to snap.Device
- tests: smoke test support for core22
- tests/nested/snapd-removes-vulnerable-snap-confine-revs: use newer
snaps
- snapstate: make "remove vulnerable version" message more
friendly
- o/devicestate/firstboot_preseed_test.go: remove deadcode
- o/devicestate: preseeding test cleanup
- gadget: refactor StructureEncryption to have a concrete type
instead of map
- tests: add created_at timestamp to mongo issues
- tests: fix security-udev-input-subsystem test
- o/devicestate/handlers_install.go: use --all to get binary data
too for logs
- o/snapstate: rename "corecore" -> "core"
- o/snapstate: implement transactional flag
- tests: skip ~/.snap migration test on openSUSE
- asserts,interfaces/policy: move and prepare DeviceScopeConstraint
for reuse
- asserts: fetching code should fetch authority-delegation
assertions with signing keys as needed
- tests: prepare and restore nested tests
- asserts: first-class support for formatting/encoding signatory-id
- asserts: remove unused function, fix for linter
- gadget: identify/match encryption parts, include in traits info
- asserts,cmd/snap-repair: support delegation when validating
signatures
- many: fix leftover empty snap dirs
- libsnap-confine-private: string functions simplification
- tests/nested/manual/core20-cloud-init-maas-signed-seed-data: add
gadget variant
- interfaces/u2f-devices: add U2F-TOKEN
- tests/core/mem-cgroup-disabled: minor fixups
- data/env: fix fish env for all versions of fish, unexport local
vars, export XDG_DATA_DIRS
- tests: reboot test running remodel
- Add extra disk space to nested images to "avoid No space left on
device" error
- tests: add regression tests for disabled memory cgroup operation
- many: fix issues flagged by golangci and configure it to fail
build
- docs: fix incorrect link
- cmd/snap: rename the verbose logging flag in snap run
- docs: cosmetic cleanups
- cmd/snap-confine: build const data structures at compile-
time
- o/snapstate: reduce maxInhibition for raa by 1s to avoid confusing
notification
- snap-bootstrap: Cleanup dependencies in systemd mounts
- interfaces/seccomp: Add rseq to base seccomp template
- cmd/snap-confine: remove mention of "legacy mode" from comment
- gadget/gadget_test.go: fix variable type
- gadget/gadget.go: add AllDiskVolumeDeviceTraits
- spread: non-functional cleanup of go1.6 legacy
- cmd/snap-confine: update ambiguous comment
- o/snapstate: revert migration on refresh if flag is disabled
- packaging/fedora: sync with downstream, packaging improvements
- tests: updated the documentation to run spread tests using
external backend
- osutil/mkfs: Expose more fakeroot flags
- interfaces/cups: add cups-socket-directory attr, use to specify
mount rules in backend
- tests/main/snap-system-key: reset-failed snapd and snapd.socket
- gadget/install: add unit tests for install.Run()
- tests/nested/manual/remodel-cross-store,remodel-simple: wait for
serial
- vscode: added integrated support for MS VSCODE
- cmd/snap/auto-import: use osutil.LoadMountInfo impl instead
- gadget/install: add unit tests for makeFilesystem, allow mocking
mkfs.Make()
- systemd: batched operations
- gadget/install/partition.go: include DiskIndex in synthesized
OnDiskStructure
- gadget/install: rm unused support for writing non-filesystem
structures
- cmd/snap: close refresh notifications after trying to run a snap
while inhibited
- o/servicestate: revert #11003 checking for memory cgroup being
disabled
- tests/core/failover: verify failover handling with the kernel snap
- snap-confine: allow numbers in hook security tag
- cmd/snap-confine: mount bpffs under /sys/fs/bpf if needed
- spread: switch to CentOS 8 Stream image
- overlord/servicestate: disallow mixing snaps and subgroups.
- cmd/snap: add --debug to snap run
- gadget: mv modelCharateristics to gadgettest.ModelCharacteristics
- cmd/snap: remove use of zenity, use notifications for snap run
inhibition
- o/devicestate: verify that the new model is self contained before
remodeling
- usersession/userd: query xdg-mime to check for fallback handlers
of a given scheme
- gadget, gadgettest: reimplement tests to use new gadgettest
examples.go file
- asserts: start implementing authority-delegationTODO in later PRs:
- overlord: skip manager tests on riscv for now
- o/servicestate: quota group error should be more explanative when
memory cgroup is disabled
- i/builtin: allow modem-manager interface to access some files in
sysfs
- tests: ensure that interface hook works with hotplug plug
- tests: fix repair test failure when run in a loop
- o/snapstate: re-write state after undo migration
- interfaces/opengl: add support for ARM Mali
- tests: enable snap-userd-reexec on ubuntu and debian
- tests: skip bind mount in snapd-snap test when the core snap in
not repacked
- many: add transactional flag to snapd API
- tests: new Jammy image for testing
- asserts: start generalizing attrMatcherGeneralization is along
- tests: ensure the ca-certificates package is installed
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- many: add altlinux support
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- tests: use system ubuntu-21.10-64 in nested tests
- tests: skip version check on lp-1871652 for sru validation
- snap/quota: add positive tests for the quota.Resources logic
- asserts: start splitting out attrMatcher for reuse to
constraint.go
- systemd: actually test the function passed as a parameter
- tests: fix snaps-state test for sru validation
- many: add Transactional to snapstate.Flags
- gadget: rename DiskVolume...Opts to DiskVolume...Options
- tests: Handle PPAs being served from ppa.launchpadcontent.net
- tests/main/cgroup-tracking-failure: Make it pass when run alone
- tests: skip migration test on centOS
- tests: add back systemd-timesyncd to newer debian distros
- many: add conversion for interface attribute values
- many: unit test fix when SNAPD_DEBUG=1 is set
- gadget/install/partition.go: use device rescan trick only when
gadget says to
- osutil: refactoring the code exporting mocking APIs to other
packages
- mkversion: check that snapd is a git source tree before guessing
the version
- overlord: small refactoring of group quota implementation in
preparation of multiple quota values
- tests: drop 21.04 tests (it's EOL)
- osutil/mkfs: Expose option for --lib flag in fakeroot call
- cmd/snapd-apparmor: fix bad variable initialization
- packaging, systemd: fix socket (re-)start race
- tests: fix running tests.invariant on testflinger systems
- tests: spread test snap dir migration
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- tests: cross store remodel
- packaging,tests: fix running autopkgtest
- spread-shellcheck: add a caching layer
- tests: add jammy to spread executions
- osutils: deal with ENOENT in UserMaybeSudoUser()
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency as
suggested
- gadget/update.go: add DiskTraitsFromDeviceAndValidate
- tests/lib/prepare.sh: add debug kernel command line params via
gadget on UC20
- check-commit-email: do not fail when current dir is not under git
- configcore: implement netplan write support via dbus
- run-checks, check-commit-email.py: check commit email addresses
for validity
- tests: setup snapd remodel testing bits
- cmd/snap: adjust /cmd to migration changes
- systemd: enable batched calls for systemd calls operation on units
- o/ifacestate: add convenience Active() method to ConnectionState
struct
- o/snapstate: migrate to hidden dir on refresh/install
- store: fix flaky test
- i/builtin/xilinx-dma: add interface for Xilinx DMA driver
- go.mod: tidy up
- overlord/h/c/umount: remove handling of required parameter
- systemd: add NeedDaemonReload to the unit state
- mount-control: step 3
- tests/nested/manual/minimal-smoke: bump mem to 512 for unencrypted
case too
- gadget: fix typo with filesystem message
- gadget: misc helper fixes for implicit system-data role handling
- tests: fix uses of fakestore new-snap-declaration
- spread-shellcheck: use safe_load rather than load with a loder
- interfaces: allow access to new at-spi socket location in desktop-
legacy
- cmd/snap: setup tracking cgroup when invoking a service directly
as a user
- tests/main/snap-info: use yaml.safe_load rather than yaml.load
- cmd/snap: rm unnecessary validation
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: ubuntu-image 2.0 compatibility fixes
- tests/lib/prepare-restore: use go install rather than go get
- cmd/snap, daemon: add debug command for getting OnDiskVolume
dump
- gadget: resolve index ambiguity between OnDiskStructure and
LaidOutStructuretype: bare structures).
- tests: workaround missing bluez snap
- HACKING.md: add dbus-x11 to packages needed to run unit tests
- spread.yaml: add debian-{10,11}, drop debian-9
- cmd/snap/quota: fix typo in the help message
- gadget: allow gadget struct with unspecified filesystem to match
part with fs
- tests: re-enable kernel-module-load tests on arm
- tests/lib/uc20-create-partitions/main.go: setup a logger for
messages
- cmd: support installing multiple local snaps
- usersession: implement method to close notifications via
usersession REST API
- data/env: treat XDG_DATA_DIRS like PATH for fish
- cmd/snap, cmd/snap-confine: extend manpage, update links
- tests: fix fwupd interface test in debian sid
- tests: do not run k8s smoke test on 32 bit systems
- tests: fix testing in trusty qemu
- packaging: merge 2.54.2 changelog back to master
- overlord: fix issue with concurrent execution of two snapd
processes
- interfaces: add a polkit interface
- gadget/install/partition.go: wait for udev settle when creating
partitions too
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- packaging, bloader, github: restore cleanliness of snapd info
file; check in GA workflow
- tests/lib/tools/tests.invariant: simplify check
- tests/nested/manual/core20-to-core22: wait for device to be
initialized before starting a remodel
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- tests/lib/tools/tests.invariant: add invariant for detecting
broken snaps
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: fix remodel-kernel test when running on external devices
- data/selinux: allow poking /proc/xen
- gadget: do not crash if gadget.yaml has an empty Volumes section
- i/b/mount-control: support creating tmpfs mounts
- packaging: Update openSUSE spec file with apparmor-parser and
datadir for fish
- cmd/snap-device-helper: fix variable name typo in the unit tests
- tests: fixed an issue with retrieval of the squashfuse repo
- release: 2.54.1
- tests: tidy up the top-level of ubuntu-seed during tests
- build-aux: detect/fix dirty git revisions while snapcraft
building
- release: 2.54
-- Ian Johnson <ian.johnson@canonical.com> Mon, 21 Mar 2022 15:55:16 -0500
snapd (2.54.4) xenial; urgency=medium
* New upstream release, LP: #1955137
- t/m/interfaces-network-manager: use different channel depending on
system
- many: backport attrer interface changes to 2.54
- tests: skip version check on lp-1871652 for sru validation
- i/builtin: allow modem-manager interface to access some files in
sysfs
- snapstate: make "remove vulnerable version" message more
friendly
- tests: fix "undo purging" step in snap-run-devmode-classic
- o/snapstate: deal with potentially invalid type of refresh.retain
value due to lax validation
- interfaces: custom-device
- packaging/ubuntu-16.04/control: adjust libfuse3 dependency
- data/env: fix fish env for all versions of fish
- packaging/ubuntu-16.04/snapd.postinst: start socket and service
first
- interfaces/u2f-devices: add U2F-TOKEN
- interfaces/seccomp: Add rseq to base seccomp template
- tests: remove disabled snaps before calling save_snapd_state
- overlord: skip manager tests on riscv for now
- interfaces/opengl: add support for ARM Mali
- devicestate: ensure permissions of /var/lib/snapd/void are
correct
- cmd/snap-update-ns: convert some unexpected decimal file mode
constants to octal.
- interfaces/shared-memory: support single wild-cards in the
read/write paths
- packaging: fix running autopkgtest
- i/builtin/xilinx-dma-host: add interface for Xilinx DMA driver
- tests: fix `tests/core/create-user` on testflinger pi3
- tests: fix parallel-install-basic on external UC16 devices
- tests: re-enable kernel-module-load tests on arm
- tests: do not run k8s smoke test on 32 bit systems
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Mar 2022 09:44:21 +0100
snapd (2.54.3) xenial; urgency=medium
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Feb 2022 17:45:13 +0100
snapd (2.54.2) xenial; urgency=medium
* New upstream release, LP: #1955137
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
-- Ian Johnson <ian.johnson@canonical.com> Thu, 06 Jan 2022 15:25:16 -0600
snapd (2.54.1) xenial; urgency=medium
* New upstream release, LP: #1955137
- buid-aux: set version before calling ./generate-packaging-dir
This fixes the "dirty" suffix in the auto-generated version
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 20 Dec 2021 10:06:09 +0100
snapd (2.54) xenial; urgency=medium
* New upstream release, LP: #1955137
- interfaces/builtin/opengl.go: add boot_vga sys/devices file
- o/configstate/configcore: add tmpfs.size option
- tests: moving to manual opensuse 15.2
- cmd/snap-device-helper: bring back the device type identification
behavior, but for remove action fallback only
- cmd/snap-failure: use snapd from the snapd snap if core is not
present
- tests/core/failover: enable the test on core18
- o/devicestate: ensure proper order when remodel does a simple
switch-snap-channel
- builtin/interfaces: add shared memory interface
- overlord: extend kernel/base success and failover with bootenv
checks
- o/snapstate: check disk space w/o store if possible
- snap-bootstrap: Mount snaps read only
- gadget/install: do not re-create partitions using OnDiskVolume
after deletion
- many: fix formatting w/ latest go version
- devicestate,timeutil: improve logging of NTP sync
- tests/main/security-device-cgroups-helper: more debugs
- cmd/snap: print a placeholder for version of broken snaps
- o/snapstate: mock system with classic confinement support
- cmd: Fixup .clangd to use correct syntax
- tests: run spread tests in fedora-35
- data/selinux: allow snapd to access /etc/modprobe.d
- mount-control: step 2
- daemon: add multiple snap sideload to API
- tests/lib/pkgdb: install dbus-user-session during prepare, drop
dbus-x11
- systemd: provide more detailed errors for unimplemented method in
emulation mode
- tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base
test
- tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot
test
- o/snapstate: add hide/expose snap data to backend
- interfaces: kernel-module-load
- snap: add support for `snap watch
--last={revert,enable,disable,switch}`
- tests/main/security-udev-input-subsystem: drop info from udev
- tests/core/kernel-and-base-single-reboot-failover,
tests/lib/fakestore: verify failover scenario
- tests/main/security-device-cgroups-helper: collect some debug info
when the test fails
- tests/nested/manual/core20-remodel: wait for device to have a
serial before starting a remodel
- tests/main/generic-unregister: test re-registration if not blocked
- o/snapstate, assertsate: validation sets/undo on partial failure
- tests: ensure snapd can be downloaded as a module
- snapdtool, many: support additional key/value flags in info file
- data/env: improve fish shell env setup
- usersession/client: provide a way for client to send messages to a
subset of users
- tests: verify that simultaneous refresh of kernel and base
triggers a single reboot only
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- asserts: change behavior of alternative attribute matcher
- configcore: relax validation rules for hostname
- cmd/snap-confine: do not include libglvnd libraries from the host
system
- overlord, tests: add managers and a spread test for UC20 to UC22
remodel
- HACKING.md: adjust again for building the snapd snap
- systemd: add support for systemd unit alias names
- o/snapstate: add InstallPathMany
- gadget: allow EnsureLayoutCompatibility to ensure disk has all
laid out structsnow reject/fail:
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider (#11111)
- interfaces/interfaces/scsi_generic: add interface for scsi generic
de… (#10936)
- osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping
- interfaces/microstack-support: set controlsDeviceCgroup to true
- network-setup-control: add netplan generate D-Bus rules
- interface/builtin/log_observe: allow to access /dev/kmsg
- .github/workflows/test.yaml: restore failing of spread tests on
errors (nested)
- gadget: tweaks to DiskStructureDeviceTraits + expand test cases
- tests/lib/nested.sh: allow tests to use their own core18 in extra-
snaps-path
- interfaces/browser-support: Update rules for Edge
- o/devicestate: during remodel first check pending download tasks
for snaps
- polkit: add a package to validate polkit policy files
- HACKING.md: document building the snapd snap and splicing it into
the core snap
- interfaces/udev: fix installing snaps inside lxd in 21.10
- o/snapstate: refactor disk space checks
- tests: add (strict) microk8s smoke test
- osutil/strace: try to enable strace on more arches
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- tests/main/snapd-reexec-snapd-snap: improve debugging
- daemon: write formdata file parts to snaps dir
- systemd: add support for .target units
- tests: run snap-disconnect on uc16
- many: add experimental setting to allow using ~/.snap/data instead
of ~/snap
- overlord/snapstate: perform a single reboot when updating boot
base and kernel
- kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver,
use w/ disks pkg
- o/devicestate: introduce DeviceManager.Unregister
- interfaces: allow receiving PropertiesChanged on the mpris plug
- tests: new tool used to retrieve data from mongo db
- daemon: amend ssh keys coming from the store
- tests: Include the tools from snapd-testing-tools project in
"$TESTSTOOLS"
- tests: new workflow step used to report spread error to mongodb
- interfaces/builtin/dsp: update proc files for ambarella flavor
- gadget: replace ondisk implementation with disks package, refactor
part calcs
- tests: Revert "tests: disable flaky uc18 tests until systemd is
fixed"
- Revert: "many: Vendor apparmor-3.0.3 into the snapd snap"
- asserts: rename "white box" to "clear box" (woke checker)
- many: Vendor apparmor-3.0.3 into the snapd snap
- tests: reorganize the debug-each on the spread.yaml
- packaging: sync with downstream packaging in Fedora and openSUSE
- tests: disable flaky uc18 tests until systemd is fixed
- data/env: provide profile setup for fish shell
- tests: use ubuntu-image 1.11 from stable channel
- gadget/gadget.go: include disk schema in the disk device volume
traits too
- tests/main/security-device-cgroups-strict-enforced: extend the
comments
- README.md: point at bugs.launchpad.net/snapd instead of snappy
project
- osutil/disks: introduce RegisterDeviceMapperBackResolver + use for
crypt-luks2
- packaging: make postrm script robust against `rm` failures
- tests: print extra debug on auto-refresh-gating test failure
- o/assertstate, api: move enforcing/monitoring from api to
assertstate, save history
- tests: skip the test-snapd-timedate-control-consumer.date to avoid
NTP sync error
- gadget/install: use disks functions to implement deviceFromRole,
also rename
- tests: the `lxd` test is failing right now on 21.10
- o/snapstate: account for deleted revs when undoing install
- interfaces/builtin/block_devices: allow blkid to print block
device attributes
- gadget: include size + sector-size in DiskVolumeDeviceTraits
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- o/snapstate/handlers: propagate read errors on "copy-snap-data"
- osutil/disks: add more fields to Partition, populate them during
discovery
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- o/snapstate: remove repeated test assertions
- tests: skip `snap advise-command` test if the store is overloaded
- cmd: create ~/snap dir with 0700 perms
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- github: leave a comment documenting reasons for pipefail
- github: enable pipefail when running spread
- osutil/disks: add DiskFromPartitionDeviceNode
- gadget, many: add model param to Update()
- cmd/snap-seccomp: add riscv64 support
- o/snapstate: maintain a RevertStatus map in SnapState
- tests: enable lxd tests on impish system
- tests: (partially) revert the memory limits PR#r10241
- o/assertstate: functions for handling validation sets tracking
history
- tests: some improvements for the spread log parser
- interfaces/network-manager-observe: Update for libnm / dart
clients
- tests: add ntp related debug around "auto-refresh" test
- boot: expand on the fact that reseal taking modeenv is very
intentional
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- data/selinux: update the policy to allow snapd to talk to
org.freedesktop.timedate1
- o/snapstate: keep old revision if install doesn't add new one
- overlord/state: add a unit test for a kernel+base refresh like
sequence
- desktop, usersession: observe notifications
- osutil/disks: add AllPhysicalDisks()
- timeutil,deviceutil: fix unit tests on systems without dbus or
without ntp-sync
- cmd/snap-bootstrap/README: explain all the things (well most of
them anyways)
- docs: add run-checks dependency install instruction
- o/snapstate: do not prune refresh-candidates if gate-auto-refresh-
hook feature is not enabled
- o/snapstate: test relink remodel helpers do a proper subset of
doInstall and rework the verify*Tasks helpers
- tests/main/mount-ns: make the test run early
- tests: add `--debug` to netplan apply
- many: wait for up to 10min for NTP synchronization before
autorefresh
- tests: initialize CHANGE_ID in _wait_autorefresh
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- tests: add more debug around qemu-nbd
- o/hookstate: print cohort with snapctl refresh --pending (#10985)
- tests: misc robustness changes
- o/snapstate: improve install/update tests (#10850)
- tests: clean up test tools
- spread.yaml: show `journalctl -e` for all suites on debug
- tests: give interfaces-udisks2 more time for the loop device to
appear
- tests: set memory limit for snapd
- tests: increase timeout/add debug around nbd0 mounting (up, see
LP:#1949513)
- snapstate: add debug message where a snap is mounted
- tests: give nbd0 more time to show up in preseed-lxd
- interfaces/dsp: add more ambarella things
- cmd/snap: improve snap disconnect arg parsing and err msg
- tests: disable nested lxd snapd testing
- tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32
- o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite
- sandbox/cgroup: wait for start transient unit job to finish
- o/snapstate: fix task order, tweak errors, add unit tests for
remodel helpers
- osutil/disks: re-org methods for end of usable region, size
information
- build-aux: ensure that debian packaging matches build-base
- docs: update HACKING.md instructions for snapd 2.52 and later
- spread: run lxd tests with version from latest/edge
- interfaces: suppress denial of sys_module capability
- osutil/disks: add methods to replace gadget/ondisk functions
- tests: split test tools - part 1
- tests: fix nested tests on uc20
- data/selinux: allow snap-confine to read udev's database
- i/b/common_test: refactor AppArmor features test
- tests: run spread tests on debian 11
- o/devicestate: copy timesyncd clock timestamp during install
- interfaces/builtin: do not probe parser features when apparmor
isn't available
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- tests: fix error message in run-checks
- tests: spread test for validation sets enforcing
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- o/snapstate: deduplicate snap names in remove/install/update
- tests/main/selinux-data-context: use session when performing
actions as test user
- packaging/opensuse: sync with openSUSE packaging, enable AppArmor
on 15.3+
- interfaces: skip connection of netlink interface on older
systems
- asserts, o/snapstate: honor IgnoreValidation flag when checking
installed snaps
- tests/main/apparmor-batch-reload: fix fake apparmor_parser to
handle --preprocess
- sandbox/apparmor, interfaces/apparmor: detect bpf capability,
generate snippet for s-c
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- tests: test for enforcing with prerequisites
- tests/main/snapd-sigterm: fix race conditions
- spread: run lxd tests with version from latest/stable
- run-checks: remove --spread from help message
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests: ensure systemd-timesyncd is installed on debian
- interfaces/u2f-devices: add Nitrokey 3
- tests: update the ubuntu-image channel to candidate
- osutil/disks/labels: simplify decoding algorithm
- tests: not testing lxd snap anymore on i386 architecture
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- cmd/snap: support --ignore-validation with snap install client
command
- tests/snapd-sigterm: be more robust against service restart
- tests: simplify mock script for apparmor_parser
- o/devicestate, o/servicestate: update gadget assets and cmdline
when remodeling
- tests/nested/manual/refresh-revert-fundamentals: re-enable
encryption
- osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel
- gadget, osutil/disks: fix some bugs from prior PR'sin the dir.
- secboot: revert move to new version (revert #10715)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup
- many: mv MockDeviceNameDisksToPartitionMapping ->
MockDeviceNameToDiskMapping
- interfaces/builtin: Add '/com/canonical/dbusmenu' path access to
'unity7' interface
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- osutil/disks, many: switch to defining Partitions directly for
MockDiskMapping
- tests: remove extra-snaps-assertions test
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- tests/nested/core/core20-create-recovery: fix passing of data to
curl
- daemon: allow enabling enforce mode
- daemon: use the syscall connection to get the socket credentials
- i/builtin/kubernetes_support: add access to Calico lock file
- osutil: ensure parent dir is opened and sync'd
- tests: using test-snapd-curl snap instead of http snap
- overlord: add managers unit test demonstrating cyclic dependency
between gadget and kernel updates
- gadget/ondisk.go: include the filesystem UUID in the returned
OnDiskVolume
- packaging: fixes for building on openSUSE
- o/configcore: allow hostnames up to 253 characters, with dot-
delimited elements
- gadget/ondisk.go: add listBlockDevices() to get all block devices
on a system
- gadget: add mapping trait types + functions to save/load
- interfaces: add polkit security backend
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- tests: merge coverage results
- tests: remove "features" from fde-setup.go example
- fde: add new device-setup support to fde-setup
- gadget: add `encryptedDevice` and add encryptedDeviceLUKS
- spread: use `bios: uefi` for uc20
- client: fail fast on non-retryable errors
- tests: support running all spread tests with experimental features
- tests: check that a snap that doesn't have gate-auto-refresh hook
can call --proceed
- o/snapstate: support ignore-validation flag when updating to a
specific snap revision
- o/snapstate: test prereq update if started by old version
- tests/main: disable cgroup-devices-v1 and freezer tests on 21.10
- tests/main/interfaces-many: run both variants on all possible
Ubuntu systems
- gadget: mv ensureLayoutCompatibility to gadget proper, add
gadgettest pkg
- many: replace state.State restart support with overlord/restart
- overlord: fix generated snap-revision assertions in remodel unit
tests
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 17 Dec 2021 15:49:18 +0100
snapd (2.53.4) xenial; urgency=medium
* New upstream release, LP: #1929842
- devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to
avoid host env leaking into tests
- timeutil: return NoTimedate1Error if it can't connect to the
system bus
-- Ian Johnson <ian.johnson@canonical.com> Thu, 02 Dec 2021 17:16:48 -0600
snapd (2.53.3) xenial; urgency=medium
* New upstream release, LP: #1929842
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- configcore: relax validation rules for hostname
- o/devicestate: introduce DeviceManager.Unregister
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider
- many: wait for up to 10min for NTP synchronization before
autorefresh
- interfaces/interfaces/scsi_generic: add interface for scsi generic
devices
- interfaces/microstack-support: set controlsDeviceCgroup to true
- interface/builtin/log_observe: allow to access /dev/kmsg
- daemon: write formdata file parts to snaps dir
- spread: run lxd tests with version from latest/edge
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- interfaces/builtin/dsp: add proc files for monitoring Ambarella
DSP firmware
- interfaces/builtin/dsp: update proc file accordingly
-- Ian Johnson <ian.johnson@canonical.com> Thu, 02 Dec 2021 11:42:15 -0600
snapd (2.53.2) xenial; urgency=medium
* New upstream release, LP: #1946127
- interfaces/builtin/block_devices: allow blkid to print block
device attributes/run/udev/data/b{major}:{minor}
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- interfaces/network-manager-observe: Update for libnm client
library
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- o/hookstate: print cohort with snapctl refresh --pending
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- tests: ensure systemd-timesyncd is installed on debian
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests/main/snapd-sigterm: flush, use retry
- tests/main/snapd-sigterm: fix race conditions
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- data/selinux: allow snap-confine to read udev's database
- interfaces/dsp: add more ambarella things* interfaces/dsp: add
more ambarella things
-- Ian Johnson <ian.johnson@canonical.com> Mon, 15 Nov 2021 16:09:09 -0600
snapd (2.53.1) xenial; urgency=medium
* New upstream release, LP: #1946127
- spread: run lxd tests with version from latest/stable
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional (#10946)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup (2.53)
- interfaces/u2f-devices: add Nitrokey 3
- Update the ubuntu-image channel to candidate
- Allow hostnames up to 253 characters, with dot-delimited elements
(as suggested by man 7 hostname).
- Disable i386 until it is possible to build snapd using lxd
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- tests/snapd-sigterm: be more robust against service restart
- tests: add a regression test for snapd hanging on SIGTERM
- daemon: use the syscall connection to get the socket
credentials
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- secboot: revert move to new version
-- Ian Johnson <ian.johnson@canonical.com> Thu, 21 Oct 2021 11:55:31 -0500
snapd (2.53) xenial; urgency=medium
* New upstream release, LP: #1946127
- overlord: fix generated snap-revision assertions in remodel unit
tests
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
- interfaces/modem-manager: add access to PCIe modems
- overlord/devicestate: record recovery capable system on a
successful remodel
- o/snapstate: use device ctx in prerequisite install/update
- osutil/disks: support filtering by mount opts in
MountPointsForPartitionRoot
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- osutil/disks: add RootMountPointsForPartition
- overlord/devicestate, tests: enable UC20 remodel, add spread tests
- cmd/snap: improve snap run help message
- o/snapstate: support ignore validation flag on install/update
- osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label
- desktop: implement gtk notification backend and provide minimal
notification api
- tests: use the latest cpu family for nested tests execution
- osutil/disks: add Partition struct and Disks.Partitions()
- o/snapstate: prevent install hang if prereq install fails
- osutil/disks: add Disk.KernelDevice{Node,Path} methods
- disks: add `Size(path)` helper
- tests: reset some mount units failing on ubuntu impish
- osutil/disks: add DiskFromDevicePath, other misc changes
- interfaces/apparmor: do not fail during initialization when there
is no AppArmor profile for snap-confine
- daemon: implement access checkers for themes API
- interfaces/seccomp: add clone3 to default template
- interfaces/u2f-devices: add GoTrust Idem Key
- o/snapstate: validation sets enforcing on update
- o/ifacestate: don't fail remove if disconnect hook fails
- tests: fix error trying to create the extra-snaps dir which
already exists
- devicestate: use EncryptionType
- cmd/libsnap-confine-private: workaround BPF memory accounting,
update apparmor profile
- tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is
false
- interfaces/dsp: add a usb rule to the ambarella flavor
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- tests/main/security-device-cgroups: fix when both variants run on
the same host
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- many: rename systemd.Kind to Backend for a bit more clarity
- cmd/libsnap-confine-private: fix set but unused variable in the
unit tests
- tests: fix netplan test on i386 architecture
- tests: fix lxd-mount-units test which is based on core20 in ubuntu
focal system
- osutil/disks: add new `CreateLinearMapperDevice` helper
- cmd/snap: wait while inhibition file is present
- tests: cleanup the job workspace as first step of the actions
workflow
- tests: use our own image for ubuntu impish
- o/snapstate: update default provider if missing required content
- o/assertstate, api: update validation set assertions only when
updating all snaps
- fde: add HasDeviceUnlock() helper
- secboot: move to new version
- o/ifacestate: don't lose connections if snaps are broken
- spread: display information about current device cgroup in debug
dump
- sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp
- tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak
tests for cgroupv2, update builtin interfaces
- sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on
grade signed
- usersession/client: refactor doMany() method
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- o/assertstate: check installed snaps when refreshing validation
set assertions
- osutil: helper for injecting run time faults in snapd
- tests: update test nested tool part 2
- libsnap-confine: use the pid parameter
- gadget/gadget.go: LaidOutSystemVolumeFromGadget ->
LaidOutVolumesFromGadget
- tests: update the time tolerance to fix the snapd-state test
- .github/workflows/test.yaml: revert #10809
- tests: rename interfaces-hooks-misbehaving spread test to install-
hook-misbehaving
- data/selinux: update the policy to allow s-c to manipulate BPF map
and programs
- overlord/devicestate: make settle wait longer in remodel tests
- kernel/fde: mock systemd-run in unit test
- o/ifacestate: do not create stray task in batchConnectTasks if
there are no connections
- gadget: add VolumeName to Volume and VolumeStructure
- cmd/libsnap-confine-private: use root when necessary for BPF
related operations
- .github/workflows/test.yaml: bump action-build to 1.0.9
- o/snapstate: enforce validation sets/enforce on InstallMany
- asserts, snapstate: return full validation set keys from
CheckPresenceRequired and CheckPresenceInvalid
- cmd/snap: only log translation warnings in debug/testing
- tests/main/preseed: update for new base snap of the lxd snap
- tests/nested/manual: use loop for checking for initialize-system
task done
- tests: add a local snap variant to testing prepare-image gating
support
- tests/main/security-device-cgroups-strict-enforced: demonstrate
device cgroup being enforced
- store: one more tweak for the test action timeout
- github: do not fail when codecov upload fails
- o/devicestate: fix flaky test remodel clash
- o/snapstate: add ChangeID to conflict error
- tests: fix regex of TestSnapActionTimeout test
- tests: fix tests for 21.10
- tests: add test for store.SnapAction() request timeout
- tests: print user sessions info on debug-each
- packaging: backports of golang-go 1.13 are good enough
- sysconfig/cloudinit: add cloudDatasourcesInUseForDir
- cmd: build gdb shims as static binaries
- packaging/ubuntu: pass GO111MODULE to dh_auto_test
- cmd/libsnap-confine-private, tests, sandbox: remove warnings about
cgroup v2, drop forced devmode
- tests: increase memory quota in quota-groups-systemd-accounting
- tests: be more robust against a new day stepping in
- usersession/xdgopenproxy: move PortalLauncher class to own package
- interfaces/builtin: fix microstack unit tests on distros using
/usr/libexec
- cmd/snap-confine: handle CURRENT_TAGS on systems that support it
- cmd/libsnap-confine-private: device cgroup v2 support
- o/servicestate: Update task summary for restart action
- packaging, tests/lib/prepare-restore: build packages without
network access, fix building debs with go modules
- systemd: add AtLeast() method, add mocking in systemdtest
- systemd: use text.template to generate mount unit
- o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command
- o/snapstate: optimize conflicts around snaps stored on
conditional-auto-refresh task
- tests/lib/prepare.sh: download core20 for UC20 runs via
BASE_CHANNEL
- mount-control: step 1
- go: update go.mod dependencies
- o/snapstate: enforce validation sets on snap install
- tests: revert revert manual lxd removal
- tests: pre-cache snaps in classic and core systems
- tests/lib/nested.sh: split out additional helper for adding files
to VM imgs
- tests: update nested tool - part1
- image/image_linux.go: add newline
- interfaces/block-devices: support to access the state of block
devices
- o/hookstate: require snap-refresh-control interface for snapctl
refresh --proceed
- build-aux: stage libgcc1 library into snapd snap
- configcore: add read-only netplan support
- tests: fix fakedevicesvc service already exists
- tests: fix interfaces-libvirt test
- tests: remove travis leftovers
- spread: bump delta ref to 2.52
- packaging: ship the `snapd.apparmor.service` unit in debian
- packaging: remove duplicated `golang-go` build-dependency
- boot: record recovery capable systems in recovery bootenv
- tests: skip overlord tests on riscv64 due to timeouts.
- overlord/ifacestate: fix arguments in unit tests
- ifacestate: undo repository connection if doConnect fails
- many: remove unused parameters
- tests: failure of prereqs on content interface doesn't prevent
install
- tests/nested/manual/refresh-revert-fundamentals: fix variable use
- strutil: add Intersection()
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- tests: new snapd-state tool
- codecov: fix files pathnames
- systemd: add mock systemd helper
- tests/nested/core/extra-snaps-assertions: fix the match pattern
- image,c/snap,tests: support enforcing validations in prepare-image
via --customize JSON validation enforce(|ignore)
- o/snapstate: enforce validation sets assertions when removing
snaps
- many: update deps
- interfaces/network-control: additional ethernet rule
- tests: use host-scaled settle timeout for hookstate tests
- many: move to go modules
- interfaces: no need for snapRefreshControlInterface struct
- interfaces: introduce snap-refresh-control interface
- tests: move interfaces-libvirt test back to 16.04
- tests: bump the number of retries when waiting for /dev/nbd0p1
- tests: add more space on ubuntu xenial
- spread: add 21.10 to qemu, remove 20.10 (EOL)
- packaging: add libfuse3-dev build dependency
- interfaces: add microstack-support interface
- wrappers: fix a bunch of duplicated service definitions in tests
- tests: use host-scaled timeout to avoid riscv64 test failure
- many: fix run-checks gofmt check
- tests: spread test for snapctl refresh --pending/--proceed from
the snap
- o/assertstate,daemon: refresh validation sets assertions with snap
declarations
- tests: migrate tests that are only executed on xenial to bionic
- tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs
- packaging: update master changelog for 2.51.7
- sysconfig/cloudinit: fix bug around error state of cloud-init
- interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- interfaces/dsp: add /dev/ambad into dsp interface
- tests: new spread log parser
- tests: check files and dirs are cleaned for each test
- o/hookstate/ctlcmd: unify the error message when context is
missing
- o/hookstate: support snapctl refresh --pending from snap
- many: remove unused/dead code
- cmd/libsnap-confine-private: add BPF support helpers
- interfaces/hardware-observe: add some dmi properties
- snapstate: abort kernel refresh if no gadget update can be found
- many: shellcheck fixes
- cmd/snap: add Size column to refresh --list
- packaging: build without dwarf debugging data
- snapstate: fix misleading `assumes` error message
- tests: fix restore in snapfuse spread tests
- o/assertstate: fix missing 'scheduled' header when auto refreshing
assertions
- o/snapstate: fail remove with invalid snap names
- o/hookstate/ctlcmd: correct err message if missing root
- .github/workflows/test.yaml: fix logic
- o/snapstate: don't hold some snaps if not all snaps can be held by
the given gating snap
- c-vendor.c: new c-vendor subdir
- store: make sure expectedZeroFields in tests gets updated
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
- sysconfig/cloudinit.go: add functions for filtering cloud-init
config
- cgroup-support: allow to hide cgroupv2 warning via ENV
- gadget: Export mkfs functions for use in ubuntu-image
- tests: set to 10 minutes the kill timeout for tests failing on
slow boards
- .github/workflows/test.yaml: test github.events key
- i18n/xgettext-go: preserve already escaped quotes
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b
- github: do not try to upload coverage when working with cached run
- tests/main/services-install-hook-can-run-svcs: shellcheck issue
fix
- interfaces/u2f-devices: add Nitrokey FIDO2
- testutil: add DeepUnsortedMatches Checker
- cmd, packaging: import BPF headers from kernel, detect whether
host headers are usable
- tests: fix services-refresh-mode test
- tests: clean snaps.sh helper
- tests: fix timing issue on security-dev-input-event-denied test
- tests: update systems for sru validation
- .github/workflows: add codedov again
- secboot: remove duplicate import
- tests: stop the service when is active in test interfaces-
firewall-control test
- packaging: remove TEST_GITHUB_AUTOPKGTEST support
- packaging: merge 2.51.6 changelog back to master
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- tests: remove the test user just when it was installed on create-
user-2 test
- spread: temporarily fix the ownership of /home/ubuntu/.ssh on
21.10
- daemon, o/snapstate: handle IgnoreValidation flag on install (2/3)
- usersession/agent: refactor common JSON validation into own
function
- o/hookstate: allow snapctl refresh --proceed from snaps
- cmd/libsnap-confine-private: fix issues identified by coverity
- cmd/snap: print logs in local timezone
- packaging: changelog for 2.51.5 to master
- build-aux: build with go-1.13 in the snapcraft build too
- config: rename "virtual" config to "external" config
- devicestate: add `snap debug timings --ensure=install-system`
- interfaces/builtin/raw_usb: fix platform typo, fix access to usb
devices accessible through platform
- o/snapstate: remove commented out code
- cmd/snap-device-helper: reimplement snap-device-helper
- cmd/libsnap-confine-private: fix coverity issues in tests, tweak
uses of g_assert()
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- o/assertstate: implement ValidationSetAssertionForEnforce helper
- clang-format: stop breaking my includes
- o/snapstate: allow auto-refresh limited to snaps affected by a
specific gating snap
- tests: fix core-early-config test to use tests.nested tool
- sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init
datasource
- c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags
to snap/snapctl
- corecfg: add "system.hostname" setting to the system settings
- wrappers: measure time to enable services in StartServices()
- configcore: fix early config timezone handling
- tests/nested/manual: enable serial assertions on testkeys nested
VM's
- configcore: fix a bunch of incorrect error returns
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- packaging: merge 2.51.4 changelog back to master
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests: use bigger storage on ubuntu 21.10
- snap: support links map in snap.yaml (and later from the store
API)
- o/snapstate: add AffectedByRefreshCandidates helper
- configcore: register virtual config for timezone reading
- cmd/libsnap-confine-private: move device cgroup files, add helper
to deny a device
- tests: fix cached-results condition in github actions workflow
- interfaces/tee: add support for Qualcomm qseecom device node
- packaging: fix build failure on bionic and simplify rules
- o/snapstate: affectedByRefresh tweaks
- tests: update nested wait for snapd command
- interfaces/builtin: allow access to per-user GTK CSS overrides
- tests/main/snapd-snap: install 4.x snapcraft to build the snapd
snap
- snap/squashfs: handle squashfs-tools 4.5+
- asserts/snapasserts: CheckPresenceInvalid and
CheckPresenceRequired methods
- cmd/snap-confine: refactor device cgroup handling to enable easier
v2 integration
- tests: skip udp protocol on latest ubuntus
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces: s/specifc/specific/
- github: enable gofmt for Go 1.13 jobs
- overlord/devicestate: UC20 specific set-model, managers tests
- o/devicestate, sysconfig: refactor cloud-init config permission
handling
- config: add "virtual" config via config.RegisterVirtualConfig
- packaging: switch ubuntu to use golang-1.13
- snap: change `snap login --help` to not mention "buy"
- tests: removing Ubuntu 20.10, adding 21.04 nested in spread
- tests/many: remove lxd systemd unit to prevent unexpected
leftovers
- tests/main/services-install-hook-can-run-svcs: make variants more
obvious
- tests: force snapd-session-agent.socket to be re-generated
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 05 Oct 2021 20:29:14 +0200
snapd (2.52.1) xenial; urgency=medium
* New upstream release, LP: #1942646
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
for the disk (if not present already)
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces/seccomp: add clone3 to default template
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- interfaces/dsp: add a usb rule to the ambarella flavor
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- o/ifacestate: don't lose connections if snaps are broken
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- interfaces/hardware-observe: add some dmi properties
- build-aux: stage libgcc1 library into snapd snap
- interfaces/block-devices: support to access the state of block
devices
- packaging: ship the `snapd.apparmor.service` unit in debian
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 05 Oct 2021 13:29:25 +0200
snapd (2.52) xenial; urgency=medium
* New upstream release, LP: #1942646
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interfaces/network-control: additional ethernet rule
- packaging: update 2.52 changelog with 2.51.7
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- packaging: merge 2.51.6 changelog back to 2.52
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- many: merge release/2.51 change to release/2.52
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- o/servicestate: use snap app names for ExplicitServices of
ServiceAction
- tests/main/services-install-hook-can-run-svcs: add variant w/o
--enable
- o/servicestate: revert only start enabled services
- tests: adding Ubuntu 21.10 to spread test suite
- interface/modem-manager: add support for MBIM/QMI proxy clients
- cmd/snap/model: support storage-safety and snaps headers too
- o/assertstate: Implement EnforcedValidationSets helper
- tests: using retry tool for nested tests
- gadget: check for system-save with multi volumes if encrypting
correctly
- interfaces: make the service naming entirely internal to systemd
BE
- tests/lib/reset.sh: fix removing disabled snaps
- store/store_download.go: use system snap provided xdelta3 priority
+ fallback
- packaging: merge changelog from 2.51.3 back to master
- overlord: only start enabled services
- interfaces/builtin: add sd-control interface
- tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests,
use 2.45
- tests/lib/reset.sh: add workaround from refresh-vs-services tests
for all tests
- o/assertstate: check for conflicts when refreshing and committing
validation set asserts
- devicestate: add support to save timings from install mode
- tests: new tests.nested commands copy and wait-for
- install: add a bunch of nested timings
- tests: drop any-python wrapper
- store: set ResponseHeaderTimeout on the default transport
- tests: fix test-snapd-user-service-sockets test removing snap
- tests: moving nested_exec to nested.tests exec
- tests: add tests about services vs snapd refreshes
- client, cmd/snap, daemon: refactor REST API for quotas to match
CLI org
- c/snap,asserts: create/delete-key external keypair manager
interaction
- tests: revert disable of the delta download tests
- tests/main/system-usernames-microk8s: disable on centos 7 too
- boot: support device change
- o/snapstate: remove unused refreshSchedule argument for
isRefreshHeld helper
- daemon/api_quotas.go: handle conflicts, returning conflict
response
- tests: test for gate-auto-refresh hook error resulting in hold
- release: 2.51.2
- snapstate/check_snap: add snap_microk8s to shared system-
usernames
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- tests: Renaming tool nested-state to tests.nested
- testutil: fix typo in json checker unit tests
- tests: ack assertions by default, add --noack option
- overlord/devicestate: try to pick alternative recovery labels
during remodel
- bootloader/assets: update recovery grub to allow system labels
generated by snapd
- tests: print serial log just once for nested tests
- tests: remove xenial 32 bits
- sandbox/cgroup: do not be so eager to fail when paths do not exist
- tests: run spread tests in ubuntu bionic 32bits
- c/snap,asserts: start supporting ExternalKeypairManager in the
snap key-related commands
- tests: refresh control spread test
- cmd/libsnap-confine-private: do not fail on ENOENT, better getline
error handling
- tests: disable delta download tests for now until the store is
fixed
- tests/nested/manual/preseed: fix for cloud images that ship
without core18
- boot: properly handle tried system model
- tests/lib/store.sh: revert #10470
- boot, seed/seedtest: tweak test helpers
- o/servicestate: TODO and fix preexisting typo
- o/servicestate: detect conflicts for quota group operations
- cmd/snap/quotas: adjust help texts for quota commands
- many/quotas: little adjustments
- tests: add spread test for classic snaps content slots
- o/snapstate: fix check-rerefresh task summary when refresh control
is used
- many: use changes + tasks for quota group operations
- tests: fix test snap-quota-groups when checking file
cgroupProcsFile
- asserts: introduce ExternalKeypairManager
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid cycles
- tests/lib/store.sh: fix make_snap_installable_with_id()
- overlord/devicestate, overlord/assertstate: use a temporary DB
when creating recovery systems
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config# snapd-edit: no
- tests/main/interfaces-ssh-keys: tweak checks for openSUSE
Tumbleweed
- cmd/snap: prevent cycles in waitChainSearch with snap debug state
- o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for
marking self as affecting
- tests: new parameter used by retry tool to set env vars
- tests: support parameters for match-log on journal-state tool
- configcore: ignore system.pi-config.* setting on measured kernels
- sandbox/cgroup: support freezing groups with unified
hierarchy
- tests: fix preseed test to used core20 snap on latest systems
- testutil: introduce a checker which compares the type after having
passed them through a JSON marshaller
- store: tweak error message when store.Sections() download fails
- o/servicestate: stop setting DoneStatus prematurely for quota-
control
- cmd/libsnap-confine-private: bump max depth of groups hierarchy to
32
- many: turn Contact into an accessor
- store: make the log with download size a debug one
- cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to
include search path"
- o/devicestate: move SystemMode method before first usage
- tests: skip tests when the sections cannot be retrieved
- boot: support resealing with a try model
- o/hookstate: dedicated handler for gate-auto-refresh hook
- tests: make sure the /root/snap dir is backed up on test snap-
user-dir-perms-fixed
- cmd/snap-confine: make mount ns use check cgroup v2 compatible
- snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
- cmd/libsnap-confine-private/cgroup-support.c: Fix typo
- cmd/snap-confine, cmd/snapd-generator: fix issues identified by
sparse
- o/snapstate: make conditional-auto-refresh conflict with other
tasks via affected snaps
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/hookstate: return bool flag from Error function of hook handler
to ignore hook errors
- cmd/snap-update-ns: add SRCDIR to include search path
- tests: fix for tests/main/lxd-mount-units test and enable
ubuntu-21.04
- overlord, o/devicestate: use a single test helper for resetting to
a post boot state
- HACKING.md: update instructions for go1.16+
- tests: fix restore for security-dev-input-event-denied test
- o/servicestate: move SetStatus to doQuotaControl
- tests: fix classic-prepare-image test
- o/snapstate: prune gating information and refresh-candidates on
snap removal
- o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add
mock helper
- cmd: a bunch of tweaks and updates
- o/servicestate: refactor meter handling, eliminate some common
parameters
- o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed
syntax.
- o/snapstate: prune refresh candidates in check-rerefresh
- osutil: pass --extrausers option to groupdel
- o/snapstate: remove refreshed snap from snaps-hold in
snapstate.doInstall
- tests/nested: add spread test for uc20 cloud.conf from gadgets
- boot: drop model from resealing and boostate
- o/servicestate, snap/quota: eliminate workaround for buggy
systemds, add spread test
- o/servicestate: introduce internal and servicestatetest
- o/servicestate/quota_control.go: enforce minimum of 4K for quota
groups
- overlord/servicestate: avoid unnecessary computation of disabled
services
- o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately
from snapctl
- o/snapstate: prune hold state during autoRefreshPhase1
- wrappers/services.go: do not restart disabled or inactive
services
- sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed
config
- spread: switch LXD back to latest/candidate channel
- interfaces/opengl: add support for Imagination PowerVR
- boot: decouple model from seal/reseal handling via an auxiliary
type
- spread, tests/main/lxd: no longer manual, switch to latest/stable
- github: try out golangci-lint
- tests: set lxd test to manual until failures are fixed
- tests: connect 30% of the interfaces on test interfaces-many-core-
provided
- packaging/debian-sid: update snap-seccomp patches for latest
master
- many: fix imports order (according to gci)
- o/snapstate: consider held snaps in autoRefreshPhase2
- o/snapstate: unlock the state before calling backend in
undoStartSnapServices
- tests: replace "not MATCH" by NOMATCH in tests
- README.md: refer to new IRC server
- cmd/snap-preseed: provide more error info if snap-preseed fails
early on mount
- daemon: add a Daemon argument to AccessChecker.CheckAccess
- c/snap-bootstrap: add bind option with tests
- interfaces/builtin/netlink_driver_test.go: add test snippet
- overlord/devicestate: set up recovery system tasks when attempting
a remodel
- osutil,strutil,testutil: fix imports order (according to gci)
- release: merge 2.51.1 changelog
- cmd: fix imports order (according to gci)
- tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control
interface
- o/servicestate: move handlers tests to quota_handlers_test.go file
instead
- interfaces: add netlink-driver interface
- interfaces: remove leftover debug print
- systemd: refactor property parsers for int values in
CurrentTasksCount, etc.
- tests: fix debug section for postrm-purge test
- tests/many: change all cloud-init passwords for ubuntu to use
plain_test_passwd
- asserts,interfaces,snap: fix imports order (according to gci)
- o/servicestate/quota_control_test.go: test the handlers directly
- tests: fix issue when checking the udev tag on test security-
device-cgroups
- many: introduce Store.SnapExists and use it in
/v2/accessories/themes
- o/snapstate: update LastRefreshTime in doLinkSnap handler
- o/hookstate: handle snapctl refresh --proceed and --hold
- boot: fix model inconsistency check in modeenv, extend unit tests
- overlord/servicestate: improve test robustness with locking
- tests: first part of the cleanup
- tests: new note in HACKING file to clarify about
yamlordereddictloader dependency
- daemon: make CheckAccess return an apiError
- overlord: fix imports ordering (according to gci)
- o/servicestate: add quotastate handlers
- boot: track model's sign key ID, prepare infra for tracking
candidate model
- daemon: have apiBaseSuite.errorReq return *apiError directly
- o/servicestate/service_control.go: add comment about
ExplicitServices
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- daemon: split out error response code from response*.go to
errors*.go
- interfaces/dsp: fix typo in udev rule
- daemon,o/devicestate: have DeviceManager.SystemMode take an
expectation on the system
- o/snapstate: add helpers for setting and querying holding time for
snaps
- many: fix quota groups for centos 7, amazon linux 2 w/ workaround
for buggy systemd
- overlord/servicestate: mv ensureSnapServicesForGroup to new file
- overlord/snapstate: lock the mutex before returning from stop snap
services undo
- daemon: drop resp completely in favor of using respJSON
consistently
- overlord/devicestate: support for snap downloads in recovery
system handlers
- daemon: introduce a separate findResponse, simplify SyncRespone
and drop Meta
- overlord/snapstate, overlord/devicestate: exclusive change
conflict check
- wrappers, packaging, snap-mgmt: handle removing slices on purge
too
- services: remember if acting on the entire snap
- store: extend context and action objects of SnapAction with
validation-sets
- o/snapstate: refresh control - autorefresh phase2
- cmd/snap/quota: refactor quota CLI as per new design
- interfaces: opengl: change path for Xilinx zocl driver
- tests: update spread images for ubuntu-core-20 and ubuntu-21.04
- o/servicestate/quota_control_test.go: change helper escaping
- o/configstate/configcore: support snap set system swap.size=...
- o/devicestate: require serial assertion before remodeling can be
started
- systemd: improve systemctl error reporting
- tests/core/remodel: use model assertions signed with valid keys
- daemon: use apiError for more of the code
- store: fix typo in snapActionResult struct json tag
- userd: mock `systemd --version` in privilegedDesktopLauncherSuite
- packaging/fedora: sync with downstream packaging
- daemon/api_quotas.go: include current memory usage information in
results
- daemon: introduce StructuredResponse and apiError
- o/patch: check if we have snapd snap with correct snap type
already in snapstate
- tests/main/snapd-snap: build the snapd snap on all platforms with
lxd
- tests: new commands for snaps-state tool
- tests/main/snap-quota-groups: add functional spread test for quota
groups
- interfaces/dsp: add /dev/cavalry into dsp interface
- cmd/snap/cmd_info_test.go: make test robust against TZ changes
- tests: moving to tests directories snaps built locally - part 2
- usersession/userd: fix unit tests on systems using /var/lib/snapd
- sandbox/cgroup: wait for pid to be moved to the desired cgroup
- tests: fix snap-user-dir-perms-fixed vs format checks
- interfaces/desktop-launch: support confined snaps launching other
snaps
- features: enable dbus-activation by default
- usersession/autostart: change ~/snap perms to 0700 on startup
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid
- tests: new test static checker
- release-tool/changelog.py: misc fixes from real world usage
- release-tools/changelog.py: add function to generate github
release template
- spread, tests: Fedora 32 is EOL, drop it
- o/snapstate: bump max postponement from 60 to 95 days
- interfaces/apparmor: limit the number of jobs when running with a
single CPU
- packaging/fedora/snapd.spec: correct date format in changelog
- packaging: merge 2.51 changelog back to master
- packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs,
placeholder for 2.51
- interfaces: allow read access to /proc/tty/drivers to modem-
manager and ppp/dev/tty
-- Ian Johnson <ian.johnson@canonical.com> Fri, 03 Sep 2021 16:06:15 -0500
snapd (2.51.7) xenial; urgency=medium
* New upstream release, LP: #1929842
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix `bd730fd4`
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
-- Ian Johnson <ian.johnson@canonical.com> Fri, 27 Aug 2021 15:26:46 -0500
snapd (2.51.6) xenial; urgency=medium
* New upstream release, LP: #1929842
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
-- Ian Johnson <ian.johnson@canonical.com> Thu, 19 Aug 2021 15:49:47 -0500
snapd (2.51.5) xenial; urgency=medium
* New upstream release, LP: #1929842
- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust
test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date
format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as
an arg too
- interface/modem-manager: add support for MBIM/QMI proxy
clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
-- Ian Johnson <ian.johnson@canonical.com> Mon, 16 Aug 2021 15:02:40 -0500
snapd (2.51.4) xenial; urgency=medium
* New upstream release, LP: #1929842
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests/interfaces/tee: fix HasLen check for udev snippets
- interfaces/tee: add support for Qualcomm qseecom device node
- gadget: check for system-save with multi volumes if encrypting
correctly
- gadget: drive-by: drop unnecessary/supported passthrough in test
gadget.yaml
-- Ian Johnson <ian.johnson@canonical.com> Mon, 09 Aug 2021 18:56:18 -0500
snapd (2.51.3) xenial; urgency=medium
* New upstream release, LP: #1929842
- interfaces/builtin: add sd-control interface
- store: set ResponseHeaderTimeout on the default transport
-- Ian Johnson <ian.johnson@canonical.com> Wed, 14 Jul 2021 15:26:54 -0500
snapd (2.51.2) xenial; urgency=medium
* New upstream release, LP: #1929842
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid slow convergence (or unlikely cycles)
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config
- configcore: ignore system.pi-config.* setting on measured kernels
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/configstate/configcore: support snap set system swap.size=...
- store: make the log with download size a debug one
- interfaces/opengl: add support for Imagination PowerVR
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 07 Jul 2021 15:35:46 +0200
snapd (2.51.1) xenial; urgency=medium
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Jun 2021 12:45:08 +0200
snapd (2.51) xenial; urgency=medium
* New upstream release, LP: #1929842
- cmd/snap: stacktraces debug endpoint
- secboot: deactivate volume again when model checker fails
- store: extra log message, a few minor cleanups
- packaging/debian-sid: update systemd patch
- snapstate: adjust update-gadget-assets user visible message
- tests/nested/core/core20-create-recovery: verify that recovery
system can be created at runtime
- gadget: support creating vfat partitions during bootstrap
- daemon/api_quotas.go: support updating quotas with ensure action
- daemon: tighten access to a couple of POST endpoints that should
be really be root-only
- seed/seedtest, overlord/devicestate: move seed validation helper
to seedtest
- overlord/hookstate/ctlcmd: remove unneeded parameter
- snap/quota: add CurrentMemoryUsage for current memory usage of a
quota group
- systemd: add CurrentMemoryUsage to get current memory usage for a
unit
- o/snapstate: introduce minimalInstallInfo interface
- o/hookstate: print pending info (ready, inhibited or none)
- osutil: a helper to find out the total amount of memory in the
system
- overlord, overlord/devicestate: allow for reloading modeenv in
devicemgr when testing
- daemon: refine access testing
- spread: disable unattended-upgrades on debian
- tests/lib/reset: make nc exit after a while when connection is
idle
- daemon: replace access control flags on commands with access
checkers
- release-tools/changelog.py: refactor regexp + file reading/writing
- packaging/debian-sid: update locale patch for the latest master
- overlord/devicestate: tasks for creating recovery systems at
runtime
- release-tools/changelog.py: implement script to update all the
changelog files
- tests: change machine type used for nested testsPrices:
- cmd/snap: include locale when linting description being lower case
- o/servicestate: add RemoveSnapFromQuota
- interfaces/serial-port: add Qualcomm serial port devices to
allowed list
- packaging: merge 2.50.1 changelog back
- interfaces/builtin: introduce raw-input interface
- tests: remove tests.cleanup prepare from nested test
- cmd/snap-update-ns: fix linter errors
- asserts: fix errors reported by linter
- o/hookstate/ctlcmd: allow system-mode for non-root
- overlord/devicestate: comment why explicit system mode check is
needed in ensuring tried recovery systems (#10275)
- overlord/devicesate: observe snap writes when creating recovery
systems
- packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
- tests: moving to tests directories snaps built locally - part 1
- seed/seedwriter: fail early when system seed directory exists
- o/snapstate: autorefresh phase1 for refresh-control
- c/snap: more precise message for ErrorKindSystemRestart op !=
reboot
- tests: simplify the tests.cleanup tool
- boot: helpers for manipulating current and good recovery systems
list
- o/hookstate, o/snapstate: print revision, version, channel with
snapctl --pending
- overlord: unit test tweaks, use well known snap IDs, setup snap
declarations for most common snaps
- tests/nested/manual: add test for install-device + snapctl reboot
- o/servicestate: restart slices + services on modifications
- tests: update mount-ns test to support changes in the distro
- interfaces: fix linter issues
- overlord: mock logger in managers unit tests
- tests: adding support for fedora-34
- tests: adding support for debian 10 on gce
- boot: reseal given keys when the respective boot chain has changed
- secboot: switch encryption key size to 32 byte (thanks to Chris)
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- spread: bump delta reference version
- interfaces: builtin: update permitted paths to be compatible with
UC20
- overlord: fix errors reported by linter
- tests: remove old fedora systems from tests
- tests: update spread url
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/udisks2: Allow access to the login manager via dbus
- cmd/snap: exit normally if "snap changes" has no changes
(LP #1823974)
- tests: more fixes for spread suite on openSUSE
- tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
- daemon: fix linter errors
- spread: add Fedora 34, leave a TODO about dropping Fedora 32
- interfaces: fix linter errors
- tests: use op.paths tools instead of dirs.sh helper - part 2
- client: Fix linter errors
- cmd/snap: Fix errors reported by linter
- cmd/snap-repair: fix linter issues
- cmd/snap-bootstrap: Fix linter errors
- tests: update permission denied message for test-snapd-event on
ubuntu 2104
- cmd/snap: small tweaks based on previous reviews
- snap/snaptest: helper that mocks both the squashfs file and a snap
directory
- overlord/devicestate: tweak comment about creating recovery
systems, formatting tweaks
- overlord/devicestate: move devicemgr base suite helpers closer to
test suite struct
- overlord/devicestate: keep track of tried recovery system
- seed/seedwriter: clarify in the diagram when SetInfo is called
- overlord/devicestate: add helper for creating recovery systems at
runtime
- snap-seccomp: update syscalls.go list
- boot,image: support image.Customizations.BootFlags
- overlord: support snapctl --halt|--poweroff in gadget install-
device
- features,servicestate: add experimental.quota-groups flag
- o/servicestate: address comments from previous PR
- tests: basic spread test for snap quota commands
- tests: moving the snaps which are not locally built to the store
directory
- image,c/snap: implement prepare-image --customize
- daemon: implement REST API for quota groups (create / list / get)
- cmd/snap, client: snap quotas command
- o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
and snapctl system-mode
- o/servicestate/quota_control.go: introduce (very) basic group
manipulation methods
- cmd/snap, client: snap remove-quota command
- wrappers, quota: implement quota groups slice generation
- snap/quotas: followups from previous PR
- cmd/snap: introduce 'snap quota' command
- o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
uc20 run mode
- o/servicestate: test has internal ordering issues, consider both
cases
- o/servicestate/quotas: add functions for getting and setting
quotas in state
- tests: new buckets for snapd-spread project on gce
- spread.yaml: update the gce project to start using snapd-spread
- quota: new package for managing resource groups
- many: bind and check keys against models when using FDE hooks v2
- many: move responsibilities down seboot -> kernel/fde and boot ->
secboot
- packaging: add placeholder changelog
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
bug
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- many: hide EncryptionKey size and refactors for fde hook v2 next
steps
- tests: adding debug info for create user tests
- o/hookstate: add "refresh" command to snapctl (hidden, not
complete yet)
- systemd: wait for zfs mounts (LP #1922293)
- testutil: support referencing files in FileEquals checker
- many: refactor to kernel/fde and allow `fde-setup initial-setup`
to return json
- o/snapstate: store refresh-candidates in the state
- o/snapstate: helper for creating gate-auto-refresh hooks
- bootloader/bootloadertest: provide interface implementation as
mixins, provide a mock for recovery-aware-trusted-asses bootloader
- tests/lib/nested: do not compress images, return early when
restored from pristine image
- boot: split out a helper for making recovery system bootable
- tests: update os.query check to match new bullseye codename used
on sid images
- o/snapstate: helper for getting snaps affected by refresh, define
new hook
- wrappers: support in EnsureSnapServices a callback to observe
changes (#10176)
- gadget: multi line support in gadget's cmdline file
- daemon: test that requesting restart from (early) Ensure works
- tests: use op.paths tools instead of dirs.sh helper - part 1
- tests: add new command to snaps-state to get current core, kernel
and gadget
- boot, gadget: move opening the snap container into the gadget
helper
- tests, overlord: extend unit tests, extend spread tests to cover
full command line support
- interfaces/builtin: introduce dsp interface
- boot, bootloader, bootloader/assets: support for full command line
override from gadget
- overlord/devicestate, overlord/snapstate: add task for updating
kernel command lines from gadget
- o/snapstate: remove unused DeviceCtx argument of
ensureInstallPreconditions
- tests/lib/nested: proper status return for tpm/secure boot checks
- cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
- wrappers/services.go: refactor helper lambda function to separate
function
- boot/flags.go: add HostUbuntuDataForMode
- boot: handle updating of components that contribute to kernel
command line
- tests: add 20.04 to systems for nested/core
- daemon: add new accessChecker implementations
- boot, overlord/devicestate: consider gadget command lines when
updating boot config
- tests: fix prepare-image-grub-core18 for arm devices
- tests: fix gadget-kernel-refs-update-pc test on arm and when
$TRUST_TEST_KEY is false
- tests: enable help test for all the systems
- boot: set extra command line arguments when preparing run mode
- boot: load bits of kernel command line from gadget snaps
- tests: update layout for tests - part 2
- tests: update layout for tests - part 1
- tests: remove the snap profiler from the test suite
- boot: drop gadget snap yaml which is already defined elsewhere in
the tests
- boot: set extra kernel command line arguments when making a
recovery system bootable
- boot: pass gadget path to command line helpers, load gadget from
seed
- tests: new os.paths tool
- daemon: make ucrednetGet() return a *ucrednet structure
- boot: derive boot variables for kernel command lines
- cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
initramfs
-- Ian Johnson <ian.johnson@canonical.com> Thu, 27 May 2021 11:15:20 -0500
snapd (2.50.1) xenial; urgency=medium
* New upstream release, LP: #1926005
- interfaces: update permitted /lib/.. paths to be compatible with
UC20
- interfaces: builtin: update permitted paths to be compatible with
UC20
- interfaces/greengrass-support: delete white spaces at the end of
lines
- snap-seccomp: update syscalls.go list
- many: backport kernel command line for 2.50
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/builtin: introduce dsp interface
-- Ian Johnson <ian.johnson@canonical.com> Wed, 19 May 2021 10:46:02 -0500
snapd (2.50) xenial; urgency=medium
* New upstream release, LP: #1926005
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
- o/servicestate/servicemgr.go: add ensure loop for snap service
units
- wrappers/services.go: introduce EnsureSnapServices()
- snapstate: add "kernel-assets" to featureSet
- systemd: wait for zfs mounts
- overlord: make servicestate responsible to compute
SnapServiceOptions
- boot,tests: move where we write boot-flags one level up
- o/configstate: don't pass --root=/ when
masking/unmasking/enabling/disabling services
- cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
/run
- gadget: be more flexible with kernel content resolving
- boot, cmd/snap: include extra cmdline args in debug boot-vars
output
- boot: support read/writing boot-flags from userspace/initramfs
- interfaces/pwm: add PWM interface
- tests/lib/prepare-restore.sh: clean out snapd changes and snaps
before purging
- systemd: enrich UnitStatus returned by systemd.Status() with
Installed flag
- tests: updated restore phase of spread tests - part 1
- gadget: add support for kernel command line provided by the gadget
- tests: Using GO111MODULE: "off" in spread.yaml
- features: add gate-auto-refresh-hook feature flag
- spread: ignore linux kernel upgrade in early stages for arch
preparation
- tests: use snaps-state commands and remove them from the snaps
helper
- o/configstate: fix panic with a sequence of config unset ops over
same path
- api: provide meaningful error message on connect/disconnect for
non-installed snap
- interfaces/u2f-devices: add HyperFIDO Pro
- tests: add simple sanity check for systemctl show
--property=UnitFileState for unknown service
- tests: use tests.session tool on interfaces-desktop-document-
portal test
- wrappers: install D-Bus service activation files for snapd session
tools on core
- many: add x-gvfs-hide option to mount units
- interfaces/builtin/gpio_test.go: actually test the generated gpio
apparmor
- spread: tentative workaround for arch failure caused by libc
upgrade and cgroups v2
- tests: add spread test for snap validate against store assertions
- tests: remove snaps which are not used in any test
- ci: set the accept-existing-contributors parameter for the cla-
check action
- daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
some apiBaseSuite cosmetics)
- o/devicestate/devicemgr: register install-device hook, run if
present in install
- o/configstate/configcore: simple refactors in preparation for new
function
- tests: unifying the core20 nested suite with the core nested suite
- tests: uboot-unpacked-assets updated to reflect the real path used
to find the kernel
- daemon: switch api_test.go to daemon_test and various other
cleanups
- o/configstate/configcore/picfg.go: add hdmi_cvt support
- interfaces/apparmor: followup cleanups, comments and tweaks
- boot: cmd/snap-bootstrap: handle a candidate recovery system v2
- overlord/snapstate: skip catalog refresh when snappy testing is
enabled
- overlord/snapstate, overlord/ifacestate: move late security
profile removal to ifacestate
- snap-seccomp: fix seccomp test on ppc64el
- interfaces, interfaces/apparmor, overlord/snapstate: late removal
of snap-confine apparmor profiles
- cmd/snap-bootstrap/initramfs-mounts: move time forward using
assertion times
- tests: reset the system while preparing the test suite
- tests: fix snap-advise-command check for 429
- gadget: policy for gadget/kernel refreshes
- o/configstate: deal with no longer valid refresh.timer=managed
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- cla-check: Use has-signed-canonical-cla GitHub Action
- tests: validation sets spread test
- tests: simplify the reset.sh logic by removing not needed command
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
- tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
is base64
- o/devicestate: split off ensuring next boot goes to run mode into
new task
- tests: fix cgroup-tracking test
- boot: export helper for clearing tried system state, add tests
- cmd/snap: use less aggressive client timeouts in unit tests
- daemon: fix signing key validity timestamp in unit tests
- o/{device,hook}state: encode fde-setup-request key as base64
string
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- cmd/snap/pack: unhide the compression option
- boot: extend set try recovery system unit tests
- cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
secboot's implicit fallback
- o/configstate/configcore: add hdmi_timings to pi-config
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- interfaces/tee: add TEE/OPTEE interface
- o/snapstate: update validation sets assertions with auto-refresh
- vendor: update go-tpm2/secboot to latest version
- seed: ReadSystemEssentialAndBetterEarliestTime
- tests: replace while commands with the retry tool
- interfaces/builtin: update unit tests to use proper distro's
libexecdir
- tests: run the reset.sh helper and check test invariants while the
test is restored
- daemon: switch preexisting daemon_test tests to apiBaseSuite and
.req
- boot, o/devicestate: split makeBootable20 into two parts
- interfaces/docker-support: add autobind unix rules to docker-
support
- interfaces/apparmor: allow reading
/proc/sys/kernel/random/entropy_avail
- tests: use retry tool instead a loops
- tests/main/uc20-create-partitions: fix tests cleanup
- asserts: mode where Database only assumes cur time >= earliest
time
- daemon: validation sets/api tests cleanup
- tests: improve tests self documentation for nested test suite
- api: local assertion fallback when it's not in the store
- api: validation sets monitor mode
- tests: use fs-state tool in interfaces tests
- daemon: move out /v2/login|logout and errToResponse tests from
api_test.go
- boot: helper for inspecting the outcome of a recovery system try
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- tests: update documentation and checks for interfaces tests
- snap-seccomp: add new `close_range` syscall
- boot: revert #10009
- gadget: remove `device-tree{,-origin}` from gadget tests
- boot: simplify systems test setup
- image: write resolved-content from snap prepare-image
- boot: reseal the run key for all recovery systems, but recovery
keys only for the good ones
- interfaces/builtin/network-setup-{control,observe}: allow using
netplan directly
- tests: improve sections prepare and restore - part 1
- tests: update details on task.yaml files
- tests: revert os.query usage in spread.yaml
- boot: export bootAssetsMap as AssetsMap
- tests/lib/prepare: fix repacking of the UC20 kernel snap for with
ubuntu-core-initramfs 40
- client: protect against reading too much data from stdin
- tests: improve tests documentation - part 2
- boot: helper for setting up a try recover system
- tests: improve tests documentation - part 1
- tests/unit/go: use tests.session wrapper for running tests as a
user
- tests: improvements for snap-seccomp-syscalls
- gadget: simplify filterUpdate (thanks to Maciej)
- tests/lib/prepare.sh: use /etc/group and friends from the core20
snap
- tests: fix tumbleweed spread tests part 2
- tests: use new commands of os.query tool on tests
- o/snapshotstate: create snapshots directory on import
- tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
- packaging: drop 99-snapd.conf via dpkg-maintscript-helper
- osutil: add SetTime() w/ 32-bit and 64-bit implementations
- interfaces/wayland: rm Xwayland Xauth file access from wayland
slot
- packaging/ubuntu-16.04/rules: turn modules off explicitly
- gadget,devicestate: perform kernel asset update for $kernel: style
refs
- cmd/recovery: small fix for `snap recovery` tab output
- bootloader/lkenv: add recovery systems related variables
- tests: fix new tumbleweed image
- boot: fix typo, should be systems
- o/devicestate: test that users.create.automatic is configured
early
- asserts: use Fetcher in AddSequenceToUpdate
- daemon,o/c/configcore: introduce users.create.automatic
- client, o/servicestate: expose enabled state of user daemons
- boot: helper for checking and marking tried recovery system status
from initramfs
- asserts: pool changes for validation-sets (#9930)
- daemon: move the last api_foo_test.go to daemon_test
- asserts: include the assertion timestamp in error message when
outside of signing key validity range
- ovelord/snapshotstate: keep a few of the last line tar prints
before failing
- gadget/many: rm, delay sector size + structure size checks to
runtime
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- mkversion: check that version from changelog is set before
overriding the output version
- many: fix new ineffassign warnings
- .github/workflows/labeler.yaml: try work-around to not sync
labels
- cmd/snap, boot: add debug set-boot-vars
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- tests/main/snap-repair: test running repair assertion w/ fakestore
- tests: disable lxd tests for 21.04 until the lxd images are
published for the system
- tests/regression/lp-1910456: cleanup the /snap symlink when done
- daemon: move single snap querying and ops to api_snaps.go
- tests: fix for preseed and dbus tests on 21.04
- overlord/snapshotstate: include the last message printed by tar in
the error
- interfaces/system-observe: Allow reading /proc/zoneinfo
- interfaces: remove apparmor downgrade feature
- snap: fix unit tests on Go 1.16
- spread: disable Go modules support in environment
- tests: use new path to find kernel.img in uc20 for arm devices
- tests: find files before using cat command when checking broadcom-
asic-control interface
- boot: introduce good recovery systems, provide compatibility
handling
- overlord: add manager gadget refresh test
- tests/lib/fakestore: support repair assertions too
- github: temporarily disable action labeler due to issues with
labels being removed
- o/devicestate,many: introduce DeviceManager.preloadGadget for
EarlyConfig
- tests: enable ubuntu 21.04 for spread tests
- snap: provide a useful error message if gdbserver is not installed
- data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
- tests/lib/prepare.sh: split reflash.sh into two parts
- packaging/opensuse: sync with openSUSE packaging
- packaging: disable Go modules in snapd.mk
- snap: add deprecation noticed to "snap run --gdb"
- daemon: add API for checking and installing available theme snaps
- tests: using labeler action to add automatically a label to run
nested tests
- gadget: improve error handling around resolving content sources
- asserts: repeat the authority cross-check in CheckSignature as
well
- interfaces/seccomp/template.go: allow copy_file_range
- o/snapstate/check_snap.go: add support for many subversions in
assumes snapdX..
- daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
- wrappers: use proper paths for mocked mount units in tests
- snap: rename gdbserver option to `snap run --gdbserver`
- store: support validation sets with fetch-assertions action
- snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
- packaging/fedora: sync with downstream packaging in Fedora
- many: add Delegate=true to generated systemd units for special
interfaces (master)
- boot: use a common helper for mocking boot assets in cache
- api: validate snaps against validation set assert from the store
- wrappers: don't generate an [Install] section for timer or dbus
activated services
- tests/nested/core20/boot-config-update: skip when snapd was not
built with test features
- o/configstate,o/devicestate: introduce devicestate.EarlyConfig
implemented by configstate.EarlyConfig
- cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
- interfaces/builtin: mock distribution in fontconfig cache unit
tests
- tests/lib/prepare.sh: add another console= to the reflash magic
grub entry
- overlord/servicestate: expose dbus activators of a service
- desktop/notification: test against a real session bus and
notification server implementation
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- HACKING.md: explain how to run UC20 spread tests with QEMU
- asserts: introduce AtSequence
- overlord/devicestate: task for updating boot configs, spread test
- gadget: fix documentation/typos
- gadget: cleanup MountedFilesystem{Writer,Updater}
- gadget: use ResolvedSource in MountedFilesystemWriter
- snap/info.go: add doc-comment for SortServices
- interfaces: add an optional mount-host-font-cache plug attribute
to the desktop interface
- osutil: skip TestReadBuildGo inside sbuild
- o/hookstate/ctlcmd: add optional --pid and --apparmor-label
arguments to "snapctl is-connected"
- data/env/snapd: use quoting in case PATH contains spaces
- boot: do not observe successful boot assets if not in run mode
- tests: fix umount for snapd snap on fsck-on-boot testumount:
/run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
- misc: little tweaks
- snap/info.go: ignore unknown daemons in SortSnapServices
- devicestate: keep log from install-mode on installed system
- seed: add LoadEssentialMeta to seed16 and allow all of its
implementations to be called multiple times
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- tests/core/uc20-recovery: move recover mode helpers to generic
testslib script
- interfaces/fwupd: allow any distros to access fw files via fwupd
- store: method for fetching validation set assertion
- store: switch to v2/assertions api
- gadget: add new ResolvedContent and populate from LayoutVolume()
- spread: use full format when listing processes
- osutil/many: make all test pkgs osutil_test instead of "osutil"
- tests/unit/go: drop unused environment variables, skip coverage
- OpenGL interface: Support more Tegra libs
- gadget,overlord: pass kernelRoot to install.Run()
- tests: run unit tests in Focal instead of Xenial
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- daemon: move query /snaps/<name> tests to api_snaps_test.go
- cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
runner
- systemd/systemd.go: support journald JSON messages with arrays for
values
- cmd: make string/error code more robust against errno leaking
- github, run-checks: do not collect coverage data on subsequent
test runs
- boot: boot config update & reseal
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- osutil/stat.go: add RegularFileExists
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
- tests: use 6 spread workers for centos8
- bootloader/assets: support injecting bootloader assets in testing
builds of snapd
- gadget: enable multi-volume uc20 gadgets in
LaidOutSystemVolumeFromGadget; rename too
- overlord/devicestate, sysconfig: do nothing when cloud-init is not
present
- cmd/snap-repair: filter repair assertions based on bases + modes
- snap-confine: make host /etc/ssl available for snaps on classic
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 24 Apr 2021 12:17:45 +0200
snapd (2.49.2) xenial; urgency=medium
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 26 Mar 2021 16:49:46 +0100
snapd (2.49.1) xenial; urgency=medium
* New upstream release, LP: #1915248
- tests: turn modules off explicitly in spread go unti test
- o/snapshotstate: create snapshots directory on import
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- many: fix new ineffassign warnings
- interfaces/seccomp/template.go: allow copy_file_range
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- data/selinux: allow system dbus to watch
/var/lib/snapd/dbus-1
- Remove apparmor downgrade feature
- Support tmp and log dirs on Yocto/Poky
-- Michael Vogt <michael.vogt@ubuntu.com> Mon, 08 Mar 2021 10:47:30 +0100
snapd (2.49) xenial; urgency=medium
* New upstream release, LP: #1915248
- many: add Delegate=true to generated systemd units for special
interfaces
- cmd/snap-bootstrap: rename ModeenvFromModel to
EphemeralModeenvForModel
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- osutil: skip TestReadBuildGo inside sbuild
- tests: fix umount for snapd snap on fsck-on-boot test
- snap/info_test.go: add unit test cases for bug
- tests/main/services-after-before: add regression spread test
- snap/info.go: ignore unknown daemons in SortSnapServices
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- OpenGL interface: Support more Tegra libs
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- cmd: make string/error code more robust against errno leaking
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- tests: update test pkg for fedora and centos
- gadget: pass sector size in to mkfs family of functions, use to
select block sz
- o/snapshotstate: fix returning of snap names when duplicated
snapshot is detected
- tests/main/snap-network-errors: skip flushing dns cache on
centos-7
- interfaces/builtin: Allow DBus property access on
org.freedesktop.Notifications
- cgroup-support.c: fix link to CGROUP DELEGATION
- osutil: update go-udev package
- packaging: fix arch-indep build on debian-sid
- {,sec}boot: pass "key-name" to the FDE hooks
- asserts: sort by revision with Sort interface
- gadget: add gadget.ResolveContentPaths()
- cmd/snap-repair: save base snap and mode in device info; other
misc cleanups
- tests: cleanup the run-checks script
- asserts: snapasserts method to validate installed snaps against
validation sets
- tests: normalize test tools - part 1
- snapshotstate: detect duplicated snapshot imports
- interfaces/builtin: fix unit test expecting snap-device-helper at
/usr/lib/snapd
- tests: apply workaround done for snap-advise-command to apt-hooks
test
- tests: skip main part of snap-advise test if 429 error is
encountered
- many: clarify gadget role-usage consistency checks for UC16/18 vs
UC20
- sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
broken tests on sid
- interfaces/builtin: more drive by fixes, import ordering, removing
dead code
- tests: skip interfaces-openvswitch spread test on debian sid
- interfaces/apparmor: drive by comment fix
- cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
usage
- cmd/libsnap-confine-private: make unit tests execute happily in a
container
- interfaces, wrappers: misc comment fixes, etc.
- asserts/repair.go: add "bases" and "modes" support to the repair
assertion
- interfaces/opengl: allow RPi MMAL video decoding
- snap: skip help output tests for go-flags v1.4.0
- gadget: add validation for "$kernel:ref" style content
- packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
containers
- spdx: update to SPDX license list version: 3.11 2020-11-25
- tests: improve hotplug test setup on classic
- tests: update check to verify is the current system is arm
- tests: use os-query tool to check debian, trusty and tumbleweed
- daemon: start moving implementation to api_snaps.go
- tests/main/snap-validate-basic: disable test on Fedora due to go-
flags panics
- tests: fix library path used for tests.pkgs
- tests/main/cohorts: replace yq with a Python snippet
- run-checks: update to match new argument syntax of ineffassign
- tests: use apiBaseSuite for snapshots tests, fix import endpoint
path
- many: separate consistency/content validation into
gadget.Validate|Content
- o/{device,snap}state: enable devmode snaps with dangerous model
assertions
secboot: add test for when systemd-run does not honor
RuntimeMaxSec
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- o/daemon: validation sets api and basic spread test
- gadget: move BuildPartitionList to install and make it unexported
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- tests: add os query commands for subsystems and architectures
- o/snapshotstate: don't set auto flag in the snapshot file
- tests: use os.query tool instead of comparing the system var
- testutil: use the original environment when calling shellcheck
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
instead set the implicit labels when loading the yaml
- secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
key
- gadget/quantity: introduce Offset, start using it for offset
related fields in the gadget
- gadget: use "sealed-keys" to determine what method to use for
reseal
- tests/main/fake-netplan-apply: disable test on xenial for now
- daemon: start splitting snaps op tests out of api_test.go
- testutil: make DBusTest use a custom bus configuration file
- tests: replace pkgdb.sh (library) with tests.pkgs (program)
- gadget: prepare gadget kernel refs (0/N)
- interfaces/builtin/docker-support: allow /run/containerd/s/...
- cmd/snap-preseed: reset run inhibit locks on --reset.
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- daemon: reorg snap.go and split out sections and icons support
from api.go
- sandbox/seccomp: use snap-seccomp's stdout for getting version
info
- daemon: split find support to its own api_*.go files and move some
helpers
- tests: move snapstate config defaults tests to a separate file.
- bootloader/{lk,lkenv}: followups from #9695
- daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
- gadget,o/devicestate: set implicit values for schema and role
directly instead of relying on Effective* accessors
- daemon: split aliases support to its own api_*.go files
- gadget: start separating rule/convention validation from basic
soundness
- cmd/snap-update-ns: add better unit test for overname sorting
- secboot: use `fde-reveal-key` if available to unseal key
- tests: fix lp-1899664 test when snapd_x1 is not installed in the
system
- tests: fix the scenario when the "$SRC".orig file does not exist
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- devicestate: add runFDESetupHook() helper
- bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
structs
- daemon: split unsupported buy implementation to its own api_*.go
files
- tests: download timeout spread test
- gadget,o/devicestate: hybrid 18->20 ready volume setups should be
valid
- o/devicestate: save model with serial in the device save db
- bootloader: add check for prepare-image time and more tests
validating options
- interfaces/builtin/log_observe.go: allow controlling apparmor
audit levels
- hookstate: refactor around EphemeralRunHook
- cmd/snap: implement 'snap validate' command
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- boot: observe successful command line update, provide a default
- tests: New queries for the os tools
- bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
as path+"bak"
- osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
iface
- daemon: split out snapctl support and snap configuration support
to their own api_*.go files
- snapshotstate: improve handling of multiple errors
- tests: sign new nested-18|20* models to allow for generic serials
- bootloader: remove installableBootloader interface and methods
- seed: cleanup/drop some no longer valid TODOS, clarify some other
points
- boot: set kernel command line in modeenv during install
- many: rename disks.FindMatching... to FindMatching...WithFsLabel
and err type
- cmd/snap: suppress a case of spurious stdout logging from tests
- hookstate: add new HookManager.EphemeralRunHook()
- daemon: move some more api tests from daemon to daemon_test
- daemon: split apps and logs endpoints to api_apps.go and tests
- interfaces/utf: Add Ledger to U2F devices
- seed/seedwriter: consider modes when checking for deps
availability
- o/devicestate,daemon: fix reboot system action to not require a
system label
- cmd/snap-repair,store: increase initial retry time intervals,
stalling TODOs
- daemon: split interfacesCmd to api_interfaces.go
- github: run nested suite when commit is pushed to release branch
- client: reduce again the /v2/system-info timeout
- tests: reset fakestore unit status
- update-pot: fix typo in plural keyword spec
- tests: remove workarounds that add "ubuntu-save" if missing
- tests: add unit test for auto-refresh with validate-snap failure
- osutil: add helper for getting the kernel command line
- tests/main/uc20-create-partitions: verify ubuntu-save encryption
keys, tweak not MATCH
- boot: add kernel command lines to the modeenv file
- spread: bump delta ref, tweak repacking to make smaller delta
archives
- bootloader/lkenv: add v2 struct + support using it
- snapshotstate: add cleanup of abandonded snapshot imports
- tests: fix uc20-create-parition-* tests for updated gadget
- daemon: split out /v2/interfaces tests to api_interfaces_test.go
- hookstate: implement snapctl fde-setup-{request,result}
- wrappers, o/devicestate: remove EnableSnapServices
- tests: enable nested on 20.10
- daemon: simplify test helpers Get|PostReq into Req
- daemon: move general api to api_general*.go
- devicestate: make checkEncryption fde-setup hook aware
- client/snapctl, store: fix typos
- tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
before doing apt ops
- cmd/snap-bootstrap: update model cross-check considerations
- client,snapctl: add naive support for "stdin"
- many: add new "install-mode: disable" option
- osutil/disks: allow building on mac os
- data/selinux: update the policy to allow operations on non-tmpfs
/tmp
- boot: add helper for generating candidate kernel lines for
recovery system
- wrappers: generate D-Bus service activation files
- bootloader/many: rm ConfigFile, add Present for indicating
presence of bloader
- osutil/disks: allow mocking DiskFromDeviceName
- daemon: start cleaning up api tests
- packaging/arch: sync with AUR packaging
- bootloader: indicate when boot config was updated
- tests: Fix snap-debug-bootvars test to make it work on arm devices
and core18
- tests/nested/manual/core20-save: verify handling of ubuntu-save
with different system variants
- snap: use the boot-base for kernel hooks
- devicestate: support "storage-safety" defaults during install
- bootloader/lkenv: mv v1 to separate file,
include/lk/snappy_boot_v1.h: little fixups
- interfaces/fpga: add fpga interface
- store: download timeout
- vendor: update secboot repo to avoid including secboot.test binary
- osutil: add KernelCommandLineKeyValue
- gadget/gadget.go: allow system-recovery-{image,select} as roles in
gadget.yaml
- devicestate: implement boot.HasFDESetupHook
- osutil/disks: add DiskFromName to get a disk using a udev name
- usersession/agent: have session agent connect to the D-Bus session
bus
- o/servicestate: preserve order of services on snap restart
- o/servicestate: unlock state before calling wrappers in
doServiceControl
- spread: disable unattended-upgrades on ubuntu
- tests: testing new fedora 33 image
- tests: fix fsck on boot on arm devices
- tests: skip boot state test on arm devices
- tests: updated the systems to run prepare-image-grub test
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- tests: unmount /boot/efi in fsck-on-boot test
- strutil/shlex,osutil/udev/netlink: minimally import go-check
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- tests/many: enable some uc20 tests, delete old unneeded tests or
TODOs
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- tests: migrate test from boot.sh helper to boot-state tool
- asserts: implement "storage-safety" in uc20 model assertion
- bootloader: use ForGadget when installing boot config
- spread: UC20 no longer needs 2GB of mem
- cmd/snap-confine: implement snap-device-helper internally
- bootloader/grub: replace old reference to Managed...Blr... with
Trusted...Blr...
- cmd/snap-bootstrap: add readme for snap-bootstrap + real state
diagram
- interfaces: fix greengrass attr namingThe flavor attribute names
are now as follows:
- tests/lib/nested: poke the API to get the snap revisions
- tests: compare options of mount units created by snapd and snapd-
generator
- o/snapstate,servicestate: use service-control task for service
actions
- sandbox: track applications unconditionally
- interfaces/greengrass-support: add additional "process" flavor for
1.11 update
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 10 Feb 2021 10:47:17 +0100
snapd (2.48.2) xenial; urgency=medium
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 15 Dec 2020 20:21:44 +0100
snapd (2.48.1) xenial; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 03 Dec 2020 17:43:30 +0100
snapd (2.48) xenial; urgency=medium
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 19 Nov 2020 17:51:02 +0100
snapd (2.47.1) xenial; urgency=medium
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 08 Oct 2020 09:30:44 +0200
snapd (2.47) xenial; urgency=medium
* New upstream release, LP: #1895929
- tests: fix nested core20 shellcheck bug
- many/apparmor: adjust rule for reading apparmor profile for new
kernel
- snap-repair: add uc20 support
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- gadget: resolve device mapper devices for fallback device lookup
- secboot: add boot manager profile to pcr protection profile
- sysconfig,o/devicestate: mv DisableNoCloud to
DisableAfterLocalDatasourcesRun
- tests: make gadget-reseal more robust
- tests: skip nested images pre-configuration by default
- tests: fix for basic20 test running on external backend and rpi
- tests: improve kernel reseal test
- boot: adjust comments, naming, log success around reseal
- tests/nested, fakestore: changes necessary to run nested uc20
signed/secured tests
- tests: add nested core20 gadget reseal test
- boot/modeenv: track unknown keys in Read and put back into modeenv
during Write
- interfaces/process-control: add sched_setattr to seccomp
- boot: with unasserted kernels reseal if there's a hint modeenv
changed
- client: bump the default request timeout to 120s
- configcore: do not error in console-conf.disable for install mode
- boot: streamline bootstate20.go reseal and tests changes
- boot: reseal when changing kernel
- cmd/snap/model: specify grade in the model command output
- tests: simplify
repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
- test: improve logging in nested tests
- nested: add support to telnet to serial port in nested VM
- secboot: use the snapcore/secboot native recovery key type
- tests/lib/nested.sh: use more focused cloud-init config for uc20
- tests/lib/nested.sh: wait for the tpm socket to exist
- spread.yaml, tests/nested: misc changes
- tests: add more checks to disk space awareness spread test
- tests: disk space awareness spread test
- boot: make MockUC20Device use a model and MockDevice more
realistic
- boot,many: reseal only when meaningful and necessary
- tests/nested/core20/kernel-failover: add test for failed refresh
of uc20 kernel
- tests: fix nested to work with qemu and kvm
- boot: reseal when updating boot assets
- tests: fix snap-routime-portal-info test
- boot: verify boot chain file in seal and reseal tests
- tests: use full path to test-snapd-refresh.version binary
- boot: store boot chains during install, helper for checking
whether reseal is needed
- boot: add call to reseal an existing key
- boot: consider boot chains with unrevisioned kernels incomparable
- overlord: assorted typos and miscellaneous changes
- boot: group SealKeyModelParams by model, improve testing
- secboot: adjust parameters to buildPCRProtectionProfile
- strutil: add SortedListsUniqueMergefrom the doc comment:
- snap/naming: upgrade TODO to TODO:UC20
- secboot: add call to reseal an existing key
- boot: in seal.go adjust error message and function names
- o/snapstate: check available disk space in RemoveMany
- boot: build bootchains data for sealing
- tests: remove "set -e" from function only shell libs
- o/snapstate: disk space check on UpdateMany
- o/snapstate: disk space check with snap update
- snap: implement new `snap reboot` command
- boot: do not reorder boot assets when generating predictable boot
chains and other small tweaks
- tests: some fixes and improvements for nested execution
- tests/core/uc20-recovery: fix check for at least specific calls to
mock-shutdown
- boot: be consistent using bootloader.Role* consts instead of
strings
- boot: helper for generating secboot load chains from a given boot
asset sequence
- boot: tweak boot chains to support a list of kernel command lines,
keep track of model and kernel boot file
- boot,secboot: switch to expose and use snapcore/secboot load event
trees
- tests: use `nested_exec` in core{20,}-early-config test
- devicestate: enable cloud-init on uc20 for grade signed and
secured
- boot: add "rootdir" to baseBootenvSuite and use in tests
- tests/lib/cla_check.py: don't allow users.noreply.github.com
commits to pass CLA
- boot: represent boot chains, helpers for marshalling and
equivalence checks
- boot: mark successful with boot assets
- client, api: handle insufficient space error
- o/snapstate: disk space check with single snap install
- configcore: "service.console-conf.disable" is gadget defaults only
- packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
AppArmor profile path
- tests: skip udp protocol in nfs-support test on ubuntu-20.10
- packaging/debian-sid: tweak code preparing _build tree
- many: move seal code from gadget/install to boot
- tests: remove workaround for cups on ubuntu-20.10
- client: implement RebootToSystem
- many: seed.Model panics now if called before LoadAssertions
- daemon: add /v2/systems "reboot" action API
- github: run tests also on push to release branches
- interfaces/bluez: let slot access audio streams
- seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
new seed.ReadSystemEssential
- interfaces: allow snap-update-ns to read /proc/cmdline
- tests: new organization for nested tests
- o/snapstate, features: add feature flags for disk space awareness
- tests: workaround for cups issue on 20.10 where default printer is
not configured.
- interfaces: update cups-control and add cups for providing snaps
- boot: keep track of the original asset when observing updates
- tests: simplify and fix tests for disk space checks on snap remove
- sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
cloud.conf
- tests/main: mv core specific tests to core suite
- tests/lib/nested.sh: reset the TPM when we create the uc20 vm
- devicestate: rename "mockLogger" to "logbuf"
- many: introduce ContentChange for tracking gadget content in
observers
- many: fix partion vs partition typo
- bootloader: retrieve boot chains from bootloader
- devicestate: add tests around logging in RequestSystemAction
- boot: handle canceled update
- bootloader: tweak doc comments (thanks Samuele)
- seed/seedwriter: test local asserted snaps with UC20 grade signed
- sysconfig/cloudinit.go: add DisableNoCloud to
CloudInitRestrictOptions
- many: use BootFile type in load sequences
- boot,bootloader: clarifications after the changes to introduce
bootloader.Options.Role
- boot,bootloader,gadget: apply new bootloader.Options.Role
- o/snapstate, features: add feature flag for disk space check on
remove
- testutil: add checkers for symbolic link target
- many: refactor tpm seal parameter setting
- boot/bootstate20: reboot to rollback to previous kernel
- boot: add unit test helpers
- boot: observe update & rollback of trusted assets
- interfaces/utf: Add MIRKey to u2f devices
- o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
cloud-init tests
- many: check that users of BaseTest don't forget to consume
cleanups
- tests/nested/core20/tpm: verify trusted boot assets tracking
- github: run macOS job with Go 1.14
- many: misc doc-comment changes and typo fixes
- o/snapstate: disk space check with InstallMany
- many: cloud-init cleanups from previous PR's
- tests: running tests on opensuse leap 15.2
- run-checks: check for dirty build tree too
- vendor: run ./get-deps.sh to update the secboot hash
- tests: update listing test for "-dirty" versions
- overlord/devicestate: do not release the state lock when updating
gadget assets
- secboot: read kernel efi image from snap file
- snap: add size to the random access file return interface
- daemon: correctly parse Content-Type HTTP header.
- tests: account for apt-get on core18
- cmd/snap-bootstrap/initramfs-mounts: compute string outside of
loop
- mkversion.sh: simple hack to include dirty in version if the tree
is dirty
- cgroup,snap: track hooks on system bus only
- interfaces/systemd: compare dereferenced Service
- run-checks: only check files in git for misspelling
- osutil: add a package doc comment (via doc.go)
- boot: complain about reused asset name during initial install
- snapstate: installSize helper that calculates total size of snaps
and their prerequisites
- snapshots: export of snapshots
- boot/initramfs_test.go: reset boot vars on the bootloader for each
iteration
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 29 Sep 2020 17:19:13 +0200
snapd (2.46.1) xenial; urgency=medium
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 04 Sep 2020 17:42:54 +0200
snapd (2.46) xenial; urgency=medium
* New upstream release, LP: #1891134
- logger: add support for setting snapd.debug=1 on kernel cmdline
- o/snapstate: check disk space before creating automatic snapshot
on remove
- boot, o/devicestate: observe existing recovery bootloader trusted
boot assets
- many: use transient scope for tracking apps and hooks
- features: add HiddenSnapFolder feature flag
- tests/lib/nested.sh: fix partition typo, unmount the image on uc20
too
- runinhibit: open the lock file in read-only mode in IsLocked
- cmd/s-b/initramfs-mounts: make recover -> run mode transition
automatic
- tests: update spread test for unknown plug/slot with snapctl is-
connected
- osutil: add OpenExistingLockForReading
- kernel: add kernel.Validate()
- interfaces: add vcio interface
- interfaces/{docker,kubernetes}-support: load overlay and support
systemd cgroup driver
- tests/lib/nested.sh: use more robust code for finding what loop
dev we mounted
- cmd/snap-update-ns: detach all bind-mounted file
- snap/snapenv: set SNAP_REAL_HOME
- packaging: umount /snap on purge in containers
- interfaces: misc policy updates xlvi
- secboot,cmd/snap-bootstrap: cross-check partitions before
unlocking, mounting
- boot: copy boot assets cache to new root
- gadget,kernel: add new kernel.{Info,Asset} struct and helpers
- o/hookstate/ctlcmd: make is-connected check whether the plug or
slot exists
- tests: find -ignore_readdir_race when scanning cgroups
- interfaces/many: deny arbitrary desktop files and misc from
/usr/share
- tests: use "set -ex" in prep-snapd-in-lxd.sh
- tests: re-enable udisks test on debian-sid
- cmd/snapd-generator: use PATH fallback if PATH is not set
- tests: disable udisks2 test on arch linux
- github: use latest/stable go, not latest/edge
- tests: remove support for ubuntu 19.10 from spread tests
- tests: fix lxd test wrongly tracking 'latest'
- secboot: document exported functions
- cmd: compile snap gdbserver shim correctly
- many: correctly calculate the desktop file prefix everywhere
- interfaces: add kernel-crypto-api interface
- corecfg: add "system.timezone" setting to the system settings
- cmd/snapd-generator: generate drop-in to use fuse in container
- cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
from previous PR
- interfaces/many: miscellaneous updates for strict microk8s
- secboot,cmd/snap-bootstrap: don't import boot package from secboot
- cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
the-tool
- tests: work around broken update of systemd-networkd
- tests/main/install-fontconfig-cache-gen: enhance test by
verifying, add fonts to test
- o/devicestate: wrap asset update observer error
- boot: refactor such that bootStateUpdate20 mainly carries Modeenv
- mkversion.sh: disallow changelog versions that have git in it, if
we also have git version
- interfaces/many: miscellaneous updates for strict microk8s
- snap: fix repeated "cannot list recovery system" and add test
- boot: track trusted assets during initial install, assets cache
- vendor: update secboot to fix key data validation
- tests: unmount FUSE file-systems from XDG runtime dir
- overlord/devicestate: workaround non-nil interface with nil struct
- sandbox/cgroup: remove temporary workaround for multiple cgroup
writers
- sandbox/cgroup: detect dangling v2 cgroup
- bootloader: add helper for creating a bootloader based on gadget
- tests: support different images on nested execution
- many: reorg cmd/snapinfo.go into snap and new client/clientutil
- packaging/arch: use external linker when building statically
- tests: cope with ghost cgroupv2
- tests: fix issues related to restarting systemd-logind.service
- boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
gadget updates
- vendor: update github.com/kr/pretty to fix diffs of values with
pointer cycles
- boot: move bootloaderKernelState20 impls to separate file
- .github/workflows: move snap building to test.yaml as separate
cached job
- tests/nested/manual/minimal-smoke: run core smoke tests in a VM
meeting minimal requirements
- osutil: add CommitAs to atomic file
- gadget: introduce content update observer
- bootloader: introduce TrustedAssetsBootloader, implement for grub
- o/snapshotstate: helpers for calculating disk space needed for an
automatic snapshot
- gadget/install: retrieve command lines from bootloader
- boot/bootstate20: unify commit method impls, rm
bootState20MarkSuccessful
- tests: add system information and image information when debug
info is displayed
- tests/main/cgroup-tracking: try to collect some information about
cgroups
- boot: introduce current_boot_assets and
current_recovery_boot_assets to modeenv
- tests: fix for timing issues on journal-state test
- many: remove usage and creation of hijacked pid cgroup
- tests: port regression-home-snap-root-owned to tests.session
- tests: run as hightest via tests.session
- github: run CLA checks on self-hosted workers
- github: remove Ubuntu 19.10 from actions workflow
- tests: remove End-Of-Life opensuse/fedora releases
- tests: remove End-Of-Life releases from spread.yaml
- tests: fix debug section of appstream-id test
- interfaces: check !b.preseed earlier
- tests: work around bug in systemd/debian
- boot: add deepEqual, Copy helpers for Modeenv to simplify
bootstate20 refactor
- cmd: add new "snap recovery" command
- interfaces/systemd: use emulation mode when preseeding
- interfaces/kmod: don't load kernel modules in kmod backend when
preseeding
- interfaces/udev: do not reload udevadm rules when preseeding
- cmd/snap-preseed: use snapd from the deb if newer than from seeds
- boot: fancy marshaller for modeenv values
- gadget, osutil: use atomic file copy, adjust tests
- overlord: use new tracking cgroup for refresh app awareness
- github: do not skip gofmt with Go 1.9/1.10
- many: introduce content write observer, install mode glue, initial
seal stubs
- daemon,many: switch to use client.ErrorKind and drop the local
errorKind...
- tests: new parameters for nested execution
- client: move all error kinds into errors.go and add doc strings
- cmd/snap: display the error in snap debug seeding if seeding is in
error
- cmd/snap/debug/seeding: use unicode for proper yaml
- tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
recovery_mode
- osutil/disks: add mock disk and tests for happy path of mock disks
- tests: refresh/revert snapd in uc20
- osutil/disks: use a dedicated error to indicate a fs label wasn't
found
- interfaces/system-key: in WriteSystemKey during tests, don't call
ParserFeatures
- boot: add current recovery systems to modeenv
- bootloader: extend managed assets bootloader interface to compose
a candidate command line
- interfaces: make the unmarshal test match more the comment
- daemon/api: use pointers to time.Time for debug seeding aspect
- o/ifacestate: update security profiles in connect undo handler
- interfaces: add uinput interface
- cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
tests
- o/devicestate: save seeding/preseeding times for use with debug
seeding api
- cmd/snap/debug: add "snap debug seeding" command for preseeding
debugging
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
- bootloader: compose command line with mode and extra arguments
- cmd/snap, daemon: detect and bail purge on multi-snap
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- interfaces/builtin/multipass: replace U+00A0 no-break space with
simple space
- bootloader/assets: generate bootloader assets from files
- many/tests/preseed: reset the preseeded images before preseeding
them
- tests: drop accidental accents from e
- secboot: improve key sealing tests
- tests: replace _wait_for_file_change with retry
- tests: new fs-state which replaces the files.sh helper
- sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
from path
- cmd/snap: track started apps and hooks
- tests/main/interfaces-pulseaudio: disable start limit checking for
pulseaudio service
- api: seeding debug api
- .github/workflows/snap-build.yaml: build the snapd snap via GH
Actions too
- tests: moving journalctl.sh to a new journal-state tool
- tests/nested/manual: add spread tests for cloud-init vuln
- bootloader/assets: helpers for registering per-edition snippets,
register snippets for grub
- data,packaging,wrappers: extend D-Bus service activation search
path
- spread: add opensuse 15.2 and tumbleweed for qemu
- overlord,o/devicestate: restrict cloud-init on Ubuntu Core
- sysconfig/cloudinit: add RestrictCloudInit
- cmd/snap-preseed: check that target path exists and is a directory
on --reset
- tests: check for pids correctly
- gadget,gadget/install: refactor partition table update
- sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
type
- interface/fwupd: add more policies for making fwupd upstream
strict
- tests: new to-one-line tool which replaces the strings.sh helper
- interfaces: new helpers to get and compare system key, for use
with seeding debug api
- osutil, many: add helper for checking whether the process is a go
test binary
- cmd/snap-seccomp/syscalls: add faccessat2
- tests: adjust xdg-open after launcher changes
- tests: new core config helper
- usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
open
- cmd/snap-preseed: handle relative chroot path
- snapshotstate: move sizer to osutil.Sizer()
- tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
kernel tests
- gadget/install,secboot: use snapcore/secboot luks2 api
- boot/initramfs_test.go: add Commentf to more Assert()'s
- tests/lib: account for changes in arch package file name extension
- bootloader/bootloadertest: fix comment typo
- bootloader: add helper for getting recovery system environment
variables
- tests: preinstall shellcheck and run tests on focal
- strutil: add a helper for parsing kernel command line
- osutil: add CheckFreeSpace helper
- secboot: update tpm connection error handling
- packaging, cmd/snap-mgmt, tests: remove modules files on purge
- tests: add tests.cleanup helper
- packaging: add "ca-certificates" to build-depends
- tests: more checks in core20 early config spread test
- tests: fix some snapstate tests to use pointers for
snapmgrTestSuite
- boot: better naming of helpers for obtaining kernel command line
- many: use more specific check for unit test mocking
- systemd/escape: fix issues with "" and "\t" handling
- asserts: small improvements and corrections for sequence-forming
assertions' support
- boot, bootloader: query kernel command line of run mod and
recovery mode systems
- snap/validate.go: disallow snap layouts with new top-level
directories
- tests: allow to add a new label to run nested tests as part of PR
validation
- tests/core/gadget-update-pc: port to UC20
- tests: improve nested tests flexibility
- asserts: integer headers: disallow prefix zeros and make parsing
more uniform
- asserts: implement Database.FindSequence
- asserts: introduce SequenceMemberAfter in the asserts backstores
- spread.yaml: remove tests/lib/tools from PATH
- overlord: refuse to install snaps whose activatable D-Bus services
conflict with installed snaps
- tests: shorten lxd-state undo-mount-changes
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- tests: fix argument handling of apt-state
- tests: rename lxd-tool to lxd-state
- tests: rename user-tool to user-state, fix --help
- interfaces: add gconf interface
- sandbox/cgroup: avoid parsing security tags twice
- tests: rename version-tool to version-compare
- cmd/snap-update-ns: handle anomalies better
- tests: fix call to apt.Package.mark_install(auto_inst=True)
- tests: rename mountinfo-tool to mountinfo.query
- tests: rename memory-tool to memory-observe-do
- tests: rename invariant-tool to tests.invariant
- tests: rename apt-tool to apt-state
- many: managed boot config during run mode setup
- asserts: introduce the concept of sequence-forming assertion types
- tests: tweak comments/output in uc20-recovery test
- tests/lib/pkgdb: do not use quiet when purging debs
- interfaces/apparmor: allow snap-specific /run/lock
- interfaces: add system-source-code for access to /usr/src
- sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
- gadget/install: move udev trigger to gadget/install
- many: make nested spread tests more reliable
- tests/core/uc20-recovery: apply hack to get gopath in recover mode
w/ external backend
- tests: enable tests on uc20 which now work with the real model
assertion
- tests: enable system-snap-refresh test on uc20
- gadget, bootloader: preserve managed boot assets during gadget
updates
- tests: fix leaked dbus-daemon in selinux-clean
- tests: add servicestate.Control tests
- tests: fix "restart.service"
- wrappers: helper for enabling services - extract and move enabling
of services into a helper
- tests: new test to validate refresh and revert of kernel and
gadget on uc20
- tests/lib/prepare-restore: collect debug info when prepare purge
fails
- bootloader: allow managed bootloader to update its boot config
- tests: Remove unity test from nightly test suite
- o/devicestate: set mark-seeded to done in the task itself
- tests: add spread test for disconnect undo caused by failing
disconnect hook
- sandbox/cgroup: allow discovering PIDs of given snap
- osutil/disks: support IsDecryptedDevice for mountpoints which are
dm devices
- osutil: detect autofs mounted in /home
- spread.yaml: allow amazon-linux-2-64 qemu with
ec2-user/ec2-user
- usersession: support additional zoom URL schemes
- overlord: mock timings.DurationThreshold in TestNewWithGoodState
- sandbox/cgroup: add tracking helpers
- tests: detect stray dbus-daemon
- overlord: refuse to install snaps providing user daemons on Ubuntu
14.04
- many: move encryption and installer from snap-boostrap to gadget
- o/ifacestate: fix connect undo handler
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- bootloader: introduce managed bootloader, implement for grub
- tests: fix incorrect check in smoke/remove test
- asserts,seed: split handling of essential/not essential model
snaps
- gadget: fix typo in mounted filesystem updater
- gadget: do only one mount point lookup in mounted fs updater
- tests/core/snap-auto-mount: try to make the test more robust
- tests: adding ubuntu-20.04 to google-sru backend
- o/servicestate: add updateSnapstateServices helper
- bootloader: pull recovery grub config from internal assets
- tests/lib/tools: apply linger workaround when needed
- overlord/snapstate: graceful handling of denied "managed" refresh
schedule
- snapstate: fix autorefresh from classic->strict
- overlord/configstate: add system.kernel.printk.console-loglevel
option
- tests: fix assertion disk handling for nested UC systems
- snapstate: use testutil.HostScaledTimeout() in snapstate tests
- tests: extra worker for google-nested backend to avoid timeout
error on uc20
- snapdtool: helper to check whether the current binary is reexeced
from a snap
- tests: mock servicestate in api tests to avoid systemctl checks
- many: rename back snap.Info.GetType to Type
- tests/lib/cla_check: expect explicit commit range
- osutil/disks: refactor diskFromMountPointImpl a bit
- o/snapstate: service-control task handler
- osutil: add disks pkg for associating mountpoints with
disks/partitions
- gadget,cmd/snap-bootstrap: move partitioning to gadget
- seed: fix LoadEssentialMeta when gadget is not loaded
- cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
secure_path
- asserts: introduce new assertion validation-set
- asserts,daemon: add support for "serials" field in system-user
assertion
- data/sudo: drop a failed sudo secure_path workaround
- gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
- boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
- spread.yaml: update secure boot attribute name
- interfaces/block_devices: add NVMe subsystem devices, support
multipath paths
- tests: use the "jq" snap from the edge channel
- tests: simplify the tpm test by removing the test-snapd-mokutil
snap
- boot/bootstate16.go: clean snap_try_* vars when not in Trying
status too
- tests/main/sudo-env: check snap path under sudo
- tests/main/lxd: add test for snaps inside nested lxd containers
not working
- asserts/internal: expand errors about invalid serialized grouping
labels
- usersession/userd: add msteams url support
- tests/lib/prepare.sh: adjust comment about sgdisk
- tests: fix how gadget pc is detected when the snap does not exist
and ls fails
- tests: move a few more tests to snapstate_update_test.go
- tests/main: add spread test for running svc from install hook
- tests/lib/prepare: increase the size of the uc16/uc18 partitions
- tests/special-home-can-run-classic-snaps: re-enable
- workflow: test PR title as part of the static checks again
- tests/main/xdg-open-compat: backup and restore original xdg-open
- tests: move update-related tests to snapstate_update_test.go
- cmd,many: move Version and bits related to snapd tools to
snapdtool, merge cmdutil
- tests/prepare-restore.sh: reset-failed systemd-journald before
restarting
- interfaces: misc small interface updates
- spread: use find rather than recursive ls, skip mounted snaps
- tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
/var/lib/snapd
- tests: enable snap-auto-mount test on core20
- cmd/snap: do not show $PATH warning when executing under sudo on a
known distro
- asserts/internal: add some iteration benchmarks
- sandbox/cgroup: improve pid parsing code
- snap: add new `snap run --experimental-gdbserver` option
- asserts/internal: limit Grouping size switching to a bitset
representationWe don't always use the bit-set representation
because:
- snap: add an activates-on property to apps for D-Bus activation
- dirs: delete unused Cloud var, fix typo
- sysconfig/cloudinit: make callers of DisableCloudInit use
WritableDefaultsDir
- tests: fix classic ubuntu core transition auth
- tests: fail in setup_reflash_magic() if there is snapd state left
- tests: port interfaces-many-core-provided to tests.session
- tests: wait after creating partitions with sfdisk
- bootloader: introduce bootloarder assets, import grub.cfg with an
edition marker
- riscv64: bump timeouts
- gadget: drop dead code, hide exports that are not used externally
- tests: port 2 uc20 part1
- tests: fix bug waiting for snap command to be ready
- tests: move try-related tests to snapstate_try_test.go
- tests: add debug for 20.04 prepare failure
- travis.yml: removed, all our checks run in GH actions now
- tests: clean up up the use of configcoreSuite in the configcore
tests
- sandbox/cgroup: remove redundant pathOfProcPidCgroup
- sandbox/cgroup: add tests for ParsePids
- tests: fix the basic20 test for uc20 on external backend
- tests: use configcoreSuite in journalSuite and remove some
duplicated code
- tests: move a few more tests to snapstate_install_test
- tests: assorted small patches
- dbusutil/dbustest: separate license from package
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
- tests: check that host settings like hostname are settable on core
- tests: port xdg-settings test to tests.session
- tests: port snap-handle-link test to tests.session
- arch: add riscv64
- tests: core20 early defaults spread test
- tests: move install tests from snapstate_test.go to
snapstate_install_test.go
- github: port macOS sanity checks from travis
- data/selinux: allow checking /var/cache/app-info
- o/devicestate: core20 early config from gadget defaults
- tests: autoremove after removing lxd in preseed-lxd test
- secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
- sandbox/cgroup: move FreezerCgroupDir from dirs.go
- tests: update the file used to detect the boot path on uc20
- spread.yaml: show /var/lib/snapd in debug
- cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
netplan files
- snap/naming: add helpers to parse app and hook security tags
- tests: modernize retry tool
- tests: fix and trim debug section in xdg-open-portal
- tests: modernize and use snapd.tool
- vendor: update to latest github.com/snapcore/bolt for riscv64
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- interfaces/system-packages-doc: fix typo in variable names
- tests: port interfaces-calendar-service to tests.session
- tests: install/run the lzo test snap too
- snap: (small) refactor of `snap download` code for
testing/extending
- data: fix shellcheck warnings in snapd.sh.in
- packaging: disable buildmode=pie for riscv64
- tests: install test-snapd-rsync snap from edge channel
- tests: modernize tests.session and port everything using it
- tests: add ubuntu 20.10 to spread tests
- cmd/snap/remove: mention snap restore/automatic snapshots
- dbusutil: move all D-Bus helpers and D-Bus test helpers
- wrappers: pass 'disable' flag to StopServices wrapper
- osutil: enable riscv64 build
- snap/naming: add ParseSecurityTag and friends
- tests: port document-portal-activation to session-tool
- bootloader: rename test helpers to reflect we are mocking EFI boot
locations
- tests: disable test of nfs v3 with udp proto on debian-sid
- tests: plan to improve the naming and uniformity of utilities
- tests: move *-tool tests to their own suite
- snap-bootstrap: remove sealed key file on reinstall
- bootloader/ubootenv: don't panic with an empty uboot env
- systemd: rename actualFsTypeAndMountOptions to
hostFsTypeAndMountOptions
- daemon: fix filtering of service-control changes for snap.app
- tests: spread test for preseeding in lxd container
- tests: fix broken snapd.session agent.socket
- wrappers: add RestartServices function and ReloadOrRestart to
systemd
- o/cmdstate: handle ignore flag on exec-command tasks
- gadget: make ext4 filesystems with or without metadata checksum
- tests: update statx test to run on all LTS releases
- configcore: show better error when disabling services
- interfaces: add hugepages-control
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
- tests: skip interfaces-openvswitch for centos 8 in nightly suite
- tests: reload systemd --user for root, if present
- tests: reload systemd after editing /etc/fstab
- tests: add missing dependencies needed for sbuild test on debian
- tests: reload systemd after removing pulseaudio
- image, tests: core18 early config.
- interfaces: add system-packages-doc interface
- cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
preseeding
- interfaces/fwupd: allow bind mount to /boot on core
- tests: improve oom-vitality tests
- tests: add fedora 32 to spread.yaml
- config: apply vitality-hint immediately when the config changes
- tests: port snap-routine-portal-info to session-tool
- configcore: add "service.console-conf.disable" config option
- tests: port xdg-open to session-tool
- tests: port xdg-open-compat to session-tool
- tests: port interfaces-desktop-* to session-tool
- spread.yaml: apply yaml formatter/linter
- tests: port interfaces-wayland to session-tool
- o/devicestate: refactor current system handling
- snap-mgmt: perform cleanup of user services
- snap/snapfile,squashfs: followups from 8729
- boot, many: require mode in modeenv
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests: log stderr from dbus-monitor
- packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
tag
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- data/selinux: allow snapd to remove/create the its socket
- testutil/exec.go: set PATH after running shellcheck
- tests: silence stderr from dbus-monitor
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- github: remove workaround for bug 133 in actions/cache
- tests: remove dbus.sh
- cmd/snap-preseed: improve mountpoint checks of the preseeded
chroot
- spread.yaml: add ps aux to debug section
- github: run all spread systems in a single go with cached results
- test: session-tool cli tweaks
- asserts: rest of the Pool API
- tests: port interfaces-network-status-classic to session-tool
- packaging: remove obsolete 16.10,17.04 symlinks
- tests: setup portals before starting user session
- o/devicestate: typo fix
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- cmd/snap/model: support store, system-user-authority keys in
--verbose
- o/devicestate: raise conflict when requesting system action while
seeding
- tests: detect signs of crashed snap-confine
- tests: sign kernel and gadget to run nested tests using current
snapd code
- tests: remove gnome-online-accounts we install
- tests: fix the issue where all the tests were executed on secboot
system
- tests: port interfaces-accounts-service to session-tool
- interfaces/network-control: bring /var/lib/dhcp from host
- image,cmd/snap,tests: add support for store-wide cohort keys
- configcore: add nomanagers buildtag for conditional build
- tests: port interfaces-password-manager-service to session-tool
- o/devicestate: cleanup system actions supported by recover mode
- snap-bootstrap: remove create-partitions and update tests
- tests: fix nested tests
- packaging/arch: update PKGBUILD to match one in AUR
- tests: port interfaces-location-control to session-tool
- tests: port interfaces-contacts-service to session-tool
- state: log task errors in the journal too
- o/devicestate: change how current system is reported for different
modes
- devicestate: do not report "ErrNoState" for seeded up
- tests: add a note about broken test sequence
- tests: port interfaces-autopilot-introspection to session-tool
- tests: port interfaces-dbus to session-tool
- packaging: update sid packaging to match 16.04+
- tests: enable degraded test on uc20
- c/snaplock/runinhibit: add run inhibition operations
- tests: detect and report root-owned files in /home
- tests: reload root's systemd --user after snapd tests
- tests: test registration with serial-authority: [generic]
- cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
key in recover
- tests/mount-ns: stop binfmt_misc mount unit
- cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
uuid if available
- daemon, tests: indicate system mode, test switching to recovery
and back to run
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- tests/mount-ns: update to reflect new UEFI boot mode
- usersession,tests: clean ups for userd/settings.go and move
xdgopenproxy under usersession
- tests: disable mount-ns test
- tests: test user belongs to systemd-journald, on core20
- tests: run core/snap-set-core-config on uc20 too
- tests: remove generated session-agent units
- sysconfig: use new _writable_defaults dir to create cloud config
- cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
future work
- asserts: make clearer that with label we mean a serialized label
- cmd/snap-bootstrap: tweak recovery trigger log messages
- asserts: introduce PoolTo
- userd: allow setting default-url-scheme-handler
- secboot: append uuid to ubuntu-data when decrypting
- o/configcore: pass extra options to FileSystemOnlyApply
- tests: add dbus-user-session to bionic and reorder package names
- boot, bootloader: adjust comments, expand tests
- tests: improve debugging of user session agent tests
- packaging: add the inhibit directory
- many: add core.resiliance.vitality-hint config setting
- tests: test adjustments and fixes for recently published images
- cmd/snap: coldplug auto-import assertions from all removable
devices
- secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
secboot
- tests: not fail when boot dir cannot be determined
- tests: new directory used to store the cloud images on gce
- tests: inject snapd from edge into seeds of the image in manual
preseed test
- usersession/agent,wrappers: fix races between Shutdown and Serve
- tests: add dependency needed for next upgrade of bionic
- tests: new test user is used for external backend
- cmd/snap: fix the order of positional parameters in help output
- tests: don't create root-owned things in ~test
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- progress: tweak multibyte label unit test data
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
- gadget: fix fallback device lookup for 'mbr' type structures
- configcore: only reload journald if systemd is new enough
- cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
- wrappers: allow user mode systemd daemons
- progress: fix progress bar with multibyte duration units
- tests: fix raciness in pulseaudio test
- asserts/internal: introduce Grouping and Groupings
- tests: remove user.sh
- tests: pair of follow-ups from earlier reviews
- overlord/snapstate: warn of refresh/postpone events
- configcore,tests: use daemon-reexec to apply watchdog config
- c/snap-bootstrap: check mount states via initramfsMountStates
- store: implement DownloadAssertions
- tests: run smoke test with different bases
- tests: port user-mounts test to session-tool
- store: handle error-list in fetch-assertions results
- tests: port interfaces-audio-playback-record to session-tool
- data/completion: add `snap` command completion for zsh
- tests/degraded: ignore failure in systemd-vconsole-setup.service
- image: stub implementation of image.Prepare for darwin
- tests: session-tool --restore -u stops user-$UID.slice
- o/ifacestate/handlers.go: fix typo
- tests: port pulseaudio test to session-tool
- tests: port user-session-env to session-tool
- tests: work around journald bug in core16
- tests: add debug to core-persistent-journal test
- tests: port selinux-clean to session-tool
- tests: port portals test to session-tool, fix portal tests on sid
- tests: adding option --no-install-recommends option also when
install all the deps
- tests: add session-tool --has-systemd-and-dbus
- packaging/debian-sid: add gcc-multilib to build deps
- osutil: expand FileLock to support shared locks and more
- packaging: stop depending on python-docutils
- store,asserts,many: support the new action fetch-assertions
- tests: port snap-session-agent-* to session-tool
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- tests: fix for preseeding failures
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 25 Aug 2020 17:26:21 +0200
snapd (2.45.3.1) xenial; urgency=medium
* New upstream release, LP: #1875071
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
-- Samuele Pedroni <pedronis@lucediurna.net> Tue, 28 Jul 2020 21:43:38 +0200
snapd (2.45.3) xenial; urgency=medium
* New upstream release, LP: #1875071
- many: backport _writable_defaults dir changes
- tests: fix incorrect check in smoke/remove test
- cmd/snap-bootstrap,seed: backport of uc20 PRs
- tests: avoid exit when nested type var is not defined
- cmd/snap-preseed: backport fixes
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- many: cherry-picks for 2.45, gh-action, test fixes
- tests/lib: account for changes in arch package file name extension
- postrm, snap-mgmt: cleanup modules and other cherry-picks
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests/main/interfaces-time-control: exercise setting time via date
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
-- Zygmunt Krynicki <me@zygoon.pl> Mon, 27 Jul 2020 12:01:14 +0200
snapd (2.45.2) xenial; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
- LP: #1880085
* SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
- LP: #1879530
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Jul 2020 20:06:29 +0200
snapd (2.45.1) xenial; urgency=medium
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 05 Jun 2020 15:13:49 +0200
snapd (2.45) xenial; urgency=medium
* New upstream release, LP: #1875071
- o/devicestate: support doing system action reboots from recover
mode
- vendor: update to latest secboot
- tests: not fail when boot dir cannot be determined
- configcore: only reload journald if systemd is new enough
- cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
when decrypting
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap: coldplug auto-import assertions from all removable
devices
- cmd/snap: fix the order of positional parameters in help output
- c/snap-bootstrap: port mount state mocking to the new style on
master
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
unlock in recover mode initramfs
- progress: tweak multibyte label unit test data
- gadget: fix fallback device lookup for 'mbr' type structures
- progress: fix progress bar with multibyte duration units
- many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
- many: put the sealed keys in a directory on seed for tidiness
- cmd/snap-bootstrap: measure epoch and model before unlocking
encrypted data
- o/configstate: core config handler for persistent journal
- bootloader/uboot: use secondary ubootenv file boot.sel for uc20
- packaging: add "$TAGS" to dh_auto_test for debian packaging
- tests: ensure $cache_dir is actually available
- secboot,cmd/snap-bootstrap: add model to pcr protection profile
- devicestate: do not use snap-boostrap in devicestate to install
- tests: fix a typo in nested.sh helper
- devicestate: add support for cloud.cfg.d config from the gadget
- cmd/snap-bootstrap: cleanups, naming tweaks
- testutil: add NewDBusTestConn
- snap-bootstrap: lock access to sealed keys
- overlord/devicestate: preserve the current model inside ubuntu-
boot
- interfaces/apparmor: use differently templated policy for non-core
bases
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
other misc changes
- o/snapstate: tweak "waiting for restart" message
- boot: store model model and grade information in modeenv
- interfaces/firewall-control: allow -legacy and -nft for core20
- boot: enable makeBootable20RunMode for EnvRefExtractedKernel
bootloaders
- boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
implementation
- daemon: fix error message from `snap remove-user foo` on classic
- overlord: have a variant of Mock that can take a state.State
- tests: 16.04 and 18.04 now have mediating pulseaudio (again)
- seed: clearer errors for missing essential snapd or core snap
- cmd/snap-bootstrap/initramfs-mounts: support
EnvRefExtractedKernelBootloader's
- gadget, cmd/snap-bootstrap: MBR schema support
- image: improve/adjust DownloadSnap doc comment
- asserts: introduce ModelGrade.Code
- tests: ignore user-12345 slice and service
- image,seed/seedwriter: support redirect channel aka default
tracks
- bootloader: use binary.Read/Write
- tests: uc20 nested suite part II
- tests/boot: refactor to make it easier for new
bootloaderKernelState20 impl
- interfaces/openvswitch: support use of ovs-appctl
- snap-bootstrap: copy auth data from real ubuntu-data in recovery
mode
- snap-bootstrap: seal and unseal encryption key using tpm
- tests: disable special-home-can-run-classic-snaps due to jenkins
repo issue
- packaging: fix build on Centos8 to support BUILDTAGS
- boot/bootstate20: small changes to bootloaderKernelState20
- cmd/snap: Implement a "snap routine file-access" command
- spread.yaml: switch back to latest/candidate for lxd snap
- boot/bootstate20: re-factor kernel methods to use new interface
for state
- spread.yaml,tests/many: use global env var for lxd channel
- boot/bootstate20: fix bug in try-kernel cleanup
- config: add system.store-certs.[a-zA-Z0-9] support
- secboot: key sealing also depends on secure boot enabled
- httputil: fix client timeout retry tests
- cmd/snap-update-ns: handle EBUSY when unlinking files
- cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
vars
- secboot: add tpm support helpers
- tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
kernel and gadget
- cmd/snap-bootstrap: switch to a 64-byte key for unlocking
- tests: preserve size for centos images on spread.yaml
- github: partition the github action workflows
- run-checks: use consistent "Checking ..." style messages
- bootloader: add efi pkg for reading efi variables
- data/systemd: do not run snapd.system-shutdown if finalrd is
available
- overlord: update tests to work with latest go
- cmd/snap: do not hide debug boot-vars on core
- cmd/snap-bootstrap: no error when not input devices are found
- snap-bootstrap: fix partition numbering in create-partitions
- httputil/client_test.go: add two TLS version tests
- tests: ignore user@12345.service hierarchy
- bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
- tests: rewrite timeserver-control test
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic to accommodate for 2.44
change
- cmd/snap: don't wait for system key when stopping
- sandbox/cgroup: avoid making arrays we don't use
- osutil: mock proc/self/mountinfo properly everywhere
- selinux: export MockIsEnforcing; systemd: use in tests
- tests: add 32 bit machine to GH actions
- tests/session-tool: kill cron session, if any
- asserts: it should be possible to omit many snap-ids if allowed,
fix
- boot: cleanup more things, simplify code
- github: skip spread jobs when corresponding label is set
- dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
pkg
- tests/session-tool: add session-tool --dump
- github: allow cached debian downloads to restore
- tests/session-tool: session ordering is non-deterministic
- tests: enable unit tests on debian-sid again
- github: move spread to self-hosted workers
- secboot: import secboot on ubuntu, provide dummy on !ubuntu
- overlord/devicestate: support for recover and run modes
- snap/naming: add validator for snap security tag
- interfaces: add case for rootWritableOverlay + NFS
- tests/main/uc20-create-partitions: tweaks, renames, switch to
20.04
- github: port CLA check to Github Actions
- interfaces/many: miscellaneous policy updates xliv
- configcore,tests: fix setting watchdog options on UC18/20
- tests/session-tool: collect information about services on startup
- tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
partitions
- state: add state.CopyState() helper
- tests/session-tool: stop anacron.service in prepare
- interfaces: don't use the owner modifier for files shared via
document portal
- systemd: move the doc comments to the interface so they are
visible
- cmd/snap-recovery-chooser: tweaks
- interfaces/docker-support: add overlayfs file access
- packaging: use debian/not-installed to ignore snap-preseed
- travis.yml: disable unit tests on travis
- store: start splitting store.go and store_test.go into subtopic
files
- tests/session-tool: stop cron/anacron from meddling
- github: disable fail-fast as spread cannot be interrupted
- github: move static checks and spread over
- tests: skip "/etc/machine-id" in "writablepaths" test
- snap-bootstrap: store encrypted partition recovery key
- httputil: increase testRetryStrategy max timelimit to 5s
- tests/session-tool: kill leaking closing session
- interfaces: allow raw access to USB printers
- tests/session-tool: reset failed session-tool units
- httputil: increase httpclient timeout in
TestRetryRequestTimeoutHandling
- usersession: extend timerange in TestExitOnIdle
- client: increase timeout in client tests to 100ms
- many: disentagle release and snapdenv from sandbox/*
- boot: simplify modeenv mocking to always write a modeenv
- snap-bootstrap: expand data partition on install
- o/configstate: add backlight option for core config
- cmd/snap-recovery-chooser: add recovery chooser
- features: enable robust mount ns updates
- snap: improve TestWaitRecovers test
- sandbox/cgroup: add ProcessPathInTrackingCgroup
- interfaces/policy: fix comment in recent new test
- tests: make session tool way more robust
- interfaces/seccomp: allow passing an address to setgroups
- o/configcore: introduce core config handlers (3/N)
- interfaces: updates to login-session-observe, network-manager and
modem-manager interfaces
- interfaces/policy/policy_test.go: add more tests'allow-
installation: false' and we grant based on interface attributes
- packaging: detect/disable broken seed in the postinst
- cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
library
- tests: remove google-tpm backend from spread.yaml
- tests: install dependencies with apt using --no-install-recommends
- usersession/userd: add zoommtg url support
- snap-bootstrap: fix disk layout sanity check
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- config, features: move and rename config.GetFeatureFlag helper to
features.Flag
- boot, overlord/devicestate, daemon: implement requesting boot
into a given recovery system
- xdgopenproxy: forward requests to the desktop portal
- many: support immediate reboot
- store: search v2 tweaks
- tests: fix cross build tests when installing dependencies
- daemon: make POST /v2/systems/<label> root only
- tests/lib/prepare.sh: use only initrd from the kernel snap
- cmd/snap,seed: validate full seeds (UC 16/18)
- tests/main/user-session-env: stop the user session before deleting
the test-zsh user
- overlord/devicestate, daemon: record the seed current system was
installed from
- gadget: SystemDefaults helper function to convert system defaults
config into a flattened map suitable for FilesystemOnlyApply.
- many: comment or avoid cryptic snap-ids in tests
- tests: add LXD_CHANNEL environment
- store: support for search API v2
- .github: register a problem matcher to detect spread failures
- seed: add Info() method for seed.Snap
- github: always run the "Discard spread workers" step, even if the
job fails
- github: offload self-hosted workers
- cmd/snap: the model command needs just a client, no waitMixin
- github: combine tests into one workflow
- github: fix order of go get caches
- tests: adding more workers for ubuntu 20.04
- boot,overlord: rename operating mode to system mode
- config: add new Transaction.GetPristine{,Maybe}() function
- o/devicestate: rename readMaybe* to maybeRead*
- github: cache Debian dependencies for unit tests
- wrappers: respect pre-seeding in error path
- seed: validate UC20 seed system label
- client, daemon, overlord/devicestate: request system action API
and stubs
- asserts,o/devicestate: support model specified alternative serial-
authority
- many: introduce naming.WellKnownSnapID
- o/configcore: FilesystemOnlyApply method for early configuration
of core (1/N)
- github: run C unit tests
- github: run spread tests on PRs only
- interfaces/docker-support: make containerd abstract socket more
generic
- tests: cleanup security-private-tmp properly
- overlord/devicestate,boot: do not hold to the originally read
modeenv
- dirs: rm RunMnt; boot: add vars for early boot env layout;
sysconfig: take targetdir arg
- cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
s.runMnt
- tests: add regression test for MAAS refresh bug
- errtracker: add missing mocks
- github: apt-get update before installing build-deps
- github: don't fail-fast
- github: run spread via github actions
- boot,many: add modeenv.WriteTo, make Write take no args
- wrappers: fix timer schedules that are days only
- tests/main/snap-seccomp-syscalls: install gperf
- github: always checkout to snapcore/snapd
- github: add prototype workflow running unit tests
- many: improve comments, naming, a possible TODO
- client: use Assert when checking for error
- tests: ensure sockets target is ready in session agent spread
tests
- osutil: do not leave processes behind after the test run
- tests: update proxy-no-core to match latest CDN changes
- devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
dangerous
- cmd/snap-failure,tests: try to make snap-failure more robust
- many: fix packages having mistakenly their copyright as doc
- many: enumerate system seeds, return them on the /v2/systems API
endpoint
- randutil: don't consume kernel entropy at init, just mix more info
to try to avoid fleet collisions
- snap-bootstrap: add creationSupported predicate for partition
types
- tests: umount partitions which are not umounted after remount
gadget
- snap: run gofmt -s
- many: improve environment handling, fixing duplicate entries
- boot_test: add many boot robustness tests for UC20 kernel
MarkBootSuccessul and SetNextBoot
- overlord: remove unneeded overlord.MockPruneInterval() mocks
- interfaces/greengrass-support: fix typo
- overlord,timings,daemon: separate timings from overlord/state
- tests: enable nested on core20 and test current branch
- snap-bootstrap: remove created partitions on reinstall
- boot: apply Go 1.10 formatting
- apparmor: use rw for uuidd request to default and remove from
elsewhere
- packaging: add README.source for debian
- tests: cleanup various uc20 boot tests from previous PR
- devicestate: disable cloud-init by default on uc20
- run-checks: tweak formatting checks
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well* travis.yml: run
unit tests with go/master as well
- seed: make Brand() part of the Seed interface
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
- daemon: do a forceful server shutdown if we hit a deadline
- tests/many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
- snap-seccomp: robustness improvements
- run-tests: disable -v for go test to avoid spaming the logs
- snap: whitelist lzo as support compression for snap pack
- snap: tweak comment in Install() for overlayfs detection
- many: introduce snapdenv.Preseeding instead of release.PreseedMode
- client, daemon, overlord/devicestate: structures and stubs for
systems API
- o/devicestate: delay the creation of mark-seeded task until
asserts are loaded
- data/selinux, tests/main/selinux: cleanup tmpfs operations in the
policy, updates
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- boot,image: ARM kernel extract prepare image
- interfaces: make gpio robust against not-existing gpios in /sys
- cmd/snap-preseed: handle --reset flag
- many: introduce snapdenv to present common snapd env options
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks/**
- snap: introduce Container.RandomAccessFile
- o/ifacestate, api: implementation of snap disconnect --forget
- cmd/snap: make the portal-info command search for the network-
status interface
- interfaces: work around apparmor_parser slowness affecting uio
- tests: fix/improve failing spread tests
- many: clean separation of bootenv mocking vs mock bootloader kinds
- tests: mock prune ticker in overlord tests to reduce wait times
- travis: disable arm64 again
- httputil: add support for extra snapd certs
- travis.yml: run unit tests on arm64 as well
- many: fix a pair of ineffectual assignments
- tests: add uc20 kernel snap upgrade managers test, fix
bootloadertest bugs
- o/snapstate: set base in SnapSetup on snap revert
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- cmd/snap-exec: add test case for LP bug 1860369
- interfaces: make the network-status interface implicit on
classic
- interfaces: power control interfaceIt is documented in the
kernel
- interfaces: miscellaneous policy updates
- cmd/snap: add a "snap routine portal-info" command
- usersession/userd: add "apt" to the white list of URL schemes
handled by xdg-open
- interfaces/desktop: allow access to system prompter interface
- devicestate: allow encryption regardless of grade
- tests: run ipv6 network-retry test too
- tests: test that after "remove-user" the system is unmanaged
- snap-confine: unconditionally add /dev/net/tun to the device
cgroup
- snapcraft.yaml: use sudo -E and remove workaround
- interfaces/audio_playback: Fix pulseaudio config access
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- tests: add session-tool, a su / sudo replacement
- wrappers: add mount unit dependency for snapd services on core
devices
- tests: just remove user when the system is not managed on create-
user-2 test
- snap-preseed: support for preseeding of snapd and core18
- boot: misc UC20 changes
- tests: adding arch-linux execution
- packaging: revert "work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop codewith a
nil Timeval panics
- spread, data/selinux: add CentOS 8, update policy
- tests: updating checks to new test account for snapd-test snaps
- spread.yaml: mv opensuse 15.1 to unstable
- cmd/snap-bootstrap,seed: verify only in-play snaps
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- client: add "Resume" to DownloadOptions and new test
- tests: enable snapd-failover on uc20
- tests: add more debug output to the snapd-failure handling
- o/devicestate: unset recovery_system when done seeding
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 12 May 2020 17:17:57 +0200
snapd (2.44.5) xenial; urgency=medium
* New upstream release, LP: #1864808
- spread.yaml: adding more workers for ubuntu 20.04
- packaging: stop depending on python-docutils on opensuse
- spread.yaml: do not run ubuntu-core-20-64 with snapd 2.44, snapd
is not recent enough to drive ubuntu-core-20
- spread.yaml: Preserve size for centos images on spread.yaml
- spread.yaml: use non-uefi enabled image for uc20
- tests: ensure $cache_dir is actually available
- tests: disable preseed tests, they work in master but require too
much cherry-picking here
- travis.yml: remove go/master unit tests from 2.44
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 30 Apr 2020 09:09:22 +0200
snapd (2.44.4) xenial; urgency=medium
* New upstream release, LP: #1864808
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- interfaces/firewall-control: allow -legacy and -nft for core20
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- tests: 16.04 and 18.04 now have mediating pulseaudio
- tests: ignore user@12345.service hierarchy
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 29 Apr 2020 08:32:56 +0200
snapd (2.44.3) xenial; urgency=medium
* New upstream release, LP: #1864808
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 10 Apr 2020 16:57:25 +0200
snapd (2.44.2) xenial; urgency=medium
* New upstream release, LP: #1864808
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 02 Apr 2020 09:51:34 +0200
snapd (2.44.1) xenial; urgency=medium
* New upstream release, LP: #1864808
- randutil: switch back to setting up seed with lower entropy data
- interfaces/greengrass-support: fix typo
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
-- Michael Vogt <michael.vogt@ubuntu.com> Sat, 21 Mar 2020 18:32:12 +0100
snapd (2.44) xenial; urgency=medium
* New upstream release, LP: #1864808
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []…Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 17 Mar 2020 20:55:47 +0100
snapd (2.43.3) xenial; urgency=medium
* New upstream release, LP: #1856159
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use
in serial acquire
- interfaces: add uio interface
- interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
start due to apparmor deny on mounting of "/proc/latency_stats".
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 12 Feb 2020 14:59:15 +0100
snapd (2.43.2) xenial; urgency=medium
* New upstream release, LP: #1856159
- cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
- overlord/snapstate: fix for re-refresh bug
- tests, run-checks, many: fix nakedret issues
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- tests: use test-snapd-upower instead of upower
- overlord: increase overall settle timeout for slow arm boards
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 28 Jan 2020 15:50:25 +0100
snapd (2.43.1) xenial; urgency=medium
* New upstream release, LP: #1856159
- devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- overlord,o/snapstate: make sure we never leave config behind
- data/selinux: update policy to cover more cases
- snap: remove "host" output from `snap version`
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 14 Jan 2020 20:30:07 +0100
snapd (2.43) xenial; urgency=medium
* New upstream release, LP: #1856159
- snap: default to "--direct" in `snap known`
- packaging: ship var/lib/snapd/desktop/applications in the
pkg
- tests: cherry-pick fixes for snap-set-core-config/ubuntu-core-
config-defaults-once
- tests: use test-snapd-sh snap instead of test-snapd-tools
- tests: rename "test-snapd-sh" in smoke test to test-snapd-sandbox
- tests: fix partition creation test
- packaging: fix incorrect changelog entry
- Revert "tests: 16.04 and 18.04 now have mediating pulseaudio"
- tests: 16.04 and 18.04 now have mediating pulseaudio
- interfaces: include hooks in plug/slot apparmor label
- interfaces: add raw-volume interface for access to partitions
- image: set recovery system label when creating the image
- cmd/snapd-generator: fix unit name for non /snap mount locations
- boot,bootloader: setup the snap recovery system bootenv
- seed: support ModeSnaps(mode) for mode != "run"
- seed: fix seed location of local but asserted snaps
- doc: HACKING.md change autopkgtest-trusty-amd64.img name
- interfaces/seccomp: parallelize seccomp backend setup
- cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
& base
- interfaces: add audio-playback/record and pulseaudio spread tests
- apparmor: allow 'r'
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
- cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
purging
- tests: use test-snapd-sh snap instead of test-snapd-tools
- snap-confine: raise egid before calling setup_private_mount()
- tests: fix fwupd version regular expression
- snap-bootstrap: parse seed if either kernel or base are not
mounted
- tests: check for SELinux denials in interfaces-kvm spread test
- tests: run snap-set-core-config on all core devices
- selinux: update policy to allow modifications related to kmod
backend
- o/hookstate/ctlcmd: snapctl is-connected command
- devicestate: add missing test for failing task setup-run-system
- gadget: add missing test for duplicate detection of roles
- tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
- snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
interfaces
- gitignore: ignore visual studio code directory
- snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
mounts
- interfaces/apparmor: handle pre-seeding mode
- devicestate: implement creating partitions in "install" mode
- seed: support extra snaps on top of Core 20 dangerous models
- tests: cache snaps also for ubuntu core and add new snaps to cache
- snap-bootstrap: support auto-detect device in create-partitions
- tests: fix partitioning test debug message
- tests: prevent partitioning test errors
- cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
- gadget: extract and export new DiskFromPartition() helper
- snap-bootstrap: force partition table operations
- HACKING.md: add nvidia options to configure example
- tests: move the watchdog timeout to 2s to make the tests work in
rpi
- tests: demand silence from check_journalctl_log
- tests: fix the channels checks done on nested tests
- tests: reduce the complexity of the test-snapd-sh snap
- snap/squashfs, osutil: verify files/dirs can be accessed by
mksquashfs when building a snap
- boot: add boot.Modeenv.Kernel support
- devicestate: ensure system installation
- tests: apply change on permissions to serial port on hotplug test
- cmd/snap-update-ns: adjust debugging output for usability
- devicestate: add reading of modeenv to uc20 firstboot code
- tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
- cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
place
- boot: add boot.Modeenv.Base support
- overlord/snapstate: install task edges
- cmd/snap-bootstrap: some small naming and code org tweaks
- snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
now
- interfaces: remove leftover reservedForOS
- snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
- osutil/mount: optimize flagOptSearch some more
- devicestate: read modeenv early and store in devicestate
- interfaces: add login-session-observe for who, {fail,last}log and
loginctl
- tests: add Ubuntu Eoan to google-sru backend
- osutil/mount: de-duplicate code to use a list
- interfaces: remove reservedForOS from commonInterface
- interfaces/browser-support: allow reading status of huge pages
- interfaces: update system-backup tests to not check for sanitize
errors related to os
- interfaces: add system-backup interface
- osutil/mount: add {Unm,M}outFlagsToOpts helpers
- snap-bootstrap: make cmdline parsing robust
- overlord/patch: normalize tracking channel in state
- boot: add boot.Modeenv that can read/write the UC20 modeenv files
- bootloader: add new bootloader.InstallBootConfig()
- many: share single implementation to list needed default-providers
- snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
- seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
- osutil: handle "rw" mount flag in ParseMountEntry
- overlord/ifacestate: report bad plug/slots with warnings on snap
install
- po: sync translations from launchpad
- tests: cleanup most test snaps icons, they were anyway in the
wrong place
- seed: fix confusing pre snapd dates in tests
- many: make ValidateBasesAndProviders signature simpler/canonical
- snap-bootstrap: set expected filesystem labels
- testutil, many: make MockCommand() create prefix of absolute paths
- tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
flakiness.
- seed: proper support for optional snaps for Core 20 models
- many: test various kinds of overriding for the snapd snap in Core
20
- cmd/snap-failure: passthrough snapd logs, add informational
logging
- cmd/snap-failure: fallback to snapd from core, extend tests
- configcore: fix missing error propagation
- devicestate: rename ensureSeedYaml -> ensureSeeded
- tests: adding fedora 31
- tests: restart the snapd service in the snapd-failover test
- seed: Core 20 seeds channel overrides support for grade dangerous
- cmd: fix the get command help message
- tests: enable degraded test on arch linux after latest image
updates
- overlord/snapstate: don't re-enable and start disabled services on
refresh, etc.
- seed: support in Core 20 seeds local unasserted snaps for model
snaps
- snap-bootstrap: add go-flags cmdline parsing and tests
- gadget: skip fakeroot if not needed
- overlord/state: panic in MarkEdge() if task is nil
- spread: fix typo in spread suite
- overlord: mock device serial in gadget remodel unit tests
- tests: fix spread shellcheck and degraded tests to unbreak master
- spread, tests: openSUSE Tumbleweed to unstable systems, update
system-usernames on Amazon Linux 2
- snap: extract printInstallHint in cmd_download.go
- cmd: fix a pair of typos
- release: preseed mode flag
- cmd/snap-confine: tracking processes with classic confinement
- overlord/ifacestate: remove automatic connections if plug/slot
missing
- o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
- tests/lib/state: snapshot and restore /var/snap during the tests
- overlord: add base->base remodel undo tests and fixes
- seed: test and improve Core 20 seed handling errors
- asserts: add "snapd" type to valid types in the model assertion
- snap-bootstrap: check gadget versus disk partitions
- devicestate: add support for gadget->gadget remodel
- snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
- daemon: parse and reject invalid channels in snap ops
- overlord: add kernel remodel undo tests and fix undo
- cmd/snap: support (but warn) using deprecated multi-slash channel
- overlord: refactor mgrsSuite and extract kernelSuite
- tests/docker-smoke: add minimal docker smoke test
- interfaces: extend the fwupd slot to be implicit on classic
- cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
- tests: fix for journalctl which is failing to restart
- cmd/snap,image: initial support for Core 20 in prepare-image with
test
- cmd/snap-confine: add support for parallel instances of classic
snaps, global mount ns initialization
- overlord: add kernel rollback across reboots manager test and
fixes
- o/devicestate: the basics of Core 20 firstboot support with test
- asserts: support and parsing for slots-per-plug/plugs-per-slotSee
https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
plugs/12438
- parts/plugins: don't xz-compress a deb we're going to discard
- cmd/snap: make completion skip hidden commands (unless overridden)
- many: load/consume Core 20 seeds (aka recovery systems)
- tests: add netplan test on ubuntu core
- seed/internal: doc comment fix and drop handled TODOs
- o/ifacestate: unify code into
autoConnectChecker.addAutoConnectionsneed to change to support
slots-per-plugs: *
- many: changes to testing in preparation of Core 20 seed consuming
code
- snapstate,devicestate: make OldModel() available in DeviceContext
- tests: opensuse tumbleweed has similar issue than arch linux with
snap --strace
- client,daemon: pass sha3-384 in /v2/download to the client
- builtin/browser_support.go: allow monitoring process memory
utilization (used by chromium)
- overlord/ifacestate: use SetupMany in setupSecurityByBackend
- tests: add 14.04 canonical-livepatch test
- snap: make `snap known --remote` use snapd if available
- seed: share auxInfo20 and makeSystemSnap via internal
- spread: disable secondary compression for deltas
- interfaces/content: workaround for renamed target
- tests/lib/gendevmodel: helper tool for generating developer model
assertions
- tests: tweak wording in mount-ns test
- tests: don't depend on GNU time
- o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
setter
- seed/seedwriter: support writing Core 20 seeds (aka recovery
systems)
- snap-recovery: rename to "snap-bootstrap"
- managers: add remodel undo test for new required snaps case
- client: add xerrors and wrap errors coming from "client"
- tests: verify host is not affected by mount-ns tests
- tests: configure the journald service for core systems
- cmd/snap, store: include snapcraft.io page URL in snap info output
- cmd/cmdutil: version helper
- spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
golang-x-xerrors
- interfaces: simplify AddUpdateNS and emit
- interfaces/policy: expand cstrs/cstrs1 to
altConstraints/constraints
- overlord/devicestate: check snap handler for gadget remodel
compatibility
- snap-recovery: deploy gadget content when creating partitions
- gadget: skip structures with MBR role during remodel
- tests: do not use lsblk in uc20-snap-recovery test
- overlord/snapstate: add LastActiveDisabledServices,
missingDisabledServices
- overlord/devicestate: refactor and split into per-functionality
files, drop dead code
- tests: update mount-ns after addition of /etc/systemd/user
- interfaces/pulseaudio: adjust to manually connect by default
- interfaces/u2f-devices: add OnlyKey to devices list
- interfaces: emit update-ns snippets to function
- interfaces/net-setup-{observe,control}: add Info D-Bus method
accesses
- tests: moving ubuntu-19.10-64 from google-unstable to google
backend
- gadget: rename existing and add new helpers for checking
filesystem/partition presence
- gadget, overlord/devicestate: add support for customized update
policy, add remodel policy
- snap-recovery: create filesystems as defined in the gadget
- tests: ignore directories for go modules
- policy: implement CanRemove policy for the snapd type
- overlord/snapstate: skip catalog refresh if unseeded
- strutil: add OrderedSet
- snap-recovery: add minimal binary so that we can use spread on it
- gadget, snap/pack: perform extended validation of gadget metadata
and contents
- timeutil: fix schedules with ambiguous nth weekday spans
- interfaces/many: allow k8s/systemd-run to mount volume subPaths
plus cleanups
- client: add KnownOptions to Know() and support remote assertions
- tests: check the apparmor_parser when the file exists on snap-
confine test
- gadget: helper for volume compatibility checks
- tests: update snap logs to match for multiple lines for "running"
- overlord: add checks for bootvars in
TestRemodelSwitchToDifferentKernel
- snap-install: add ext4,vfat creation support
- snap-recovery: remove "usedPartitions" from sfdisk.Create()
- image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
- cmd/snap: Sort tasks in snap debug timings output by lanes and
ready-time.
- snap-confine.apparmor.in: harden pivot_root until we have full
mediation
- gadget: refactor ensureVolumeConsistency
- gadget: add a public helper for parsing gadget metadata
- many: address issues related to explicit/implicit channels for
image building
- overlord/many: switch order of check snap parameters
- cmd/snap-confine: remove leftover condition from capability world
- overlord: set fake serial in TestRemodelSwitchToDifferentKernel
- overlord/many: extend check snap callback to take snap container
- recovery-tool: add sfdisk wrapper
- tests: launch the lxd images following the pattern
ubuntu:${VERSION_ID}
- sandbox/cgroup: move freeze/thaw code
- gadget: accept system-seed role and ubuntu-data label
- test/lib/names.sh: make backslash escaping explicit
- spread: generate delta when using google backend
- cmd/snap-confine: remove loads of dead code
- boot,dirs,image: various refinements in the prepare-image code
switched to seedwriter
- spread: include mounts list in task debug output
- .gitignore: pair of trivial changes
- image,seed/seedwriter: switch image to use seedwriter.Writer
- asserts: introduce explicit support for grade for Core 20 models
- usersession: drive by fixes for things flagged by unused or
gosimple
- spread.yaml: exclude vendor dir
- sandbox/cgroup, overlord/snapstate: move helper for listing pids
in group to the cgroup package
- sandbox/cgroup: refactor process cgroup helper to support v2 and
named hierarchies
- snap-repair: error if run as non-root
- snap: when running `snap repair` without arguments, show hint
- interfaces: add cgroup-version to system-key
- snap-repair: add missing check in TestRepairBasicRun
- tests: use `snap model` instead of `snap known model` in tests
- daemon: make /v2/download take snapRevisionOptions
- snap-repair: add additional comment about trust in runner.Verify()
- client: add support to use the new "download" API
- interfaces: bump system-key version (and keep on bumping)
- interfaces/mount: account for cgroup version when reporting
supported features
- tests: change regex to validate access to cdn during snap
download
- daemon: change /v2/download API to take "snap-name" as input
- release: make forced dev mode look at cgroupv2 support
- seed/seedwriter: support for extra snaps
- wrappers/services.go: add disabled svc list arg to AddSnapServices
- overlord/snapstate: add SetTaskSnapSetup helper + unit tests
- cmd/libsnap: use cgroup.procs instead of tasks
- tests: fix snapd-failover test for core18 tests on boards
- overlord/snapstate/policy, etc: introduce policy, move canRemove
to it
- seed/seedwriter: cleanups and small left over todos* drive-by: use
testutil.FilePresent consistently
- cmd/snap: update 'snap find' help because it's no longer narrow
- seed/seedwriter,snap/naming: support classic models
- cmd/snap-confine: unmount /writable from snap view
- spread.yaml: exclude automake cacheThe error message is looks like
this:dpkg-source: info: local changes detected, the modified files
are:
- interfaces/openvswitch: allow access to other openvswitch sockets
- cmd/model: don't show model with display-name inline w/ opts
- daemon: add a 'prune' debug action
- client: add doTimeout to http.Client{Timeout}
- interfaces/seccomp: query apparmor sandbox helper rather than
aggregate info
- sandbox/cgroup: avoid dependency on dirs
- seed/seedwriter,snap: support local snaps
- overlord/snapstate: fix undo on firstboot seeding.
- usersession: track connections to session agent for exit on idle
and peer credential checks
- tests: fix ubuntu-core-device-reg test for arm devices on core18
- sandbox/seccomp: move the remaining sandbox bits to a
corresponding sandbox package
- osutil: generalize SyncDir with FileState interface
- daemon, client, cmd/snap: include architecture in 'snap version'
- daemon: allow /v2/assertions/{assertType} to query store
- gadget: do not fail the update when old gadget snap is missing
bare content
- sandbox/selinux: move SELinux related bits from 'release' to
'sandbox/selinux'
- tests: add unit test for gadget defaults with a multiline string
- overlord/snapstate: have more context in the errors about
prerequisites
- httputil: set user agent for CONNECT
- seed/seedwriter: resolve channels using channel.Resolve* for snaps
- run-checks: allow overriding gofmt binary, show gofmt diff
- asserts,seed/seedwriter: follow snap type sorting in the model
assertion snap listings
- daemon: return "snapname_rev.snap" style when using /v2/download
- tests: when the backend is external skip the loop waiting for snap
version
- many: move AppArmor probing code under sandbox/apparmor
- cmd: add `snap debug boot-vars` that dumps the current bootvars
- tests: skip the ubuntu-core-upgrade on arm devices on core18
- seed/seedwriter: implement WriteMeta and tree16 corresponding code
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- tests: restart the journald service while preparing the test
- tests/cmd/debug_state: make the test output TZ independent
- interfaces/kubernetes-support: allow use of /run/flannel
- seed/seedwriter: start of Writer and internal policy16/tree16
- sandbox/cgroup, usersession/userd: move cgroup related helper to a
dedicated package
- tests: move "centos-7" to unstable systems
- snapstate: add missing tests for checkGadgetOrKernel
- docs: Update README.md
- snapcraft: set license to GPL-3.0
- interfaces/wayland: allow a confined server running in a user
session to work with Qt, GTK3 & SDL2 clients
- selinux: move the package under sandbox/selinux
- interfaces/udev: account for cgroup version when reporting
supported features
- store, ..., client: add a "website" field
- sanity: sanity check cgroup probing
- snapstate: increase settleTimeout in
TestRemodelSwitchToDifferentKernel
- packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
- data/selinux: allow snapd/snap to do statfs() on the cgroup
mountpoint
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- docs: Add Code of Conduct
- store: download propagates options to delta download
- tests/main/listing: account for dots in ~pre suffix
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 09 Jan 2020 17:14:51 +0100
snapd (2.42.5) xenial; urgency=medium
* New upstream release, LP: #1853244
- snap-confine: revert, with comment, explicit unix deny for nested
lxd
- Disable mount-ns test on 16.04. It is too flaky currently.
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 06 Dec 2019 14:10:56 +0100
snapd (2.42.4) xenial; urgency=medium
* New upstream release, LP: #1853244
- overlord/snapstate: make sure configuration defaults are applied
only once
-- Michael Vogt <michael.vogt@ubuntu.com> Thu, 28 Nov 2019 06:48:26 +0100
snapd (2.42.3) xenial; urgency=medium
* New upstream release, LP: #1853244
- overlord/snapstate: pick up system defaults when seeding the snapd
snap
- cmd/snap-update-ns: fix overlapping, nested writable mimic
handling
- interfaces: misc updates for u2f-devices, browser-support,
hardware-observe, et al
- tests: reset failing "fwupd-refresh.service" if needed
- tests/main/gadget-update-pc: use a program to modify gadget yaml
- snap-confine: suppress noisy classic snap file_inherit denials
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 27 Nov 2019 12:41:07 +0100
snapd (2.42.2) xenial; urgency=medium
* New upstream release, LP: #1853244
- interfaces/lxd-support: Fix on core18
- tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
2.4.1 now
- snap-seccomp: add missing clock_getres_time64
- cmd/snap-seccomp/syscalls: update the list of known
syscalls
- sandbox/seccomp: accept build ID generated by Go toolchain
- interfaces: allow access to ovs bridge sockets
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 20 Nov 2019 08:09:15 +0100
snapd (2.42.1) xenial; urgency=medium
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Oct 2019 13:17:43 +0100
snapd (2.42) xenial; urgency=medium
* New upstream release, LP: #1846181
- tests: disable {contacts,calendar}-service tests on debian-sid
- tests/main/snap-run: disable strace test cases on Arch
- cmd/system-shutdown: include correct prototype for die
- snap/naming: add test for hook name connect-plug-i2c
- cmd/snap-confine: allow digits in hook names
- gadget: do not fail the update when old gadget snap is missing
bare content
- tests: disable {contacts,calendar}-service tests on Arch Linux
- tests: move "centos-7" to unstable systems
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- packaging: remove obsolete usr.lib.snapd.snap-confine in
postinst
- tests: add test that ensures our snapfuse binary actually works
- packaging: use snapfuse_ll to speed up snapfuse performance
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- store: download propagates options to delta download
- wrappers: allow snaps to install icon theme icons
- debug: state-inspect debugging utility
- sandbox/cgroup: introduce cgroup wrappers package
- snap-confine: fix return value checks for udev functions
- cmd/model: output tweaks, add'l tests
- wrappers/services: add ServicesEnableState + unit tests
- tests: fix newline and wrong test name pointed out in previous PRs
- tests: extend mount-ns test to handle mimics
- run-checks, tests/main/go: allow gofmt checks to be skipped on
19.10
- tests/main/interfaces-{calendar,contacts}-service: disable on
19.10
- tests: part3 making tests work on ubuntu-core-18
- tests: fix interfaces-timeserver-control on 19.10
- overlord/snapstate: config revision code cleanup and extra tests
- devicestate: allow remodel to different kernels
- overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC
using an estimate
- tests/main/many: increase kill-timeout to 5m
- interfaces/kubernetes-support: allow systemd-run to ptrace read
unconfined
- snapstate: auto transition on experimental.snapd-snap=true
- tests: retry checking until the written file on desktop-portal-
filechooser
- tests: unit test for a refresh failing on configure hook
- tests: remove mount_id and parent_id from mount-ns test data
- tests: move classic-ubuntu-core-transition* to nightly
- tests/mountinfo-tool: proper formatting of opt_fields
- overlord/configstate: special-case "null" in transaction Changes()
- snap-confine: fallback gracefully on a cgroup v2 only system
- tests: debian sid now ships new seccomp, adjust tests
- tests: explicitly restore after using LXD
- snapstate: make progress reporting less granular
- bootloader: little kernel support
- fixme: rename ubuntu*architectures to dpkg*architectures
- tests: run dbus-launch inside a systemd unit
- channel: introduce Resolve and ResolveLocked
- tests: run failing tests on ubuntu eoan due to is now set as
unstable
- systemd: detach rather than unmount .mount units
- cmd/snap-confine: add unit tests for sc_invocation, cleanup memory
leaks in tests
- boot,dirs,image: introduce boot.MakeBootable, use it in image
instead of ad hoc code
- cmd/snap-update-ns: clarify sharing comment
- tests/overlord/snapstate: refactor for cleaner test failures
- cmd/snap-update-ns: don't propagate detaching changes
- interfaces: allow reading mutter Xauthority file
- cmd/snap-confine: fix /snap duplication in legacy mode
- tests: fix mountinfo-tool filtering when used with rewriting
- seed,image,o/devicestate: extract seed loading to seed/seed16.go
- many: pass the rootdir and options to bootloader.Find
- tests: part5 making tests work on ubuntu-core-18
- cmd/snap-confine: keep track of snap instance name and the snap
name
- cmd: unify die() across C programs
- tests: add functions to make an abstraction for the snaps
- packaging/fedora, tests/lib/prepare-restore: helper tool for
packing sources for RPM
- cmd/snap: improve help and error msg for snapshot commands
- hookstate/ctlcmd: fix snapctl set help message
- cmd/snap: don't append / to snap name just because a dir exists
- tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core
test
- tests: add --quiet switch to retry-tool
- tests: add unstable stage for travis execution
- tests: disable interfaces-timeserver-control on 19.10
- tests: don't guess in is_classic_confinement_supported
- boot, etc: simplify BootParticipant (etc) usage
- tests: verify retry-tool not retrying missing commands
- tests: rewrite "retry" command as retry-tool
- tests: move debug section after restore
- cmd/libsnap-confine-private, cmd/s-c: use constants for
snap/instance name lengths
- tests: measure behavior of the device cgroup
- boot, bootloader, o/devicestate: boot env manip goes in boot
- tests: enabling ubuntu 19.10-64 on spread.yaml
- tests: fix ephemeral mount table in left over by prepare
- tests: add version-tool for comparing versions
- cmd/libsnap: make feature flag enum 1<<N style
- many: refactor boot/boottest and move to bootloader/bootloadertest
- tests/cross/go-build: use go list rather than shell trickery
- HACKING.md: clarify where "make fmt" is needed
- osutil: make flock test more robust
- features, overlord: make parallel-installs exported, export flags
on startup
- overlord/devicestate: support the device service returning a
stream of assertions
- many: add snap model command, add /v2/model, /v2/model/serial REST
APIs
- debian: set GOCACHE dir during build to fix FTBFS on eoan
- boot, etc.: refactor boot to have a lookup with different imps
- many: add the start of Core 20 extensions support to the model
assertion
- overlord/snapstate: revert track-risk behavior change and
validation on install
- cmd/snap,image,seed: move image.ValidateSeed to
seed.ValidateFromYaml
- image,o/devicestate,seed: oops, make sure to clear seedtest
helpers
- tests/main/snap-info: update check.py for test-snapd-tools 2.0
- tests: moving tests to nightly suite
- overlord/devicestate,seed: small step, introduce
seed.LoadAssertions and use it from firstboot
- snapstate: add comment to checkVersion vs strutil.VersionCompare
- tests: add unit tests for cmd_whoami
- tests: add debug section to interfaces-contacts-service
- many: introduce package seed and seedtest
- interfaces/bluez: enable communication between bluetoothd and
meshd via dbus
- cmd/snap: fix snap switch message
- overlord/snapstate: check channel names on install
- tests: check snap_daemon user and group on system-usernames-
illegal test are not created
- cmd/snap-confine: fix group and permission of .info files
- gadget: do not error on gadget refreshes with multiple volumes
- snap: use deterministic paths to find the built deb
- tests: just build snapd commands on go-build test
- tests: re-enable mount-ns test on classic
- tests: rename fuse_support to fuse-support
- tests: move restore-project-each code to existing function
- tests: simplify interfaces-account-control test
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- tests: always say 'restore: |'
- tests: new test to check the output after refreshing/reverting
core
- snapstate: validate all system-usernames before creating them
- tests: fix system version check on listing test for external
backend
- tests: add check for snap_daemon user/group
- tests: don't look for lxcfs in mountinfo
- tests: adding support for arm devices on ubuntu-core-device-reg
test
- snap: explicitly forbid trying to parallel install from seed
- tests: remove trailing spaces from shell scripts
- tests: remove locally installed revisions of core
- tests: fix removal of snaps on ubuntu-core
- interfaces: support Tegra display drivers
- tests: move interfaces-contacts-service to /tmp
- interfaces/network-manager: allow using
org.freedesktop.DBus.ObjectManager
- tests: restore dpkg selections after upgrade-from-2.15 test
- tests: pass --remove to userdel on core
- snap/naming: simplify SnapSet somewhat
- devicestate/firstboot: check for missing bases early
- httputil: rework protocol error detection
- tests: unmount fuse connections only if not initially mounted
- snap: prevent duplicated snap name and snap files when parsing
seed.yaml
- tests: re-implement user tool in python
- image: improve/tweak some warning/error messages
- cmd/libsnap-confine-private: add checks for parallel instances
feature flag
- tests: wait_for_service shows status after actual first minute
- sanity: report proper errror when fuse is needed but not available
- snap/naming: introduce SnapRef, Snap, and SnapSet
- image: support prepare-image --classic for snapd snap only
imagesConsequently:
- tests/main/mount-ns: account for clone_children in cpuset cgroup
on 18.04
- many: merging asserts.Batch Precheck with CommitTo and other
clarifications
- devicestate: add missing test for remodeling possibly removing
required flag
- tests: use user-tool to remove test user in the non-home test
- overlord/configstate: sort patch keys to have deterministic order
with snap set
- many: generalize assertstate.Batch to asserts.Batch, have
assertstate.AddBatch
- gadget, overlord/devicestate: rename Position/Layout
- store, image, cmd: make 'snap download' leave partials
- httputil: improve http2 PROTOCOL_ERROR detection
- tests: add new "user-tool" helper and use in system-user tests
- tests: clean up after NFS tests
- ifacestate: optimize auto-connect by setting profiles once after
all connects
- hookstate/ctlcmd: snapctl unset command
- tests: allow test user XDG_RUNTIME_DIR to phase out
- tests: cleanup "snap_daemon" user in system-usernames-install-
twice
- cmd/snap-mgmt: set +x on startup
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- many: move channel parsing to snap/channel
- check-pr-title.py: allow {} in pr prefix
- tests: spam test logs less while waiting for systemd unit to stop
- tests: remove redundant activation check for snapd.socket
snapd.service
- tests: trivial snapctl test cleanup
- tests: ubuntu 18.10 removed from the google-sru backend on the
spread.yaml
- tests: add new cases into arch_test
- tests: clean user and group for test system-usernames-install-
twice
- interfaces: k8s worker node updates
- asserts: move Model to its own model.go
- tests: unmount binfmt_misc on cleanup
- tests: restore nsdelegate clobbered by LXD
- cmd/snap: fix snap unset help string
- tests: unmount fusectl after testing
- cmd/snap: fix remote snap info for parallel installed snaps
-- Michael Vogt <michael.vogt@ubuntu.com> Tue, 01 Oct 2019 11:24:41 +0200
snapd (2.41) xenial; urgency=medium
* New upstream release, LP: #1840740
- overlord/snapstate: revert track-risk behavior
- tests: fix snap info test
- httputil: rework protocol error detection
- gadget: do not error on gadget refreshes with multiple volumes
- i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
github.com/snapcore/go-gettext
- snapstate: validate all system-usernames before creating them
- mkversion.sh: fix version from git checkouts
- interfaces/network-{control,manager}: allow 'k' on
/run/resolvconf/**
- interfaces/wayland,x11: allow reading an Xwayland Xauth file
- interfaces: k8s worker node updates
- debian: re-enable systemd environment generator
- many: create system-usernames user/group if both don't exist
- packaging: fix symlink for snapd.session-agent.socket
- tests: change cgroups so that LXD doesn't have to
- interfaces/network-setup-control: allow dbus netplan apply
messages
- tests: add /var/cache/snapd to the snapd state to prevent error on
the store
- tests: add test for services disabled during refresh hook
- many: simpler access to snap-seccomp version-info
- snap: cleanup some tests, clarify some errorsThis is a follow up
from work on system usernames:
- osutil: add osutil.Find{Uid,Gid}
- tests: use a different archive based on the spread backend on go-
build test
- cmd/snap-update-ns: fix pair of bugs affecting refresh of snap
with layouts
- overlord/devicestate: detect clashing concurrent (ongoing, just
finished) remodels or changes
- interfaces/docker-support: declare controls-device-cgroup
- packaging: fix removal of old apparmor profile
- store: use track/risk for "channel" name when parsing store
details
- many: allow 'system-usernames' with libseccomp > 2.4 and golang-
seccomp > 0.9.0
- overlord/devicestate, tests: use gadget.Update() proper, spread
test
- overlord/configstate/configcore: allow setting start_x=1 to enable
CSI camera on RPi
- interfaces: remove BeforePrepareSlot from commonInterface
- many: support system-usernames for 'snap_daemon' user
- overlord/devicestate,o/snapstate: queue service commands before
mark-seeded and other final tasks
- interfaces/mount: discard mount ns on backend Remove
- packaging/fedora: build on RHEL8
- overlord/devicestate: support seeding a classic system with the
snapd snap and no core
- interfaces: fix test failure in gpio_control_test
- interfaces, policy: remove sanitize helpers and use minimal policy
check
- packaging: use %systemd_user_* macros to enable session agent
socket according to presets
- snapstate, store: handle 429s on catalog refresh a little bit
better
- tests: part4 making tests work on ubuntu-core-18
- many: drop snap.ReadGadgetInfo wrapper
- xdgopenproxy: update test API to match upstream
- tests: show why sbuild failed
- data/selinux: allow mandb_t to search /var/lib/snapd
- tests: be less verbose when checking service status
- tests: set sbuild test as manual
- overlord: DeviceCtx must find the remodel context for a remodel
change
- tests: use snap info --verbose to check for base
- sanity: unmount squashfs with --lazy
- overlord/snapstate: keep current track if only risk is specified
- interfaces/firewall-control: support nft routing expressions and
device groups
- gadget: support for writing symlinks
- tests: mountinfo-tool fail if there are no matches
- tests: sync journal log before start the test
- cmd/snap, data/completion: improve completion for 'snap debug'
- httputil: retry for http2 PROTOCOL_ERROR
- Errata commit: pulseaudio still auto-connects on classic
- interfaces/misc: updates for k8s 1.15 (and greengrass test)
- tests: set GOTRACEBACK=1 when running tests
- cmd/libsnap: don't leak memory in sc_die_on_error
- tests: improve how the system is restored when the upgrade-
from-2.15 test fails
- interfaces/bluetooth-control: add udev rules for BT_chrdev devices
- interfaces: add audio-playback/audio-record and make pulseaudio
manually connect
- tests: split the sbuild test in 2 depending on the type of build
- interfaces: add an interface granting access to AppStream metadata
- gadget: ensure filesystem labels are unique
- usersession/agent: use background context when stopping the agent
- HACKING.md: update spread section, other updates
- data/selinux: allow snap-confine to read entries on nsfs
- tests: respect SPREAD_DEBUG_EACH on the main suite
- packaging/debian-sid: set GOCACHE to a known writable location
- interfaces: add gpio-control interface
- cmd/snap: use showDone helper with 'snap switch'
- gadget: effective structure role fallback, extra tests
- many: fix unit tests getting stuck
- tests: remove installed snap on restore
- daemon: do not modify test data in user suite
- data/selinux: allow read on sysfs
- packaging/debian: don't md5sum absent files
- tests: remove test-snapd-curl
- tests: remove test-snapd-snapctl-core18 in restore
- tests: remove installed snap in the restore section
- tests: remove installed test snap
- tests: correctly escape mount unit path
- cmd/Makefile.am: support building with the go snap
- tests: work around classic snap affecting the host
- tests: fix typo "current"
- overlord/assertstate: add Batch.Precheck to check for the full
validity of the batch before Commit
- tests: restore cpuset clone_children clobbered by lxd
- usersession: move userd package to usersession/userd
- tests: reformat and fix markdown in snapd-state.md
- gadget: select the right updater for given structure
- tests: show stderr only if it exists
- sessionagent: add a REST interface with socket activation
- tests: remove locally installed core in more tests
- tests: remove local revision of core
- packaging/debian-sid: use correct apparmor Depends for Debian
- packaging/debian-sid: merge debian upload changes back into master
- cmd/snap-repair: make sure the goroutine doesn't stick around on
timeout
- packaging/fedora: github.com/cheggaaa/pb is no longer used
- configstate/config: fix crash in purgeNulls
- boot, o/snapst, o/devicest: limit knowledge of boot vars to boot
- client,cmd/snap: stop depending on status/status-code in the JSON
responses in client
- tests: unmount leftover /run/netns
- tests: switch mount-ns test to manual
- overlord,daemon,cmd/snapd: move expensive startup to dedicated
StartUp methods
- osutil: add EnsureTreeState helper
- tests: measure properties of various mount namespaces
- tests: part2 making tests work on ubuntu-core-18
- interfaces/policy: minimal policy check for replacing
sanitizeReservedFor helpers (1/2)
- interfaces: add an interface that grants access to the PackageKit
service
- overlord/devicestate: update gadget update handlers and mocks
- tests: add mountinfo-tool --ref-x1000
- tests: remove lxd / lxcfs if pre-installed
- tests: removing support for ubuntu cosmic on spread test suite
- tests: don't leak /run/netns mount
- image: clean up the validateSuite
- bootloader: remove "Dir()" from Bootloader interface
- many: retry to reboot if snapd gets restarted before expected
reboot
- overlord: implement re-registration remodeling
- cmd: revert PR#6933 (tweak of GOMAXPROCS)
- cmd/snap: add snap unset command
- many: add Client-User-Agent to "SnapAction" install API call
- tests: first part making tests run on ubuntu-core-18
- hookstate/ctlcmd: support hidden commands in snapctl
- many: replace snapd snap name checks with type checks (3/4)
- overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo
consider a DeviceContext
- snapctl: handle unsetting of config options with "!"
- tests: move core migration snaps to tests/lib/snaps dir
- cmd/snap: handle unsetting of config options with "!"
- cmd/snap, etc: add health to 'snap list' and 'snap info'
- gadget: use struct field names when intializing data in mounted
updater unit tests
- cmd/snap-confine: bring /lib/firmware from the host
- snap: set snapd snap type (1/4)
- snap: add checks in validate-seed for missing base/default-
provider
- daemon: replace shutdownServer with net/http's native shutdown
support
- interfaces/builtin: add exec "/bin/runc" to docker-support
- gadget: mounted filesystem updater
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- seccomp/compiler: adjust test case names and comment for later
changes
- tests: fix error doing snap pack running failover test
- tests: don't preserve size= when rewriting mount tables
- tests: allow reordering of rewrite operations
- gadget: main update routine
- overlord/config: normalize nulls to support config unsetting
semantics
- snap-userd-autostart: don't list as a startup application on the
GUI
- tests: renumber snap revisions as seen via writable
- tests: change allocation for mount options
- tests: re-enable ns-re-associate test
- tests: mountinfo-tool allow many --refs
- overlord/devicestate: implement reregRemodelContext with the
essential re-registration logic
- tests: replace various numeric mount options
- gadget: filesystem image writer
- tests: add more unit tests for mountinfo-tool
- tests: introduce mountinfo-tool --ref feature
- tests: refactor mountinfo-tool rewrite state
- tests: allow renumbering mount namespace identifiers
- snap: refactor and explain layout blacklisting
- tests: renumber snap revisions as seen via hostfs
- daemon, interfaces, travis: workaround build ID with Go 1.9, use
1.9 for travis tests
- cmd/libsnap: add sc_error_init_{simple,api_misuse}
- gadget: make raw updater handle shifted structures
- tests/lib/nested: create WORK_DIR before accessing it
- cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN
- cmd,tests: forcibly discard mount namespace when bases change
- many: introduce healthstate, run check-health
post-(install/refresh/try/revert)
- interfaces/optical-drive: add scsi-generic type 4 and 5 support
- cmd/snap-confine: exit from helper when parent dies
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 30 Aug 2019 08:56:16 +0200
snapd (2.40) xenial; urgency=medium
* New upstream release, LP: #1836327
- overlord/patch: simplify conditions for re-applying sublevel
patches for level 6
- cmd,tests: forcibly discard mount namespace when bases change
- cmd/snap-confine: handle device cgroup before pivot
- cmd/snap-apparmor-service: quit if there are no profiles
- cmd/snap, image: add --target-directory and --basename to 'snap
download'
- interfaces: add jack1 implicit classic interface
- interfaces: miscellaneous policy updates
- daemon: classic confinement is not supported on core
- interfaces: bluetooth-control: add mtk BT device node
- cmd/snap-seccomp: initial support for negative arguments with
uid/gid caching
- snap-confine: move seccomp load after permanent privilege drop
- tests: new profiler snap used to track cpu and memory for snapd
and snap commands
- debian: make maintainer scripts do nothing on powerpc
- gadget: mounted filesystem writer
- cmd/snap: use padded checkers for snapshot output
- bootloader: switch to bootloader_test style testing
- gadget: add a wrapper for generating partitioned images with
sfdisk
- tests/main/snap-seccomp-syscalls: add description
- tests: continue executing on errors either updating the repo db or
installing dependencies
- cmd/snap-seccomp/syscalls: add io_uring syscalls
- systemd: add InstanceMode enumeration to control which systemd
instance to control
- netutil: extract socket activation helpers from daemon package.
- interfaces: spi: update regex rules to accept spi nodes like
spidev12345.0
- gadget: fallback device lookup
- many: add strutil.ElliptLeft, use it for shortening cohorts
- wrappers: allow sockets under $XDG_RUNTIME_DIR
- gadget: add wrapper for creating and populating filesystems
- gadget: add writer for offset-write
- gadget: support relative symlinks in device lookup
- snap, snapstate: additional validation of base field
- many: fix some races and missing locking, make sure UDevMonitor is
stopped
- boot: move ExtractKernelAssets
- daemon, snap: screenshots _only_ shows the deprecation notice,
from 2.39
- osutil: add a workaround for overlayfs apparmor as it is used on
Manjaro
- snap: introduce GetType() function for snap.Info
- tests: update systems to be used for during sru validation
- daemon: increase `shutdownTimeout` to 25s to deal with slow
HW
- interfaces/network-manager: move deny ptrace to the connected slot
- interfaces: allow locking of pppd files
- cmd/snap-exec: fix snap completion for classic snaps with non
/usr/lib/snapd libexecdir
- daemon: expose pprof endpoints
- travis: disable snap pack on OSX
- client, cmd/snap: expose the new cohort options for snap ops
- overlord/snapstate: tweak switch summaries
- tests: reuse the image created initially for nested tests
execution
- tests/lib/nested: tweak assert disk prepare step
- daemon, overlord/snapstate: support leave-cohort
- tests/main/appstream-id: collect debug info
- store,daemon: add client-user-agent support to store.SnapInfo
- tests: add check for invalid PR titles in the static checks
- tests: add snap-tool for easier access to internal tools
- daemon: unexport file{Response,Stream}
- devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
- tests: fix test desktop-portal-filechooser
- tests: sort commands from DumpCommands in the dumpDbHook
- cmd/snap: add unit test for "advise-snap --dump-db".
- bootloader: remove extra mock bootloader implementation
- daemon: tweak for "add api endpoint for download" PR
- packaging: fix reproducible build error
- tests: synchronize journal logs before check logs
- tests: fix snap service watchdog test
- tests: use more readable test directory names
- tests/regression/lp-1805485: update test description
- overlord: make changes conflict with remodel
- tests: make sure the snapshot unit test uses a snapshot time
relative to Now()
- tests: revert "tests: stop catalog-update/apt-hooks test for now"
- tests: mountinfo-tool --one prints matches on failure
- data/selinux: fix policy for snaps with bases and classic snaps
- debian: fix building on eoan by tweaking golang build-deps
- packaging/debian-sid: update required golang version to 1.10
- httputil: handle "no such host" error explicitly and do not retry
it
- overlord/snapstate, & fallout: give Install a *RevisionOptions
- cmd/snap: don't run install on 'snap --help install'
- gadget: raw/bare structure writer and updater
- daemon, client, cmd/snap: show cohort key in snap info --verbose
- overlord/snapstate: add update-gadget task when needed, block
other changes
- image: turn a missing default content provider into an error
- overlord/devicestate: update-gadget-assets task handler with
stubbed gadget callbacks
- interface: builtin: avahi-observe/control: update label for
implicit slot
- tests/lib/nested: fix multi argument copy_remote
- tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
an image
- packaging: fix permissions powerpc docs dir
- overlord: mock store to avoid net requests
- debian: rework how we run autopkgtests
- interface: builtin: avahi-observe/control: allow slots
implementation also by app snap on classic system
- interfaces: builtin: utils: add helper function to identify system
slots
- interfaces: add missing adjtimex to time-control
- overlord/snapstate, snap: support base = "none"
- daemon, overlord/snapstate: give RevisionOptions a CohortKey
- data/selinux: permit init_t to remount snappy_snap_t
- cmd/snap: test for a friendly error on 'okay' without 'warnings'
- cmd/snap: support snap debug timings --startup=.. and measure
loadState time
- advise-snap: add --dump-db which dumps the command database
- interfaces/docker-support: support overlayfs on ubuntu core
- cmd/okay: Remove err message when warning file not exist
- devicestate: disallow removal of snaps used in booting early
- packaging: fix build-depends on powerpc
- tests: run spread tests on opensuse leap 15.1
- strutil/shlex: fix ineffassign
- cmd/snapd: ensure GOMAXPROCS is at least 2
- cmd/snap-update-ns: detach unused mount points
- gadget: record gadget root directory used during positioning
- tests: force removal to prevent restore fails when directory
doesn't exist on lp-1801955 test
- overlord: implement store switch remodeling
- tests: stop using ! for naive negation in shell scripts
- snap,store,daemon,client: send new "Snap-Client-User-Agent" header
in Search()
- osutil: now that we require golang-1.10, use user.LookupGroup()
- spread.yaml,tests: change MATCH and REBOOT to cmds
- packaging/fedora: force external linker to ensure static linking
and -extldflags use
- timings: tweak the conditional for ensure timings
- timings: always store ensure timings as long as they have an
associated change
- cmd/snap: tweak the output of snap debug timings --ensure=...
- overlord/devicestate: introduce remodel kinds and
contextsregistrationContext:
- snaptest: add helper for mocking snap with contents
- snapstate: allow removal of non-model kernels
- tests: change strace parameters on snap-run test to avoid the test
gets stuck
- gadget: keep track of the index where structure content was
defined
- cmd/snap-update-ns: rename leftover ctx to upCtx
- tests: add "not" command
- spread.yaml: use "snap connections" in debug
- tests: fix how strings are matched on auto-refresh-retry test
- spread-shellcheck: add support for variants and environment
- gadget: helper for shifting structure start position
- cmd/snap-update-ns: add several TODO comments
- cmd/snap-update-ns: rename ctx to upCtx
- spread.yaml: make HOST: usage shellcheck-clean
- overlord/snapstate, daemon: snapstate.Switch now takes a
RevisionOption
- tests: add mountinfo-tool
- many: make snapstate.Update take *RevisionOptions instead of chan,
rev
- tests/unit/spread-shellcheck: temporary workaround for SC2251
- daemon: refactor user ops to api_users
- cmd/snap, tests: refactor info to unify handling of 'direct' snaps
- cmd/snap-confine: combine sc_make_slave_mount_ns into caller
- cmd/snap-update-ns: use "none" for propagation changes
- cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
- cmd/snap, api, snapstate: implement "snap remove --purge"
- tests: new hotplug test executed on ubuntu core
- tests: running tests on fedora 30
- gadget: offset-write: fix validation, calculate absolute position
- data/selinux: allow snap-confine to do search on snappy_var_t
directories
- daemon, o/snapstate, store: support for installing from cohorts
- cmd/snap-confine: do not mount over non files/directories
- tests: validates snapd from ppa
- overlord/configstate: don't panic on invalid configuration
- gadget: improve device lookup, add helper for mount point lookup
- cmd/snap-update-ns: add tests for executeMountProfileUpdate
- overlord/hookstate: don't run handler unless hooksup.Always
- cmd/snap-update-ns: allow changing mount propagation
- systemd: workaround systemctl show quirks on older systemd
versions
- cmd/snap: allow option descriptions to start with the command
- many: introduce a gadget helper for locating device matching given
structure
- cmd/snap-update-ns: fix golint complaints about variable names
- cmd/snap: unit tests for debug timings
- testutil: support sharing-related mount flags
- packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
Fedora releases
- cmd/snap: support for --ensure argument for snap debug timings
- cmd,sandbox: tweak seccomp version info handling
- gadget: record sector size in positioned volume
- tests: make create-user test support managed devices
- packaging: build empty package on powerpc
- overlord/snapstate: perform hard refresh check
- gadget: add volume level update checks
- cmd/snap: mangle descriptions that have indent > terminal width
- cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
- cmd/snap-confine: unshare per-user mount ns once
- tests: retry govendor sync
- tests: avoid removing snaps which are cached to speed up the
prepare on boards
- tests: fix how the base snap are deleted when there are multiple
to deleted on reset
- cmd/snap-update-ns: merge apply functions
- many: introduce assertstest.SigningAccounts and AddMany test
helpers
- interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
helpers
- cmd/snap-update-ns: make apply{User,System}Fstab identical
- gadget: introduce checkers for sanitizing structure updates
- cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
file
- overlord/devicestate: introduce registrationContext
- cmd/snap-update-ns: add no-op load/save current user profile logic
- devicestate: set "new-model" on the remodel change
- devicestate: use deviceCtx in checkGadgetOrKernel
- many: use a fake assertion model in the device contexts for tests
- gadget: fix handling of positioning constrains for structures of
MBR role
- snap-confine: improve error when running on a not /home homedir
- devicestate: make Remodel() return a state.Change
- many: make which store to use contextualThis reworks
snapstate.Store instead of relying solely on DeviceContext,
because:
- tests: enable tests on centos 7 again
- interfaces: add login-session-control interface
- tests: extra debug for snapshot-basic test
- overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
devicestate
- gadget: more validation checks for legacy MBR structure type &
role
- osutil: fix TestReadBuildGo test in sbuild
- data: update XDG_DATA_DIRS via the systemd environment.d mechanism
too
- many: do without device state/assertions accessors based on state
only outside of devicestate/tests
- interfaces/dbus: fix unit tests when default snap mount dir is not
/snap
- tests: add security-seccomp to verify seccomp with arg filtering
- snapshotstate: disable automatic snapshots on core for now
- snapstate: auto-install snapd when needed
- overlord/ifacestate: update static attributes of "content"
interface
- interfaces: add support for the snapd snap in the dbus backend*
- overlord/snapstate: tweak autorefresh logic if network is not
available
- snapcraft: also include ld.so.conf from libc in the snapcraft.yml
- snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
- overlord: pass a DeviceContext to the checkSnap implementations
- daemon: add RootOnly flag to commands
- many: make access to the device model assertion etc contextual
via a DeviceCtx hook/DeviceContext interface
- snapcraft.yaml: include libc6 in snapd
- tests: reduce snapcraft leftovers from PROJECT_PATH, temp disable
centos
- overlord: make the store context composably backed by separate
backends for device asserts/info etc.
- snapstate: revert "overlord/snapstate: remove PlugsOnly"
- osutil,cmdutil: move CommandFromCore and make it use the snapd
snap (if available)
- travis: bump Go version to 1.10.x
- cmd/snap-update-ns: remove instanceName argument from applyProfile
- gadget: embed volume in positioned volume, rename fields
- osutil: use go build-id when no gnu build-id is available
- snap-seccomp: add 4th field to version-info for golang-seccomp
features
- cmd/snap-update-ns: merge computeAndSaveSystemChanges into
applySystemFstab
- cmd/snap, client, daemon, store: create-cohort
- tests: give more time until nc returns on appstream test
- tests: run spread tests on ubuntu 19.04
- gadget: layout, smaller fixes
- overlord: update static attrs when reloading connections
- daemon: verify snap instructions for multi-snap requests
- overlord/corecfg: make expiration of automatic snapshots
configurable (4/4)
- cmd/snap-update-ns: pass MountProfileUpdate to
apply{System,User}Fstab
- snap: fix interface bindings on implicit hooks
- tests: improve how snaps are cached
- cmd/snap-update-ns: formatting tweaks
- data/selinux: policy tweaks
- cmd/snap-update-ns: move locking to the common layer
- overlord: use private YAML inside several tests
- cmd/snap, store, image: support for cohorts in "snap download"
- overlord/snapstate: add timings to critical task handlers and the
backend
- cmd: add `snap debug validate-seed <path>` cmd
- state: add possible error return to TaskSet.Edge()
- snap-seccomp: use username regex as defined in osutil/user.go
- osutil: make IsValidUsername public and fix regex
- store: serialize the acquisition of device sessions
- interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
Fedora
- many: move Device/SetDevice to devicestate, start of making them
pluggable in storecontext
- overlord/snapstate: remove PlugsOnly
- interfaces/apparmor: allow running /usr/bin/od
- spread: add qemu:fedora-29-64
- tests: make test parallel-install-interfaces work for boards with
pre-installed snaps
- interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
- spread.yaml: add qemu:centos-7-64
- overlord/devicestate: extra measurements related to
populateStateFromSeed
- cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
- cmd/libsnap: remove fringe error function
- gadget: add validation of cross structure overlap and offset
writes
- cmd/snap-update-ns: refactor of profile application (3/N)
- data/selinux: tweak the policy for runuser and s-c, interpret
audit entries
- tests: fix spaces issue in the base snaps names to remove during
reset phase
- tests: wait for man db cache is updated before after install snapd
on Fedora
- tests: extend timeout of sbuild test
-- Michael Vogt <michael.vogt@ubuntu.com> Fri, 12 Jul 2019 10:40:08 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog snapd`.
Generated by dwww version 1.16 on Sat Dec 13 16:16:16 CET 2025.