| Changelog |
* Tue Jan 25 2022 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.54.2-1
- Release 2.54.2 to Fedora
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.54.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 06 2022 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.54.2
- tests: exclude interfaces-kernel-module load on arm
- tests: ensure that test-snapd-kernel-module-load is
removed
- tests: do not test microk8s-smoke on arm
- tests/core/failover: replace boot-state with snap debug boot-vars
- tests: use snap info|awk to extract tracking channel
- tests: fix remodel-kernel test when running on external devices
- .github/workflows/test.yaml: also check internal snapd version for
cleanliness
- packaging/ubuntu-16.04/rules: eliminate seccomp modification
- bootloader/assets/grub_*cfg_asset.go: update Copyright
- build-aux/snap/snapcraft.yaml: adjust comment about get-version
- .github/workflows/test.yaml: add check in github actions for dirty
snapd snaps
- build-aux/snap/snapcraft.yaml: use build-packages, don't fail
dirty builds
- data/selinux: allow poking /proc/xen
* Mon Dec 27 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.54.1-1
- Release 2.54.1 to Fedora and EPEL
- Fixes for RHBZ#2035664
* Mon Dec 20 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.54.1
- buid-aux: set version before calling ./generate-packaging-dir
This fixes the "dirty" suffix in the auto-generated version
* Fri Dec 17 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.54
- interfaces/builtin/opengl.go: add boot_vga sys/devices file
- o/configstate/configcore: add tmpfs.size option
- tests: moving to manual opensuse 15.2
- cmd/snap-device-helper: bring back the device type identification
behavior, but for remove action fallback only
- cmd/snap-failure: use snapd from the snapd snap if core is not
present
- tests/core/failover: enable the test on core18
- o/devicestate: ensure proper order when remodel does a simple
switch-snap-channel
- builtin/interfaces: add shared memory interface
- overlord: extend kernel/base success and failover with bootenv
checks
- o/snapstate: check disk space w/o store if possible
- snap-bootstrap: Mount snaps read only
- gadget/install: do not re-create partitions using OnDiskVolume
after deletion
- many: fix formatting w/ latest go version
- devicestate,timeutil: improve logging of NTP sync
- tests/main/security-device-cgroups-helper: more debugs
- cmd/snap: print a placeholder for version of broken snaps
- o/snapstate: mock system with classic confinement support
- cmd: Fixup .clangd to use correct syntax
- tests: run spread tests in fedora-35
- data/selinux: allow snapd to access /etc/modprobe.d
- mount-control: step 2
- daemon: add multiple snap sideload to API
- tests/lib/pkgdb: install dbus-user-session during prepare, drop
dbus-x11
- systemd: provide more detailed errors for unimplemented method in
emulation mode
- tests: avoid checking TRUST_TEST_KEYS on restore on remodel-base
test
- tests: retry umounting /var/lib/snapd/seed on uc20 on fsck-on-boot
test
- o/snapstate: add hide/expose snap data to backend
- interfaces: kernel-module-load
- snap: add support for `snap watch
--last={revert,enable,disable,switch}`
- tests/main/security-udev-input-subsystem: drop info from udev
- tests/core/kernel-and-base-single-reboot-failover,
tests/lib/fakestore: verify failover scenario
- tests/main/security-device-cgroups-helper: collect some debug info
when the test fails
- tests/nested/manual/core20-remodel: wait for device to have a
serial before starting a remodel
- tests/main/generic-unregister: test re-registration if not blocked
- o/snapstate, assertsate: validation sets/undo on partial failure
- tests: ensure snapd can be downloaded as a module
- snapdtool, many: support additional key/value flags in info file
- data/env: improve fish shell env setup
- usersession/client: provide a way for client to send messages to a
subset of users
- tests: verify that simultaneous refresh of kernel and base
triggers a single reboot only
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- asserts: change behavior of alternative attribute matcher
- configcore: relax validation rules for hostname
- cmd/snap-confine: do not include libglvnd libraries from the host
system
- overlord, tests: add managers and a spread test for UC20 to UC22
remodel
- HACKING.md: adjust again for building the snapd snap
- systemd: add support for systemd unit alias names
- o/snapstate: add InstallPathMany
- gadget: allow EnsureLayoutCompatibility to ensure disk has all
laid out structsnow reject/fail:
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider (#11111)
- interfaces/interfaces/scsi_generic: add interface for scsi generic
de… (#10936)
- osutil/disks/mockdisk.go: add MockDevicePathToDiskMapping
- interfaces/microstack-support: set controlsDeviceCgroup to true
- network-setup-control: add netplan generate D-Bus rules
- interface/builtin/log_observe: allow to access /dev/kmsg
- .github/workflows/test.yaml: restore failing of spread tests on
errors (nested)
- gadget: tweaks to DiskStructureDeviceTraits + expand test cases
- tests/lib/nested.sh: allow tests to use their own core18 in extra-
snaps-path
- interfaces/browser-support: Update rules for Edge
- o/devicestate: during remodel first check pending download tasks
for snaps
- polkit: add a package to validate polkit policy files
- HACKING.md: document building the snapd snap and splicing it into
the core snap
- interfaces/udev: fix installing snaps inside lxd in 21.10
- o/snapstate: refactor disk space checks
- tests: add (strict) microk8s smoke test
- osutil/strace: try to enable strace on more arches
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- tests/main/snapd-reexec-snapd-snap: improve debugging
- daemon: write formdata file parts to snaps dir
- systemd: add support for .target units
- tests: run snap-disconnect on uc16
- many: add experimental setting to allow using ~/.snap/data instead
of ~/snap
- overlord/snapstate: perform a single reboot when updating boot
base and kernel
- kernel/fde: add DeviceUnlockKernelHookDeviceMapperBackResolver,
use w/ disks pkg
- o/devicestate: introduce DeviceManager.Unregister
- interfaces: allow receiving PropertiesChanged on the mpris plug
- tests: new tool used to retrieve data from mongo db
- daemon: amend ssh keys coming from the store
- tests: Include the tools from snapd-testing-tools project in
"$TESTSTOOLS"
- tests: new workflow step used to report spread error to mongodb
- interfaces/builtin/dsp: update proc files for ambarella flavor
- gadget: replace ondisk implementation with disks package, refactor
part calcs
- tests: Revert "tests: disable flaky uc18 tests until systemd is
fixed"
- Revert: "many: Vendor apparmor-3.0.3 into the snapd snap"
- asserts: rename "white box" to "clear box" (woke checker)
- many: Vendor apparmor-3.0.3 into the snapd snap
- tests: reorganize the debug-each on the spread.yaml
- packaging: sync with downstream packaging in Fedora and openSUSE
- tests: disable flaky uc18 tests until systemd is fixed
- data/env: provide profile setup for fish shell
- tests: use ubuntu-image 1.11 from stable channel
- gadget/gadget.go: include disk schema in the disk device volume
traits too
- tests/main/security-device-cgroups-strict-enforced: extend the
comments
- README.md: point at bugs.launchpad.net/snapd instead of snappy
project
- osutil/disks: introduce RegisterDeviceMapperBackResolver + use for
crypt-luks2
- packaging: make postrm script robust against `rm` failures
- tests: print extra debug on auto-refresh-gating test failure
- o/assertstate, api: move enforcing/monitoring from api to
assertstate, save history
- tests: skip the test-snapd-timedate-control-consumer.date to avoid
NTP sync error
- gadget/install: use disks functions to implement deviceFromRole,
also rename
- tests: the `lxd` test is failing right now on 21.10
- o/snapstate: account for deleted revs when undoing install
- interfaces/builtin/block_devices: allow blkid to print block
device attributes
- gadget: include size + sector-size in DiskVolumeDeviceTraits
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- o/snapstate/handlers: propagate read errors on "copy-snap-data"
- osutil/disks: add more fields to Partition, populate them during
discovery
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- o/snapstate: remove repeated test assertions
- tests: skip `snap advise-command` test if the store is overloaded
- cmd: create ~/snap dir with 0700 perms
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- github: leave a comment documenting reasons for pipefail
- github: enable pipefail when running spread
- osutil/disks: add DiskFromPartitionDeviceNode
- gadget, many: add model param to Update()
- cmd/snap-seccomp: add riscv64 support
- o/snapstate: maintain a RevertStatus map in SnapState
- tests: enable lxd tests on impish system
- tests: (partially) revert the memory limits PR#r10241
- o/assertstate: functions for handling validation sets tracking
history
- tests: some improvements for the spread log parser
- interfaces/network-manager-observe: Update for libnm / dart
clients
- tests: add ntp related debug around "auto-refresh" test
- boot: expand on the fact that reseal taking modeenv is very
intentional
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- data/selinux: update the policy to allow snapd to talk to
org.freedesktop.timedate1
- o/snapstate: keep old revision if install doesn't add new one
- overlord/state: add a unit test for a kernel+base refresh like
sequence
- desktop, usersession: observe notifications
- osutil/disks: add AllPhysicalDisks()
- timeutil,deviceutil: fix unit tests on systems without dbus or
without ntp-sync
- cmd/snap-bootstrap/README: explain all the things (well most of
them anyways)
- docs: add run-checks dependency install instruction
- o/snapstate: do not prune refresh-candidates if gate-auto-refresh-
hook feature is not enabled
- o/snapstate: test relink remodel helpers do a proper subset of
doInstall and rework the verify*Tasks helpers
- tests/main/mount-ns: make the test run early
- tests: add `--debug` to netplan apply
- many: wait for up to 10min for NTP synchronization before
autorefresh
- tests: initialize CHANGE_ID in _wait_autorefresh
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- tests: add more debug around qemu-nbd
- o/hookstate: print cohort with snapctl refresh --pending (#10985)
- tests: misc robustness changes
- o/snapstate: improve install/update tests (#10850)
- tests: clean up test tools
- spread.yaml: show `journalctl -e` for all suites on debug
- tests: give interfaces-udisks2 more time for the loop device to
appear
- tests: set memory limit for snapd
- tests: increase timeout/add debug around nbd0 mounting (up, see
LP:#1949513)
- snapstate: add debug message where a snap is mounted
- tests: give nbd0 more time to show up in preseed-lxd
- interfaces/dsp: add more ambarella things
- cmd/snap: improve snap disconnect arg parsing and err msg
- tests: disable nested lxd snapd testing
- tests: disable flaky "interfaces-udisks2" on ubuntu-18.04-32
- o/snapstate: avoid validationSetsSuite repeating snapmgrTestSuite
- sandbox/cgroup: wait for start transient unit job to finish
- o/snapstate: fix task order, tweak errors, add unit tests for
remodel helpers
- osutil/disks: re-org methods for end of usable region, size
information
- build-aux: ensure that debian packaging matches build-base
- docs: update HACKING.md instructions for snapd 2.52 and later
- spread: run lxd tests with version from latest/edge
- interfaces: suppress denial of sys_module capability
- osutil/disks: add methods to replace gadget/ondisk functions
- tests: split test tools - part 1
- tests: fix nested tests on uc20
- data/selinux: allow snap-confine to read udev's database
- i/b/common_test: refactor AppArmor features test
- tests: run spread tests on debian 11
- o/devicestate: copy timesyncd clock timestamp during install
- interfaces/builtin: do not probe parser features when apparmor
isn't available
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- tests: fix error message in run-checks
- tests: spread test for validation sets enforcing
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- o/snapstate: deduplicate snap names in remove/install/update
- tests/main/selinux-data-context: use session when performing
actions as test user
- packaging/opensuse: sync with openSUSE packaging, enable AppArmor
on 15.3+
- interfaces: skip connection of netlink interface on older
systems
- asserts, o/snapstate: honor IgnoreValidation flag when checking
installed snaps
- tests/main/apparmor-batch-reload: fix fake apparmor_parser to
handle --preprocess
- sandbox/apparmor, interfaces/apparmor: detect bpf capability,
generate snippet for s-c
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- tests: test for enforcing with prerequisites
- tests/main/snapd-sigterm: fix race conditions
- spread: run lxd tests with version from latest/stable
- run-checks: remove --spread from help message
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests: ensure systemd-timesyncd is installed on debian
- interfaces/u2f-devices: add Nitrokey 3
- tests: update the ubuntu-image channel to candidate
- osutil/disks/labels: simplify decoding algorithm
- tests: not testing lxd snap anymore on i386 architecture
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- cmd/snap: support --ignore-validation with snap install client
command
- tests/snapd-sigterm: be more robust against service restart
- tests: simplify mock script for apparmor_parser
- o/devicestate, o/servicestate: update gadget assets and cmdline
when remodeling
- tests/nested/manual/refresh-revert-fundamentals: re-enable
encryption
- osutil/disks: fix bug in BlkIDEncodeLabel, add BlkIDDecodeLabel
- gadget, osutil/disks: fix some bugs from prior PR'sin the dir.
- secboot: revert move to new version (revert #10715)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup
- many: mv MockDeviceNameDisksToPartitionMapping ->
MockDeviceNameToDiskMapping
- interfaces/builtin: Add '/com/canonical/dbusmenu' path access to
'unity7' interface
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- osutil/disks, many: switch to defining Partitions directly for
MockDiskMapping
- tests: remove extra-snaps-assertions test
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- tests/nested/core/core20-create-recovery: fix passing of data to
curl
- daemon: allow enabling enforce mode
- daemon: use the syscall connection to get the socket credentials
- i/builtin/kubernetes_support: add access to Calico lock file
- osutil: ensure parent dir is opened and sync'd
- tests: using test-snapd-curl snap instead of http snap
- overlord: add managers unit test demonstrating cyclic dependency
between gadget and kernel updates
- gadget/ondisk.go: include the filesystem UUID in the returned
OnDiskVolume
- packaging: fixes for building on openSUSE
- o/configcore: allow hostnames up to 253 characters, with dot-
delimited elements
- gadget/ondisk.go: add listBlockDevices() to get all block devices
on a system
- gadget: add mapping trait types + functions to save/load
- interfaces: add polkit security backend
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- tests: merge coverage results
- tests: remove "features" from fde-setup.go example
- fde: add new device-setup support to fde-setup
- gadget: add `encryptedDevice` and add encryptedDeviceLUKS
- spread: use `bios: uefi` for uc20
- client: fail fast on non-retryable errors
- tests: support running all spread tests with experimental features
- tests: check that a snap that doesn't have gate-auto-refresh hook
can call --proceed
- o/snapstate: support ignore-validation flag when updating to a
specific snap revision
- o/snapstate: test prereq update if started by old version
- tests/main: disable cgroup-devices-v1 and freezer tests on 21.10
- tests/main/interfaces-many: run both variants on all possible
Ubuntu systems
- gadget: mv ensureLayoutCompatibility to gadget proper, add
gadgettest pkg
- many: replace state.State restart support with overlord/restart
- overlord: fix generated snap-revision assertions in remodel unit
tests
* Wed Dec 08 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.53.4-1
- Release 2.53.4 to Fedora
- Cherry pick for nvidia glvnd incompatibility
* Thu Dec 02 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.53.4
- devicestate: mock devicestate.MockTimeutilIsNTPSynchronized to
avoid host env leaking into tests
- timeutil: return NoTimedate1Error if it can't connect to the
system bus
* Thu Dec 02 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.53.3
- devicestate: Unregister deletes the device key pair as well
- daemon,tests: support forgetting device serial via API
- configcore: relax validation rules for hostname
- o/devicestate: introduce DeviceManager.Unregister
- packaging/ubuntu, packaging/debian: depend on dbus-session-bus
provider
- many: wait for up to 10min for NTP synchronization before
autorefresh
- interfaces/interfaces/scsi_generic: add interface for scsi generic
devices
- interfaces/microstack-support: set controlsDeviceCgroup to true
- interface/builtin/log_observe: allow to access /dev/kmsg
- daemon: write formdata file parts to snaps dir
- spread: run lxd tests with version from latest/edge
- cmd/libsnap-confine-private: fix snap-device-helper device allow
list modification on cgroup v2
- interfaces/builtin/dsp: add proc files for monitoring Ambarella
DSP firmware
- interfaces/builtin/dsp: update proc file accordingly
* Mon Nov 29 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.53.2-2
- Cherry-pick a fix for snap-device-helper (RHBZ#2025264)
* Wed Nov 17 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.53.2-1
- Release 2.53.2 to Fedora
* Mon Nov 15 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.53.2
- interfaces/builtin/block_devices: allow blkid to print block
device attributes/run/udev/data/b{major}:{minor}
- cmd/libsnap-confine-private: do not deny all devices when reusing
the device cgroup
- interfaces/builtin/time-control: allow pps access
- interfaces/u2f-devices: add Trezor and Trezor v2 keys
- interfaces: timezone-control, add permission for ListTimezones
DBus call
- interfaces/apparmor/template.go: allow udevadm from merged usr
systems
- interface/modem-manager: allow connecting to the mbim/qmi proxy
- interfaces/network-manager-observe: Update for libnm client
library
- cmd/snap-seccomp/syscalls: update syscalls to match libseccomp
abad8a8f4
- sandbox/cgroup: freeze and thaw cgroups related to services and
scopes only
- o/hookstate: print cohort with snapctl refresh --pending
- cmd/snap-confine: lazy set up of device cgroup, only when devices
were assigned
- tests: ensure systemd-timesyncd is installed on debian
- tests/lib/pkgdb: install strace on Debian 11 and Sid
- tests/main/snapd-sigterm: flush, use retry
- tests/main/snapd-sigterm: fix race conditions
- release-tools/repack-debian-tarball.sh: fix c-vendor dir
- data/selinux: allow snap-confine to read udev's database
- interfaces/dsp: add more ambarella things* interfaces/dsp: add
more ambarella things
* Tue Nov 02 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.53.1-2
- Disable BPF support on systems that are too old
* Tue Nov 02 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.53.1-1
- Release 2.53.1 to Fedora
* Thu Oct 21 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.53.1
- spread: run lxd tests with version from latest/stable
- secboot: use latest secboot with tpm legacy platform and v2 fully
optional (#10946)
- cmd/snap-confine: die when snap process is outside of snap
specific cgroup (2.53)
- interfaces/u2f-devices: add Nitrokey 3
- Update the ubuntu-image channel to candidate
- Allow hostnames up to 253 characters, with dot-delimited elements
(as suggested by man 7 hostname).
- Disable i386 until it is possible to build snapd using lxd
- o/snapstate, hookstate: print remaining hold time on snapctl
--hold
- tests/snapd-sigterm: be more robust against service restart
- tests: add a regression test for snapd hanging on SIGTERM
- daemon: use the syscall connection to get the socket
credentials
- interfaces/builtin/hardware-observer: add /proc/bus/input/devices
too
- cmd/snap-confine/snap-confine.apparmor.in: update ld rule for
s390x impish
- interface/modem-manager: add accept for MBIM/QMI proxy clients
- secboot: revert move to new version
* Tue Oct 05 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.53
- overlord: fix generated snap-revision assertions in remodel unit
tests
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
- interfaces/modem-manager: add access to PCIe modems
- overlord/devicestate: record recovery capable system on a
successful remodel
- o/snapstate: use device ctx in prerequisite install/update
- osutil/disks: support filtering by mount opts in
MountPointsForPartitionRoot
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- osutil/disks: add RootMountPointsForPartition
- overlord/devicestate, tests: enable UC20 remodel, add spread tests
- cmd/snap: improve snap run help message
- o/snapstate: support ignore validation flag on install/update
- osutil/disks: add Disk.FindMatchingPartitionWith{Fs,Part}Label
- desktop: implement gtk notification backend and provide minimal
notification api
- tests: use the latest cpu family for nested tests execution
- osutil/disks: add Partition struct and Disks.Partitions()
- o/snapstate: prevent install hang if prereq install fails
- osutil/disks: add Disk.KernelDevice{Node,Path} methods
- disks: add `Size(path)` helper
- tests: reset some mount units failing on ubuntu impish
- osutil/disks: add DiskFromDevicePath, other misc changes
- interfaces/apparmor: do not fail during initialization when there
is no AppArmor profile for snap-confine
- daemon: implement access checkers for themes API
- interfaces/seccomp: add clone3 to default template
- interfaces/u2f-devices: add GoTrust Idem Key
- o/snapstate: validation sets enforcing on update
- o/ifacestate: don't fail remove if disconnect hook fails
- tests: fix error trying to create the extra-snaps dir which
already exists
- devicestate: use EncryptionType
- cmd/libsnap-confine-private: workaround BPF memory accounting,
update apparmor profile
- tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is
false
- interfaces/dsp: add a usb rule to the ambarella flavor
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- tests/main/security-device-cgroups: fix when both variants run on
the same host
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- many: rename systemd.Kind to Backend for a bit more clarity
- cmd/libsnap-confine-private: fix set but unused variable in the
unit tests
- tests: fix netplan test on i386 architecture
- tests: fix lxd-mount-units test which is based on core20 in ubuntu
focal system
- osutil/disks: add new `CreateLinearMapperDevice` helper
- cmd/snap: wait while inhibition file is present
- tests: cleanup the job workspace as first step of the actions
workflow
- tests: use our own image for ubuntu impish
- o/snapstate: update default provider if missing required content
- o/assertstate, api: update validation set assertions only when
updating all snaps
- fde: add HasDeviceUnlock() helper
- secboot: move to new version
- o/ifacestate: don't lose connections if snaps are broken
- spread: display information about current device cgroup in debug
dump
- sysconfig: set TMPDIR in tests to avoid cluttering the real /tmp
- tests, interfaces/builtin: introduce 21.10 cgroupv2 variant, tweak
tests for cgroupv2, update builtin interfaces
- sysconfig/cloud-init: filter MAAS c-i config from ubuntu-seed on
grade signed
- usersession/client: refactor doMany() method
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- o/assertstate: check installed snaps when refreshing validation
set assertions
- osutil: helper for injecting run time faults in snapd
- tests: update test nested tool part 2
- libsnap-confine: use the pid parameter
- gadget/gadget.go: LaidOutSystemVolumeFromGadget ->
LaidOutVolumesFromGadget
- tests: update the time tolerance to fix the snapd-state test
- .github/workflows/test.yaml: revert #10809
- tests: rename interfaces-hooks-misbehaving spread test to install-
hook-misbehaving
- data/selinux: update the policy to allow s-c to manipulate BPF map
and programs
- overlord/devicestate: make settle wait longer in remodel tests
- kernel/fde: mock systemd-run in unit test
- o/ifacestate: do not create stray task in batchConnectTasks if
there are no connections
- gadget: add VolumeName to Volume and VolumeStructure
- cmd/libsnap-confine-private: use root when necessary for BPF
related operations
- .github/workflows/test.yaml: bump action-build to 1.0.9
- o/snapstate: enforce validation sets/enforce on InstallMany
- asserts, snapstate: return full validation set keys from
CheckPresenceRequired and CheckPresenceInvalid
- cmd/snap: only log translation warnings in debug/testing
- tests/main/preseed: update for new base snap of the lxd snap
- tests/nested/manual: use loop for checking for initialize-system
task done
- tests: add a local snap variant to testing prepare-image gating
support
- tests/main/security-device-cgroups-strict-enforced: demonstrate
device cgroup being enforced
- store: one more tweak for the test action timeout
- github: do not fail when codecov upload fails
- o/devicestate: fix flaky test remodel clash
- o/snapstate: add ChangeID to conflict error
- tests: fix regex of TestSnapActionTimeout test
- tests: fix tests for 21.10
- tests: add test for store.SnapAction() request timeout
- tests: print user sessions info on debug-each
- packaging: backports of golang-go 1.13 are good enough
- sysconfig/cloudinit: add cloudDatasourcesInUseForDir
- cmd: build gdb shims as static binaries
- packaging/ubuntu: pass GO111MODULE to dh_auto_test
- cmd/libsnap-confine-private, tests, sandbox: remove warnings about
cgroup v2, drop forced devmode
- tests: increase memory quota in quota-groups-systemd-accounting
- tests: be more robust against a new day stepping in
- usersession/xdgopenproxy: move PortalLauncher class to own package
- interfaces/builtin: fix microstack unit tests on distros using
/usr/libexec
- cmd/snap-confine: handle CURRENT_TAGS on systems that support it
- cmd/libsnap-confine-private: device cgroup v2 support
- o/servicestate: Update task summary for restart action
- packaging, tests/lib/prepare-restore: build packages without
network access, fix building debs with go modules
- systemd: add AtLeast() method, add mocking in systemdtest
- systemd: use text.template to generate mount unit
- o/hookstate/ctlcmd: Implement snapctl refresh --show-lock command
- o/snapstate: optimize conflicts around snaps stored on
conditional-auto-refresh task
- tests/lib/prepare.sh: download core20 for UC20 runs via
BASE_CHANNEL
- mount-control: step 1
- go: update go.mod dependencies
- o/snapstate: enforce validation sets on snap install
- tests: revert revert manual lxd removal
- tests: pre-cache snaps in classic and core systems
- tests/lib/nested.sh: split out additional helper for adding files
to VM imgs
- tests: update nested tool - part1
- image/image_linux.go: add newline
- interfaces/block-devices: support to access the state of block
devices
- o/hookstate: require snap-refresh-control interface for snapctl
refresh --proceed
- build-aux: stage libgcc1 library into snapd snap
- configcore: add read-only netplan support
- tests: fix fakedevicesvc service already exists
- tests: fix interfaces-libvirt test
- tests: remove travis leftovers
- spread: bump delta ref to 2.52
- packaging: ship the `snapd.apparmor.service` unit in debian
- packaging: remove duplicated `golang-go` build-dependency
- boot: record recovery capable systems in recovery bootenv
- tests: skip overlord tests on riscv64 due to timeouts.
- overlord/ifacestate: fix arguments in unit tests
- ifacestate: undo repository connection if doConnect fails
- many: remove unused parameters
- tests: failure of prereqs on content interface doesn't prevent
install
- tests/nested/manual/refresh-revert-fundamentals: fix variable use
- strutil: add Intersection()
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- tests: new snapd-state tool
- codecov: fix files pathnames
- systemd: add mock systemd helper
- tests/nested/core/extra-snaps-assertions: fix the match pattern
- image,c/snap,tests: support enforcing validations in prepare-image
via --customize JSON validation enforce(|ignore)
- o/snapstate: enforce validation sets assertions when removing
snaps
- many: update deps
- interfaces/network-control: additional ethernet rule
- tests: use host-scaled settle timeout for hookstate tests
- many: move to go modules
- interfaces: no need for snapRefreshControlInterface struct
- interfaces: introduce snap-refresh-control interface
- tests: move interfaces-libvirt test back to 16.04
- tests: bump the number of retries when waiting for /dev/nbd0p1
- tests: add more space on ubuntu xenial
- spread: add 21.10 to qemu, remove 20.10 (EOL)
- packaging: add libfuse3-dev build dependency
- interfaces: add microstack-support interface
- wrappers: fix a bunch of duplicated service definitions in tests
- tests: use host-scaled timeout to avoid riscv64 test failure
- many: fix run-checks gofmt check
- tests: spread test for snapctl refresh --pending/--proceed from
the snap
- o/assertstate,daemon: refresh validation sets assertions with snap
declarations
- tests: migrate tests that are only executed on xenial to bionic
- tests: remove opensuse-15.1 and add opensuse-15.3 from spread runs
- packaging: update master changelog for 2.51.7
- sysconfig/cloudinit: fix bug around error state of cloud-init
- interfaces, o/snapstate: introduce AffectsPlugOnRefresh flag
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- interfaces/dsp: add /dev/ambad into dsp interface
- tests: new spread log parser
- tests: check files and dirs are cleaned for each test
- o/hookstate/ctlcmd: unify the error message when context is
missing
- o/hookstate: support snapctl refresh --pending from snap
- many: remove unused/dead code
- cmd/libsnap-confine-private: add BPF support helpers
- interfaces/hardware-observe: add some dmi properties
- snapstate: abort kernel refresh if no gadget update can be found
- many: shellcheck fixes
- cmd/snap: add Size column to refresh --list
- packaging: build without dwarf debugging data
- snapstate: fix misleading `assumes` error message
- tests: fix restore in snapfuse spread tests
- o/assertstate: fix missing 'scheduled' header when auto refreshing
assertions
- o/snapstate: fail remove with invalid snap names
- o/hookstate/ctlcmd: correct err message if missing root
- .github/workflows/test.yaml: fix logic
- o/snapstate: don't hold some snaps if not all snaps can be held by
the given gating snap
- c-vendor.c: new c-vendor subdir
- store: make sure expectedZeroFields in tests gets updated
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
- sysconfig/cloudinit.go: add functions for filtering cloud-init
config
- cgroup-support: allow to hide cgroupv2 warning via ENV
- gadget: Export mkfs functions for use in ubuntu-image
- tests: set to 10 minutes the kill timeout for tests failing on
slow boards
- .github/workflows/test.yaml: test github.events key
- i18n/xgettext-go: preserve already escaped quotes
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b
- github: do not try to upload coverage when working with cached run
- tests/main/services-install-hook-can-run-svcs: shellcheck issue
fix
- interfaces/u2f-devices: add Nitrokey FIDO2
- testutil: add DeepUnsortedMatches Checker
- cmd, packaging: import BPF headers from kernel, detect whether
host headers are usable
- tests: fix services-refresh-mode test
- tests: clean snaps.sh helper
- tests: fix timing issue on security-dev-input-event-denied test
- tests: update systems for sru validation
- .github/workflows: add codedov again
- secboot: remove duplicate import
- tests: stop the service when is active in test interfaces-
firewall-control test
- packaging: remove TEST_GITHUB_AUTOPKGTEST support
- packaging: merge 2.51.6 changelog back to master
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- tests: remove the test user just when it was installed on create-
user-2 test
- spread: temporarily fix the ownership of /home/ubuntu/.ssh on
21.10
- daemon, o/snapstate: handle IgnoreValidation flag on install (2/3)
- usersession/agent: refactor common JSON validation into own
function
- o/hookstate: allow snapctl refresh --proceed from snaps
- cmd/libsnap-confine-private: fix issues identified by coverity
- cmd/snap: print logs in local timezone
- packaging: changelog for 2.51.5 to master
- build-aux: build with go-1.13 in the snapcraft build too
- config: rename "virtual" config to "external" config
- devicestate: add `snap debug timings --ensure=install-system`
- interfaces/builtin/raw_usb: fix platform typo, fix access to usb
devices accessible through platform
- o/snapstate: remove commented out code
- cmd/snap-device-helper: reimplement snap-device-helper
- cmd/libsnap-confine-private: fix coverity issues in tests, tweak
uses of g_assert()
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- o/assertstate: implement ValidationSetAssertionForEnforce helper
- clang-format: stop breaking my includes
- o/snapstate: allow auto-refresh limited to snaps affected by a
specific gating snap
- tests: fix core-early-config test to use tests.nested tool
- sysconfig/cloudinit.go: measure (but don't use) gadget cloud-init
datasource
- c/snap,o/hookstate/ctlcmd: add JSON/string strict processing flags
to snap/snapctl
- corecfg: add "system.hostname" setting to the system settings
- wrappers: measure time to enable services in StartServices()
- configcore: fix early config timezone handling
- tests/nested/manual: enable serial assertions on testkeys nested
VM's
- configcore: fix a bunch of incorrect error returns
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- packaging: merge 2.51.4 changelog back to master
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests: use bigger storage on ubuntu 21.10
- snap: support links map in snap.yaml (and later from the store
API)
- o/snapstate: add AffectedByRefreshCandidates helper
- configcore: register virtual config for timezone reading
- cmd/libsnap-confine-private: move device cgroup files, add helper
to deny a device
- tests: fix cached-results condition in github actions workflow
- interfaces/tee: add support for Qualcomm qseecom device node
- packaging: fix build failure on bionic and simplify rules
- o/snapstate: affectedByRefresh tweaks
- tests: update nested wait for snapd command
- interfaces/builtin: allow access to per-user GTK CSS overrides
- tests/main/snapd-snap: install 4.x snapcraft to build the snapd
snap
- snap/squashfs: handle squashfs-tools 4.5+
- asserts/snapasserts: CheckPresenceInvalid and
CheckPresenceRequired methods
- cmd/snap-confine: refactor device cgroup handling to enable easier
v2 integration
- tests: skip udp protocol on latest ubuntus
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces: s/specifc/specific/
- github: enable gofmt for Go 1.13 jobs
- overlord/devicestate: UC20 specific set-model, managers tests
- o/devicestate, sysconfig: refactor cloud-init config permission
handling
- config: add "virtual" config via config.RegisterVirtualConfig
- packaging: switch ubuntu to use golang-1.13
- snap: change `snap login --help` to not mention "buy"
- tests: removing Ubuntu 20.10, adding 21.04 nested in spread
- tests/many: remove lxd systemd unit to prevent unexpected
leftovers
- tests/main/services-install-hook-can-run-svcs: make variants more
obvious
- tests: force snapd-session-agent.socket to be re-generated
* Tue Oct 05 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.52.1
- snap-bootstrap: wait in `mountNonDataPartitionMatchingKernelDisk`
for the disk (if not present already)
- many: support an API flag system-restart-immediate to make snap
ops proceed immediately with system restarts
- cmd/libsnap-confine-private: g_spawn_check_exit_status is
deprecated since glib 2.69
- interfaces/seccomp: add clone3 to default template
- interfaces/apparmor/template.go: allow inspection of dbus
mediation level
- interfaces/dsp: add a usb rule to the ambarella flavor
- cmd/snap-confine: update s-c apparmor profile to allow versioned
ld.so
- o/ifacestate: don't lose connections if snaps are broken
- interfaces/builtin/opengl.go: add libOpenGL.so* too
- interfaces/hardware-observe: add some dmi properties
- build-aux: stage libgcc1 library into snapd snap
- interfaces/block-devices: support to access the state of block
devices
- packaging: ship the `snapd.apparmor.service` unit in debian
* Wed Sep 29 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.52-1
- Update to 2.52
- Drop squashfs 4.5+ patch as it's part of 2.52 release
- Cherry pick clone3 seccom patch (RHBZ#2008737)
* Fri Sep 03 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.52
- interface/builtin: add qualcomm-ipc-router interface for
AF_QIPCRTR socket protocol
- o/ifacestate: special-case system-files and force refreshing its
static attributes
- interfaces/network-control: additional ethernet rule
- packaging: update 2.52 changelog with 2.51.7
- interfaces/interfaces/ion-memory-control: add: add interface for
ion buf
- packaging: merge 2.51.6 changelog back to 2.52
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
- many: merge release/2.51 change to release/2.52
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
- o/servicestate: use snap app names for ExplicitServices of
ServiceAction
- tests/main/services-install-hook-can-run-svcs: add variant w/o
--enable
- o/servicestate: revert only start enabled services
- tests: adding Ubuntu 21.10 to spread test suite
- interface/modem-manager: add support for MBIM/QMI proxy clients
- cmd/snap/model: support storage-safety and snaps headers too
- o/assertstate: Implement EnforcedValidationSets helper
- tests: using retry tool for nested tests
- gadget: check for system-save with multi volumes if encrypting
correctly
- interfaces: make the service naming entirely internal to systemd
BE
- tests/lib/reset.sh: fix removing disabled snaps
- store/store_download.go: use system snap provided xdelta3 priority
+ fallback
- packaging: merge changelog from 2.51.3 back to master
- overlord: only start enabled services
- interfaces/builtin: add sd-control interface
- tests/nested/cloud-init-{never-used,nocloud}-not-vuln: fix tests,
use 2.45
- tests/lib/reset.sh: add workaround from refresh-vs-services tests
for all tests
- o/assertstate: check for conflicts when refreshing and committing
validation set asserts
- devicestate: add support to save timings from install mode
- tests: new tests.nested commands copy and wait-for
- install: add a bunch of nested timings
- tests: drop any-python wrapper
- store: set ResponseHeaderTimeout on the default transport
- tests: fix test-snapd-user-service-sockets test removing snap
- tests: moving nested_exec to nested.tests exec
- tests: add tests about services vs snapd refreshes
- client, cmd/snap, daemon: refactor REST API for quotas to match
CLI org
- c/snap,asserts: create/delete-key external keypair manager
interaction
- tests: revert disable of the delta download tests
- tests/main/system-usernames-microk8s: disable on centos 7 too
- boot: support device change
- o/snapstate: remove unused refreshSchedule argument for
isRefreshHeld helper
- daemon/api_quotas.go: handle conflicts, returning conflict
response
- tests: test for gate-auto-refresh hook error resulting in hold
- release: 2.51.2
- snapstate/check_snap: add snap_microk8s to shared system-
usernames
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- tests: Renaming tool nested-state to tests.nested
- testutil: fix typo in json checker unit tests
- tests: ack assertions by default, add --noack option
- overlord/devicestate: try to pick alternative recovery labels
during remodel
- bootloader/assets: update recovery grub to allow system labels
generated by snapd
- tests: print serial log just once for nested tests
- tests: remove xenial 32 bits
- sandbox/cgroup: do not be so eager to fail when paths do not exist
- tests: run spread tests in ubuntu bionic 32bits
- c/snap,asserts: start supporting ExternalKeypairManager in the
snap key-related commands
- tests: refresh control spread test
- cmd/libsnap-confine-private: do not fail on ENOENT, better getline
error handling
- tests: disable delta download tests for now until the store is
fixed
- tests/nested/manual/preseed: fix for cloud images that ship
without core18
- boot: properly handle tried system model
- tests/lib/store.sh: revert #10470
- boot, seed/seedtest: tweak test helpers
- o/servicestate: TODO and fix preexisting typo
- o/servicestate: detect conflicts for quota group operations
- cmd/snap/quotas: adjust help texts for quota commands
- many/quotas: little adjustments
- tests: add spread test for classic snaps content slots
- o/snapstate: fix check-rerefresh task summary when refresh control
is used
- many: use changes + tasks for quota group operations
- tests: fix test snap-quota-groups when checking file
cgroupProcsFile
- asserts: introduce ExternalKeypairManager
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid cycles
- tests/lib/store.sh: fix make_snap_installable_with_id()
- overlord/devicestate, overlord/assertstate: use a temporary DB
when creating recovery systems
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config# snapd-edit: no
- tests/main/interfaces-ssh-keys: tweak checks for openSUSE
Tumbleweed
- cmd/snap: prevent cycles in waitChainSearch with snap debug state
- o/snapstate: fix populating of affectedSnapInfo.AffectingSnaps for
marking self as affecting
- tests: new parameter used by retry tool to set env vars
- tests: support parameters for match-log on journal-state tool
- configcore: ignore system.pi-config.* setting on measured kernels
- sandbox/cgroup: support freezing groups with unified
hierarchy
- tests: fix preseed test to used core20 snap on latest systems
- testutil: introduce a checker which compares the type after having
passed them through a JSON marshaller
- store: tweak error message when store.Sections() download fails
- o/servicestate: stop setting DoneStatus prematurely for quota-
control
- cmd/libsnap-confine-private: bump max depth of groups hierarchy to
32
- many: turn Contact into an accessor
- store: make the log with download size a debug one
- cmd/snap-update-ns: Revert "cmd/snap-update-ns: add SRCDIR to
include search path"
- o/devicestate: move SystemMode method before first usage
- tests: skip tests when the sections cannot be retrieved
- boot: support resealing with a try model
- o/hookstate: dedicated handler for gate-auto-refresh hook
- tests: make sure the /root/snap dir is backed up on test snap-
user-dir-perms-fixed
- cmd/snap-confine: make mount ns use check cgroup v2 compatible
- snap: fix TestInstallNoPATH unit test failure when SUDO_UID is set
- cmd/libsnap-confine-private/cgroup-support.c: Fix typo
- cmd/snap-confine, cmd/snapd-generator: fix issues identified by
sparse
- o/snapstate: make conditional-auto-refresh conflict with other
tasks via affected snaps
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/hookstate: return bool flag from Error function of hook handler
to ignore hook errors
- cmd/snap-update-ns: add SRCDIR to include search path
- tests: fix for tests/main/lxd-mount-units test and enable
ubuntu-21.04
- overlord, o/devicestate: use a single test helper for resetting to
a post boot state
- HACKING.md: update instructions for go1.16+
- tests: fix restore for security-dev-input-event-denied test
- o/servicestate: move SetStatus to doQuotaControl
- tests: fix classic-prepare-image test
- o/snapstate: prune gating information and refresh-candidates on
snap removal
- o/svcstate/svcstatetest, daemon/api_quotas: fix some tests, add
mock helper
- cmd: a bunch of tweaks and updates
- o/servicestate: refactor meter handling, eliminate some common
parameters
- o/hookstate/ctlcmd: allow snapctl refresh --pending --proceed
syntax.
- o/snapstate: prune refresh candidates in check-rerefresh
- osutil: pass --extrausers option to groupdel
- o/snapstate: remove refreshed snap from snaps-hold in
snapstate.doInstall
- tests/nested: add spread test for uc20 cloud.conf from gadgets
- boot: drop model from resealing and boostate
- o/servicestate, snap/quota: eliminate workaround for buggy
systemds, add spread test
- o/servicestate: introduce internal and servicestatetest
- o/servicestate/quota_control.go: enforce minimum of 4K for quota
groups
- overlord/servicestate: avoid unnecessary computation of disabled
services
- o/hookstate/ctlcmd: do not call ProceedWithRefresh immediately
from snapctl
- o/snapstate: prune hold state during autoRefreshPhase1
- wrappers/services.go: do not restart disabled or inactive
services
- sysconfig/cloudinit.go: allow installing both gadget + ubuntu-seed
config
- spread: switch LXD back to latest/candidate channel
- interfaces/opengl: add support for Imagination PowerVR
- boot: decouple model from seal/reseal handling via an auxiliary
type
- spread, tests/main/lxd: no longer manual, switch to latest/stable
- github: try out golangci-lint
- tests: set lxd test to manual until failures are fixed
- tests: connect 30% of the interfaces on test interfaces-many-core-
provided
- packaging/debian-sid: update snap-seccomp patches for latest
master
- many: fix imports order (according to gci)
- o/snapstate: consider held snaps in autoRefreshPhase2
- o/snapstate: unlock the state before calling backend in
undoStartSnapServices
- tests: replace "not MATCH" by NOMATCH in tests
- README.md: refer to new IRC server
- cmd/snap-preseed: provide more error info if snap-preseed fails
early on mount
- daemon: add a Daemon argument to AccessChecker.CheckAccess
- c/snap-bootstrap: add bind option with tests
- interfaces/builtin/netlink_driver_test.go: add test snippet
- overlord/devicestate: set up recovery system tasks when attempting
a remodel
- osutil,strutil,testutil: fix imports order (according to gci)
- release: merge 2.51.1 changelog
- cmd: fix imports order (according to gci)
- tests/lib/snaps/test-snapd-policy-app-consumer: remove dsp-control
interface
- o/servicestate: move handlers tests to quota_handlers_test.go file
instead
- interfaces: add netlink-driver interface
- interfaces: remove leftover debug print
- systemd: refactor property parsers for int values in
CurrentTasksCount, etc.
- tests: fix debug section for postrm-purge test
- tests/many: change all cloud-init passwords for ubuntu to use
plain_test_passwd
- asserts,interfaces,snap: fix imports order (according to gci)
- o/servicestate/quota_control_test.go: test the handlers directly
- tests: fix issue when checking the udev tag on test security-
device-cgroups
- many: introduce Store.SnapExists and use it in
/v2/accessories/themes
- o/snapstate: update LastRefreshTime in doLinkSnap handler
- o/hookstate: handle snapctl refresh --proceed and --hold
- boot: fix model inconsistency check in modeenv, extend unit tests
- overlord/servicestate: improve test robustness with locking
- tests: first part of the cleanup
- tests: new note in HACKING file to clarify about
yamlordereddictloader dependency
- daemon: make CheckAccess return an apiError
- overlord: fix imports ordering (according to gci)
- o/servicestate: add quotastate handlers
- boot: track model's sign key ID, prepare infra for tracking
candidate model
- daemon: have apiBaseSuite.errorReq return *apiError directly
- o/servicestate/service_control.go: add comment about
ExplicitServices
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- daemon: split out error response code from response*.go to
errors*.go
- interfaces/dsp: fix typo in udev rule
- daemon,o/devicestate: have DeviceManager.SystemMode take an
expectation on the system
- o/snapstate: add helpers for setting and querying holding time for
snaps
- many: fix quota groups for centos 7, amazon linux 2 w/ workaround
for buggy systemd
- overlord/servicestate: mv ensureSnapServicesForGroup to new file
- overlord/snapstate: lock the mutex before returning from stop snap
services undo
- daemon: drop resp completely in favor of using respJSON
consistently
- overlord/devicestate: support for snap downloads in recovery
system handlers
- daemon: introduce a separate findResponse, simplify SyncRespone
and drop Meta
- overlord/snapstate, overlord/devicestate: exclusive change
conflict check
- wrappers, packaging, snap-mgmt: handle removing slices on purge
too
- services: remember if acting on the entire snap
- store: extend context and action objects of SnapAction with
validation-sets
- o/snapstate: refresh control - autorefresh phase2
- cmd/snap/quota: refactor quota CLI as per new design
- interfaces: opengl: change path for Xilinx zocl driver
- tests: update spread images for ubuntu-core-20 and ubuntu-21.04
- o/servicestate/quota_control_test.go: change helper escaping
- o/configstate/configcore: support snap set system swap.size=...
- o/devicestate: require serial assertion before remodeling can be
started
- systemd: improve systemctl error reporting
- tests/core/remodel: use model assertions signed with valid keys
- daemon: use apiError for more of the code
- store: fix typo in snapActionResult struct json tag
- userd: mock `systemd --version` in privilegedDesktopLauncherSuite
- packaging/fedora: sync with downstream packaging
- daemon/api_quotas.go: include current memory usage information in
results
- daemon: introduce StructuredResponse and apiError
- o/patch: check if we have snapd snap with correct snap type
already in snapstate
- tests/main/snapd-snap: build the snapd snap on all platforms with
lxd
- tests: new commands for snaps-state tool
- tests/main/snap-quota-groups: add functional spread test for quota
groups
- interfaces/dsp: add /dev/cavalry into dsp interface
- cmd/snap/cmd_info_test.go: make test robust against TZ changes
- tests: moving to tests directories snaps built locally - part 2
- usersession/userd: fix unit tests on systems using /var/lib/snapd
- sandbox/cgroup: wait for pid to be moved to the desired cgroup
- tests: fix snap-user-dir-perms-fixed vs format checks
- interfaces/desktop-launch: support confined snaps launching other
snaps
- features: enable dbus-activation by default
- usersession/autostart: change ~/snap perms to 0700 on startup
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-data nosuid
- tests: new test static checker
- release-tool/changelog.py: misc fixes from real world usage
- release-tools/changelog.py: add function to generate github
release template
- spread, tests: Fedora 32 is EOL, drop it
- o/snapstate: bump max postponement from 60 to 95 days
- interfaces/apparmor: limit the number of jobs when running with a
single CPU
- packaging/fedora/snapd.spec: correct date format in changelog
- packaging: merge 2.51 changelog back to master
- packaging/ubuntu-16.04/changelog: add 2.50 and 2.50.1 changelogs,
placeholder for 2.51
- interfaces: allow read access to /proc/tty/drivers to modem-
manager and ppp/dev/tty
* Wed Sep 01 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.51.7-1
- New upstream release 2.51.7 (RHBZ#1972558)
- Include an upstream fix for squashfs 4.5+ compatibility (RHBZ#1999998)
* Fri Aug 27 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51.7
- cmd/snap-seccomp/syscalls: update syscalls list to libseccomp
v2.2.0-428-g5c22d4b1
- tests: cherry-pick shellcheck fix `bd730fd4`
- interfaces/dsp: add /dev/ambad into dsp interface
- many: shellcheck fixes
- snapstate: abort kernel refresh if no gadget update can be found
- overlord: add manager test for "assumes" checking
- store: deal correctly with "assumes" from the store raw yaml
* Thu Aug 19 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51.6
- secboot: use half the mem for KDF in AddRecoveryKey
- secboot: switch main key KDF memory cost to 32KB
* Mon Aug 16 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51.5
- snap/squashfs: handle squashfs-tools 4.5+
- tests/core20-install-device-file-install-via-hook-hack: adjust
test for 2.51
- o/devicestate/handlers_install.go: add workaround to create dirs
for install
- tests: fix linter warning
- tests: update other spread tests for new behaviour
- tests: ack assertions by default, add --noack option
- release-tools/changelog.py: also fix opensuse changelog date
format
- release-tools/changelog.py: fix typo in function name
- release-tools/changelog.py: fix fedora date format
- release-tools/changelog.py: handle case where we don't have a TZ
- release-tools/changelog.py: fix line length check
- release-tools/changelog.py: specify the LP bug for the release as
an arg too
- interface/modem-manager: add support for MBIM/QMI proxy
clients
- .github/workflows/test.yaml: use snapcraft 4.x to build the snapd
snap
* Mon Aug 09 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51.4
- {device,snap}state: skip kernel extraction in seeding
- vendor: move to snapshot-4c814e1 branch and set fixed KDF options
- tests/interfaces/tee: fix HasLen check for udev snippets
- interfaces/tee: add support for Qualcomm qseecom device node
- gadget: check for system-save with multi volumes if encrypting
correctly
- gadget: drive-by: drop unnecessary/supported passthrough in test
gadget.yaml
* Fri Jul 30 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.51-4
- Cherry pick a compatibility fix for squashfs 4.5+
* Tue Jul 27 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.51-3
- Fix FTBFS with glib 2.69
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.51-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jul 14 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51.3
- interfaces/builtin: add sd-control interface
- store: set ResponseHeaderTimeout on the default transport
* Wed Jul 07 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.51.2
- snapstate: remove temporary snap file for local revisions early
- interface: allows reading sd cards internal info from block-
devices interface
- o/ifacestate: do not visit same halt tasks in waitChainSearch to
avoid slow convergence (or unlikely cycles)
- corecfg: allow using `# snapd-edit: no` header to disable pi-
config
- configcore: ignore system.pi-config.* setting on measured kernels
- many: pass device/model info to configcore via sysconfig.Device
interface
- o/configstate/configcore: support snap set system swap.size=...
- store: make the log with download size a debug one
- interfaces/opengl: add support for Imagination PowerVR
* Tue Jun 15 2021 Michael Vogt <michael.vogt@ubuntu.com>
- New upstream release 2.51.1
- interfaces: add netlink-driver interface
- interfaces: builtin: add dm-crypt interface to support external
storage encryption
- interfaces/dsp: fix typo in udev rule
- overlord/snapstate: lock the mutex before returning from stop
snap services undo
- interfaces: opengl: change path for Xilinx zocl driver
- interfaces/dsp: add /dev/cavalry into dsp interface
- packaging/fedora/snapd.spec: correct date format in changelog
* Mon May 31 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.51-1
- Relase 2.51 to Fedora (RHBZ#1962474)
* Thu May 27 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.51
- cmd/snap: stacktraces debug endpoint
- secboot: deactivate volume again when model checker fails
- store: extra log message, a few minor cleanups
- packaging/debian-sid: update systemd patch
- snapstate: adjust update-gadget-assets user visible message
- tests/nested/core/core20-create-recovery: verify that recovery
system can be created at runtime
- gadget: support creating vfat partitions during bootstrap
- daemon/api_quotas.go: support updating quotas with ensure action
- daemon: tighten access to a couple of POST endpoints that should
be really be root-only
- seed/seedtest, overlord/devicestate: move seed validation helper
to seedtest
- overlord/hookstate/ctlcmd: remove unneeded parameter
- snap/quota: add CurrentMemoryUsage for current memory usage of a
quota group
- systemd: add CurrentMemoryUsage to get current memory usage for a
unit
- o/snapstate: introduce minimalInstallInfo interface
- o/hookstate: print pending info (ready, inhibited or none)
- osutil: a helper to find out the total amount of memory in the
system
- overlord, overlord/devicestate: allow for reloading modeenv in
devicemgr when testing
- daemon: refine access testing
- spread: disable unattended-upgrades on debian
- tests/lib/reset: make nc exit after a while when connection is
idle
- daemon: replace access control flags on commands with access
checkers
- release-tools/changelog.py: refactor regexp + file reading/writing
- packaging/debian-sid: update locale patch for the latest master
- overlord/devicestate: tasks for creating recovery systems at
runtime
- release-tools/changelog.py: implement script to update all the
changelog files
- tests: change machine type used for nested testsPrices:
- cmd/snap: include locale when linting description being lower case
- o/servicestate: add RemoveSnapFromQuota
- interfaces/serial-port: add Qualcomm serial port devices to
allowed list
- packaging: merge 2.50.1 changelog back
- interfaces/builtin: introduce raw-input interface
- tests: remove tests.cleanup prepare from nested test
- cmd/snap-update-ns: fix linter errors
- asserts: fix errors reported by linter
- o/hookstate/ctlcmd: allow system-mode for non-root
- overlord/devicestate: comment why explicit system mode check is
needed in ensuring tried recovery systems (#10275)
- overlord/devicesate: observe snap writes when creating recovery
systems
- packaging/ubuntu-16.04/changelog: add placeholder for 2.50.1
- tests: moving to tests directories snaps built locally - part 1
- seed/seedwriter: fail early when system seed directory exists
- o/snapstate: autorefresh phase1 for refresh-control
- c/snap: more precise message for ErrorKindSystemRestart op !=
reboot
- tests: simplify the tests.cleanup tool
- boot: helpers for manipulating current and good recovery systems
list
- o/hookstate, o/snapstate: print revision, version, channel with
snapctl --pending
- overlord: unit test tweaks, use well known snap IDs, setup snap
declarations for most common snaps
- tests/nested/manual: add test for install-device + snapctl reboot
- o/servicestate: restart slices + services on modifications
- tests: update mount-ns test to support changes in the distro
- interfaces: fix linter issues
- overlord: mock logger in managers unit tests
- tests: adding support for fedora-34
- tests: adding support for debian 10 on gce
- boot: reseal given keys when the respective boot chain has changed
- secboot: switch encryption key size to 32 byte (thanks to Chris)
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- spread: bump delta reference version
- interfaces: builtin: update permitted paths to be compatible with
UC20
- overlord: fix errors reported by linter
- tests: remove old fedora systems from tests
- tests: update spread url
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/udisks2: Allow access to the login manager via dbus
- cmd/snap: exit normally if "snap changes" has no changes
(LP #1823974)
- tests: more fixes for spread suite on openSUSE
- tests: fix tests expecting cgroup v1/hybrid on openSUSE Tumbleweed
- daemon: fix linter errors
- spread: add Fedora 34, leave a TODO about dropping Fedora 32
- interfaces: fix linter errors
- tests: use op.paths tools instead of dirs.sh helper - part 2
- client: Fix linter errors
- cmd/snap: Fix errors reported by linter
- cmd/snap-repair: fix linter issues
- cmd/snap-bootstrap: Fix linter errors
- tests: update permission denied message for test-snapd-event on
ubuntu 2104
- cmd/snap: small tweaks based on previous reviews
- snap/snaptest: helper that mocks both the squashfs file and a snap
directory
- overlord/devicestate: tweak comment about creating recovery
systems, formatting tweaks
- overlord/devicestate: move devicemgr base suite helpers closer to
test suite struct
- overlord/devicestate: keep track of tried recovery system
- seed/seedwriter: clarify in the diagram when SetInfo is called
- overlord/devicestate: add helper for creating recovery systems at
runtime
- snap-seccomp: update syscalls.go list
- boot,image: support image.Customizations.BootFlags
- overlord: support snapctl --halt|--poweroff in gadget install-
device
- features,servicestate: add experimental.quota-groups flag
- o/servicestate: address comments from previous PR
- tests: basic spread test for snap quota commands
- tests: moving the snaps which are not locally built to the store
directory
- image,c/snap: implement prepare-image --customize
- daemon: implement REST API for quota groups (create / list / get)
- cmd/snap, client: snap quotas command
- o/devicestate,o/hookstate/ctlcmd: introduce SystemModeInfo methods
and snapctl system-mode
- o/servicestate/quota_control.go: introduce (very) basic group
manipulation methods
- cmd/snap, client: snap remove-quota command
- wrappers, quota: implement quota groups slice generation
- snap/quotas: followups from previous PR
- cmd/snap: introduce 'snap quota' command
- o/configstate/configcore/picfg.go: use ubuntu-seed config.txt in
uc20 run mode
- o/servicestate: test has internal ordering issues, consider both
cases
- o/servicestate/quotas: add functions for getting and setting
quotas in state
- tests: new buckets for snapd-spread project on gce
- spread.yaml: update the gce project to start using snapd-spread
- quota: new package for managing resource groups
- many: bind and check keys against models when using FDE hooks v2
- many: move responsibilities down seboot -> kernel/fde and boot ->
secboot
- packaging: add placeholder changelog
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap
bug
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- many: hide EncryptionKey size and refactors for fde hook v2 next
steps
- tests: adding debug info for create user tests
- o/hookstate: add "refresh" command to snapctl (hidden, not
complete yet)
- systemd: wait for zfs mounts (LP #1922293)
- testutil: support referencing files in FileEquals checker
- many: refactor to kernel/fde and allow `fde-setup initial-setup`
to return json
- o/snapstate: store refresh-candidates in the state
- o/snapstate: helper for creating gate-auto-refresh hooks
- bootloader/bootloadertest: provide interface implementation as
mixins, provide a mock for recovery-aware-trusted-asses bootloader
- tests/lib/nested: do not compress images, return early when
restored from pristine image
- boot: split out a helper for making recovery system bootable
- tests: update os.query check to match new bullseye codename used
on sid images
- o/snapstate: helper for getting snaps affected by refresh, define
new hook
- wrappers: support in EnsureSnapServices a callback to observe
changes (#10176)
- gadget: multi line support in gadget's cmdline file
- daemon: test that requesting restart from (early) Ensure works
- tests: use op.paths tools instead of dirs.sh helper - part 1
- tests: add new command to snaps-state to get current core, kernel
and gadget
- boot, gadget: move opening the snap container into the gadget
helper
- tests, overlord: extend unit tests, extend spread tests to cover
full command line support
- interfaces/builtin: introduce dsp interface
- boot, bootloader, bootloader/assets: support for full command line
override from gadget
- overlord/devicestate, overlord/snapstate: add task for updating
kernel command lines from gadget
- o/snapstate: remove unused DeviceCtx argument of
ensureInstallPreconditions
- tests/lib/nested: proper status return for tpm/secure boot checks
- cmd/snap, boot: add snapd_full_cmdline_args to dumped boot vars
- wrappers/services.go: refactor helper lambda function to separate
function
- boot/flags.go: add HostUbuntuDataForMode
- boot: handle updating of components that contribute to kernel
command line
- tests: add 20.04 to systems for nested/core
- daemon: add new accessChecker implementations
- boot, overlord/devicestate: consider gadget command lines when
updating boot config
- tests: fix prepare-image-grub-core18 for arm devices
- tests: fix gadget-kernel-refs-update-pc test on arm and when
$TRUST_TEST_KEY is false
- tests: enable help test for all the systems
- boot: set extra command line arguments when preparing run mode
- boot: load bits of kernel command line from gadget snaps
- tests: update layout for tests - part 2
- tests: update layout for tests - part 1
- tests: remove the snap profiler from the test suite
- boot: drop gadget snap yaml which is already defined elsewhere in
the tests
- boot: set extra kernel command line arguments when making a
recovery system bootable
- boot: pass gadget path to command line helpers, load gadget from
seed
- tests: new os.paths tool
- daemon: make ucrednetGet() return a *ucrednet structure
- boot: derive boot variables for kernel command lines
- cmd/snap-bootstrap/initramfs-mounts: fix boot-flags location from
initramfs
* Wed May 19 2021 Ian Johnson <ian.johnson@canonical.com>
- New upstream release 2.50.1
- interfaces: update permitted /lib/.. paths to be compatible with
UC20
- interfaces: builtin: update permitted paths to be compatible with
UC20
- interfaces/greengrass-support: delete white spaces at the end of
lines
- snap-seccomp: update syscalls.go list
- many: backport kernel command line for 2.50
- interfaces/dbus: allow claiming 'well-known' D-Bus names with a
wildcard suffix
- interfaces/camera: allow devices in /sys/devices/platform/**/usb*
- interfaces/builtin: introduce dsp interface
* Wed May 05 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.50-1
- Release 2.50 to Fedora (RHBZ#1936784)
* Sat Apr 24 2021 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.50
- overlord: properly mock usr-lib-snapd tests to mimic an Ubuntu
Core system
- o/configstate/configcore/vitality: fix RequireMountedSnapdSnap bug
- o/servicestate/servicemgr.go: add ensure loop for snap service
units
- wrappers/services.go: introduce EnsureSnapServices()
- snapstate: add "kernel-assets" to featureSet
- systemd: wait for zfs mounts
- overlord: make servicestate responsible to compute
SnapServiceOptions
- boot,tests: move where we write boot-flags one level up
- o/configstate: don't pass --root=/ when
masking/unmasking/enabling/disabling services
- cmd/snap-bootstrap/initramfs-mounts: write active boot-flags to
/run
- gadget: be more flexible with kernel content resolving
- boot, cmd/snap: include extra cmdline args in debug boot-vars
output
- boot: support read/writing boot-flags from userspace/initramfs
- interfaces/pwm: add PWM interface
- tests/lib/prepare-restore.sh: clean out snapd changes and snaps
before purging
- systemd: enrich UnitStatus returned by systemd.Status() with
Installed flag
- tests: updated restore phase of spread tests - part 1
- gadget: add support for kernel command line provided by the gadget
- tests: Using GO111MODULE: "off" in spread.yaml
- features: add gate-auto-refresh-hook feature flag
- spread: ignore linux kernel upgrade in early stages for arch
preparation
- tests: use snaps-state commands and remove them from the snaps
helper
- o/configstate: fix panic with a sequence of config unset ops over
same path
- api: provide meaningful error message on connect/disconnect for
non-installed snap
- interfaces/u2f-devices: add HyperFIDO Pro
- tests: add simple sanity check for systemctl show
--property=UnitFileState for unknown service
- tests: use tests.session tool on interfaces-desktop-document-
portal test
- wrappers: install D-Bus service activation files for snapd session
tools on core
- many: add x-gvfs-hide option to mount units
- interfaces/builtin/gpio_test.go: actually test the generated gpio
apparmor
- spread: tentative workaround for arch failure caused by libc
upgrade and cgroups v2
- tests: add spread test for snap validate against store assertions
- tests: remove snaps which are not used in any test
- ci: set the accept-existing-contributors parameter for the cla-
check action
- daemon: introduce apiBaseSuite.(json|sync|async|error)Req (and
some apiBaseSuite cosmetics)
- o/devicestate/devicemgr: register install-device hook, run if
present in install
- o/configstate/configcore: simple refactors in preparation for new
function
- tests: unifying the core20 nested suite with the core nested suite
- tests: uboot-unpacked-assets updated to reflect the real path used
to find the kernel
- daemon: switch api_test.go to daemon_test and various other
cleanups
- o/configstate/configcore/picfg.go: add hdmi_cvt support
- interfaces/apparmor: followup cleanups, comments and tweaks
- boot: cmd/snap-bootstrap: handle a candidate recovery system v2
- overlord/snapstate: skip catalog refresh when snappy testing is
enabled
- overlord/snapstate, overlord/ifacestate: move late security
profile removal to ifacestate
- snap-seccomp: fix seccomp test on ppc64el
- interfaces, interfaces/apparmor, overlord/snapstate: late removal
of snap-confine apparmor profiles
- cmd/snap-bootstrap/initramfs-mounts: move time forward using
assertion times
- tests: reset the system while preparing the test suite
- tests: fix snap-advise-command check for 429
- gadget: policy for gadget/kernel refreshes
- o/configstate: deal with no longer valid refresh.timer=managed
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- cla-check: Use has-signed-canonical-cla GitHub Action
- tests: validation sets spread test
- tests: simplify the reset.sh logic by removing not needed command
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- tests/core/fsck-on-boot: unmount /run/mnt/snapd directly on uc20
- tests/lib/fde-setup-hook: also verify that fde-reveal-key key data
is base64
- o/devicestate: split off ensuring next boot goes to run mode into
new task
- tests: fix cgroup-tracking test
- boot: export helper for clearing tried system state, add tests
- cmd/snap: use less aggressive client timeouts in unit tests
- daemon: fix signing key validity timestamp in unit tests
- o/{device,hook}state: encode fde-setup-request key as base64
string
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- cmd/snap/pack: unhide the compression option
- boot: extend set try recovery system unit tests
- cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use
secboot's implicit fallback
- o/configstate/configcore: add hdmi_timings to pi-config
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- interfaces/tee: add TEE/OPTEE interface
- o/snapstate: update validation sets assertions with auto-refresh
- vendor: update go-tpm2/secboot to latest version
- seed: ReadSystemEssentialAndBetterEarliestTime
- tests: replace while commands with the retry tool
- interfaces/builtin: update unit tests to use proper distro's
libexecdir
- tests: run the reset.sh helper and check test invariants while the
test is restored
- daemon: switch preexisting daemon_test tests to apiBaseSuite and
.req
- boot, o/devicestate: split makeBootable20 into two parts
- interfaces/docker-support: add autobind unix rules to docker-
support
- interfaces/apparmor: allow reading
/proc/sys/kernel/random/entropy_avail
- tests: use retry tool instead a loops
- tests/main/uc20-create-partitions: fix tests cleanup
- asserts: mode where Database only assumes cur time >= earliest
time
- daemon: validation sets/api tests cleanup
- tests: improve tests self documentation for nested test suite
- api: local assertion fallback when it's not in the store
- api: validation sets monitor mode
- tests: use fs-state tool in interfaces tests
- daemon: move out /v2/login|logout and errToResponse tests from
api_test.go
- boot: helper for inspecting the outcome of a recovery system try
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- tests: update documentation and checks for interfaces tests
- snap-seccomp: add new `close_range` syscall
- boot: revert #10009
- gadget: remove `device-tree{,-origin}` from gadget tests
- boot: simplify systems test setup
- image: write resolved-content from snap prepare-image
- boot: reseal the run key for all recovery systems, but recovery
keys only for the good ones
- interfaces/builtin/network-setup-{control,observe}: allow using
netplan directly
- tests: improve sections prepare and restore - part 1
- tests: update details on task.yaml files
- tests: revert os.query usage in spread.yaml
- boot: export bootAssetsMap as AssetsMap
- tests/lib/prepare: fix repacking of the UC20 kernel snap for with
ubuntu-core-initramfs 40
- client: protect against reading too much data from stdin
- tests: improve tests documentation - part 2
- boot: helper for setting up a try recover system
- tests: improve tests documentation - part 1
- tests/unit/go: use tests.session wrapper for running tests as a
user
- tests: improvements for snap-seccomp-syscalls
- gadget: simplify filterUpdate (thanks to Maciej)
- tests/lib/prepare.sh: use /etc/group and friends from the core20
snap
- tests: fix tumbleweed spread tests part 2
- tests: use new commands of os.query tool on tests
- o/snapshotstate: create snapshots directory on import
- tests/main/lxd/prep-snapd-in-lxd.sh: dump contents of sources.list
- packaging: drop 99-snapd.conf via dpkg-maintscript-helper
- osutil: add SetTime() w/ 32-bit and 64-bit implementations
- interfaces/wayland: rm Xwayland Xauth file access from wayland
slot
- packaging/ubuntu-16.04/rules: turn modules off explicitly
- gadget,devicestate: perform kernel asset update for $kernel: style
refs
- cmd/recovery: small fix for `snap recovery` tab output
- bootloader/lkenv: add recovery systems related variables
- tests: fix new tumbleweed image
- boot: fix typo, should be systems
- o/devicestate: test that users.create.automatic is configured
early
- asserts: use Fetcher in AddSequenceToUpdate
- daemon,o/c/configcore: introduce users.create.automatic
- client, o/servicestate: expose enabled state of user daemons
- boot: helper for checking and marking tried recovery system status
from initramfs
- asserts: pool changes for validation-sets (#9930)
- daemon: move the last api_foo_test.go to daemon_test
- asserts: include the assertion timestamp in error message when
outside of signing key validity range
- ovelord/snapshotstate: keep a few of the last line tar prints
before failing
- gadget/many: rm, delay sector size + structure size checks to
runtime
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- mkversion: check that version from changelog is set before
overriding the output version
- many: fix new ineffassign warnings
- .github/workflows/labeler.yaml: try work-around to not sync
labels
- cmd/snap, boot: add debug set-boot-vars
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- tests/main/snap-repair: test running repair assertion w/ fakestore
- tests: disable lxd tests for 21.04 until the lxd images are
published for the system
- tests/regression/lp-1910456: cleanup the /snap symlink when done
- daemon: move single snap querying and ops to api_snaps.go
- tests: fix for preseed and dbus tests on 21.04
- overlord/snapshotstate: include the last message printed by tar in
the error
- interfaces/system-observe: Allow reading /proc/zoneinfo
- interfaces: remove apparmor downgrade feature
- snap: fix unit tests on Go 1.16
- spread: disable Go modules support in environment
- tests: use new path to find kernel.img in uc20 for arm devices
- tests: find files before using cat command when checking broadcom-
asic-control interface
- boot: introduce good recovery systems, provide compatibility
handling
- overlord: add manager gadget refresh test
- tests/lib/fakestore: support repair assertions too
- github: temporarily disable action labeler due to issues with
labels being removed
- o/devicestate,many: introduce DeviceManager.preloadGadget for
EarlyConfig
- tests: enable ubuntu 21.04 for spread tests
- snap: provide a useful error message if gdbserver is not installed
- data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1
- tests/lib/prepare.sh: split reflash.sh into two parts
- packaging/opensuse: sync with openSUSE packaging
- packaging: disable Go modules in snapd.mk
- snap: add deprecation noticed to "snap run --gdb"
- daemon: add API for checking and installing available theme snaps
- tests: using labeler action to add automatically a label to run
nested tests
- gadget: improve error handling around resolving content sources
- asserts: repeat the authority cross-check in CheckSignature as
well
- interfaces/seccomp/template.go: allow copy_file_range
- o/snapstate/check_snap.go: add support for many subversions in
assumes snapdX..
- daemon: move postSnap and inst.dispatch tests to api_snaps_test.go
- wrappers: use proper paths for mocked mount units in tests
- snap: rename gdbserver option to `snap run --gdbserver`
- store: support validation sets with fetch-assertions action
- snap-confine.apparmor.in: support tmp and log dirs on Yocto/Poky
- packaging/fedora: sync with downstream packaging in Fedora
- many: add Delegate=true to generated systemd units for special
interfaces (master)
- boot: use a common helper for mocking boot assets in cache
- api: validate snaps against validation set assert from the store
- wrappers: don't generate an [Install] section for timer or dbus
activated services
- tests/nested/core20/boot-config-update: skip when snapd was not
built with test features
- o/configstate,o/devicestate: introduce devicestate.EarlyConfig
implemented by configstate.EarlyConfig
- cmd/snap-bootstrap/initramfs-mounts: fix typo in func name
- interfaces/builtin: mock distribution in fontconfig cache unit
tests
- tests/lib/prepare.sh: add another console= to the reflash magic
grub entry
- overlord/servicestate: expose dbus activators of a service
- desktop/notification: test against a real session bus and
notification server implementation
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- HACKING.md: explain how to run UC20 spread tests with QEMU
- asserts: introduce AtSequence
- overlord/devicestate: task for updating boot configs, spread test
- gadget: fix documentation/typos
- gadget: cleanup MountedFilesystem{Writer,Updater}
- gadget: use ResolvedSource in MountedFilesystemWriter
- snap/info.go: add doc-comment for SortServices
- interfaces: add an optional mount-host-font-cache plug attribute
to the desktop interface
- osutil: skip TestReadBuildGo inside sbuild
- o/hookstate/ctlcmd: add optional --pid and --apparmor-label
arguments to "snapctl is-connected"
- data/env/snapd: use quoting in case PATH contains spaces
- boot: do not observe successful boot assets if not in run mode
- tests: fix umount for snapd snap on fsck-on-boot testumount:
/run/mnt/ubuntu-seed/systems/*/snaps/snapd_*.snap: no mount
- misc: little tweaks
- snap/info.go: ignore unknown daemons in SortSnapServices
- devicestate: keep log from install-mode on installed system
- seed: add LoadEssentialMeta to seed16 and allow all of its
implementations to be called multiple times
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- tests/core/uc20-recovery: move recover mode helpers to generic
testslib script
- interfaces/fwupd: allow any distros to access fw files via fwupd
- store: method for fetching validation set assertion
- store: switch to v2/assertions api
- gadget: add new ResolvedContent and populate from LayoutVolume()
- spread: use full format when listing processes
- osutil/many: make all test pkgs osutil_test instead of "osutil"
- tests/unit/go: drop unused environment variables, skip coverage
- OpenGL interface: Support more Tegra libs
- gadget,overlord: pass kernelRoot to install.Run()
- tests: run unit tests in Focal instead of Xenial
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- daemon: move query /snaps/<name> tests to api_snaps_test.go
- cmd/snap-repair/runner.go: add SNAP_SYSTEM_MODE to env of repair
runner
- systemd/systemd.go: support journald JSON messages with arrays for
values
- cmd: make string/error code more robust against errno leaking
- github, run-checks: do not collect coverage data on subsequent
test runs
- boot: boot config update & reseal
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- osutil/stat.go: add RegularFileExists
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- gadget/gadget.go: rename ubuntu-* to system-* in doc-comment
- tests: use 6 spread workers for centos8
- bootloader/assets: support injecting bootloader assets in testing
builds of snapd
- gadget: enable multi-volume uc20 gadgets in
LaidOutSystemVolumeFromGadget; rename too
- overlord/devicestate, sysconfig: do nothing when cloud-init is not
present
- cmd/snap-repair: filter repair assertions based on bases + modes
- snap-confine: make host /etc/ssl available for snaps on classic
* Fri Mar 26 2021 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.49.2
- interfaces/tee: add TEE/OPTEE interface
- o/configstate/configcore: add hdmi_timings to pi-config
- interfaces/udisks2: allow locking /run/mount/utab for udisks 2.8.4
- snap-seccomp: fix seccomp test on ppc64el
- interfaces{,/apparmor}, overlord/snapstate:
late removal of snap-confine apparmor profiles
- overlord/snapstate, wrappers: add dependency on usr-lib-
snapd.mount for services on core with snapd snap
- o/configstate: deal with no longer valid refresh.timer=managed
- overlord/snapstate: make sure that snapd current symlink is not
removed during refresh
- packaging: drop dh-systemd from build-depends on ubuntu-16.04+
- o/{device,hook}state: encode fde-setup-request key as base64
- snapstate: reduce reRefreshRetryTimeout to 1/2 second
- tests/main/uc20-create-partitions: fix tests cleanup
- o/configstate, o/snapshotstate: fix handling of nil snap config on
snapshot restore
- snap-seccomp: add new `close_range` syscall
* Mon Mar 08 2021 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.49.1
- tests: turn modules off explicitly in spread go unti test
- o/snapshotstate: create snapshots directory on import
- cmd/snap-bootstrap/triggerwatch: fix returning wrong errors
- interfaces: add allegro-vcu and media-control interfaces
- interfaces: opengl: add Xilinx zocl bits
- many: fix new ineffassign warnings
- interfaces/seccomp/template.go: allow copy_file_range
- interfaces: allow reading the Xauthority file KDE Plasma writes
for Wayland sessions
- data/selinux: allow system dbus to watch
/var/lib/snapd/dbus-1
- Remove apparmor downgrade feature
- Support tmp and log dirs on Yocto/Poky
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.49-3
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Feb 16 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.49-2
- Fix SELinux policy to allow dbus-daemon watch access on /var/lib/snapd/dbus-1 (LP#1915642)
* Thu Feb 11 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.49-1
- Release snapd 2.49 to Fedora (RHBZ#1927314)
- Include fix for CVE-2020-27352 (RHBZ#1927428, RHBZ#1927432)
* Wed Feb 10 2021 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.49
- many: add Delegate=true to generated systemd units for special
interfaces
- cmd/snap-bootstrap: rename ModeenvFromModel to
EphemeralModeenvForModel
- cmd/snap-bootstrap/initramfs-mounts: write realistic modeenv for
recover+install
- osutil: skip TestReadBuildGo inside sbuild
- tests: fix umount for snapd snap on fsck-on-boot test
- snap/info_test.go: add unit test cases for bug
- tests/main/services-after-before: add regression spread test
- snap/info.go: ignore unknown daemons in SortSnapServices
- cmd/snap-preseed: initialize snap.SanitizePlugsSlots for gadget in
seeds
- OpenGL interface: Support more Tegra libs
- interfaces/browser-support: allow sched_setaffinity with browser-
sandbox: true
- cmd: make string/error code more robust against errno leaking
- o/snapshotstate: handle conflicts between snapshot forget, export
and import
- cmd/snapd-generator: don't create mount overrides for snap-try
snaps inside lxc
- tests: update test pkg for fedora and centos
- gadget: pass sector size in to mkfs family of functions, use to
select block sz
- o/snapshotstate: fix returning of snap names when duplicated
snapshot is detected
- tests/main/snap-network-errors: skip flushing dns cache on
centos-7
- interfaces/builtin: Allow DBus property access on
org.freedesktop.Notifications
- cgroup-support.c: fix link to CGROUP DELEGATION
- osutil: update go-udev package
- packaging: fix arch-indep build on debian-sid
- {,sec}boot: pass "key-name" to the FDE hooks
- asserts: sort by revision with Sort interface
- gadget: add gadget.ResolveContentPaths()
- cmd/snap-repair: save base snap and mode in device info; other
misc cleanups
- tests: cleanup the run-checks script
- asserts: snapasserts method to validate installed snaps against
validation sets
- tests: normalize test tools - part 1
- snapshotstate: detect duplicated snapshot imports
- interfaces/builtin: fix unit test expecting snap-device-helper at
/usr/lib/snapd
- tests: apply workaround done for snap-advise-command to apt-hooks
test
- tests: skip main part of snap-advise test if 429 error is
encountered
- many: clarify gadget role-usage consistency checks for UC16/18 vs
UC20
- sandbox/cgroup, tess/main: fix unit tests on v2 system, disable
broken tests on sid
- interfaces/builtin: more drive by fixes, import ordering, removing
dead code
- tests: skip interfaces-openvswitch spread test on debian sid
- interfaces/apparmor: drive by comment fix
- cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree
usage
- cmd/libsnap-confine-private: make unit tests execute happily in a
container
- interfaces, wrappers: misc comment fixes, etc.
- asserts/repair.go: add "bases" and "modes" support to the repair
assertion
- interfaces/opengl: allow RPi MMAL video decoding
- snap: skip help output tests for go-flags v1.4.0
- gadget: add validation for "$kernel:ref" style content
- packaging/deb, tests/main/lxd-postrm-purge: fix purge inside
containers
- spdx: update to SPDX license list version: 3.11 2020-11-25
- tests: improve hotplug test setup on classic
- tests: update check to verify is the current system is arm
- tests: use os-query tool to check debian, trusty and tumbleweed
- daemon: start moving implementation to api_snaps.go
- tests/main/snap-validate-basic: disable test on Fedora due to go-
flags panics
- tests: fix library path used for tests.pkgs
- tests/main/cohorts: replace yq with a Python snippet
- run-checks: update to match new argument syntax of ineffassign
- tests: use apiBaseSuite for snapshots tests, fix import endpoint
path
- many: separate consistency/content validation into
gadget.Validate|Content
- o/{device,snap}state: enable devmode snaps with dangerous model
assertions
secboot: add test for when systemd-run does not honor
RuntimeMaxSec
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- o/daemon: validation sets api and basic spread test
- gadget: move BuildPartitionList to install and make it unexported
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- tests: add os query commands for subsystems and architectures
- o/snapshotstate: don't set auto flag in the snapshot file
- tests: use os.query tool instead of comparing the system var
- testutil: use the original environment when calling shellcheck
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- gadget,o/devicestate,tests: drop EffectiveFilesystemLabel and
instead set the implicit labels when loading the yaml
- secboot: add new LockSealedKeys() that uses either TPM/fde-reveal-
key
- gadget/quantity: introduce Offset, start using it for offset
related fields in the gadget
- gadget: use "sealed-keys" to determine what method to use for
reseal
- tests/main/fake-netplan-apply: disable test on xenial for now
- daemon: start splitting snaps op tests out of api_test.go
- testutil: make DBusTest use a custom bus configuration file
- tests: replace pkgdb.sh (library) with tests.pkgs (program)
- gadget: prepare gadget kernel refs (0/N)
- interfaces/builtin/docker-support: allow /run/containerd/s/...
- cmd/snap-preseed: reset run inhibit locks on --reset.
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- daemon: reorg snap.go and split out sections and icons support
from api.go
- sandbox/seccomp: use snap-seccomp's stdout for getting version
info
- daemon: split find support to its own api_*.go files and move some
helpers
- tests: move snapstate config defaults tests to a separate file.
- bootloader/{lk,lkenv}: followups from #9695
- daemon: actually move APIBaseSuite to daemon_test.apiBaseSuite
- gadget,o/devicestate: set implicit values for schema and role
directly instead of relying on Effective* accessors
- daemon: split aliases support to its own api_*.go files
- gadget: start separating rule/convention validation from basic
soundness
- cmd/snap-update-ns: add better unit test for overname sorting
- secboot: use `fde-reveal-key` if available to unseal key
- tests: fix lp-1899664 test when snapd_x1 is not installed in the
system
- tests: fix the scenario when the "$SRC".orig file does not exist
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- devicestate: add runFDESetupHook() helper
- bootloader/lk: add support for UC20 lk bootloader with V2 lkenv
structs
- daemon: split unsupported buy implementation to its own api_*.go
files
- tests: download timeout spread test
- gadget,o/devicestate: hybrid 18->20 ready volume setups should be
valid
- o/devicestate: save model with serial in the device save db
- bootloader: add check for prepare-image time and more tests
validating options
- interfaces/builtin/log_observe.go: allow controlling apparmor
audit levels
- hookstate: refactor around EphemeralRunHook
- cmd/snap: implement 'snap validate' command
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- boot: observe successful command line update, provide a default
- tests: New queries for the os tools
- bootloader/lkenv: specify backup file as arg to NewEnv(), use ""
as path+"bak"
- osutil/disks: add FindMatchingPartitionUUIDWithPartLabel to Disk
iface
- daemon: split out snapctl support and snap configuration support
to their own api_*.go files
- snapshotstate: improve handling of multiple errors
- tests: sign new nested-18|20* models to allow for generic serials
- bootloader: remove installableBootloader interface and methods
- seed: cleanup/drop some no longer valid TODOS, clarify some other
points
- boot: set kernel command line in modeenv during install
- many: rename disks.FindMatching... to FindMatching...WithFsLabel
and err type
- cmd/snap: suppress a case of spurious stdout logging from tests
- hookstate: add new HookManager.EphemeralRunHook()
- daemon: move some more api tests from daemon to daemon_test
- daemon: split apps and logs endpoints to api_apps.go and tests
- interfaces/utf: Add Ledger to U2F devices
- seed/seedwriter: consider modes when checking for deps
availability
- o/devicestate,daemon: fix reboot system action to not require a
system label
- cmd/snap-repair,store: increase initial retry time intervals,
stalling TODOs
- daemon: split interfacesCmd to api_interfaces.go
- github: run nested suite when commit is pushed to release branch
- client: reduce again the /v2/system-info timeout
- tests: reset fakestore unit status
- update-pot: fix typo in plural keyword spec
- tests: remove workarounds that add "ubuntu-save" if missing
- tests: add unit test for auto-refresh with validate-snap failure
- osutil: add helper for getting the kernel command line
- tests/main/uc20-create-partitions: verify ubuntu-save encryption
keys, tweak not MATCH
- boot: add kernel command lines to the modeenv file
- spread: bump delta ref, tweak repacking to make smaller delta
archives
- bootloader/lkenv: add v2 struct + support using it
- snapshotstate: add cleanup of abandonded snapshot imports
- tests: fix uc20-create-parition-* tests for updated gadget
- daemon: split out /v2/interfaces tests to api_interfaces_test.go
- hookstate: implement snapctl fde-setup-{request,result}
- wrappers, o/devicestate: remove EnableSnapServices
- tests: enable nested on 20.10
- daemon: simplify test helpers Get|PostReq into Req
- daemon: move general api to api_general*.go
- devicestate: make checkEncryption fde-setup hook aware
- client/snapctl, store: fix typos
- tests/main/lxd/prep-snapd-in-lxd.sh: wait for valid apt files
before doing apt ops
- cmd/snap-bootstrap: update model cross-check considerations
- client,snapctl: add naive support for "stdin"
- many: add new "install-mode: disable" option
- osutil/disks: allow building on mac os
- data/selinux: update the policy to allow operations on non-tmpfs
/tmp
- boot: add helper for generating candidate kernel lines for
recovery system
- wrappers: generate D-Bus service activation files
- bootloader/many: rm ConfigFile, add Present for indicating
presence of bloader
- osutil/disks: allow mocking DiskFromDeviceName
- daemon: start cleaning up api tests
- packaging/arch: sync with AUR packaging
- bootloader: indicate when boot config was updated
- tests: Fix snap-debug-bootvars test to make it work on arm devices
and core18
- tests/nested/manual/core20-save: verify handling of ubuntu-save
with different system variants
- snap: use the boot-base for kernel hooks
- devicestate: support "storage-safety" defaults during install
- bootloader/lkenv: mv v1 to separate file,
include/lk/snappy_boot_v1.h: little fixups
- interfaces/fpga: add fpga interface
- store: download timeout
- vendor: update secboot repo to avoid including secboot.test binary
- osutil: add KernelCommandLineKeyValue
- gadget/gadget.go: allow system-recovery-{image,select} as roles in
gadget.yaml
- devicestate: implement boot.HasFDESetupHook
- osutil/disks: add DiskFromName to get a disk using a udev name
- usersession/agent: have session agent connect to the D-Bus session
bus
- o/servicestate: preserve order of services on snap restart
- o/servicestate: unlock state before calling wrappers in
doServiceControl
- spread: disable unattended-upgrades on ubuntu
- tests: testing new fedora 33 image
- tests: fix fsck on boot on arm devices
- tests: skip boot state test on arm devices
- tests: updated the systems to run prepare-image-grub test
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- tests: unmount /boot/efi in fsck-on-boot test
- strutil/shlex,osutil/udev/netlink: minimally import go-check
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- tests/many: enable some uc20 tests, delete old unneeded tests or
TODOs
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- tests: migrate test from boot.sh helper to boot-state tool
- asserts: implement "storage-safety" in uc20 model assertion
- bootloader: use ForGadget when installing boot config
- spread: UC20 no longer needs 2GB of mem
- cmd/snap-confine: implement snap-device-helper internally
- bootloader/grub: replace old reference to Managed...Blr... with
Trusted...Blr...
- cmd/snap-bootstrap: add readme for snap-bootstrap + real state
diagram
- interfaces: fix greengrass attr namingThe flavor attribute names
are now as follows:
- tests/lib/nested: poke the API to get the snap revisions
- tests: compare options of mount units created by snapd and snapd-
generator
- o/snapstate,servicestate: use service-control task for service
actions
- sandbox: track applications unconditionally
- interfaces/greengrass-support: add additional "process" flavor for
1.11 update
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
* Tue Feb 02 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.48.2-3
- Explicitly disable go module support during build (RHBZ#1923716)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.48.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 08 2021 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.48.2-1
- Release 2.48.2 to Fedora (RHBZ#1899700)
* Tue Dec 15 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48.2
- tests: sign new nested-18|20* models to allow for generic serials
- secboot: add extra paranoia when waiting for that fde-reveal-key
- tests: backport netplan workarounds from #9785
- secboot: add workaround for snapcore/core-initrd issue #13
- devicestate: log checkEncryption errors via logger.Noticef
- tests: add nested spread end-to-end test for fde-hooks
- devicestate: implement checkFDEFeatures()
- boot: tweak resealing with fde-setup hooks
- sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
init restrict file
- secboot: add new LockSealedKeys() that uses either TPM or
fde-reveal-key
- gadget: use "sealed-keys" to determine what method to use for
reseal
- boot: add sealKeyToModeenvUsingFdeSetupHook()
- secboot: use `fde-reveal-key` if available to unseal key
- cmd/snap-update-ns: fix sorting of overname mount entries wrt
other entries
- o/devicestate: save model with serial in the device save db
- devicestate: add runFDESetupHook() helper
- secboot,devicestate: add scaffoling for "fde-reveal-key" support
- hookstate: add new HookManager.EphemeralRunHook()
- update-pot: fix typo in plural keyword spec
- store,cmd/snap-repair: increase initial expontential time
intervals
- o/devicestate,daemon: fix reboot system action to not require a
system label
- github: run nested suite when commit is pushed to release branch
- tests: reset fakestore unit status
- tests: fix uc20-create-parition-* tests for updated gadget
- hookstate: implement snapctl fde-setup-{request,result}
- devicestate: make checkEncryption fde-setup hook aware
- client,snapctl: add naive support for "stdin"
- devicestate: support "storage-safety" defaults during install
- snap: use the boot-base for kernel hooks
- vendor: update secboot repo to avoid including secboot.test binary
* Thu Dec 03 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48.1
- gadget: disable ubuntu-boot role validation check
* Thu Nov 19 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.48
- osutil: add KernelCommandLineKeyValue
- devicestate: implement boot.HasFDESetupHook
- boot/makebootable.go: set snapd_recovery_mode=install at image-
build time
- bootloader: use ForGadget when installing boot config
- interfaces/raw_usb: allow read access to /proc/tty/drivers
- boot: add scaffolding for "fde-setup" hook support for sealing
- tests: fix basic20 test on arm devices
- seed: make a shared seed system label validation helper
- snap: add new "fde-setup" hooktype
- cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
- secboot,cmd/snap-bootstrap: fix degraded mode cases with better
device handling
- boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
messiness
- tests/nested/manual/refresh-revert-fundamentals: temporarily
disable secure boot
- snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
boot modes
- many: address degraded recover mode feedback, cleanups
- tests: Use systemd-run on tests part2
- tests: set the opensuse tumbleweed system as manual in spread.yaml
- secboot: call BlockPCRProtectionPolicies even if the TPM is
disabled
- vendor: update to current secboot
- cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
save
- spread.yaml: increase number of workers on 20.10
- snap: add new `snap recovery --show-keys` option
- tests: minor test tweaks suggested in the review of 9607
- snapd-generator: set standard snapfuse options when generating
units for containers
- tests: enable lxd test on ubuntu-core-20 and 16.04-32
- interfaces: share /tmp/.X11-unix/ from host or provider
- tests: enable main lxd test on 20.10
- cmd/s-b/initramfs-mounts: refactor recover mode to implement
degraded mode
- gadget/install: add progress logging
- packaging: keep secboot/encrypt_dummy.go in debian
- interfaces/udev: use distro specific path to snap-device-helper
- o/devistate: fix chaining of tasks related to regular snaps when
preseeding
- gadget, overlord/devicestate: validate that system supports
encrypted data before install
- interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
ESP layout
- many: add /v2/system-recovery-keys API and client
- secboot, many: return UnlockMethod from Unlock* methods for future
usage
- many: mv keys to ubuntu-boot, move model file, rename keyring
prefix for secboot
- tests: using systemd-run instead of manually create a systemd unit
- part 1
- secboot, cmd/snap-bootstrap: enable or disable activation with
recovery key
- secboot: refactor Unlock...IfEncrypted to take keyfile + check
disks first
- secboot: add LockTPMSealedKeys() to lock access to keys
independently
- gadget: correct sfdisk arguments
- bootloader/assets/grub: adjust fwsetup menuentry label
- tests: new boot state tool
- spread: use the official image for Ubuntu 20.10, no longer an
unstable system
- tests/lib/nested: enable snapd logging to console for core18
- osutil/disks: re-implement partition searching for disk w/ non-
adjacent parts
- tests: using the nested-state tool in nested tests
- many: seal a fallback object to the recovery boot chain
- gadget, gadget/install: move helpers to install package, refactor
unit tests
- dirs: add "gentoo" to altDirDistros
- update-pot: include file locations in translation template, and
extract strings from desktop files
- gadget/many: drop usage of gpt attr 59 for indicating creation of
partitions
- gadget/quantity: tweak test name
- snap: fix failing unittest for quantity.FormatDuration()
- gadget/quantity: introduce a new package that captures quantities
- o/devicestate,a/sysdb: make a backup of the device serial to save
- tests: fix rare interaction of tests.session and specific tests
- features: enable classic-preserves-xdg-runtime-dir
- tests/nested/core20/save: check the bind mount and size bump
- o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
- tests: rename hasHooks to hasInterfaceHooks in the ifacestate
tests
- o/devicestate: unit test tweaks
- boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
- testutil, cmd/snap/version: fix misc little errors
- overlord/devicestate: bind mount ubuntu-save under
/var/lib/snapd/save on startup
- gadget/internal: tune ext4 setting for smaller filesystems
- tests/nested/core20/save: a test that verifies ubuntu-save is
present and set up
- tests: update google sru backend to support groovy
- o/ifacestate: handle interface hooks when preseeding
- tests: re-enable the apt hooks test
- interfaces,snap: use correct type: {os,snapd} for test data
- secboot: set metadata and keyslots sizes when formatting LUKS2
volumes
- tests: improve uc20-create-partitions-reinstall test
- client, daemon, cmd/snap: cleanups from #9489 + more unit tests
- cmd/snap-bootstrap: mount ubuntu-save during boot if present
- secboot: fix doc comment on helper for unlocking volume with key
- tests: add spread test for refreshing from an old snapd and core18
- o/snapstate: generate snapd snap wrappers again after restart on
refresh
- secboot: version bump, unlock volume with key
- tests/snap-advise-command: re-enable test
- cmd/snap, snapmgr, tests: cleanups after #9418
- interfaces: deny connected x11 plugs access to ICE
- daemon,client: write and read a maintenance.json file for when
snapd is shut down
- many: update to secboot v1 (part 1)
- osutil/disks/mockdisk: panic if same mountpoint shows up again
with diff opts
- tests/nested/core20/gadget,kernel-reseal: add sanity checks to the
reseal tests
- many: implement snap routine console-conf-start for synchronizing
auto-refreshes
- dirs, boot: add ubuntu-save directories and related locations
- usersession: fix typo in test name
- overlord/snapstate: refactor ihibitRefresh
- overlord/snapstate: stop warning about inhibited refreshes
- cmd/snap: do not hardcode snapshot age value
- overlord,usersession: initial notifications of pending refreshes
- tests: add a unit test for UpdateMany where a single snap fails
- o/snapstate/catalogrefresh.go: don't refresh catalog in install
mode uc20
- tests: also check snapst.Current in undo-unlink tests
- tests: new nested tool
- o/snapstate: implement undo handler for unlink-snap
- tests: clean systems.sh helper and migrate last set of tests
- tests: moving the lib section from systems.sh helper to os.query
tool
- tests/uc20-create-partitions: don't check for grub.cfg
- packaging: make sure that static binaries are indeed static, fix
openSUSE
- many: have install return encryption keys for data and save,
improve tests
- overlord: add link participant for linkage transitions
- tests: lxd smoke test
- tests: add tests for fsck; cmd/s-b/initramfs-mounts: fsck ubuntu-
seed too
- tests: moving main suite from systems.sh to os.query tool
- tests: moving the core test suite from systems.sh to os.query tool
- cmd/snap-confine: mask host's apparmor config
- o/snapstate: move setting updated SnapState after error paths
- tests: add value to INSTANCE_KEY/regular
- spread, tests: tweaks for openSUSE
- cmd/snap-confine: update path to snap-device-helper in AppArmor
profile
- tests: new os.query tool
- overlord/snapshotstate/backend: specify tar format for snapshots
- tests/nested/manual/minimal-smoke: use 384MB of RAM for nested
UC20
- client,daemon,snap: auto-import does not error on managed devices
- interfaces: PTP hardware clock interface
- tests: use tests.backup tool
- many: verify that unit tests work with nosecboot tag and without
secboot package
- wrappers: do not error out on read-only /etc/dbus-1/session.d
filesystem on core18
- snapshots: import of a snapshot set
- tests: more output for sbuild test
- o/snapstate: re-order remove tasks for individual snap revisions
to remove current last
- boot: skip some unit tests when running as root
- o/assertstate: introduce
ValidationTrackingKey/ValidationSetTracking and basic methods
- many: allow ignoring running apps for specific request
- tests: allow the searching test to fail under load
- overlord/snapstate: inhibit startup while unlinked
- seed/seedwriter/writer.go: check DevModeConfinement for dangerous
features
- tests/main/sudo-env: snap bin is available on Fedora
- boot, overlord/devicestate: list trusted and managed assets
upfront
- gadget, gadget/install: support for ubuntu-save, create one during
install if needed
- spread-shellcheck: temporary workaround for deadlock, drop
unnecessary test
- snap: support different exit-code in the snap command
- logger: use strutil.KernelCommandLineSplit in
debugEnabledOnKernelCmdline
- logger: fix snapd.debug=1 parsing
- overlord: increase refresh postpone limit to 14 days
- spread-shellcheck: use single thread pool executor
- gadget/install,secboot: add debug messages
- spread-shellcheck: speed up spread-shellcheck even more
- spread-shellcheck: process paths from arguments in parallel
- tests: tweak error from tests.cleanup
- spread: remove workaround for openSUSE go issue
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- tests: new tests.backup tool
- tests: add tests.cleanup pop sub-command
- tests: migration of the main suite to snaps-state tool part 6
- tests: fix journal-state test
- cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc
recover files
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- boot, gadget, bootloader: observer preserves managed bootloader
configs
- tests/nested/manual: add uc20 grade signed cloud-init test
- o/snapstate/autorefresh.go: eliminate race when launching
autorefresh
- daemon,snapshotstate: do not return "size" from Import()
- daemon: limit reading from snapshot import to Content-Length
- many: set/expect Content-Length header when importing snapshots
- github: switch from ::set-env command to environment file
- tests: migration of the main suite to snaps-state tool part 5
- client: cleanup the Client.raw* and Client.do* method families
- tests: moving main suite to snaps-state tool part 4
- client,daemon,snap: use constant for snapshot content-type
- many: fix typos and repeated "the"
- secboot: fix tpm connection leak when it's not enabled
- many: scaffolding for snapshots import API
- run-checks: run spread-shellcheck too
- interfaces: update network-manager interface to allow
ObjectManager access from unconfined clients
- tests: move core and regression suites to snaps-state tool
- tests: moving interfaces tests to snaps-state tool
- gadget: preserve files when indicated by content change observer
- tests: moving smoke test suite and some tests from main suite to
snaps-state tool
- o/snapshotstate: pass set id to backend.Open, update tests
- asserts/snapasserts: introduce ValidationSets
- o/snapshotstate: improve allocation of new set IDs
- boot: look at the gadget for run mode bootloader when making the
system bootable
- cmd/snap: allow snap help vs --all to diverge purposefully
- usersession/userd: separate bus name ownership from defining
interfaces
- o/snapshotstate: set snapshot set id from its filename
- o/snapstate: move remove-related tests to snapstate_remove_test.go
- desktop/notification: switch ExpireTimeout to time.Duration
- desktop/notification: add unit tests
- snap: snap help output refresh
- tests/nested/manual/preseed: include a system-usernames snap when
preseeding
- tests: fix sudo-env test
- tests: fix nested core20 shellcheck bug
- tests/lib: move to new directory when restoring PWD, cleanup
unpacked unpacked snap directories
- desktop/notification: add bindings for FDO notifications
- dbustest: fix stale comment references
- many: move ManagedAssetsBootloader into TrustedAssetsBootloader,
drop former
- snap-repair: add uc20 support
- tests: print all the serial logs for the nested test
- o/snapstate/check_snap_test.go: mock osutil.Find{U,G}id to avoid
bug in test
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- osutil/group.go: treat all non-nil errs from user.Lookup{Group,}
as Unknown*
- asserts: deserialize grouping only once in Pool.AddBatch if needed
- gadget: allow content observer to have opinions about a change
- tests: new snaps-state command - part1
- o/assertstate: support refreshing any number of snap-declarations
- boot: use test helpers
- tests/core/snap-debug-bootvars: also check snap_mode
- many/apparmor: adjust rules for reading profile/ execing new
profiles for new kernel
- tests/core/snap-debug-bootvars: spread test for snap debug boot-
vars
- tests/lib/nested.sh: more little tweaks
- tests/nested/manual/grade-signed-above-testkeys-boot: enable kvm
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- overlord: explicitly set refresh-app-awareness in tests
- kernel: remove "edition" from kernel.yaml and add "update"
- spread: drop vendor from the packed project archive
- boot: fix debug bootloader variables dump on UC20 systems
- wrappers, systemd: allow empty root dir and conditionally do not
pass --root to systemctl
- tests/nested/manual: add test for grades above signed booting with
testkeys
- tests/nested: misc robustness fixes
- o/assertstate,asserts: use bulk refresh to refresh snap-
declarations
- tests/lib/prepare.sh: stop patching the uc20 initrd since it has
been updated now
- tests/nested/manual/refresh-revert-fundamentals: re-enable test
- update-pot: ignore .go files inside .git when running xgettext-go
- tests: disable part of the lxd test completely on 16.04.
- o/snapshotstate: tweak comment regarding snapshot filename
- o/snapstate: improve snapshot iteration
- bootloader: lk cleanups
- tests: update to support nested kvm without reboots on UC20
- tests/nested/manual/preseed: disable system-key check for 20.04
image
- spread.yaml: add ubuntu-20.10-64 to qemu
- store: handle v2 error when fetching assertions
- gadget: resolve device mapper devices for fallback device lookup
- tests/nested/cloud-init-many: simplify tests and unify
helpers/seed inputs
- tests: copy /usr/lib/snapd/info to correct directory
- check-pr-title.py * : allow "*" in the first part of the title
- many: typos and small test tweak
- tests/main/lxd: disable cgroup combination for 16.04 that is
failing a lot
- tests: make nested signing helpers less confusing
- tests: misc nested changes
- tests/nested/manual/refresh-revert-fundamentals: disable
temporarily
- tests/lib/cla_check: default to Python 3, tweaks, formatting
- tests/lib/cl_check.py: use python3 compatible code
* Mon Oct 12 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.47.1-1
- Release 2.47.1 to Fedora (RHBZ#1872528)
* Thu Oct 08 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.47.1
- o/configstate: create /etc/sysctl.d when applying early config
defaults
- cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
same IP addr
- packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
building snapd
- cmd/snap: allow snap help vs --all to diverge purposefully
- snap: snap help output refresh
* Tue Sep 29 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.47
- tests: fix nested core20 shellcheck bug
- many/apparmor: adjust rule for reading apparmor profile for new
kernel
- snap-repair: add uc20 support
- cmd/snap/auto-import: stop importing system user assertions from
initramfs mnts
- cmd/s-b/initramfs-mounts: use ConfigureTargetSystem for install,
recover modes
- gadget: resolve device mapper devices for fallback device lookup
- secboot: add boot manager profile to pcr protection profile
- sysconfig,o/devicestate: mv DisableNoCloud to
DisableAfterLocalDatasourcesRun
- tests: make gadget-reseal more robust
- tests: skip nested images pre-configuration by default
- tests: fix for basic20 test running on external backend and rpi
- tests: improve kernel reseal test
- boot: adjust comments, naming, log success around reseal
- tests/nested, fakestore: changes necessary to run nested uc20
signed/secured tests
- tests: add nested core20 gadget reseal test
- boot/modeenv: track unknown keys in Read and put back into modeenv
during Write
- interfaces/process-control: add sched_setattr to seccomp
- boot: with unasserted kernels reseal if there's a hint modeenv
changed
- client: bump the default request timeout to 120s
- configcore: do not error in console-conf.disable for install mode
- boot: streamline bootstate20.go reseal and tests changes
- boot: reseal when changing kernel
- cmd/snap/model: specify grade in the model command output
- tests: simplify
repack_snapd_snap_with_deb_content_and_run_mode_first_boot_tweaks
- test: improve logging in nested tests
- nested: add support to telnet to serial port in nested VM
- secboot: use the snapcore/secboot native recovery key type
- tests/lib/nested.sh: use more focused cloud-init config for uc20
- tests/lib/nested.sh: wait for the tpm socket to exist
- spread.yaml, tests/nested: misc changes
- tests: add more checks to disk space awareness spread test
- tests: disk space awareness spread test
- boot: make MockUC20Device use a model and MockDevice more
realistic
- boot,many: reseal only when meaningful and necessary
- tests/nested/core20/kernel-failover: add test for failed refresh
of uc20 kernel
- tests: fix nested to work with qemu and kvm
- boot: reseal when updating boot assets
- tests: fix snap-routime-portal-info test
- boot: verify boot chain file in seal and reseal tests
- tests: use full path to test-snapd-refresh.version binary
- boot: store boot chains during install, helper for checking
whether reseal is needed
- boot: add call to reseal an existing key
- boot: consider boot chains with unrevisioned kernels incomparable
- overlord: assorted typos and miscellaneous changes
- boot: group SealKeyModelParams by model, improve testing
- secboot: adjust parameters to buildPCRProtectionProfile
- strutil: add SortedListsUniqueMergefrom the doc comment:
- snap/naming: upgrade TODO to TODO:UC20
- secboot: add call to reseal an existing key
- boot: in seal.go adjust error message and function names
- o/snapstate: check available disk space in RemoveMany
- boot: build bootchains data for sealing
- tests: remove "set -e" from function only shell libs
- o/snapstate: disk space check on UpdateMany
- o/snapstate: disk space check with snap update
- snap: implement new `snap reboot` command
- boot: do not reorder boot assets when generating predictable boot
chains and other small tweaks
- tests: some fixes and improvements for nested execution
- tests/core/uc20-recovery: fix check for at least specific calls to
mock-shutdown
- boot: be consistent using bootloader.Role* consts instead of
strings
- boot: helper for generating secboot load chains from a given boot
asset sequence
- boot: tweak boot chains to support a list of kernel command lines,
keep track of model and kernel boot file
- boot,secboot: switch to expose and use snapcore/secboot load event
trees
- tests: use `nested_exec` in core{20,}-early-config test
- devicestate: enable cloud-init on uc20 for grade signed and
secured
- boot: add "rootdir" to baseBootenvSuite and use in tests
- tests/lib/cla_check.py: don't allow users.noreply.github.com
commits to pass CLA
- boot: represent boot chains, helpers for marshalling and
equivalence checks
- boot: mark successful with boot assets
- client, api: handle insufficient space error
- o/snapstate: disk space check with single snap install
- configcore: "service.console-conf.disable" is gadget defaults only
- packaging/opensuse: fix for /usr/libexec on TW, do not hardcode
AppArmor profile path
- tests: skip udp protocol in nfs-support test on ubuntu-20.10
- packaging/debian-sid: tweak code preparing _build tree
- many: move seal code from gadget/install to boot
- tests: remove workaround for cups on ubuntu-20.10
- client: implement RebootToSystem
- many: seed.Model panics now if called before LoadAssertions
- daemon: add /v2/systems "reboot" action API
- github: run tests also on push to release branches
- interfaces/bluez: let slot access audio streams
- seed,c/snap-bootstrap: simplify snap-bootstrap seed reading with
new seed.ReadSystemEssential
- interfaces: allow snap-update-ns to read /proc/cmdline
- tests: new organization for nested tests
- o/snapstate, features: add feature flags for disk space awareness
- tests: workaround for cups issue on 20.10 where default printer is
not configured.
- interfaces: update cups-control and add cups for providing snaps
- boot: keep track of the original asset when observing updates
- tests: simplify and fix tests for disk space checks on snap remove
- sysconfig/cloudinit.go: add AllowCloudInit and use GadgetDir for
cloud.conf
- tests/main: mv core specific tests to core suite
- tests/lib/nested.sh: reset the TPM when we create the uc20 vm
- devicestate: rename "mockLogger" to "logbuf"
- many: introduce ContentChange for tracking gadget content in
observers
- many: fix partion vs partition typo
- bootloader: retrieve boot chains from bootloader
- devicestate: add tests around logging in RequestSystemAction
- boot: handle canceled update
- bootloader: tweak doc comments (thanks Samuele)
- seed/seedwriter: test local asserted snaps with UC20 grade signed
- sysconfig/cloudinit.go: add DisableNoCloud to
CloudInitRestrictOptions
- many: use BootFile type in load sequences
- boot,bootloader: clarifications after the changes to introduce
bootloader.Options.Role
- boot,bootloader,gadget: apply new bootloader.Options.Role
- o/snapstate, features: add feature flag for disk space check on
remove
- testutil: add checkers for symbolic link target
- many: refactor tpm seal parameter setting
- boot/bootstate20: reboot to rollback to previous kernel
- boot: add unit test helpers
- boot: observe update & rollback of trusted assets
- interfaces/utf: Add MIRKey to u2f devices
- o/devicestate/devicestate_cloudinit_test.go: test cleanup for uc20
cloud-init tests
- many: check that users of BaseTest don't forget to consume
cleanups
- tests/nested/core20/tpm: verify trusted boot assets tracking
- github: run macOS job with Go 1.14
- many: misc doc-comment changes and typo fixes
- o/snapstate: disk space check with InstallMany
- many: cloud-init cleanups from previous PR's
- tests: running tests on opensuse leap 15.2
- run-checks: check for dirty build tree too
- vendor: run ./get-deps.sh to update the secboot hash
- tests: update listing test for "-dirty" versions
- overlord/devicestate: do not release the state lock when updating
gadget assets
- secboot: read kernel efi image from snap file
- snap: add size to the random access file return interface
- daemon: correctly parse Content-Type HTTP header.
- tests: account for apt-get on core18
- cmd/snap-bootstrap/initramfs-mounts: compute string outside of
loop
- mkversion.sh: simple hack to include dirty in version if the tree
is dirty
- cgroup,snap: track hooks on system bus only
- interfaces/systemd: compare dereferenced Service
- run-checks: only check files in git for misspelling
- osutil: add a package doc comment (via doc.go)
- boot: complain about reused asset name during initial install
- snapstate: installSize helper that calculates total size of snaps
and their prerequisites
- snapshots: export of snapshots
- boot/initramfs_test.go: reset boot vars on the bootloader for each
iteration
* Fri Sep 04 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.46.1
- interfaces: allow snap-update-ns to read
/proc/cmdline
- github: run macOS job with Go 1.14
- o/snapstate, features: add feature flag for disk space check on
remove
- tests: account for apt-get on core18
- mkversion.sh: include dirty in version if the tree
is dirty
- interfaces/systemd: compare dereferenced Service
- vendor.json: update mysterious secboot SHA again
* Tue Aug 25 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.46
- logger: add support for setting snapd.debug=1 on kernel cmdline
- o/snapstate: check disk space before creating automatic snapshot
on remove
- boot, o/devicestate: observe existing recovery bootloader trusted
boot assets
- many: use transient scope for tracking apps and hooks
- features: add HiddenSnapFolder feature flag
- tests/lib/nested.sh: fix partition typo, unmount the image on uc20
too
- runinhibit: open the lock file in read-only mode in IsLocked
- cmd/s-b/initramfs-mounts: make recover -> run mode transition
automatic
- tests: update spread test for unknown plug/slot with snapctl is-
connected
- osutil: add OpenExistingLockForReading
- kernel: add kernel.Validate()
- interfaces: add vcio interface
- interfaces/{docker,kubernetes}-support: load overlay and support
systemd cgroup driver
- tests/lib/nested.sh: use more robust code for finding what loop
dev we mounted
- cmd/snap-update-ns: detach all bind-mounted file
- snap/snapenv: set SNAP_REAL_HOME
- packaging: umount /snap on purge in containers
- interfaces: misc policy updates xlvi
- secboot,cmd/snap-bootstrap: cross-check partitions before
unlocking, mounting
- boot: copy boot assets cache to new root
- gadget,kernel: add new kernel.{Info,Asset} struct and helpers
- o/hookstate/ctlcmd: make is-connected check whether the plug or
slot exists
- tests: find -ignore_readdir_race when scanning cgroups
- interfaces/many: deny arbitrary desktop files and misc from
/usr/share
- tests: use "set -ex" in prep-snapd-in-lxd.sh
- tests: re-enable udisks test on debian-sid
- cmd/snapd-generator: use PATH fallback if PATH is not set
- tests: disable udisks2 test on arch linux
- github: use latest/stable go, not latest/edge
- tests: remove support for ubuntu 19.10 from spread tests
- tests: fix lxd test wrongly tracking 'latest'
- secboot: document exported functions
- cmd: compile snap gdbserver shim correctly
- many: correctly calculate the desktop file prefix everywhere
- interfaces: add kernel-crypto-api interface
- corecfg: add "system.timezone" setting to the system settings
- cmd/snapd-generator: generate drop-in to use fuse in container
- cmd/snap-bootstrap/initramfs-mounts: tweak names, add comments
from previous PR
- interfaces/many: miscellaneous updates for strict microk8s
- secboot,cmd/snap-bootstrap: don't import boot package from secboot
- cmd/snap-bootstrap/initramfs-mounts: call systemd-mount instead of
the-tool
- tests: work around broken update of systemd-networkd
- tests/main/install-fontconfig-cache-gen: enhance test by
verifying, add fonts to test
- o/devicestate: wrap asset update observer error
- boot: refactor such that bootStateUpdate20 mainly carries Modeenv
- mkversion.sh: disallow changelog versions that have git in it, if
we also have git version
- interfaces/many: miscellaneous updates for strict microk8s
- snap: fix repeated "cannot list recovery system" and add test
- boot: track trusted assets during initial install, assets cache
- vendor: update secboot to fix key data validation
- tests: unmount FUSE file-systems from XDG runtime dir
- overlord/devicestate: workaround non-nil interface with nil struct
- sandbox/cgroup: remove temporary workaround for multiple cgroup
writers
- sandbox/cgroup: detect dangling v2 cgroup
- bootloader: add helper for creating a bootloader based on gadget
- tests: support different images on nested execution
- many: reorg cmd/snapinfo.go into snap and new client/clientutil
- packaging/arch: use external linker when building statically
- tests: cope with ghost cgroupv2
- tests: fix issues related to restarting systemd-logind.service
- boot, o/devicestate: TrustedAssetUpdateObserver stubs, hook up to
gadget updates
- vendor: update github.com/kr/pretty to fix diffs of values with
pointer cycles
- boot: move bootloaderKernelState20 impls to separate file
- .github/workflows: move snap building to test.yaml as separate
cached job
- tests/nested/manual/minimal-smoke: run core smoke tests in a VM
meeting minimal requirements
- osutil: add CommitAs to atomic file
- gadget: introduce content update observer
- bootloader: introduce TrustedAssetsBootloader, implement for grub
- o/snapshotstate: helpers for calculating disk space needed for an
automatic snapshot
- gadget/install: retrieve command lines from bootloader
- boot/bootstate20: unify commit method impls, rm
bootState20MarkSuccessful
- tests: add system information and image information when debug
info is displayed
- tests/main/cgroup-tracking: try to collect some information about
cgroups
- boot: introduce current_boot_assets and
current_recovery_boot_assets to modeenv
- tests: fix for timing issues on journal-state test
- many: remove usage and creation of hijacked pid cgroup
- tests: port regression-home-snap-root-owned to tests.session
- tests: run as hightest via tests.session
- github: run CLA checks on self-hosted workers
- github: remove Ubuntu 19.10 from actions workflow
- tests: remove End-Of-Life opensuse/fedora releases
- tests: remove End-Of-Life releases from spread.yaml
- tests: fix debug section of appstream-id test
- interfaces: check !b.preseed earlier
- tests: work around bug in systemd/debian
- boot: add deepEqual, Copy helpers for Modeenv to simplify
bootstate20 refactor
- cmd: add new "snap recovery" command
- interfaces/systemd: use emulation mode when preseeding
- interfaces/kmod: don't load kernel modules in kmod backend when
preseeding
- interfaces/udev: do not reload udevadm rules when preseeding
- cmd/snap-preseed: use snapd from the deb if newer than from seeds
- boot: fancy marshaller for modeenv values
- gadget, osutil: use atomic file copy, adjust tests
- overlord: use new tracking cgroup for refresh app awareness
- github: do not skip gofmt with Go 1.9/1.10
- many: introduce content write observer, install mode glue, initial
seal stubs
- daemon,many: switch to use client.ErrorKind and drop the local
errorKind...
- tests: new parameters for nested execution
- client: move all error kinds into errors.go and add doc strings
- cmd/snap: display the error in snap debug seeding if seeding is in
error
- cmd/snap/debug/seeding: use unicode for proper yaml
- tests/cmd/snap-bootstrap/initramfs-mounts: add test case for empty
recovery_mode
- osutil/disks: add mock disk and tests for happy path of mock disks
- tests: refresh/revert snapd in uc20
- osutil/disks: use a dedicated error to indicate a fs label wasn't
found
- interfaces/system-key: in WriteSystemKey during tests, don't call
ParserFeatures
- boot: add current recovery systems to modeenv
- bootloader: extend managed assets bootloader interface to compose
a candidate command line
- interfaces: make the unmarshal test match more the comment
- daemon/api: use pointers to time.Time for debug seeding aspect
- o/ifacestate: update security profiles in connect undo handler
- interfaces: add uinput interface
- cmd/snap-bootstrap/initramfs-mounts: add doSystemdMount + unit
tests
- o/devicestate: save seeding/preseeding times for use with debug
seeding api
- cmd/snap/debug: add "snap debug seeding" command for preseeding
debugging
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
- bootloader: compose command line with mode and extra arguments
- cmd/snap, daemon: detect and bail purge on multi-snap
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- interfaces/builtin/multipass: replace U+00A0 no-break space with
simple space
- bootloader/assets: generate bootloader assets from files
- many/tests/preseed: reset the preseeded images before preseeding
them
- tests: drop accidental accents from e
- secboot: improve key sealing tests
- tests: replace _wait_for_file_change with retry
- tests: new fs-state which replaces the files.sh helper
- sysconfig/cloudinit_test.go: add test for initramfs case, rm "/"
from path
- cmd/snap: track started apps and hooks
- tests/main/interfaces-pulseaudio: disable start limit checking for
pulseaudio service
- api: seeding debug api
- .github/workflows/snap-build.yaml: build the snapd snap via GH
Actions too
- tests: moving journalctl.sh to a new journal-state tool
- tests/nested/manual: add spread tests for cloud-init vuln
- bootloader/assets: helpers for registering per-edition snippets,
register snippets for grub
- data,packaging,wrappers: extend D-Bus service activation search
path
- spread: add opensuse 15.2 and tumbleweed for qemu
- overlord,o/devicestate: restrict cloud-init on Ubuntu Core
- sysconfig/cloudinit: add RestrictCloudInit
- cmd/snap-preseed: check that target path exists and is a directory
on --reset
- tests: check for pids correctly
- gadget,gadget/install: refactor partition table update
- sysconfig/cloudinit: add CloudInitStatus func + CloudInitState
type
- interface/fwupd: add more policies for making fwupd upstream
strict
- tests: new to-one-line tool which replaces the strings.sh helper
- interfaces: new helpers to get and compare system key, for use
with seeding debug api
- osutil, many: add helper for checking whether the process is a go
test binary
- cmd/snap-seccomp/syscalls: add faccessat2
- tests: adjust xdg-open after launcher changes
- tests: new core config helper
- usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-
open
- cmd/snap-preseed: handle relative chroot path
- snapshotstate: move sizer to osutil.Sizer()
- tests/cmd/snap-bootstrap/initramfs-mounts: rm duplicated env ref
kernel tests
- gadget/install,secboot: use snapcore/secboot luks2 api
- boot/initramfs_test.go: add Commentf to more Assert()'s
- tests/lib: account for changes in arch package file name extension
- bootloader/bootloadertest: fix comment typo
- bootloader: add helper for getting recovery system environment
variables
- tests: preinstall shellcheck and run tests on focal
- strutil: add a helper for parsing kernel command line
- osutil: add CheckFreeSpace helper
- secboot: update tpm connection error handling
- packaging, cmd/snap-mgmt, tests: remove modules files on purge
- tests: add tests.cleanup helper
- packaging: add "ca-certificates" to build-depends
- tests: more checks in core20 early config spread test
- tests: fix some snapstate tests to use pointers for
snapmgrTestSuite
- boot: better naming of helpers for obtaining kernel command line
- many: use more specific check for unit test mocking
- systemd/escape: fix issues with "" and "\t" handling
- asserts: small improvements and corrections for sequence-forming
assertions' support
- boot, bootloader: query kernel command line of run mod and
recovery mode systems
- snap/validate.go: disallow snap layouts with new top-level
directories
- tests: allow to add a new label to run nested tests as part of PR
validation
- tests/core/gadget-update-pc: port to UC20
- tests: improve nested tests flexibility
- asserts: integer headers: disallow prefix zeros and make parsing
more uniform
- asserts: implement Database.FindSequence
- asserts: introduce SequenceMemberAfter in the asserts backstores
- spread.yaml: remove tests/lib/tools from PATH
- overlord: refuse to install snaps whose activatable D-Bus services
conflict with installed snaps
- tests: shorten lxd-state undo-mount-changes
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- tests: fix argument handling of apt-state
- tests: rename lxd-tool to lxd-state
- tests: rename user-tool to user-state, fix --help
- interfaces: add gconf interface
- sandbox/cgroup: avoid parsing security tags twice
- tests: rename version-tool to version-compare
- cmd/snap-update-ns: handle anomalies better
- tests: fix call to apt.Package.mark_install(auto_inst=True)
- tests: rename mountinfo-tool to mountinfo.query
- tests: rename memory-tool to memory-observe-do
- tests: rename invariant-tool to tests.invariant
- tests: rename apt-tool to apt-state
- many: managed boot config during run mode setup
- asserts: introduce the concept of sequence-forming assertion types
- tests: tweak comments/output in uc20-recovery test
- tests/lib/pkgdb: do not use quiet when purging debs
- interfaces/apparmor: allow snap-specific /run/lock
- interfaces: add system-source-code for access to /usr/src
- sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data
- gadget/install: move udev trigger to gadget/install
- many: make nested spread tests more reliable
- tests/core/uc20-recovery: apply hack to get gopath in recover mode
w/ external backend
- tests: enable tests on uc20 which now work with the real model
assertion
- tests: enable system-snap-refresh test on uc20
- gadget, bootloader: preserve managed boot assets during gadget
updates
- tests: fix leaked dbus-daemon in selinux-clean
- tests: add servicestate.Control tests
- tests: fix "restart.service"
- wrappers: helper for enabling services - extract and move enabling
of services into a helper
- tests: new test to validate refresh and revert of kernel and
gadget on uc20
- tests/lib/prepare-restore: collect debug info when prepare purge
fails
- bootloader: allow managed bootloader to update its boot config
- tests: Remove unity test from nightly test suite
- o/devicestate: set mark-seeded to done in the task itself
- tests: add spread test for disconnect undo caused by failing
disconnect hook
- sandbox/cgroup: allow discovering PIDs of given snap
- osutil/disks: support IsDecryptedDevice for mountpoints which are
dm devices
- osutil: detect autofs mounted in /home
- spread.yaml: allow amazon-linux-2-64 qemu with
ec2-user/ec2-user
- usersession: support additional zoom URL schemes
- overlord: mock timings.DurationThreshold in TestNewWithGoodState
- sandbox/cgroup: add tracking helpers
- tests: detect stray dbus-daemon
- overlord: refuse to install snaps providing user daemons on Ubuntu
14.04
- many: move encryption and installer from snap-boostrap to gadget
- o/ifacestate: fix connect undo handler
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- bootloader: introduce managed bootloader, implement for grub
- tests: fix incorrect check in smoke/remove test
- asserts,seed: split handling of essential/not essential model
snaps
- gadget: fix typo in mounted filesystem updater
- gadget: do only one mount point lookup in mounted fs updater
- tests/core/snap-auto-mount: try to make the test more robust
- tests: adding ubuntu-20.04 to google-sru backend
- o/servicestate: add updateSnapstateServices helper
- bootloader: pull recovery grub config from internal assets
- tests/lib/tools: apply linger workaround when needed
- overlord/snapstate: graceful handling of denied "managed" refresh
schedule
- snapstate: fix autorefresh from classic->strict
- overlord/configstate: add system.kernel.printk.console-loglevel
option
- tests: fix assertion disk handling for nested UC systems
- snapstate: use testutil.HostScaledTimeout() in snapstate tests
- tests: extra worker for google-nested backend to avoid timeout
error on uc20
- snapdtool: helper to check whether the current binary is reexeced
from a snap
- tests: mock servicestate in api tests to avoid systemctl checks
- many: rename back snap.Info.GetType to Type
- tests/lib/cla_check: expect explicit commit range
- osutil/disks: refactor diskFromMountPointImpl a bit
- o/snapstate: service-control task handler
- osutil: add disks pkg for associating mountpoints with
disks/partitions
- gadget,cmd/snap-bootstrap: move partitioning to gadget
- seed: fix LoadEssentialMeta when gadget is not loaded
- cmd/snap: Debian does not allow $SNAP_MOUNT_DIR/bin in sudo
secure_path
- asserts: introduce new assertion validation-set
- asserts,daemon: add support for "serials" field in system-user
assertion
- data/sudo: drop a failed sudo secure_path workaround
- gadget: mv encodeLabel to osutil/disks.EncodeHexBlkIDFormat
- boot, snap-bootstrap: move initramfs-mounts logic to boot pkg
- spread.yaml: update secure boot attribute name
- interfaces/block_devices: add NVMe subsystem devices, support
multipath paths
- tests: use the "jq" snap from the edge channel
- tests: simplify the tpm test by removing the test-snapd-mokutil
snap
- boot/bootstate16.go: clean snap_try_* vars when not in Trying
status too
- tests/main/sudo-env: check snap path under sudo
- tests/main/lxd: add test for snaps inside nested lxd containers
not working
- asserts/internal: expand errors about invalid serialized grouping
labels
- usersession/userd: add msteams url support
- tests/lib/prepare.sh: adjust comment about sgdisk
- tests: fix how gadget pc is detected when the snap does not exist
and ls fails
- tests: move a few more tests to snapstate_update_test.go
- tests/main: add spread test for running svc from install hook
- tests/lib/prepare: increase the size of the uc16/uc18 partitions
- tests/special-home-can-run-classic-snaps: re-enable
- workflow: test PR title as part of the static checks again
- tests/main/xdg-open-compat: backup and restore original xdg-open
- tests: move update-related tests to snapstate_update_test.go
- cmd,many: move Version and bits related to snapd tools to
snapdtool, merge cmdutil
- tests/prepare-restore.sh: reset-failed systemd-journald before
restarting
- interfaces: misc small interface updates
- spread: use find rather than recursive ls, skip mounted snaps
- tests/lib/prepare-restore.sh: if we failed to purge snapd deb, ls
/var/lib/snapd
- tests: enable snap-auto-mount test on core20
- cmd/snap: do not show $PATH warning when executing under sudo on a
known distro
- asserts/internal: add some iteration benchmarks
- sandbox/cgroup: improve pid parsing code
- snap: add new `snap run --experimental-gdbserver` option
- asserts/internal: limit Grouping size switching to a bitset
representationWe don't always use the bit-set representation
because:
- snap: add an activates-on property to apps for D-Bus activation
- dirs: delete unused Cloud var, fix typo
- sysconfig/cloudinit: make callers of DisableCloudInit use
WritableDefaultsDir
- tests: fix classic ubuntu core transition auth
- tests: fail in setup_reflash_magic() if there is snapd state left
- tests: port interfaces-many-core-provided to tests.session
- tests: wait after creating partitions with sfdisk
- bootloader: introduce bootloarder assets, import grub.cfg with an
edition marker
- riscv64: bump timeouts
- gadget: drop dead code, hide exports that are not used externally
- tests: port 2 uc20 part1
- tests: fix bug waiting for snap command to be ready
- tests: move try-related tests to snapstate_try_test.go
- tests: add debug for 20.04 prepare failure
- travis.yml: removed, all our checks run in GH actions now
- tests: clean up up the use of configcoreSuite in the configcore
tests
- sandbox/cgroup: remove redundant pathOfProcPidCgroup
- sandbox/cgroup: add tests for ParsePids
- tests: fix the basic20 test for uc20 on external backend
- tests: use configcoreSuite in journalSuite and remove some
duplicated code
- tests: move a few more tests to snapstate_install_test
- tests: assorted small patches
- dbusutil/dbustest: separate license from package
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
- tests: check that host settings like hostname are settable on core
- tests: port xdg-settings test to tests.session
- tests: port snap-handle-link test to tests.session
- arch: add riscv64
- tests: core20 early defaults spread test
- tests: move install tests from snapstate_test.go to
snapstate_install_test.go
- github: port macOS sanity checks from travis
- data/selinux: allow checking /var/cache/app-info
- o/devicestate: core20 early config from gadget defaults
- tests: autoremove after removing lxd in preseed-lxd test
- secboot,cmd/snap-bootstrap: add tpm sealing support to secboot
- sandbox/cgroup: move FreezerCgroupDir from dirs.go
- tests: update the file used to detect the boot path on uc20
- spread.yaml: show /var/lib/snapd in debug
- cmd/snap-bootstrap/initramfs-mounts: also copy systemd clock +
netplan files
- snap/naming: add helpers to parse app and hook security tags
- tests: modernize retry tool
- tests: fix and trim debug section in xdg-open-portal
- tests: modernize and use snapd.tool
- vendor: update to latest github.com/snapcore/bolt for riscv64
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellaneous policy updates xlv
- interfaces/system-packages-doc: fix typo in variable names
- tests: port interfaces-calendar-service to tests.session
- tests: install/run the lzo test snap too
- snap: (small) refactor of `snap download` code for
testing/extending
- data: fix shellcheck warnings in snapd.sh.in
- packaging: disable buildmode=pie for riscv64
- tests: install test-snapd-rsync snap from edge channel
- tests: modernize tests.session and port everything using it
- tests: add ubuntu 20.10 to spread tests
- cmd/snap/remove: mention snap restore/automatic snapshots
- dbusutil: move all D-Bus helpers and D-Bus test helpers
- wrappers: pass 'disable' flag to StopServices wrapper
- osutil: enable riscv64 build
- snap/naming: add ParseSecurityTag and friends
- tests: port document-portal-activation to session-tool
- bootloader: rename test helpers to reflect we are mocking EFI boot
locations
- tests: disable test of nfs v3 with udp proto on debian-sid
- tests: plan to improve the naming and uniformity of utilities
- tests: move *-tool tests to their own suite
- snap-bootstrap: remove sealed key file on reinstall
- bootloader/ubootenv: don't panic with an empty uboot env
- systemd: rename actualFsTypeAndMountOptions to
hostFsTypeAndMountOptions
- daemon: fix filtering of service-control changes for snap.app
- tests: spread test for preseeding in lxd container
- tests: fix broken snapd.session agent.socket
- wrappers: add RestartServices function and ReloadOrRestart to
systemd
- o/cmdstate: handle ignore flag on exec-command tasks
- gadget: make ext4 filesystems with or without metadata checksum
- tests: update statx test to run on all LTS releases
- configcore: show better error when disabling services
- interfaces: add hugepages-control
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- tests: run ubuntu-20.04-* tests on all ubuntu-2* releases
- tests: skip interfaces-openvswitch for centos 8 in nightly suite
- tests: reload systemd --user for root, if present
- tests: reload systemd after editing /etc/fstab
- tests: add missing dependencies needed for sbuild test on debian
- tests: reload systemd after removing pulseaudio
- image, tests: core18 early config.
- interfaces: add system-packages-doc interface
- cmd/snap-preseed, systemd: fix handling of fuse.squashfuse when
preseeding
- interfaces/fwupd: allow bind mount to /boot on core
- tests: improve oom-vitality tests
- tests: add fedora 32 to spread.yaml
- config: apply vitality-hint immediately when the config changes
- tests: port snap-routine-portal-info to session-tool
- configcore: add "service.console-conf.disable" config option
- tests: port xdg-open to session-tool
- tests: port xdg-open-compat to session-tool
- tests: port interfaces-desktop-* to session-tool
- spread.yaml: apply yaml formatter/linter
- tests: port interfaces-wayland to session-tool
- o/devicestate: refactor current system handling
- snap-mgmt: perform cleanup of user services
- snap/snapfile,squashfs: followups from 8729
- boot, many: require mode in modeenv
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests: log stderr from dbus-monitor
- packaging: build cmd/snap and cmd/snap-bootstrap with nomanagers
tag
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- data/selinux: allow snapd to remove/create the its socket
- testutil/exec.go: set PATH after running shellcheck
- tests: silence stderr from dbus-monitor
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- github: remove workaround for bug 133 in actions/cache
- tests: remove dbus.sh
- cmd/snap-preseed: improve mountpoint checks of the preseeded
chroot
- spread.yaml: add ps aux to debug section
- github: run all spread systems in a single go with cached results
- test: session-tool cli tweaks
- asserts: rest of the Pool API
- tests: port interfaces-network-status-classic to session-tool
- packaging: remove obsolete 16.10,17.04 symlinks
- tests: setup portals before starting user session
- o/devicestate: typo fix
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- cmd/snap/model: support store, system-user-authority keys in
--verbose
- o/devicestate: raise conflict when requesting system action while
seeding
- tests: detect signs of crashed snap-confine
- tests: sign kernel and gadget to run nested tests using current
snapd code
- tests: remove gnome-online-accounts we install
- tests: fix the issue where all the tests were executed on secboot
system
- tests: port interfaces-accounts-service to session-tool
- interfaces/network-control: bring /var/lib/dhcp from host
- image,cmd/snap,tests: add support for store-wide cohort keys
- configcore: add nomanagers buildtag for conditional build
- tests: port interfaces-password-manager-service to session-tool
- o/devicestate: cleanup system actions supported by recover mode
- snap-bootstrap: remove create-partitions and update tests
- tests: fix nested tests
- packaging/arch: update PKGBUILD to match one in AUR
- tests: port interfaces-location-control to session-tool
- tests: port interfaces-contacts-service to session-tool
- state: log task errors in the journal too
- o/devicestate: change how current system is reported for different
modes
- devicestate: do not report "ErrNoState" for seeded up
- tests: add a note about broken test sequence
- tests: port interfaces-autopilot-introspection to session-tool
- tests: port interfaces-dbus to session-tool
- packaging: update sid packaging to match 16.04+
- tests: enable degraded test on uc20
- c/snaplock/runinhibit: add run inhibition operations
- tests: detect and report root-owned files in /home
- tests: reload root's systemd --user after snapd tests
- tests: test registration with serial-authority: [generic]
- cmd/snap-bootstrap/initramfs-mounts: copy auth.json and macaroon-
key in recover
- tests/mount-ns: stop binfmt_misc mount unit
- cmd/snap-bootstrap/initramfs-mounts: use booted kernel partition
uuid if available
- daemon, tests: indicate system mode, test switching to recovery
and back to run
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- tests/mount-ns: update to reflect new UEFI boot mode
- usersession,tests: clean ups for userd/settings.go and move
xdgopenproxy under usersession
- tests: disable mount-ns test
- tests: test user belongs to systemd-journald, on core20
- tests: run core/snap-set-core-config on uc20 too
- tests: remove generated session-agent units
- sysconfig: use new _writable_defaults dir to create cloud config
- cmd/snap-bootstrap/initramfs-mounts: cosmetic changes in prep for
future work
- asserts: make clearer that with label we mean a serialized label
- cmd/snap-bootstrap: tweak recovery trigger log messages
- asserts: introduce PoolTo
- userd: allow setting default-url-scheme-handler
- secboot: append uuid to ubuntu-data when decrypting
- o/configcore: pass extra options to FileSystemOnlyApply
- tests: add dbus-user-session to bionic and reorder package names
- boot, bootloader: adjust comments, expand tests
- tests: improve debugging of user session agent tests
- packaging: add the inhibit directory
- many: add core.resiliance.vitality-hint config setting
- tests: test adjustments and fixes for recently published images
- cmd/snap: coldplug auto-import assertions from all removable
devices
- secboot,cmd/snap-bootstrap: move initramfs-mounts tpm access to
secboot
- tests: not fail when boot dir cannot be determined
- tests: new directory used to store the cloud images on gce
- tests: inject snapd from edge into seeds of the image in manual
preseed test
- usersession/agent,wrappers: fix races between Shutdown and Serve
- tests: add dependency needed for next upgrade of bionic
- tests: new test user is used for external backend
- cmd/snap: fix the order of positional parameters in help output
- tests: don't create root-owned things in ~test
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- progress: tweak multibyte label unit test data
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline
- gadget: fix fallback device lookup for 'mbr' type structures
- configcore: only reload journald if systemd is new enough
- cmd/snap-boostrap, boot: use /run/mnt/data instead of ubuntu-data
- wrappers: allow user mode systemd daemons
- progress: fix progress bar with multibyte duration units
- tests: fix raciness in pulseaudio test
- asserts/internal: introduce Grouping and Groupings
- tests: remove user.sh
- tests: pair of follow-ups from earlier reviews
- overlord/snapstate: warn of refresh/postpone events
- configcore,tests: use daemon-reexec to apply watchdog config
- c/snap-bootstrap: check mount states via initramfsMountStates
- store: implement DownloadAssertions
- tests: run smoke test with different bases
- tests: port user-mounts test to session-tool
- store: handle error-list in fetch-assertions results
- tests: port interfaces-audio-playback-record to session-tool
- data/completion: add `snap` command completion for zsh
- tests/degraded: ignore failure in systemd-vconsole-setup.service
- image: stub implementation of image.Prepare for darwin
- tests: session-tool --restore -u stops user-$UID.slice
- o/ifacestate/handlers.go: fix typo
- tests: port pulseaudio test to session-tool
- tests: port user-session-env to session-tool
- tests: work around journald bug in core16
- tests: add debug to core-persistent-journal test
- tests: port selinux-clean to session-tool
- tests: port portals test to session-tool, fix portal tests on sid
- tests: adding option --no-install-recommends option also when
install all the deps
- tests: add session-tool --has-systemd-and-dbus
- packaging/debian-sid: add gcc-multilib to build deps
- osutil: expand FileLock to support shared locks and more
- packaging: stop depending on python-docutils
- store,asserts,many: support the new action fetch-assertions
- tests: port snap-session-agent-* to session-tool
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- tests: fix for preseeding failures
* Tue Aug 04 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.45.3.1-1
- Release 2.45.3.1 to Fedora (RHBZ#1861024)
- Fix FTBFS in Rawhide (RHBZ#1865496)
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.45.2-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.45.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Samuele Pedroni <pedronis@lucediurna.net>
- New upstream release, LP: #1875071
- o/ifacestate: fix bug in snapsWithSecurityProfiles
- tests/main/selinux-clean: workaround SELinux denials triggered by
linger setup on Centos8
* Mon Jul 27 2020 Zygmunt Krynicki <me@zygoon.pl>
- New upstream release, LP: #1875071
- many: backport _writable_defaults dir changes
- tests: fix incorrect check in smoke/remove test
- cmd/snap-bootstrap,seed: backport of uc20 PRs
- tests: avoid exit when nested type var is not defined
- cmd/snap-preseed: backport fixes
- interfaces: optimize rules of multiple connected iio/i2c/spi plugs
- many: cherry-picks for 2.45, gh-action, test fixes
- tests/lib: account for changes in arch package file name extension
- postrm, snap-mgmt: cleanup modules and other cherry-picks
- snap-confine: don't die if a device from sysfs path cannot be
found by udev
- data/selinux: update policy to allow forked processes to call
getpw*()
- tests/main/interfaces-time-control: exercise setting time via date
- interfaces/builtin/time-control: allow POSIX clock API
- usersession/userd: add "slack" to the white list of URL schemes
handled by xdg-open
* Wed Jul 15 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.45.2-1
- release 2.45.2 to Fedora
* Fri Jul 10 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45.2
- SECURITY UPDATE: sandbox escape vulnerability on snapctl xdg-open
implementation
- usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
variable modification when calling the system xdg-open. Patch
thanks to James Henstridge
- packaging/ubuntu-16.04/snapd.postinst: ensure "snap userd" is
restarted. Patch thanks to Michael Vogt
- CVE-2020-11934
- SECURITY UPDATE: arbitrary code execution vulnerability on core
devices with access to physical removable media
- devicestate: Disable/restrict cloud-init after seeding.
- CVE-2020-11933
* Mon Jun 08 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.45.1-1
- Release 2.45.1 to Fedora (RHBZ#1844628)
- Drop cherry-picked patches that are part of the release
* Fri Jun 05 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45.1
- data/selinux: allow checking /var/cache/app-info
- cmd/snap-confine: add support for libc6-lse
- interfaces: miscellanious policy updates xlv
- snap-bootstrap: remove sealed key file on reinstall
- interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
- gadget: make ext4 filesystems with or without metadata checksum
- interfaces/fwupd: allow bind mount to /boot on core
- tests: cherry-pick test fixes from master
- snap/squashfs: also symlink snap Install with uc20 seed snap dir
layout
- interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
devices
- snap,many: mv Open to snapfile pkg to support add'l options to
Container methods
- interfaces/builtin/desktop: do not mount fonts cache on distros
with quirks
- devicestate, sysconfig: revert support for cloud.cfg.d/ in the
gadget
- data/completion, packaging: cherry-pick zsh completion
- state: log task errors in the journal too
- devicestate: do not report "ErrNoState" for seeded up
- interfaces/desktop: silence more /var/lib/snapd/desktop/icons
denials
- packaging/fedora: disable FIPS compliant crypto for static
binaries
- packaging: stop depending on python-docutils
* Wed May 20 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.45-1
- Release 2.45 to Fedora (RHBZ#1814552)
- Cherry pick zsh completion patch
- Cherry pick patch disabling fontconfig system cache sharing due to known
incompatibilities
- Drop sudoers config (RHBZ#1691996)
* Tue May 12 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.45
- o/devicestate: support doing system action reboots from recover
mode
- vendor: update to latest secboot
- tests: not fail when boot dir cannot be determined
- configcore: only reload journald if systemd is new enough
- cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
when decrypting
- tests/lib/prepare.sh: delete patching of the initrd
- cmd/snap: coldplug auto-import assertions from all removable
devices
- cmd/snap: fix the order of positional parameters in help output
- c/snap-bootstrap: port mount state mocking to the new style on
master
- cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
as well
- o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
unlock in recover mode initramfs
- progress: tweak multibyte label unit test data
- gadget: fix fallback device lookup for 'mbr' type structures
- progress: fix progress bar with multibyte duration units
- many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
- many: put the sealed keys in a directory on seed for tidiness
- cmd/snap-bootstrap: measure epoch and model before unlocking
encrypted data
- o/configstate: core config handler for persistent journal
- bootloader/uboot: use secondary ubootenv file boot.sel for uc20
- packaging: add "$TAGS" to dh_auto_test for debian packaging
- tests: ensure $cache_dir is actually available
- secboot,cmd/snap-bootstrap: add model to pcr protection profile
- devicestate: do not use snap-boostrap in devicestate to install
- tests: fix a typo in nested.sh helper
- devicestate: add support for cloud.cfg.d config from the gadget
- cmd/snap-bootstrap: cleanups, naming tweaks
- testutil: add NewDBusTestConn
- snap-bootstrap: lock access to sealed keys
- overlord/devicestate: preserve the current model inside ubuntu-
boot
- interfaces/apparmor: use differently templated policy for non-core
bases
- seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
syscalls
- cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
other misc changes
- o/snapstate: tweak "waiting for restart" message
- boot: store model model and grade information in modeenv
- interfaces/firewall-control: allow -legacy and -nft for core20
- boot: enable makeBootable20RunMode for EnvRefExtractedKernel
bootloaders
- boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
implementation
- daemon: fix error message from `snap remove-user foo` on classic
- overlord: have a variant of Mock that can take a state.State
- tests: 16.04 and 18.04 now have mediating pulseaudio (again)
- seed: clearer errors for missing essential snapd or core snap
- cmd/snap-bootstrap/initramfs-mounts: support
EnvRefExtractedKernelBootloader's
- gadget, cmd/snap-bootstrap: MBR schema support
- image: improve/adjust DownloadSnap doc comment
- asserts: introduce ModelGrade.Code
- tests: ignore user-12345 slice and service
- image,seed/seedwriter: support redirect channel aka default
tracks
- bootloader: use binary.Read/Write
- tests: uc20 nested suite part II
- tests/boot: refactor to make it easier for new
bootloaderKernelState20 impl
- interfaces/openvswitch: support use of ovs-appctl
- snap-bootstrap: copy auth data from real ubuntu-data in recovery
mode
- snap-bootstrap: seal and unseal encryption key using tpm
- tests: disable special-home-can-run-classic-snaps due to jenkins
repo issue
- packaging: fix build on Centos8 to support BUILDTAGS
- boot/bootstate20: small changes to bootloaderKernelState20
- cmd/snap: Implement a "snap routine file-access" command
- spread.yaml: switch back to latest/candidate for lxd snap
- boot/bootstate20: re-factor kernel methods to use new interface
for state
- spread.yaml,tests/many: use global env var for lxd channel
- boot/bootstate20: fix bug in try-kernel cleanup
- config: add system.store-certs.[a-zA-Z0-9] support
- secboot: key sealing also depends on secure boot enabled
- httputil: fix client timeout retry tests
- cmd/snap-update-ns: handle EBUSY when unlinking files
- cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
vars
- secboot: add tpm support helpers
- tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
kernel and gadget
- cmd/snap-bootstrap: switch to a 64-byte key for unlocking
- tests: preserve size for centos images on spread.yaml
- github: partition the github action workflows
- run-checks: use consistent "Checking ..." style messages
- bootloader: add efi pkg for reading efi variables
- data/systemd: do not run snapd.system-shutdown if finalrd is
available
- overlord: update tests to work with latest go
- cmd/snap: do not hide debug boot-vars on core
- cmd/snap-bootstrap: no error when not input devices are found
- snap-bootstrap: fix partition numbering in create-partitions
- httputil/client_test.go: add two TLS version tests
- tests: ignore user@12345.service hierarchy
- bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
- tests: rewrite timeserver-control test
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic to accommodate for 2.44
change
- cmd/snap: don't wait for system key when stopping
- sandbox/cgroup: avoid making arrays we don't use
- osutil: mock proc/self/mountinfo properly everywhere
- selinux: export MockIsEnforcing; systemd: use in tests
- tests: add 32 bit machine to GH actions
- tests/session-tool: kill cron session, if any
- asserts: it should be possible to omit many snap-ids if allowed,
fix
- boot: cleanup more things, simplify code
- github: skip spread jobs when corresponding label is set
- dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
pkg
- tests/session-tool: add session-tool --dump
- github: allow cached debian downloads to restore
- tests/session-tool: session ordering is non-deterministic
- tests: enable unit tests on debian-sid again
- github: move spread to self-hosted workers
- secboot: import secboot on ubuntu, provide dummy on !ubuntu
- overlord/devicestate: support for recover and run modes
- snap/naming: add validator for snap security tag
- interfaces: add case for rootWritableOverlay + NFS
- tests/main/uc20-create-partitions: tweaks, renames, switch to
20.04
- github: port CLA check to Github Actions
- interfaces/many: miscellaneous policy updates xliv
- configcore,tests: fix setting watchdog options on UC18/20
- tests/session-tool: collect information about services on startup
- tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
partitions
- state: add state.CopyState() helper
- tests/session-tool: stop anacron.service in prepare
- interfaces: don't use the owner modifier for files shared via
document portal
- systemd: move the doc comments to the interface so they are
visible
- cmd/snap-recovery-chooser: tweaks
- interfaces/docker-support: add overlayfs file access
- packaging: use debian/not-installed to ignore snap-preseed
- travis.yml: disable unit tests on travis
- store: start splitting store.go and store_test.go into subtopic
files
- tests/session-tool: stop cron/anacron from meddling
- github: disable fail-fast as spread cannot be interrupted
- github: move static checks and spread over
- tests: skip "/etc/machine-id" in "writablepaths" test
- snap-bootstrap: store encrypted partition recovery key
- httputil: increase testRetryStrategy max timelimit to 5s
- tests/session-tool: kill leaking closing session
- interfaces: allow raw access to USB printers
- tests/session-tool: reset failed session-tool units
- httputil: increase httpclient timeout in
TestRetryRequestTimeoutHandling
- usersession: extend timerange in TestExitOnIdle
- client: increase timeout in client tests to 100ms
- many: disentagle release and snapdenv from sandbox/*
- boot: simplify modeenv mocking to always write a modeenv
- snap-bootstrap: expand data partition on install
- o/configstate: add backlight option for core config
- cmd/snap-recovery-chooser: add recovery chooser
- features: enable robust mount ns updates
- snap: improve TestWaitRecovers test
- sandbox/cgroup: add ProcessPathInTrackingCgroup
- interfaces/policy: fix comment in recent new test
- tests: make session tool way more robust
- interfaces/seccomp: allow passing an address to setgroups
- o/configcore: introduce core config handlers (3/N)
- interfaces: updates to login-session-observe, network-manager and
modem-manager interfaces
- interfaces/policy/policy_test.go: add more tests'allow-
installation: false' and we grant based on interface attributes
- packaging: detect/disable broken seed in the postinst
- cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
library
- tests: remove google-tpm backend from spread.yaml
- tests: install dependencies with apt using --no-install-recommends
- usersession/userd: add zoommtg url support
- snap-bootstrap: fix disk layout sanity check
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- config, features: move and rename config.GetFeatureFlag helper to
features.Flag
- boot, overlord/devicestate, daemon: implement requesting boot
into a given recovery system
- xdgopenproxy: forward requests to the desktop portal
- many: support immediate reboot
- store: search v2 tweaks
- tests: fix cross build tests when installing dependencies
- daemon: make POST /v2/systems/<label> root only
- tests/lib/prepare.sh: use only initrd from the kernel snap
- cmd/snap,seed: validate full seeds (UC 16/18)
- tests/main/user-session-env: stop the user session before deleting
the test-zsh user
- overlord/devicestate, daemon: record the seed current system was
installed from
- gadget: SystemDefaults helper function to convert system defaults
config into a flattened map suitable for FilesystemOnlyApply.
- many: comment or avoid cryptic snap-ids in tests
- tests: add LXD_CHANNEL environment
- store: support for search API v2
- .github: register a problem matcher to detect spread failures
- seed: add Info() method for seed.Snap
- github: always run the "Discard spread workers" step, even if the
job fails
- github: offload self-hosted workers
- cmd/snap: the model command needs just a client, no waitMixin
- github: combine tests into one workflow
- github: fix order of go get caches
- tests: adding more workers for ubuntu 20.04
- boot,overlord: rename operating mode to system mode
- config: add new Transaction.GetPristine{,Maybe}() function
- o/devicestate: rename readMaybe* to maybeRead*
- github: cache Debian dependencies for unit tests
- wrappers: respect pre-seeding in error path
- seed: validate UC20 seed system label
- client, daemon, overlord/devicestate: request system action API
and stubs
- asserts,o/devicestate: support model specified alternative serial-
authority
- many: introduce naming.WellKnownSnapID
- o/configcore: FilesystemOnlyApply method for early configuration
of core (1/N)
- github: run C unit tests
- github: run spread tests on PRs only
- interfaces/docker-support: make containerd abstract socket more
generic
- tests: cleanup security-private-tmp properly
- overlord/devicestate,boot: do not hold to the originally read
modeenv
- dirs: rm RunMnt; boot: add vars for early boot env layout;
sysconfig: take targetdir arg
- cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
s.runMnt
- tests: add regression test for MAAS refresh bug
- errtracker: add missing mocks
- github: apt-get update before installing build-deps
- github: don't fail-fast
- github: run spread via github actions
- boot,many: add modeenv.WriteTo, make Write take no args
- wrappers: fix timer schedules that are days only
- tests/main/snap-seccomp-syscalls: install gperf
- github: always checkout to snapcore/snapd
- github: add prototype workflow running unit tests
- many: improve comments, naming, a possible TODO
- client: use Assert when checking for error
- tests: ensure sockets target is ready in session agent spread
tests
- osutil: do not leave processes behind after the test run
- tests: update proxy-no-core to match latest CDN changes
- devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
dangerous
- cmd/snap-failure,tests: try to make snap-failure more robust
- many: fix packages having mistakenly their copyright as doc
- many: enumerate system seeds, return them on the /v2/systems API
endpoint
- randutil: don't consume kernel entropy at init, just mix more info
to try to avoid fleet collisions
- snap-bootstrap: add creationSupported predicate for partition
types
- tests: umount partitions which are not umounted after remount
gadget
- snap: run gofmt -s
- many: improve environment handling, fixing duplicate entries
- boot_test: add many boot robustness tests for UC20 kernel
MarkBootSuccessul and SetNextBoot
- overlord: remove unneeded overlord.MockPruneInterval() mocks
- interfaces/greengrass-support: fix typo
- overlord,timings,daemon: separate timings from overlord/state
- tests: enable nested on core20 and test current branch
- snap-bootstrap: remove created partitions on reinstall
- boot: apply Go 1.10 formatting
- apparmor: use rw for uuidd request to default and remove from
elsewhere
- packaging: add README.source for debian
- tests: cleanup various uc20 boot tests from previous PR
- devicestate: disable cloud-init by default on uc20
- run-checks: tweak formatting checks
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well* travis.yml: run
unit tests with go/master as well
- seed: make Brand() part of the Seed interface
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
- daemon: do a forceful server shutdown if we hit a deadline
- tests/many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
- snap-seccomp: robustness improvements
- run-tests: disable -v for go test to avoid spaming the logs
- snap: whitelist lzo as support compression for snap pack
- snap: tweak comment in Install() for overlayfs detection
- many: introduce snapdenv.Preseeding instead of release.PreseedMode
- client, daemon, overlord/devicestate: structures and stubs for
systems API
- o/devicestate: delay the creation of mark-seeded task until
asserts are loaded
- data/selinux, tests/main/selinux: cleanup tmpfs operations in the
policy, updates
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- boot,image: ARM kernel extract prepare image
- interfaces: make gpio robust against not-existing gpios in /sys
- cmd/snap-preseed: handle --reset flag
- many: introduce snapdenv to present common snapd env options
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks/**
- snap: introduce Container.RandomAccessFile
- o/ifacestate, api: implementation of snap disconnect --forget
- cmd/snap: make the portal-info command search for the network-
status interface
- interfaces: work around apparmor_parser slowness affecting uio
- tests: fix/improve failing spread tests
- many: clean separation of bootenv mocking vs mock bootloader kinds
- tests: mock prune ticker in overlord tests to reduce wait times
- travis: disable arm64 again
- httputil: add support for extra snapd certs
- travis.yml: run unit tests on arm64 as well
- many: fix a pair of ineffectual assignments
- tests: add uc20 kernel snap upgrade managers test, fix
bootloadertest bugs
- o/snapstate: set base in SnapSetup on snap revert
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- cmd/snap-exec: add test case for LP bug 1860369
- interfaces: make the network-status interface implicit on
classic
- interfaces: power control interfaceIt is documented in the
kernel
- interfaces: miscellaneous policy updates
- cmd/snap: add a "snap routine portal-info" command
- usersession/userd: add "apt" to the white list of URL schemes
handled by xdg-open
- interfaces/desktop: allow access to system prompter interface
- devicestate: allow encryption regardless of grade
- tests: run ipv6 network-retry test too
- tests: test that after "remove-user" the system is unmanaged
- snap-confine: unconditionally add /dev/net/tun to the device
cgroup
- snapcraft.yaml: use sudo -E and remove workaround
- interfaces/audio_playback: Fix pulseaudio config access
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- tests: add session-tool, a su / sudo replacement
- wrappers: add mount unit dependency for snapd services on core
devices
- tests: just remove user when the system is not managed on create-
user-2 test
- snap-preseed: support for preseeding of snapd and core18
- boot: misc UC20 changes
- tests: adding arch-linux execution
- packaging: revert "work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop codewith a
nil Timeval panics
- spread, data/selinux: add CentOS 8, update policy
- tests: updating checks to new test account for snapd-test snaps
- spread.yaml: mv opensuse 15.1 to unstable
- cmd/snap-bootstrap,seed: verify only in-play snaps
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- client: add "Resume" to DownloadOptions and new test
- tests: enable snapd-failover on uc20
- tests: add more debug output to the snapd-failure handling
- o/devicestate: unset recovery_system when done seeding
* Fri Apr 10 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.3
- tests: fix racy pulseaudio tests
- many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
- tests: update snap-preseed --reset logic
- tests: backport partition fixes
- cmd/snap: don't wait for system key when stopping
- interfaces/many: miscellaneous policy updates xliv
- tests/main/uc20-snap-recovery: use 20.04 system
- tests: skip "/etc/machine-id" in "writablepaths
- interfaces/docker-support: add overlays file access
* Thu Apr 02 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.2
- packaging: detect/disable broken seeds in the postinst
- cmd/snap,seed: validate full seeds (UC 16/18)
- snap: add `snap debug state --is-seeded` helper
- devicestate: generate warning if seeding fails
- store: support for search API v2
- cmd/snap-seccomp/syscalls: update the list of known syscalls
- snap/cmd: the model command needs just a client, no waitMixin
- tests: cleanup security-private-tmp properly
- wrappers: fix timer schedules that are days only
- tests: update proxy-no-core to match latest CDN changes
- cmd/snap-failure,tests: make snap-failure more robust
- tests, many: don't use StartLimitInterval anymore, unify snapd-
failover variants, build snapd snap for UC16 tests
* Sat Mar 21 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44.1
- randutil: switch back to setting up seed with lower entropy data
- interfaces/greengrass-support: fix typo
- packaging,tests: ensure debian-sid builds without vendor/
- travis.yml: run unit tests with go/master as well
- cmd/snap-update-ns: ignore EROFS from rmdir/unlink
* Tue Mar 17 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.44
- daemon: do a forceful serer shutdown if we hit a deadline
- snap: whitelist lzo as support compression for snap pack
- data/selinux: update policy to allow more ops
- interfaces/greengrass-support: add new 1.9 access
- snap: do not hardlink on overlayfs
- cmd/snap-preseed: handle --reset flag
- interfaces/kubernetes-support: allow autobind to journald socket
- snap-seccomp: allow mprotect() to unblock the tests
- tests/lib/reset: workaround unicode dot in systemctl output
- interfaces: work around apparmor_parser slowness affecting uio
- interfaces/udisks2: also allow Introspection on
/org/freedesktop/UDisks2/**
- tests: mock prune ticker in overlord tests to reduce wait times
- interfaces/{docker,kubernetes}-support: updates for lastest k8s
- interfaces: miscellaneous policy updates
- interfaces/audio_playback: Fix pulseaudio config access
- overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
- ovelord/snapstate: update only system wide fonts cache
- wrappers: import /etc/environment in all services
- interfaces/u2f: Add Titan USB-C key
- overlord, taskrunner: exit on task/ensure error when preseeding
- overlord/snapstate/backend: update snapd services contents in unit
tests
- wrappers: add mount unit dependency for snapd services on core
devices
- Revert "tests: remove /tmp/snap.* left over by other tests"
- Revert "packaging: work around review-tools and snap-confine"
- netlink: fix panic on arm64 with the new rawsockstop code
- spread, data/selinux: add CentOS 8, update policy
- spread.yaml: mv opensuse tumbleweed to unstable too
- spread.yaml: mv opensuse 15.1 to unstable
- tests: use ipv4 in retry-network to unblock failing master
- data/systemd: improve the description
- tests/lib/prepare.sh: simplify, combine code paths
- tests/main/user-session-env: add test verifying environment
variables inside the user session
- spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
- run-checks: SKIP_GMFMT really skips formatting checks
- tests: enable more tests for UC20/UC18
- tests: remove tmp dir for snap not-test-snapd-sh on security-
private-tmp test
- seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
simplify bootstrap code
- snapstate: do not restart in undoLinkSnap unless on first install
- cmd/snap-bootstrap: subcommand to detect UC chooser trigger
- cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
mode too
- cmd/libsnap, tests: fix C unit tests failing as non-root
- cmd/snap-bootstrap: verify kernel snap is in modeenv before
mounting it
- tests: adding amazon linux to google backend
- cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
status
- client: add support for "ResumeToken", "HeaderPeek" to download
- build: enable type: snapd
- tests: rm -rf /tmp/snap.* in restore
- cmd/snap-confine: deny snap-confine to load nss libs
- snapcraft.yaml: add comments, rename snapd part to snapd-deb
- boot: write current_kernels in bootstate20, makebootable
- packaging: work around review-tools and snap-confine
- tests: skipping interfaces-openvswitch on centos due to package is
not available
- packaging,snap-confine: stop being setgid root
- cmd/snap-confine: bring /var/lib/dhcp from host, if present
- store: rely on CommandFromSystemSnap to find xdelta3
- tests: bump sleep time of the new overlord tests
- cmd/snap-preseed: snapd version check for the target
- netlink: fix/support stopping goroutines reading netlink raw
sockets
- tests: reset PS1 before possibly interactive dash
- overlord, state: don't abort changes if spawn time before
StartOfOperationTime (2/2)
- snapcraft.yaml: add python3-apt, tzdata as build-deps for the
snapd snap
- tests: ask tar to speak English
- tests: using google storage when downloading ubuntu cloud images
from gce
- Coverity produces false positives for code like this:
- many: maybe restart & security backend options
- o/standby: add SNAPD_STANDBY_WAIT to control standby in
development
- snap: use the actual staging snap-id for snapd
- cmd/snap-bootstrap: create a new parser instance
- snapcraft.yaml: use build-base and adopt-info, rm builddeb
plugin
- tests: set StartLimitInterval in snapd failover test
- tests: disable archlinux system
- tests: add preseed test for classic
- many, tests: integrate all preseed bits and add spread tests
- daemon: support resuming downloads
- tests: use Filename() instead of filepath.Base(sn.MountFile())
- tests/core: add swapfiles test
- interfaces/cpu-control: allow to control cpufreq tunables
- interfaces: use commonInteface for desktopInterface
- interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
location
- snap/info: add Filename
- bootloader: make uboot a RecoveryAwareBootloader
- gadget: skip update when mounted filesystem content is identical
- systemd: improve is-active check for 'failed' services
- boot: add current_kernels to modeenv
- o/devicestate: StartOfOperationTime helper for Prune (1/2)
- tests: detect LXD launching i386 containers
- tests: move main/ubuntu-core-* tests to core/ suite
- tests: remove snapd in ubuntu-core-snapd
- boot: enable base snap updates in bootstate20
- tests: Fix core revert channel after 2.43 has been released to
stable
- data/selinux: unify tabs/spaces
- o/ifacestate: move ResolveDisconnect to ifacestate
- spread: move centos to stable systems
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use in serial
acquire
- store: detect if server does not support http range headers
- test/lib/user: add helper lib for doing things for and as a user
- overlord/snapstate, wrappers: undo of snapd on core
- tests/main/interfaces-pulseaudio: use custom pulseaudio script,
set kill timeout
- store: add support for resume in DownloadStream
- cmd/snap: implement 'snap remove-user'
- overlord/devicestate: fix preseed unit tests on systems not using
/snap
- tests/main/static: ldd in glibc 2.31 logs to stderr now
- run-checks, travis: allow skipping spread jobs by adding a label
- tests: add new backend which includes images with tpm support
- boot: use constants for boot status values
- tests: add "core" suite for UC specific tests
- tests/lib/prepare: use a local copy of uc20 initramfs skeleton
- tests: retry mounting the udisk2 device due to timing issue
- usersession/client: add a client library for the user session
agent
- o/devicestate: Handle preseed mode in the firstboot mode (core16
only for now).
- boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
- cmd/snap-confine: detect base transitions on core16
- boot: don't use "kernel" from the modeenv anymore
- interfaces: add uio interface
- tests: repack the initramfs + kernel snap for UC20 spread tests
- interfaces/greengrass-support: add /dev/null ->
/proc/latency_stats mount
- httputil: remove workaround for redirect handling in go1.7
- httputil: remove go1.6 transport workaround
- snap: add `snap pack --compression=<comp>` options
- tests/lib/prepare: fix hardcoded loopback device names for UC
images
- timeutil: add a unit test case for trivial schedule
- randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
introduction
- dirs: variable with distros using alternate snap mount
- many,randutil: centralize and streamline our random value
generation
- tests/lib/prepare-restore: Revert "Continue on errors updating or
installing dependencies"
- daemon: Allow clients to call /v2/logout via Polkit
- dirs: manjaro-arm is like manjaro
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
- daemon, store: better expose single action errors
- tests: switch mount-ns test to differential data set
- snapstate: refactor things to add the re-refresh task last
- daemon: drop support for the DELETE method
- client: move to /v2/users; implement RemoveUser
- boot: enable UC20 kernel extraction and bootState20 handling
- interfaces/policy: enforce plug-names/slot-names constraints
- asserts: parse plug-names/slot-names constraints
- daemon: make users result more consistent
- cmd/snap-confine,tests: support x.y.z nvidia version
- dirs: fixlet for XdgRuntimeDirGlob
- boot: add bootloader options to coreKernel
- o/auth,daemon: do not remove unknown user
- tests: tweak and enable tests on ubuntu 20.04
- daemon: implement user removal
- cmd/snap-confine: allow snap-confine to link to libpcre2
- interfaces/builtin: Allow NotificationReplied signal on
org.freedesktop.Notifications
- overlord/auth: add RemoveUserByName
- client: move user-related things to their own files
- boot: tweak kernel cmdline helper docstring
- osutil: implement deluser
- gadget: skip update when raw structure content is unchanged
- boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
detection to boot
- tests: fix revisions leaking from snapd-refresh test
- daemon: refactor create-user to a user action & hide behind a flag
- osutil/tests: check there are no leftover symlinks with
AtomicSymlink
- grub: support atomically renaming kernel symlinks
- osutil: add helpers for creating symlinks and renaming in an
atomic manner
- tests: add marker tag for core 20 test failure
- tests: fix gadget-update-pc test leaking snaps
- tests: remove revision leaking from ubuntu-core-refresh
- tests: remove revision leaking from remodel-kernel
- tests: disable system-usernames test on core20
- travis, tests, run-checks: skip nakedret
- tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
- tests: update mount-ns test tables
- snap: disable auto-import in uc20 install-mode
- tests: add a command-chain service test
- tests: use test-snapd-upower instead of upower
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- spread.yaml: fix ubuntu 19.10 and 20.04 names
- debian: check embedded keys for snap-{bootstrap,preseed} too
- interfaces/apparmor: fix doc-comments, unnecessary code
- o/ifacestate,o/devicestatate: merge gadget-connect logic into
auto-connect
- bootloader: add ExtractedRunKernelImageBootloader interface,
implement in grub
- tests: add spread test for hook permissions
- cmd/snap-bootstrap: check device size before boostrapping and
produce a meaningful error
- cmd/snap: add ability to register "snap routine" commands
- tests: add a test demonstrating that snaps can't access the
session agent socket
- api: don't return connections referring to non-existing
plugs/slots
- interfaces: refactor path() from raw-volume into utils with
comments for old
- gitignore: ignore snap files
- tests: skip interfaces-network-manager on arm devices
- o/devicestate: do not create perfTimings if not needed inside
ensureSeed/Operational
- tests: add ubuntu 20.04 to the tests execution and remove
tumbleweed from unstable
- usersession: add systemd user instance service control to user
session agent
- cmd/snap: print full channel in 'snap list', 'snap info'
- tests: remove execution of ubuntu 19.04 from google backend
- cmd/snap-boostrap: add mocking for fakeroot
- tests/core18/snapd-failover: collect more debug info
- many: run black formatter on all python files
- overlord: increase settle timeout for slow machines
- httputil: use shorter timeout in TestRetryRequestTimeoutHandling
- store, o/snapstate: send default-tracks header, use
RedirectChannel
- overlord/standby: fix possible deadlock in standby test
- cmd/snap-discard-ns: fix pattern for .info files
- boot: add HasModeenv to Device
- devicestate: do not allow remodel between core20 models
- bootloader,snap: misc tweaks
- store, overlord/snapstate, etc: SnapAction now returns a []…Result
- snap-bootstrap: create encrypted partition
- snap: remove "host" output from `snap version`
- tests: use snap remove --purge flag in most of the spread tests
- data/selinux, test/main/selinux-clean: update the test to cover
more scenarios
- many: drop NameAndRevision, use snap.PlaceInfo instead
- boot: split MakeBootable tests into their own file
- travis-ci: add go import path
- boot: split MakeBootable implementations into their own file
- tests: enable a lot of the tests of main on uc20
- packaging, tests: stop services in prerm
- tests: enable regression suite on core20
- overlord/snapstate: improve snapd snap backend link unit tests
- boot: implement SetNextBoot in terms of bootState.setNext
- wrappers: write and undo snapd services on core
- boot,o/devicestate: refactor MarkBootSuccessful over bootState
- snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
- snap-bootstrap: refactor partition creation
- tests: use new snapd.spread-tests-run-mode-tweaks.service unit
- tests: add core20 tests
- boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
use the information
- tests/main/snap-sign: add test for non-stdin signing
- snap-bootstrap: trigger udev after filesystem creation
- boot,overlord: introduce internal abstraction bootState and use it
for InUse/GetCurrentBoot
- overlord/snapstate: tracks are now sticky
- cmd: sign: add filename param
- tests: remove "test-snapd-tools" in smoke/sandbox on restore
- cmd/snap, daemon: stop over-normalising channels
- tests: fix classic-ubuntu-core-transition-two-cores after refactor
of MATCH -v
- packaging: ship var/lib/snapd/desktop/applications in the pkg
- spread: drop copr repo with F30 build dependencies
- tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
- tests: fix partition creation test
- tests: unify/rename services-related spread tests to start with
services- prefix
- test: extract code that modifies "writable" for test prep
- systemd: handle preseed mode
- snap-bootstrap: read only stdout when parsing the sfdisk json
- interfaces/browser-support: add more product/vendor paths
- boot: write compat UC16 bootvars in makeBootable20RunMode
- devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
- devicestate: request reboot after successful doSetupRunSystem()
- snapd.core-fixup.sh: do not run on UC20 at all
- tests: unmount automounted snap-bootstrap devices
- devicestate: run boot.MakeBootable in doSetupRunSystem
- boot: copy kernel/base to data partition in makeBootable20RunMode
- tests: also check nested lxd container
- run-checks: complain about MATCH -v
- boot: always return the trivial boot participant in ephemeral mode
- o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
- snap-bootstrap: append new partitions
- snap-bootstrap: mount filesystems after creation
- snapstate: do not try to detect rollback in ephemeral modes
- snap-bootstrap: trigger udev for new partitions
- cmd/snap-bootstrap: xxx todos about kernel cross-checks
- tests: avoid mask rsyslog service in case is not enabled on the
system
- tests: fix use of MATCH -v
- cmd/snap-preseed: update help strings
- cmd/snap-bootstrap: actually parse snapd_recovery_system label
- bootstrap: reduce runmode mounts from 5 to 2 steps.
- lkenv.go: adjust for new location of include file
- snap: improve squashfs.ReadFile() error
- systemd: fix uc20 shutdown
- boot: write modeenv when creating the run mode
- boot,image: add skeleton boot.makeBootable20RunMode
- cmd/snap-preseed: add snap-preseed executable
- overlord,boot: follow ups to #7889 and #7899
- interfaces/wayland: Add access to Xwayland's shm files
- o/hookstate/ctlcmd: fix command name in snapctl -h
- daemon,snap: remove screenshot deprecation notice
- overlord,o/snapstate: make sure we never leave config behind
- many: pass consistently boot.Device state to boot methods
- run-checks: check multiline string blocks in
restore/prepare/execute sections of spread tests
- intrefaces: login-session-control - added missing dbus commands
- tests/main/parallel-install-remove-after: parallel installs should
not break removal
- overlord/snapstate: tweak assumes error hint
- overlord: replace DeviceContext.OldModel with GroundContext
- devicestate: use httputil.ShouldRetryError() in
prepareSerialRequest
- tests: replace "test-snapd-base-bare" with real "bare" base snap
- many: pass a Model to the gadget info reading functions
- snapstate: relax gadget constraints in ConfigDefaults Et al.
- devicestate: only run ensureBootOk() in "run" mode
- tests/many: quiet lxc launching, file pushing
- tests: disable apt-hooks test until it can be properly fixed
- tests: 16.04 and 18.04 now have mediating pulseaudio
* Thu Feb 13 2020 Maciek Borzecki <maciek.borzecki@gmail.com> - 2.43.3-1
- Release 2.43.3 to Fedora (RHBZ#1777328)
* Wed Feb 12 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43.3
- interfaces/opengl: allow datagrams to nvidia-driver
- httputil: add NoNetwork(err) helper, spread test and use
in serial acquire
- interfaces: add uio interface
- interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
start due to apparmor deny on mounting of "/proc/latency_stats".
- data, packaging: Add sudoers snippet to allow snaps to be run with
sudo
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.42.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 28 2020 Michael Vogt <mvo@ubuntu.com>
- New upstream release 2.43.2
- cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
- overlord/snapstate: fix for re-refresh bug
- tests, run-checks, many: fix nakedret issues
- data/selinux: workaround incorrect fonts cache labeling on RHEL7
- tests: use test-snapd-upower instead of upower
- overlord: increase overall settle timeout for slow arm boards
|
