-
snapd (2.63+20.04) focal; urgency=medium
* New upstream release, LP: #2061179
- Support for snap services to show the current status of user
services (experimental)
- Refresh app awareness: record snap-run-inhibit notice when
starting app from snap that is busy with refresh (experimental)
- Refresh app awareness: use warnings as fallback for desktop
notifications (experimental)
- Aspect based configuration: make request fields in the aspect-
bundle's rules optional (experimental)
- Aspect based configuration: make map keys conform to the same
format as path sub-keys (experimental)
- Aspect based configuration: make unset and set behaviour similar
to configuration options (experimental)
- Aspect based configuration: limit nesting level for setting value
(experimental)
- Components: use symlinks to point active snap component revisions
- Components: add model assertion support for components
- Components: fix to ensure local component installation always gets
a new revision number
- Add basic support for a CIFS remote filesystem-based home
directory
- Add support for AppArmor profile kill mode to avoid snap-confine
error
- Allow more than one interface to grant access to the same API
endpoint or notice type
- Allow all snapd service's control group processes to send systemd
notifications to prevent warnings flooding the log
- Enable not preseeded single boot install
- Update secboot to handle new sbatlevel
- Fix to not use cgroup for non-strict confined snaps (devmode,
classic)
- Fix two race conditions relating to freedesktop notifications
- Fix missing tunables in snap-update-ns AppArmor template
- Fix rejection of snapd snap udev command line by older host snap-
device-helper
- Rework seccomp allow/deny list
- Clean up files removed by gadgets
- Remove non-viable boot chains to avoid secboot failure
- posix_mq interface: add support for missing time64 mqueue syscalls
mq_timedreceive_time64 and mq_timedsend_time64
- password-manager-service interface: allow kwalletd version 6
- kubernetes-support interface: allow SOCK_SEQPACKET sockets
- system-observe interface: allow listing systemd units and their
properties
- opengl interface: enable use of nvidia container toolkit CDI
config generation
-- Ernest Lotter <email address hidden> Wed, 24 Apr 2024 02:00:39 +0200
-
snapd (2.62+20.04) focal; urgency=medium
* New upstream release, LP: #2058277
- Aspects based configuration schema support (experimental)
- Refresh app awareness support for UI (experimental)
- Support for user daemons by introducing new control switches
--user/--system/--users for service start/stop/restart
(experimental)
- Add AppArmor prompting experimental flag (feature currently
unsupported)
- Installation of local snap components of type test
- Packaging of components with snap pack
- Expose experimental features supported/enabled in snapd REST API
endpoint /v2/system-info
- Support creating and removing recovery systems for use by factory
reset
- Enable API route for creating and removing recovery systems using
/v2/systems with action create and /v2/systems/{label} with action
remove
- Lift requirements for fde-setup hook for single boot install
- Enable single reboot gadget update for UC20+
- Allow core to be removed on classic systems
- Support for remodeling on hybrid systems
- Install desktop files on Ubuntu Core and update after snapd
upgrade
- Upgrade sandbox features to account for cgroup v2 device filtering
- Support snaps to manage their own cgroups
- Add support for AppArmor 4.0 unconfined profile mode
- Add AppArmor based read access to /etc/default/keyboard
- Upgrade to squashfuse 0.5.0
- Support useradd utility to enable removing Perl dependency for
UC24+
- Support for recovery-chooser to use console-conf snap
- Add support for --uid/--gid using strace-static
- Add support for notices (from pebble) and expose via the snapd
REST API endpoints /v2/notices and /v2/notice
- Add polkit authentication for snapd REST API endpoints
/v2/snaps/{snap}/conf and /v2/apps
- Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
- Add refresh-inhibited select query to REST API endpoint /v2/snaps
- Take into account validation sets during remodeling
- Improve offline remodeling to use installed revisions of snaps to
fulfill the remodel revision requirement
- Add rpi configuration option sdtv_mode
- When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
present on host
- Fix gadget zero-sized disk mapping caused by not ignoring zero
sized storage traits
- Fix gadget install case where size of existing partition was not
correctly taken into account
- Fix trying to unmount early kernel mount if it does not exist
- Fix restarting mount units on snapd start
- Fix call to udev in preseed mode
- Fix to ensure always setting up the device cgroup for base bare
and core24+
- Fix not copying data from newly set homedirs on revision change
- Fix leaving behind empty snap home directories after snap is
removed (resulting in broken symlink)
- Fix to avoid using libzstd from host by adding to snapd snap
- Fix autorefresh to correctly handle forever refresh hold
- Fix username regex allowed for system-user assertion to not allow
'+'
- Fix incorrect application icon for notification after autorefresh
completion
- Fix to restart mount units when changed
- Fix to support AppArmor running under incus
- Fix case of snap-update-ns dropping synthetic mounts due to
failure to match desired mount dependencies
- Fix parsing of base snap version to enable pre-seeding of Ubuntu
Core Desktop
- Fix packaging and tests for various distributions
- Add remoteproc interface to allow developers to interact with
Remote Processor Framework which enables snaps to load firmware to
ARM Cortex microcontrollers
- Add kernel-control interface to enable controlling the kernel
firmware search path
- Add nfs-mount interface to allow mounting of NFS shares
- Add ros-opt-data interface to allow snaps to access the host
/opt/ros/ paths
- Add snap-refresh-observe interface that provides refresh-app-
awareness clients access to relevant snapd API endpoints
- steam-support interface: generalize Pressure Vessel root paths and
allow access to driver information, features and container
versions
- steam-support interface: make implicit on Ubuntu Core Desktop
- desktop interface: improved support for Ubuntu Core Desktop and
limit autoconnection to implicit slots
- cups-control interface: make autoconnect depend on presence of
cupsd on host to ensure it works on classic systems
- opengl interface: allow read access to /usr/share/nvidia
- personal-files interface: extend to support automatic creation of
missing parent directories in write paths
- network-control interface: allow creating /run/resolveconf
- network-setup-control and network-setup-observe interfaces: allow
busctl bind as required for systemd 254+
- libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
ro and read access to /var/lib/libvirt/dnsmasq/**
- fwupd interface: allow access to IMPI devices (including locking
of device nodes), sysfs attributes needed by amdgpu and the COD
capsule update directory
- uio interface: allow configuring UIO drivers from userspace
libraries
- serial-port interface: add support for NXP Layerscape SoC
- lxd-support interface: add attribute enable-unconfined-mode to
require LXD to opt-in to run unconfined
- block-devices interface: add support for ZFS volumes
- system-packages-doc interface: add support for reading jquery and
sphinx documentation
- system-packages-doc interface: workaround to prevent autoconnect
failure for snaps using base bare
- microceph-support interface: allow more types of block devices to
be added as an OSD
- mount-observe interface: allow read access to
/proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
- polkit interface: changed to not be implicit on core because
installing policy files is not possible
- upower-observe interface: allow stats refresh
- gpg-public-keys interface: allow creating lock file for certain
gpg operations
- shutdown interface: allow access to SetRebootParameter method
- media-control interface: allow device file locking
- u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
Kensington VeriMark Guard, RSA DS100, Google Titan v2
-- Ernest Lotter <email address hidden> Thu, 21 Mar 2024 22:06:09 +0200
-
snapd (2.61.3+20.04) focal; urgency=medium
* New upstream release, LP: #2039017
- Install systemd files in correct location for 24.04
-- Ernest Lotter <email address hidden> Wed, 06 Mar 2024 23:18:11 +0200
-
snapd (2.58+20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
- interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
from upstream. Graphical terminal emulators like xterm, gnome-terminal
and others are not affected - this can only be exploited when snaps
are run on a virtual console.
- https://github.com/snapcore/snapd/pull/12849
- CVE-2023-1523
-- Alex Murray <email address hidden> Mon, 29 May 2023 21:39:27 +0930
-
snapd (2.58+20.04) focal; urgency=medium
* New upstream release, LP: #1998462
- many: Use /tmp/snap-private-tmp for per-snap private tmps
- data: Add systemd-tmpfiles configuration to create private tmp dir
- cmd/snap: test allowed and forbidden refresh hold values
- cmd/snap: be more consistent in --hold help and err messages
- cmd/snap: error on refresh holds that are negative or too short
- o/homedirs: make sure we do not write to /var on build time
- image: make sure file customizations happen also when we have
defaultscause
- tests/fde-on-classic: set ubuntu-seed label in seed partitions
- gadget: system-seed-null should also have fs label ubuntu-seed
- many: gadget.HasRole, ubuntu-seed can come also from system-seed-
null
- o/devicestate: fix paths for retrieving recovery key on classic
- cmd/snap-confine: do not discard const qualifier
- interfaces: allow python3.10+ in the default template
- o/restart: fix PendingForSystemRestart
- interfaces: allow wayland slot snaps to access shm files created
by Firefox
- o/assertstate: add Sequence() to val set tracking
- o/assertstate: set val set 'Current' to pinned sequence
- tests: tweak the libvirt interface test to work on 22.10
- tests: use system-seed-null role on classic with modes tests
- boot: add directory for data on install
- o/devicestate: change some names from esp to seed/seed-null
- gadget: add system-seed-null role
- o/devicestate: really add error to new error message
- restart,snapstate: implement reboot-required notifications on
classic
- many: avoid automatic system restarts on classic through new
overlord/restart logic
- release: Fix WSL detection in LXD
- o/state: introduce WaitStatus
- interfaces: Fix desktop interface rules for document portal
- client: remove classic check for `snap recovery --show-
keys`
- many: create snapd.mounts targets to schedule mount units
- image: enable sysfs overlay for UC preseeding
- i/b/network-control: add permissions for using AF_XDP
- i/apparmor: move mocking of home and overlay conditions to osutil
- tests/main/degraded: ignore man-db update failures in CentOS
- cmd/snap: fix panic when running snap w/ flag but w/o subcommand
- tests: save snaps generated during image preaparation
- tests: skip building snapd based on new env var
- client: remove misleading comments in ValidateApplyOptions
- boot/seal: add debug traces for bootchains
- bootloader/assets: fix grub.cfg when there are no labels
- cmd/snap: improve refresh hold's output
- packaging: enable BPF in RHEL9
- packaging: do not traverse filesystems in postrm script
- tests: get microk8s from another branch
- bootloader: do not specify Core version in grub entry
- many: refresh --hold follow-up
- many: support refresh hold/unhold to API and CLI
- many: expand fully handling links mapping in all components, in
the API and in snap info
- snap/system_usernames,tests: Azure IoT Edge system usernames
- interface: Allow access to
org.freedesktop.DBus.ListActivatableNames via system-observe
interface
- o/devicestate,daemon: use the expiration date from the assertion
in user-state and REST api (user-removal 4/n)
- gadget: add unit tests for new install functions for FDE on
classic
- cmd/snap-seccomp: fix typo in AF_XDP value
- tests/connected-after-reboot-revert: run also on UC16
- kvm: allow read of AMD-SEV parameters
- data: tweak apt integration config var
- o/c/configcore: add faillock configuration
- tests: use dbus-daemon instead of dbus-launch
- packaging: remove unclean debian-sid patch
- asserts: add keyword 'user-presence' keyword in system-user
assertion (auto-removal 3/n)
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- aspects: initial code
- overlord: process auto-import assertion at first boot
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- tests: fix lxd-mount-units in ubuntu kinetic
- tests: new variable used to configure the kernel command line in
nested tests
- go.mod: update to newer secboot/uc22 branch
- autopkgtests: fix running autopkgtest on kinetic
- tests: remove squashfs leftovers in fakeinstaller
- tests: create partition table in fakeinstaller
- o/ifacestate: introduce DebugAutoConnectCheck hook
- tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested
helper
- interfaces/polkit: do not require polkit directory if no file is
needed
- o/snapstate: be consistent not creating per-snap save dirs for
classic models
- inhibit: use hintFile()
- tests: use `snap prepare-image` in fde-on-classic mk-image.sh
- interfaces: add microceph interface
- seccomp: allow opening XDP sockets
- interfaces: allow access to icon subdirectories
- tests: add minimal-smoke test for UC22 and increase minimal RAM
- overlord: introduce hold levels in the snapstate.Hold* API
- o/devicestate: support mounting ubuntu-save also on classic with
modes
- interfaces: steam-support allow additional mounts
- fakeinstaller: format SystemDetails result with %+v
- cmd/libsnap-confine-private: do not panic on chmod failure
- tests: ensure that fakeinstaller put the seed into the right place
- many: add stub services for prompting
- tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies
- o/snapstate: fix snaps-hold pruning/reset in the presence of
system holding
- many: add support for setting up encryption from installer
- many: support classic snaps in the context of classic and extended
models
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate limit
- boot,o/devicestate: extend HasFDESetupHook to consider unrelated
kernels
- cmd/snap: validation set refresh-enforce CLI support + spread test
- many: fix filenames written in modeenv for base/gadget plus drive-
by TODO
- seed: fix seed test to use a pseudo-random byte sequence
- cmd/snap-confine: remove setuid calls from cgroup init code
- boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem
- devicestate,boot,tests: make `fakeinstaller` test work
- store: send Snap-Device-Location header with cloud information
- overlord: fix unit tests after merging master in
- o/auth: move HasUserExpired into UserState and name it HasExpired,
and add unit tests for this
- o/auth: rename NewUserData to NewUserParams
- many: implementation of finish install step handlers
- overlord: auto-resolve validation set enforcement constraints
- i/backends,o/ifacestate: cleanup backends.All
- cmd/snap-confine: move bind-mount setup into separate function
- tests/main/mount-ns: update namespace for 18.04
- o/state: Hold pseudo-error for explicit holding, concept of
pending changes in prune logic
- many: support extended classic models that omit kernel/gadget
- data/selinux: allow snapd to detect WSL
- overlord: add code to remove users that has an expiration date set
- wrappers,snap/quota: clear LogsDirectory= in the service unit for
journal namespaces
- daemon: move user add, remove operations to overlord device state
- gadget: implement write content from gadget information
- {device,snap}state: fix ineffectual assignments
- daemon: support validation set refresh+enforce in API
- many: rename AddAffected* to RegisterAffected*, add
Change|State.Has, fix a comment
- many: reset store session when setting proxy.store
- overlord/ifacestate: fix conflict detection of auto-connection
- interfaces: added read/write access to /proc/self/coredump_filter
for process-control
- interfaces: add read access to /proc/cgroups and
/proc/sys/vm/swappiness to system-observe
- fde: run fde-reveal-key with `DefaultDependencies=no`
- many: don't concatenate non-constant format strings
- o/devicestate: fix non-compiling test
- release, snapd-apparmor: fixed outdated WSL detection
- many: add todos discussed in the review in
tests/nested/manual/fde-on-classic, snapstate cleanups
- overlord: run install-device hook during factory reset
- i/b/mount-control: add optional `/` to umount rules
- gadget/install: split Run in several functions
- o/devicestate: refactor some methods as preparation for install
steps implementation
- tests: fix how snaps are cached in uc22
- tests/main/cgroup-tracking-failure: fix rare failure in Xenial and
Bionic
- many: make {Install,Initramfs}{{,Host},Writable}Dir a function
- tests/nested/manual/core20: fix manual test after changes to
'tests.nested exec'
- tests: move the unit tests system to 22.04 in github actions
workflow
- tests: fix nested errors uc20
- boot: rewrite switch in SnapTypeParticipatesInBoot()
- gadget: refactor to allow usage from the installer
- overlord/devicestate: support for mounting ubuntu-save before the
install-device hook
- many: allow to install/update kernels/gadgets on classic with
modes
- tests: fix issues related to dbus session and localtime in uc18
- many: support home dirs located deeper under /home
- many: refactor tests to use explicit strings instead of
boot.Install{Initramfs,Host}{Writable,FDEData}Dir
- boot: add factory-reset cases for boot-flags
- tests: disable quota tests on arm devices using ubuntu core
- tests: fix unbound SPREAD_PATH variable on nested debug session
- overlord: start turning restart into a full state manager
- boot: apply boot logic also for classic with modes boot snaps
- tests: fix snap-env test on debug section when no var files were
created
- overlord,daemon: allow returning errors when requesting a restart
- interfaces: login-session-control: add further D-Bus interfaces
- snapdenv: added wsl to userAgent
- o/snapstate: support running multiple ops transactionally
- store: use typed valset keys in store package
- daemon: add `ensureStateSoon()` when calling systems POST api
- gadget: add rules for validating classic with modes gadget.yaml
files
- wrappers: journal namespaces did not honor journal.persistent
- many: stub devicestate.Install{Finish,SetupStorageEncryption}()
- sandbox/cgroup: don't check V1 cgroup if V2 is active
- seed: add support to load auto import assertion
- tests: fix preseed tests for arm systems
- include/lk: update LK recovery environment definition to include
device lock state used by bootloader
- daemon: return `storage-encryption` in /systems/<label> reply
- tests: start using remote tools from snapd-testing-tools project
in nested tests
- tests: fix non mountable filesystem error in interfaces-udisks2
- client: clarify what InstallStep{SetupStorageEncryption,Finish} do
- client: prepare InstallSystemOptions for real use
- usersession: Remove duplicated struct
- o/snapstate: support specific revisions in UpdateMany/InstallMany
- i/b/system_packages_doc: restore access to Libreoffice
documentation
- snap/quota,wrappers: allow using 0 values for the journal rate
limit
- tests: add kinetic images to the gce bucket for preseed test
- multiple: clear up naming convention for thread quota
- daemon: implement stub `"action": "install"`
- tests/main/snap-quota-{install/journal}: fix unstable spread tests
- tests: remove code for old systems not supported anymore
- tests: third part of the nested helper cleanup
- image: clean snapd mount after preseeding
- tests: use the new ubuntu kinetic image
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- tests: restore microk8s test on 16.04
- tests: run spread tests on arm64 instances in google cloud
- tests: skip interfaces-udisks2 in fedora
- asserts,boot,secboot: switch to a secboot version measuring
classic
- client: add API for GET /systems/<label>
- overlord: frontend for --quota-group support (2/2)
- daemon: add GET support for `/systems/<seed-label>`
- i/b/system-observe: allow reading processes security label
- many: support '--purge' when removing multiple snaps
- snap-confine: remove obsolete code
- interfaces: rework logic of unclashMountEntries
- data/systemd/Makefile: add comment warning about "snapd." prefix
- interfaces: grant access to speech-dispatcher socket (bug 1787245)
- overlord/servicestate: disallow removal of quota group with any
limits set
- data: include snapd/mounts in preseeded blob
- many: Set SNAPD_APPARMOR_REEXEC=1
- store/tooling,tests: support UBUNTU_STORE_URL override env var
- multiple: clear up naming convention for cpu-set quota
- tests: improve and standardize debug section on tests
- device: add new DeviceManager.encryptionSupportInfo()
- tests: check snap download with snapcraft v7+ export-login auth
data
- cmd/snap-bootstrap: changes to be able to boot classic rootfs
- tests: fix debug section for test uc20-create-partitions
- overlord: --quota-group support (1/2)
- asserts,cmd/snap-repair: drop not pursued
AuthorityDelegation/signatory-id
- snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode
- interfaces: make polkit implicit on core if /usr/libexec/polkitd
exists
- multiple: move arguments for auth.NewUser into a struct (auto-
removal 1/n)
- overlord: track security profiles for non-active snaps
- tests: remove NESTED_IMAGE_ID from nested manual tests
- tests: add extra space to ubuntu bionic
- store/tooling: support using snapcraft v7+ base64-encoded auth
data
- overlord: allow seeding in the case of classic with modes system
- packaging/*/tests/integrationtests: reload ssh.service, not
sshd.service
- tests: rework snap-logs-journal test and add missing cleanup
- tests: add spread test for journal quotas
- tests: run spread tests in ubuntu kinetic
- o/snapstate: extend support for holding refreshes
- devicestate: return an error in checkEncryption() if KernelInfo
fails
- tests: fix sbuild test on debian sid
- o/devicestate: do not run tests in this folder twice
- sandbox/apparmor: remove duplicate hook into testing package
- many: refactor store code to be able to use simpler form of auth
creds
- snap,store: drop support/consideration for anonymous download urls
- data/selinux: allow snaps to read certificates
- many: add Is{Core,Classic}Boot() to DeviceContext
- o/assertstate: don't refresh enforced validation sets during check
- go.mod: replace maze.io/x/crypto with local repo
- many: fix unnecessary use of fmt.Sprintf
- bootloader,systemd: fix `don't use Yoda conditions (ST1017)`
- HACKING.md: extend guidelines with common review comments
- many: progress bars should use the overridable stdouts
- tests: remove ubuntu 21.10 from sru validation
- tests: import remote tools
- daemon,usersession: switch from HeaderMap to Header in tests
- asserts: add some missing `c.Check()` in the asserts test
- strutil: fix VersionCompare() to allow multiple `-` in the version
- testutil: remove unneeded `fmt.Sprintf`
- boot: remove some unneeded `fmt.Sprintf()` calls
- tests: implement prepare_gadget and prepare_base and unify all the
version
- o/snapstate: refactor managed refresh schedule logic
- o/assertstate, snapasserts: implementation of
assertstate.TryEnforceValidationSets function
- interfaces: add kconfig paths to system-observe
- dbusutil: move debian patch into dbustest
- many: change name and input of CheckProvenance to clarify usage
- tests: Fix a missing parameter in command to wait for device
- tests: Work-around non-functional --wait on systemctl
- tests: unify the way the snapd/core and kernel are repacked in
nested helper
- tests: skip interfaces-ufisks2 on centos-9
- i/b/mount-control: allow custom filesystem types
- interfaces,metautil: make error handling in getPaths() more
targeted
- cmd/snap-update-ns: handle mountpoint removal failures with EBUSY
- tests: fix pc-kernel repacking
- systemd: add `WantedBy=default.target` to snap mount units
- tests: disable microk8s test on 16.04
-- Michael Vogt <email address hidden> Thu, 01 Dec 2022 09:52:23 +0100
-
snapd (2.57.5+20.04ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Fix race condition in snap-confine when preparing a
private tmp mount namespace for a snap
- CVE-2022-3328
-- Alex Murray <email address hidden> Mon, 28 Nov 2022 15:25:10 +1030
-
snapd (2.57.5+20.04) focal; urgency=medium
* New upstream release, LP: #1983035
- image: clean snapd mount after preseeding
- wrappers,snap/quota: clear LogsDirectory= in the service unit
for journal namespaces
- cmd/snap,daemon: allow zero values from client to daemon for
journal rate-limit
- interfaces: steam-support allow pivot /run/media and /etc/nvidia
mount
- o/ifacestate: introduce DebugAutoConnectCheck hook
- release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
- autopkgtests: fix running autopkgtest on kinetic
- interfaces: add microceph interface
- interfaces: steam-support allow additional mounts
- many: add stub services
- interfaces: add kconfig paths to system-observe
- i/b/system_observe: honour root dir when checking for
/boot/config-*
- interfaces: grant access to speech-dispatcher socket
- interfaces: rework logic of unclashMountEntries
-- Michael Vogt <email address hidden> Mon, 17 Oct 2022 18:25:18 +0200
-
snapd (2.55.5+20.04) focal; urgency=medium
* New upstream release, LP: #1965808
- snapstate: do not auto-migrate to ~/Snap for core22 just yet
- cmd/snap-seccomp: add copy_file_range to
syscallsWithNegArgsMaskHi32
- cmd/snap-update-ns: correctly set sticky bit on created
directories where applicable
- .github: Skip misspell and ineffassign on go 1.13
- tests: add lz4 dependency for jammy to avoid issues repacking
kernel
- interfaces: posix-mq: add new interface
-- Michael Vogt <email address hidden> Wed, 11 May 2022 06:38:24 +0200
-
snapd (2.54.3+20.04.1ubuntu0.3) focal; urgency=medium
* Cherry-pick https://github.com/snapcore/snapd/pull/11680 and
https://github.com/snapcore/snapd/pull/11287:
- This fixes a bad interaction between snapd and update-notifier
during a release upgrade (LP: #1969162)
-- Michael Vogt <email address hidden> Wed, 27 Apr 2022 18:12:51 +0200
-
snapd (2.54.3+20.04.1ubuntu0.2) focal-security; urgency=medium
* SECURITY REGRESSION: Fix fish shell compatibility
- data/env/snapd.fish.in: more workarounds for even older fish shells,
provide reasonable defaults.
- LP: #1961791
-- Paulo Flabiano Smorigo <email address hidden> Wed, 23 Feb 2022 18:25:31 +0000
-
snapd (2.54.3+20.04.1ubuntu0.1) focal-security; urgency=medium
* SECURITY REGRESSION: Fix fish shell compatibility
- data/env/snapd.fish.in: fix fish env for all versions of fish, unexport
local vars, export XDG_DATA_DIRS.
- LP: #1961365
-- Paulo Flabiano Smorigo <email address hidden> Fri, 18 Feb 2022 21:31:48 +0000
-
snapd (2.54.3+20.04.1) focal-security; urgency=medium
* debian/rules: disabling unit tests on riscv64
-- Emilia Torino <email address hidden> Thu, 17 Feb 2022 15:37:53 -0300
-
snapd (2.54.3+20.04) focal-security; urgency=medium
* SECURITY UPDATE: Sensitive information exposure
- usersession/autostart: change ~/snap perms to 0700 on startup.
- cmd: create ~/snap dir with 0700 perms.
- CVE-2021-3155
- LP: #1910298
* SECURITY UPDATE: Local privilege escalation
- snap-confine: Add validations of the location of the snap-confine
binary within snapd.
- snap-confine: Fix race condition in snap-confine when preparing a
private mount namespace for a snap.
- CVE-2021-44730
- CVE-2021-44731
* SECURITY UPDATE: Data injection from malicious snaps
- interfaces: Add validations of snap content interface and layout
paths in snapd.
- CVE-2021-4120
- LP: #1949368
-- Michael Vogt <email address hidden> Tue, 15 Feb 2022 17:45:13 +0100
-
snapd (2.54.2+20.04ubuntu2) focal; urgency=medium
* New upstream release, LP: #1955137
- cherry-pick https://github.com/snapcore/snapd/pull/11325
to fix timeout during the riscv64 builds on focal
-- Michael Vogt <email address hidden> Tue, 01 Feb 2022 17:59:58 +0100
-
snapd (2.54.2+20.04ubuntu1) focal; urgency=medium
* New upstream release, LP: #1955137
- fix missing prepare in autopkgtest setup, this fixes the
autopkgest failure from the previous upload
-- Michael Vogt <email address hidden> Fri, 14 Jan 2022 17:23:34 +0100
-
snapd (2.54.2+20.04) focal; urgency=medium
* New upstream release, LP: #1955137
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
-- Ian Johnson <email address hidden> Thu, 06 Jan 2022 15:25:16 -0600
-
snapd (2.51.1+20.04ubuntu2) focal; urgency=medium
* New upstream release, LP: #1929842
- cherry-pick https://github.com/snapcore/snapd/pull/10736
to fix test another failure on RISC-V
-- Michael Vogt <email address hidden> Thu, 09 Sep 2021 16:34:07 +0200
-
snapd (2.51.1+20.04ubuntu1) focal; urgency=medium
* New upstream release, LP: #1929842
- cherry-pick https://github.com/snapcore/snapd/pull/10700
to fix test failure on RISC-V
-- Michael Vogt <email address hidden> Tue, 31 Aug 2021 15:53:03 +0200
-
snapd (2.51.1+20.04) focal; urgency=medium
* New upstream release, LP: #1929842
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
-- Michael Vogt <email address hidden> Tue, 15 Jun 2021 12:45:08 +0200
-
snapd (2.49.2+20.04) focal; urgency=medium
* New upstream release, LP: #1915248
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
-- Michael Vogt <email address hidden> Fri, 26 Mar 2021 16:49:46 +0100
-
snapd (2.48.3+20.04) focal-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability for containers
(LP: #1910456)
- many: add Delegate=true to generated systemd units for special
interfaces
- interfaces/greengrass-support: back-port interface changes to
2.48
- CVE-2020-27352
* interfaces/builtin/docker-support: allow /run/containerd/s/...
- This is a new path that docker 19.03.14 (with a new version of
containerd) uses to avoid containerd CVE issues around the unix
socket. See also CVE-2020-15257.
snapd (2.48.2) xenial; urgency=medium
* New upstream release, LP: #1906690
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
snapd (2.48.1) xenial; urgency=medium
* New upstream release, LP: #1906690
- gadget: disable ubuntu-boot role validation check
-- Michael Vogt <email address hidden> Tue, 02 Feb 2021 09:21:12 +0100
-
snapd (2.48+20.04) focal; urgency=medium
* New upstream release, LP: #1904098
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
-- Michael Vogt <email address hidden> Thu, 19 Nov 2020 17:51:02 +0100
-
snapd (2.47.1+20.04) focal; urgency=medium
* New upstream release, LP: #1895929
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
-- Michael Vogt <email address hidden> Thu, 08 Oct 2020 09:30:44 +0200
-
snapd (2.46.1+20.04) focal; urgency=medium
* New upstream release, LP: #1891134
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
-- Michael Vogt <email address hidden> Fri, 04 Sep 2020 17:42:54 +0200
-
snapd (2.45.1+20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
(xdg-open)
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
may autostart on next use. Patch thanks to Michael Vogt
- CVE-2020-11934
- LP: #1880085
-- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:59:20 -0300
-
snapd (2.45.1+20.04) focal; urgency=medium
* New upstream release, LP: #1875071
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellanious policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
-- Michael Vogt <email address hidden> Fri, 05 Jun 2020 15:13:49 +0200
-
snapd (2.44.3+20.04) focal; urgency=medium
* New upstream release, LP: #1864808
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
-- Michael Vogt <email address hidden> Fri, 10 Apr 2020 16:57:25 +0200
-
snapd (2.44.2+20.04) focal; urgency=medium
* New upstream release, LP: #1864808
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
-- Michael Vogt <email address hidden> Thu, 02 Apr 2020 09:51:34 +0200
-
snapd (2.44+20.04) focal; urgency=medium
* New upstream release, LP: #1864808
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []…Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
-- Michael Vogt <email address hidden> Tue, 17 Mar 2020 20:55:47 +0100
-
snapd (2.44~pre1+20.04) focal; urgency=medium
* New upstream release, LP: #1864808
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []…Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
-- Michael Vogt <email address hidden> Wed, 26 Feb 2020 09:19:24 +0100
-
snapd (2.43.3+git1.8109f8) focal; urgency=medium
* New upstream release, LP: #1856159
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket loc
ation
- systemd: improve is-active check for 'failed' services
- interfaces/browser-support: add more product/vendor paths
- cmd/snap-confine,tests: support x.y.z nvidia version
- tests/main/static: ldd in glibc 2.31 logs to stderr now
-- Michael Vogt <email address hidden> Mon, 17 Feb 2020 08:47:26 +0100
-
snapd (2.43~pre1+20.04) focal; urgency=medium
* New upstream release, LP: #1856159
- tests: 16.04 and 18.04 now have mediating pulseaudio
- interfaces: include hooks in plug/slot apparmor label
- interfaces: add raw-volume interface for access to partitions
- image: set recovery system label when creating the image
- cmd/snapd-generator: fix unit name for non /snap mount locations
- boot,bootloader: setup the snap recovery system bootenv
- seed: support ModeSnaps(mode) for mode != "run"
- seed: fix seed location of local but asserted snaps
- doc: HACKING.md change autopkgtest-trusty-amd64.img name
- interfaces/seccomp: parallelize seccomp backend setup
- cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
& base
- interfaces: add audio-playback/record and pulseaudio spread tests
- apparmor: allow 'r'
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
- cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
purging
- tests: use test-snapd-sh snap instead of test-snapd-tools
- snap-confine: raise egid before calling setup_private_mount()
- tests: fix fwupd version regular expression
- snap-bootstrap: parse seed if either kernel or base are not
mounted
- tests: check for SELinux denials in interfaces-kvm spread test
- tests: run snap-set-core-config on all core devices
- selinux: update policy to allow modifications related to kmod
backend
- o/hookstate/ctlcmd: snapctl is-connected command
- devicestate: add missing test for failing task setup-run-system
- gadget: add missing test for duplicate detection of roles
- tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
- snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
interfaces
- gitignore: ignore visual studio code directory
- snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
mounts
- interfaces/apparmor: handle pre-seeding mode
- devicestate: implement creating partitions in "install" mode
- seed: support extra snaps on top of Core 20 dangerous models
- tests: cache snaps also for ubuntu core and add new snaps to cache
- snap-bootstrap: support auto-detect device in create-partitions
- tests: fix partitioning test debug message
- tests: prevent partitioning test errors
- cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
- gadget: extract and export new DiskFromPartition() helper
- snap-bootstrap: force partition table operations
- HACKING.md: add nvidia options to configure example
- tests: move the watchdog timeout to 2s to make the tests work in
rpi
- tests: demand silence from check_journalctl_log
- tests: fix the channels checks done on nested tests
- tests: reduce the complexity of the test-snapd-sh snap
- snap/squashfs, osutil: verify files/dirs can be accessed by
mksquashfs when building a snap
- boot: add boot.Modeenv.Kernel support
- devicestate: ensure system installation
- tests: apply change on permissions to serial port on hotplug test
- cmd/snap-update-ns: adjust debugging output for usability
- devicestate: add reading of modeenv to uc20 firstboot code
- tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
- cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
place
- boot: add boot.Modeenv.Base support
- overlord/snapstate: install task edges
- cmd/snap-bootstrap: some small naming and code org tweaks
- snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
now
- interfaces: remove leftover reservedForOS
- snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
- osutil/mount: optimize flagOptSearch some more
- devicestate: read modeenv early and store in devicestate
- interfaces: add login-session-observe for who, {fail,last}log and
loginctl
- tests: add Ubuntu Eoan to google-sru backend
- osutil/mount: de-duplicate code to use a list
- interfaces: remove reservedForOS from commonInterface
- interfaces/browser-support: allow reading status of huge pages
- interfaces: update system-backup tests to not check for sanitize
errors related to os
- interfaces: add system-backup interface
- osutil/mount: add {Unm,M}outFlagsToOpts helpers
- snap-bootstrap: make cmdline parsing robust
- overlord/patch: normalize tracking channel in state
- boot: add boot.Modeenv that can read/write the UC20 modeenv files
- bootloader: add new bootloader.InstallBootConfig()
- many: share single implementation to list needed default-providers
- snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
- seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
- osutil: handle "rw" mount flag in ParseMountEntry
- overlord/ifacestate: report bad plug/slots with warnings on snap
install
- po: sync translations from launchpad
- tests: cleanup most test snaps icons, they were anyway in the
wrong place
- seed: fix confusing pre snapd dates in tests
- many: make ValidateBasesAndProviders signature simpler/canonical
- snap-bootstrap: set expected filesystem labels
- testutil, many: make MockCommand() create prefix of absolute paths
- tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
flakiness.
- seed: proper support for optional snaps for Core 20 models
- many: test various kinds of overriding for the snapd snap in Core
20
- cmd/snap-failure: passthrough snapd logs, add informational
logging
- cmd/snap-failure: fallback to snapd from core, extend tests
- configcore: fix missing error propagation
- devicestate: rename ensureSeedYaml -> ensureSeeded
- tests: adding fedora 31
- tests: restart the snapd service in the snapd-failover test
- seed: Core 20 seeds channel overrides support for grade dangerous
- cmd: fix the get command help message
- tests: enable degraded test on arch linux after latest image
updates
- overlord/snapstate: don't re-enable and start disabled services on
refresh, etc.
- seed: support in Core 20 seeds local unasserted snaps for model
snaps
- snap-bootstrap: add go-flags cmdline parsing and tests
- gadget: skip fakeroot if not needed
- overlord/state: panic in MarkEdge() if task is nil
- spread: fix typo in spread suite
- overlord: mock device serial in gadget remodel unit tests
- tests: fix spread shellcheck and degraded tests to unbreak master
- spread, tests: openSUSE Tumbleweed to unstable systems, update
system-usernames on Amazon Linux 2
- snap: extract printInstallHint in cmd_download.go
- cmd: fix a pair of typos
- release: preseed mode flag
- cmd/snap-confine: tracking processes with classic confinement
- overlord/ifacestate: remove automatic connections if plug/slot
missing
- o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
- tests/lib/state: snapshot and restore /var/snap during the tests
- overlord: add base->base remodel undo tests and fixes
- seed: test and improve Core 20 seed handling errors
- asserts: add "snapd" type to valid types in the model assertion
- snap-bootstrap: check gadget versus disk partitions
- devicestate: add support for gadget->gadget remodel
- snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
- daemon: parse and reject invalid channels in snap ops
- overlord: add kernel remodel undo tests and fix undo
- cmd/snap: support (but warn) using deprecated multi-slash channel
- overlord: refactor mgrsSuite and extract kernelSuite
- tests/docker-smoke: add minimal docker smoke test
- interfaces: extend the fwupd slot to be implicit on classic
- cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
- tests: fix for journalctl which is failing to restart
- cmd/snap,image: initial support for Core 20 in prepare-image with
test
- cmd/snap-confine: add support for parallel instances of classic
snaps, global mount ns initialization
- overlord: add kernel rollback accross reboots manager test and
fixes
- o/devicestate: the basics of Core 20 firstboot support with test
- asserts: support and parsing for slots-per-plug/plugs-per-slotSee
https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
plugs/12438
- parts/plugins: don't xz-compress a deb we're going to discard
- cmd/snap: make completion skip hidden commands (unless overridden)
- many: load/consume Core 20 seeds (aka recovery systems)
- tests: add netplan test on ubuntu core
- seed/internal: doc comment fix and drop handled TODOs
- o/ifacestate: unify code into
autoConnectChecker.addAutoConnectionsneed to change to support
slots-per-plugs: *
- many: changes to testing in preparation of Core 20 seed consuming
code
- snapstate,devicestate: make OldModel() available in DeviceContext
- tests: opensuse tumbleweed has similar issue than arch linux with
snap --strace
- client,daemon: pass sha3-384 in /v2/download to the client
- builtin/browser_support.go: allow monitoring process memory
utilization (used by chromium)
- overlord/ifacestate: use SetupMany in setupSecurityByBackend
- tests: add 14.04 canonical-livepatch test
- snap: make `snap known --remote` use snapd if available
- seed: share auxInfo20 and makeSystemSnap via internal
- spread: disable secondary compression for deltas
- interfaces/content: workaround for renamed target
- tests/lib/gendevmodel: helper tool for generating developer model
assertions
- tests: tweak wording in mount-ns test
- tests: don't depend on GNU time
- o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
setter
- seed/seedwriter: support writing Core 20 seeds (aka recovery
systems)
- snap-recovery: rename to "snap-bootstrap"
- managers: add remodel undo test for new required snaps case
- client: add xerrors and wrap errors coming from "client"
- tests: verify host is not affected by mount-ns tests
- tests: configure the journald service for core systems
- cmd/snap, store: include snapcraft.io page URL in snap info output
- cmd/cmdutil: version helper
- spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
golang-x-xerrors
- interfaces: simplify AddUpdateNS and emit
- interfaces/policy: expand cstrs/cstrs1 to
altConstraints/constraints
- overlord/devicestate: check snap handler for gadget remodel
compatibility
- snap-recovery: deploy gadget content when creating partitions
- gadget: skip structures with MBR role during remodel
- tests: do not use lsblk in uc20-snap-recovery test
- overlord/snapstate: add LastActiveDisabledServices,
missingDisabledServices
- overlord/devicestate: refactor and split into per-functionality
files, drop dead code
- tests: update mount-ns after addition of /etc/systemd/user
- interfaces/pulseaudio: adjust to manually connect by default
- interfaces/u2f-devices: add OnlyKey to devices list
- interfaces: emit update-ns snippets to function
- interfaces/net-setup-{observe,control}: add Info D-Bus method
accesses
- tests: moving ubuntu-19.10-64 from google-unstable to google
backend
- gadget: rename existing and add new helpers for checking
filesystem/partition presence
- gadget, overlord/devicestate: add support for customized update
policy, add remodel policy
- snap-recovery: create filesystems as defined in the gadget
- tests: ignore directories for go modules
- policy: implement CanRemove policy for the snapd type
- overlord/snapstate: skip catalog refresh if unseeded
- strutil: add OrderedSet
- snap-recovery: add minimal binary so that we can use spread on it
- gadget, snap/pack: perform extended validation of gadget metadata
and contents
- timeutil: fix schedules with ambiguous nth weekday spans
- interfaces/many: allow k8s/systemd-run to mount volume subPaths
plus cleanups
- client: add KnownOptions to Know() and support remote assertions
- tests: check the apparmor_parser when the file exists on snap-
confine test
- gadget: helper for volume compatibility checks
- tests: update snap logs to match for multiple lines for "running"
- overlord: add checks for bootvars in
TestRemodelSwitchToDifferentKernel
- snap-install: add ext4,vfat creation support
- snap-recovery: remove "usedPartitions" from sfdisk.Create()
- image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
- cmd/snap: Sort tasks in snap debug timings output by lanes and
ready-time.
- snap-confine.apparmor.in: harden pivot_root until we have full
mediation
- gadget: refactor ensureVolumeConsistency
- gadget: add a public helper for parsing gadget metadata
- many: address issues related to explicit/implicit channels for
image building
- overlord/many: switch order of check snap parameters
- cmd/snap-confine: remove leftover condition from capability world
- overlord: set fake serial in TestRemodelSwitchToDifferentKernel
- overlord/many: extend check snap callback to take snap container
- recovery-tool: add sfdisk wrapper
- tests: launch the lxd images folowing the pattern
ubuntu:${VERSION_ID}
- sandbox/cgroup: move freeze/thaw code
- gadget: accept system-seed role and ubuntu-data label
- test/lib/names.sh: make backslash escaping explicit
- spread: generate delta when using google backend
- cmd/snap-confine: remove loads of dead code
- boot,dirs,image: various refinements in the prepare-image code
switched to seedwriter
- spread: include mounts list in task debug output
- .gitignore: pair of trivial changes
- image,seed/seedwriter: switch image to use seedwriter.Writer
- asserts: introduce explicit support for grade for Core 20 models
- usersession: drive by fixes for things flagged by unused or
gosimple
- spread.yaml: exclude vendor dir
- sandbox/cgroup, overlord/snapstate: move helper for listing pids
in group to the cgroup package
- sandbox/cgroup: refactor process cgroup helper to support v2 and
named hierarchies
- snap-repair: error if run as non-root
- snap: when running `snap repair` without arguments, show hint
- interfaces: add cgroup-version to system-key
- snap-repair: add missing check in TestRepairBasicRun
- tests: use `snap model` instead of `snap known model` in tests
- daemon: make /v2/download take snapRevisionOptions
- snap-repair: add additional comment about trust in runner.Verify()
- client: add support to use the new "download" API
- interfaces: bump system-key version (and keep on bumping)
- interfaces/mount: account for cgroup version when reporting
supported features
- tests: change regex to validate access to cdn during snap
download
- daemon: change /v2/download API to take "snap-name" as input
- release: make forced dev mode look at cgroupv2 support
- seed/seedwriter: support for extra snaps
- wrappers/services.go: add disabled svc list arg to AddSnapServices
- overlord/snapstate: add SetTaskSnapSetup helper + unit tests
- cmd/libsnap: use cgroup.procs instead of tasks
- tests: fix snapd-failover test for core18 tests on boards
- overlord/snapstate/policy, etc: introduce policy, move canRemove
to it
- seed/seedwriter: cleanups and small left over todos* drive-by: use
testutil.FilePresent consistently
- cmd/snap: update 'snap find' help because it's no longer narrow
- seed/seedwriter,snap/naming: support classic models
- cmd/snap-confine: unmount /writable from snap view
- spread.yaml: exclude automake cacheThe error message is looks like
this:dpkg-source: info: local changes detected, the modified files
are:
- interfaces/openvswitch: allow access to other openvswitch sockets
- cmd/model: don't show model with display-name inline w/ opts
- daemon: add a 'prune' debug action
- client: add doTimeout to http.Client{Timeout}
- interfaces/seccomp: query apparmor sandbox helper rather than
aggregate info
- sandbox/cgroup: avoid dependency on dirs
- seed/seedwriter,snap: support local snaps
- overlord/snapstate: fix undo on firstboot seeding.
- usersession: track connections to session agent for exit on idle
and peer credential checks
- tests: fix ubuntu-core-device-reg test for arm devices on core18
- sandbox/seccomp: move the remaining sandbox bits to a
corresponding sandbox package
- osutil: generalize SyncDir with FileState interface
- daemon, client, cmd/snap: include architecture in 'snap version'
- daemon: allow /v2/assertions/{assertType} to query store
- gadget: do not fail the update when old gadget snap is missing
bare content
- sandbox/selinux: move SELinux related bits from 'release' to
'sandbox/selinux'
- tests: add unit test for gadget defaults with a multiline string
- overlord/snapstate: have more context in the errors about
prerequisites
- httputil: set user agent for CONNECT
- seed/seedwriter: resolve channels using channel.Resolve* for snaps
- run-checks: allow overriding gofmt binary, show gofmt diff
- asserts,seed/seedwriter: follow snap type sorting in the model
assertion snap listings
- daemon: return "snapname_rev.snap" style when using /v2/download
- tests: when the backend is external skip the loop waiting for snap
version
- many: move AppArmor probing code under sandbox/apparmor
- cmd: add `snap debug boot-vars` that dumps the current bootvars
- tests: skip the ubuntu-core-upgrade on arm devices on core18
- seed/seedwriter: implement WriteMeta and tree16 corresponding code
- interfaces/docker-support,kubernetes-support: misc updates for
strict k8s
- tests: restart the journald service while preparing the test
- tests/cmd/debug_state: make the test output TZ independent
- interfaces/kubernetes-support: allow use of /run/flannel
- seed/seedwriter: start of Writer and internal policy16/tree16
- sandbox/cgroup, usersession/userd: move cgroup related helper to a
dedicated package
- tests: move "centos-7" to unstable systems
- snapstate: add missing tests for checkGadgetOrKernel
- docs: Update README.md
- snapcraft: set license to GPL-3.0
- interfaces/wayland: allow a confined server running in a user
session to work with Qt, GTK3 & SDL2 clients
- selinux: move the package under sandbox/selinux
- interfaces/udev: account for cgroup version when reporting
supported features
- store, ..., client: add a "website" field
- sanity: sanity check cgroup probing
- snapstate: increase settleTimeout in
TestRemodelSwitchToDifferentKernel
- packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
- data/selinux: allow snapd/snap to do statfs() on the cgroup
mountpoint
- usersession/userd: make sure to export DBus interfaces before
requesting a name
- data/selinux: allow snapd to issue sigkill to journalctl
- docs: Add Code of Conduct
- store: download propagates options to delta download
- tests/main/listing: account for dots in ~pre suffix
- Addresed review feedback:
-- Michael Vogt <email address hidden> Thu, 12 Dec 2019 10:20:58 +0100
-
snapd (2.42.1+20.04) focal; urgency=medium
* New upstream release, LP: #1846181
- interfaces: de-duplicate emitted update-ns profiles
- packaging: tweak handling of usr.lib.snapd.snap-confine
- interfaces: allow introspecting network-manager on core
- tests/main/interfaces-contacts-service: disable on openSUSE
Tumbleweed
- tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
- snap: fix default-provider in seed validation
- tests: update system-usernames test now that opensuse-15.1 works
- overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
- gadget: rename "boot{select,img}" -> system-boot-{select,image}
- tests: listing test, make accepted snapd/core versions consistent
-- Michael Vogt <email address hidden> Wed, 30 Oct 2019 13:17:43 +0100
-
snapd (2.41+19.10.1) eoan; urgency=medium
* cherry-pick https://github.com/snapcore/snapd/pull/7380
-- Michael Vogt <email address hidden> Fri, 30 Aug 2019 11:42:43 +0200